[Closing message]
Hi,
I am discontinuing the work on the Android Permission Spoofing Framework as I am not using Android anymore.
If anybody is interested in taking over the development I would be very happy to help her or him getting started as much as possible.
Feel free to contact me if you would like to work on it.
Sorry and have fun - Guhl
[End closing message]
This ROM is based on AOSP KitKat 4.4.2_r1. Besides the deep integration of the permission spoofing functionality the ROM is completely stock - it's not even rooted!
In addition to the original AOSP rom it includes the permission spoofing framework enhancement that was originally developed by Plamen K. Kosseff for Android 2.3. The functionality has been rebased to Android 4.4 and enhanced (a lot) by me and is now available.
My work was/is originally done for the HTC vision (G2/DZ) for which i provide ROMs based on ASOP and CM10.1 (see posting in the vision forum) but since i do also own a N4 i will provide ROMs for it also. There is also a CM version for the Nexus 4 here.
If you as a developer want to add the permission spoofing framework to your ROM please go ahead it should be portable easily. I will keep the commit list updated. If you need help don't hesitate to ask!
Actually the main motivation to publish this is to inspire other developers to integrate this with their work.
The source of the enhancement can be found on github in the repositories:
platform_frameworks_base
platform_frameworks_opt_telephony
platform_packages_apps_settings
The current work is done in the 4.4.2_r1 branch and the relevant commits are:
framework initial commit
framework bug fix 1
framework bug fix 2
frameworks telephony initial commit
app settings initial commit
framework permission spoofing - location
framework pff: infrastructure code cleanup
framework pff: permission spoofing - contacts and phone log
framework pff: permission spoofing - calendar (Instances)
framework pff: permission spoofing - calendar (Instances - cleanup)
framework pff: permission revoking - initial commit
framework pff: add PFFInfoDatabase to make spoofed informations persistant and changeable
framework pff: bug fix for permission revoking
What is permission spoofing
Permission spoofing means that the framework will return spoofed information to Apps instead of the original information based on permissions that the App requested during installation. The main motivation for the development of this functionality is the protection of the privacy of the phones owner.
Examples for spoofed information are:
Current implementation
Currently the following permissions are available:
READ_PHONE_STATE
While this permission allows the App to read the state of the phone (in call, ...) it also allows the App to read information like the phone number or the IMEI of the phone. Instead of revoking the permission that has to be granted to an App, permission spoofing provides spoofed information for this sensitive data.
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION
Instead of the real location a location that can be set using the PFF-GPSPath will be reporte (the default spoofed location is the top of Mt. Everest). The implementation is not perfect yet (Google maps and Latitude still seem to know the coarse location - working on that)
READ_CONTACTS and READ_CALL_LOG
Instead of the contacts and the call log an empty list will be reported. The implementation sets the limit parameter of the query to 0 if the permission is spoofed.
READ_CALENDAR
The implementation changes the date for which the items will returned to the first week of 1970.
More permissions might be added in the future.
Usage
Spoofing can be enabled on a per App basis. To enable spoofing go to Settings - Apps, choose the App for which you want to spoof the permission. Below the spoofable permission will be a switch that can be set to On to enable spoofing or Off to disable spoofing for this App.
Optional Apps
The source of these apps is also available at https://github.com/guhl
PFF-GPSPath
The PFF-GPSPath App can be used to set the spoofed location and in addition it can also be used to define a path the can then be simulated in the App (by effectively moveing the spoofed location)!
HowTo for PFF-GPSPath HowTo
PFF-Settings
The PFF-Settings app provides the same functionality as App - Settings but in a more comprehensive way.
It provides a list of all Apps (including system Apps) that have a spoofable permission and allows you to set spoofing On/Off for them
PFF-Test
If you spoof a spoofable permission for the app PFF-Test you can check the info that the framework provides to PFF-Test
Downloads
ROM aosp_mako-ota-eng.4.4.2.pff.20131216.zip
Gapps are not included in the rom - they can be found at pa_gapps-stock-4.4.2-20131215-signed.zip
PFF-GPSPath_1_3.apk
PFF-AppSettings_1_1.apk
PFF-Test
Communication
I do not want to start a flame war on spoofing on XDA. Whiile spoofing is important for me I do understand people opposing it.
If you want to talk to me, the best way to do this is to look for me (Guhl) at #nexus4, #G2ROOT or #andromadus on freenode IRC.
Changelog
2013-12-16
Credits
XDA:DevDB Information
Permission spoofing framwork - Nexus 4 - AOSP 4.4, ROM for the Google Nexus 4
Contributors
guhl99
ROM OS Version: 4.4.x KitKat
Based On: AOSP
Version Information
Status: Stable
Created 2013-12-16
Last Updated 2014-07-06
Hi,
I am discontinuing the work on the Android Permission Spoofing Framework as I am not using Android anymore.
If anybody is interested in taking over the development I would be very happy to help her or him getting started as much as possible.
Feel free to contact me if you would like to work on it.
