FORUMS
Remove All Ads from XDA

[APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager

18,845 posts
Thanks Meter: 38,695
 
By M66B, Recognized Developer on 5th January 2018, 04:32 PM
Post Reply Email Thread
26th November 2018, 01:21 PM |#3641  
Senior Member
Thanks Meter: 224
 
More
Quote:
Originally Posted by CHEF-KOCH

Open source has nothing to do with an audit, VeraCrypt is also open source and got an independent audit, so this is not a ridiculous request. If you call it "privacy" or security people automatically think it has something to do with security and you know that exactly. How does it protect someone's privacy if he for example login into the Reddit app? Even if the app doesn't send anything back or only faked data, Reddit still sees everything you post and based on that you're quite unique, so they don't even need any fingerprinting to triangulate a social profile from you, the better "manager" here would tell you that you should be careful what you post on social networks/websites, which Xprivacy doesn't mention, in fact you have to root your phone to flash and get access to TWRP/bootloader to install a beta framework which requires an additional application/module, I see this not as privacy/security related because you run into possible fake downloads (which is still a problem).

I also don't see how this manage anything if the user needs to setup everything on his own. Which research you're talking about you never provided something I could check. I don't make your work here, nor did I advertise my stuff as "privacy manager" or security-related product that's the difference. That you refuse to give an example shows only that you're unable to handle criticism. I see this "program" here same as AV products, snake oil because it might take a focus on several samples but doesn't clearly mention that this doesn't mean people are more private/secure.

Nothing is perfect but that wasn't the point here, I request to take a look on your research, or to get an insight view and you simply refuse it, that's why I call the product a scam. No app ever made you more private/secure, I say this as clear as possible. No one needs your app, the best advice is to install or uninstall the apps, use the foss alternative apps and choose the services which someone connects to wisely instead of trusting questionable promises with beta frameworks which never got a serious audit. I think the original developer never said that this is security wise tested, which I agree in but he never said or advertised it as "manager" or **** like this.

This project here has nothing to do with privacy/security and as long as you refuse to provide any evidence I will call you out as someone which scam people because you also not mention that Android also evolved and that there already several mechanisms in order to restrict permissions, block internet etc.

Your example of Reddit does not apply to what XPL protects you against. When you make a post on Reddit, you willingly disclose the data of your post information, as well as Reddit login data to them. This has to be done by you, and is always with your consent. Of course Reddit will then have this information. XPL is better suited against apps that try to access data they shouldn't in the background, or refuse to work of they don't have access to something (even when it's not required for the app to function). Like an app listening on your microphone in the background. Or accessing your clipboard when it shouldn't.
XPL doesn't talk about being careful to post stuff on social media because that is assumed to be common sense, at least for people who care about privacy. XPL is a tool, not meant to educate people on IT topics not directly related to what XPL does.

XPL "manages" the hooks into other apps it uses to fake or hide data. Maybe you mistook the term "privacy manager" as something that offers a complete solution to all privacy related topics. This is not correct.

You can't always uninstall apps that are a threat to your privacy, and unfortunaley it is unrealistic to find a viable alternative to every app that does shady stuff in the background.

Android has its own permission system, but it's not sufficient. The best example: your clipboard. The #1 place where users copy their passwords. And yet, every app can access it at any time without restriction. Permissions like camera, microphone access etc. do work, but an app can see when you deny the permission request and refuse to function. Usual apps can't detect whether the camera is really not available or XPL is faking it.

By the way: Have you ever looked up "non-violent communication"? You may not have heard of it, but it is a very useful soft skill to have. For example, insulting someone and their work is usually not the most effective way to get them to do what you want.

Edit: Altering the Android Code directly is not an option, since a lot of the open APIs (like the clipboard) would break a lot of apps if they were closed off. Also, providing custom fake data, custom hooks etc. is too advanced for the average consumer, and would thus confuse a lot of people if it was added to Android.
The Following 6 Users Say Thank You to Namnodorel For This Useful Post: [ View ] Gift Namnodorel Ad-Free
26th November 2018, 01:23 PM |#3642  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,695
 
More
Quote:
Originally Posted by CHEF-KOCH

Open source has nothing to do with an audit, VeraCrypt is also open source and got an independent audit, so this is not a ridiculous request. If you call it "privacy" or security people automatically think it has something to do with security and you know that exactly. How does it protect someone's privacy if he for example login into the Reddit app? Even if the app doesn't send anything back or only faked data, Reddit still sees everything you post and based on that you're quite unique, so they don't even need any fingerprinting to triangulate a social profile from you, the better "manager" here would tell you that you should be careful what you post on social networks/websites, which Xprivacy doesn't mention, in fact you have to root your phone to flash and get access to TWRP/bootloader to install a beta framework which requires an additional application/module, I see this not as privacy/security related because you run into possible fake downloads (which is still a problem).