Sorry and have fun - Guhl
[End closing message]
This ROM is based on AOSP KitKat 4.4.2_r1. Besides the deep integration of the permission spoofing functionality the ROM is completely stock - it's not even rooted!
In addition to the original AOSP rom it includes the permission spoofing framework enhancement that was originally developed by Plamen K. Kosseff for Android 2.3. The functionality has been rebased to Android 4.4 and enhanced (a lot) by me and is now available.
My work was/is originally done for the HTC vision (G2/DZ) for which i provide ROMs based on ASOP and CM10.1 (see posting in the vision forum) but since i do also own a N4 i will provide ROMs for it also. There is also a CM version for the Nexus 4 here.
If you as a developer want to add the permission spoofing framework to your ROM please go ahead it should be portable easily. I will keep the commit list updated. If you need help don't hesitate to ask!
Actually the main motivation to publish this is to inspire other developers to integrate this with their work.
The source of the enhancement can be found on github in the repositories:
platform_frameworks_base
platform_frameworks_opt_telephony
platform_packages_apps_settings
The current work is done in the 4.4.2_r1 branch and the relevant commits are:
framework initial commit
framework bug fix 1
framework bug fix 2
frameworks telephony initial commit
app settings initial commit
framework permission spoofing - location
framework pff: infrastructure code cleanup
framework pff: permission spoofing - contacts and phone log
framework pff: permission spoofing - calendar (Instances)
framework pff: permission spoofing - calendar (Instances - cleanup)
framework pff: permission revoking - initial commit
framework pff: add PFFInfoDatabase to make spoofed informations persistant and changeable
framework pff: bug fix for permission revoking
What is permission spoofing
Permission spoofing means that the framework will return spoofed information to Apps instead of the original information based on permissions that the App requested during installation. The main motivation for the development of this functionality is the protection of the privacy of the phones owner.
Examples for spoofed information are:
- Empty contact list instead of real contacts - READ_CONTACTS
- False location instead of real location - ACCESS_COARSE_LOCATION / ACCESS_FINE_LOCATION
- False Information for phone id and phone number - READ_PHONE_STATE
- Empty log instead of real phone call log - READ_CALL_LOG
- Empty calendar list instead of real calendar entries - READ_CALENDAR
- ....
Current implementation
Currently the following permissions are available:
READ_PHONE_STATE
While this permission allows the App to read the state of the phone (in call, ...) it also allows the App to read information like the phone number or the IMEI of the phone. Instead of revoking the permission that has to be granted to an App, permission spoofing provides spoofed information for this sensitive data.
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION
Instead of the real location a location that can be set using the PFF-GPSPath will be reporte (the default spoofed location is the top of Mt. Everest). The implementation is not perfect yet (Google maps and Latitude still seem to know the coarse location - working on that)
READ_CONTACTS and READ_CALL_LOG
Instead of the contacts and the call log an empty list will be reported. The implementation sets the limit parameter of the query to 0 if the permission is spoofed.
READ_CALENDAR
The implementation changes the date for which the items will returned to the first week of 1970.
More permissions might be added in the future.
Usage
Spoofing can be enabled on a per App basis. To enable spoofing go to Settings - Apps, choose the App for which you want to spoof the permission. Below the spoofable permission will be a switch that can be set to On to enable spoofing or Off to disable spoofing for this App.
Optional Apps
The source of these apps is also available at https://github.com/guhl
PFF-GPSPath
The PFF-GPSPath App can be used to set the spoofed location and in addition it can also be used to define a path the can then be simulated in the App (by effectively moveing the spoofed location)!
HowTo for PFF-GPSPath HowTo
PFF-Settings
The PFF-Settings app provides the same functionality as App - Settings but in a more comprehensive way.
It provides a list of all Apps (including system Apps) that have a spoofable permission and allows you to set spoofing On/Off for them
PFF-Test
If you spoof a spoofable permission for the app PFF-Test you can check the info that the framework provides to PFF-Test
Downloads
ROM aosp_mako-ota-eng.4.4.2.pff.20131216.zip
Gapps are not included in the rom - they can be found at pa_gapps-stock-4.4.2-20131215-signed.zip
PFF-GPSPath_1_3.apk
PFF-AppSettings_1_1.apk
PFF-Test
Communication
I do not want to start a flame war on spoofing on XDA. Whiile spoofing is important for me I do understand people opposing it.
If you want to talk to me, the best way to do this is to look for me (Guhl) at #nexus4, #G2ROOT or #andromadus on freenode IRC.
Changelog
2013-12-16
- Rebased from AOSP 4.3 to 4.4.2
Credits
- Plamen K. Kosseff for the original framework changes
- Flinny for his huge work on the Andromadus roms and supporting me with my original development for the vision
- pierre_ja, Nipqer, Hymie and all the others at #G2ROOT for their endless help and entertainment
XDA:DevDB Information
Permission spoofing framwork - Nexus 4 - AOSP 4.4, ROM for the Google Nexus 4
Contributors
guhl99
ROM OS Version: 4.4.x KitKat
Based On: AOSP
Version Information
Status: Stable
Created 2013-12-16
Last Updated 2014-07-06