I also don't see how this manage anything if the user needs to setup everything on his own. Which research you're talking about you never provided something I could check. I don't make your work here, nor did I advertise my stuff as "privacy manager" or security-related product that's the difference. That you refuse to give an example shows only that you're unable to handle criticism. I see this "program" here same as AV products, snake oil because it might take a focus on several samples but doesn't clearly mention that this doesn't mean people are more private/secure.

Nothing is perfect but that wasn't the point here, I request to take a look on your research, or to get an insight view and you simply refuse it, that's why I call the product a scam. No app ever made you more private/secure, I say this as clear as possible. No one needs your app, the best advice is to install or uninstall the apps, use the foss alternative apps and choose the services which someone connects to wisely instead of trusting questionable promises with beta frameworks which never got a serious audit. I think the original developer never said that this is security wise tested, which I agree in but he never said or advertised it as "manager" or **** like this.

This project here has nothing to do with privacy/security and as I am not here to educate people and I think it is reasonable to long as you refuse to provide any evidence I will call you out as someone which scam people because you also not mention that Android also evolved and that there already several mechanisms in order to restrict permissions, block internet etc.

I didn't related open source and an audit with each other. I only said that XPrivacyLua is 100% open source and that it can therefore be audited by anyone. Actually, most of the source code of XPrivacyLua is easy to read, especially the source code that deals with faking values. XPrivacyLua is even user extensible, so anyone can contribute new features in a relatively easy way and they don't even need to be privacy related.

I think it is reasonable to expect some common sense, especially from the people reading here. Fake downloads, etc can be a problem, but is that a reason not to provide downloads?

I am not sure what you mean by research, but I have read most of Android's source code to see what it does and how that can be changed by XPrivacy(Lua). So, basically I literally checked the source. If you want to know something specific, just ask and I will try to explain things in more detail.

Both you and I want to help people to protect their privacy, so let's not fight about this and instead cooperate. If you think the description is not accurate, please tell me what needs to be changed. If you think that XPrivacyLua doesn't work correctly, please tell what doesn't work correctly and I will look into it.
The Following 12 Users Say Thank You to M66B For This Useful Post: [ View ]
26th November 2018, 05:43 PM |#3643  
folusmile's Avatar
Senior Member
Thanks Meter: 227
 
More
Quote:
Originally Posted by M66B

I didn't related open source and an audit with each other. I only said that XPrivacyLua is 100% open source and that it can therefore be audited by anyone. Actually, most of the source code of XPrivacyLua is easy to read, especially the source code that deals with faking values. XPrivacyLua is even user extensible, so anyone can contribute new features in a relatively easy way and they don't even need to be privacy related.

I think it is reasonable to expect some common sense, especially from the people reading here. Fake downloads, etc can be a problem, but is that a reason not to provide downloads?

I am not sure what you mean by research, but I have read most of Android's source code to see what it does and how that can be changed by XPrivacy(Lua). So, basically I literally checked the source. If you want to know something specific, just ask and I will try to explain things in more detail.

Both you and I want to help people to protect their privacy, so let's not fight about this and instead cooperate. If you think the description is not accurate, please tell me what needs to be changed. If you think that XPrivacyLua doesn't work correctly, please tell what doesn't work correctly and I will look into it.

Well said
26th November 2018, 06:01 PM |#3644  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,695
 
More
Quote:
Originally Posted by folusmile

Well said

Thanks.

However, since @CHEF-KOCH seems to be a kind of allergic to "well said", let me be clear that the goal is to improve people's privacy, preferably in a cooperative way. I think it is safe to say that we don't have to expect much from the big companies.
The Following 9 Users Say Thank You to M66B For This Useful Post: [ View ]
28th November 2018, 12:17 AM |#3645  
Senior Member
Thanks Meter: 10
 
More
Hi,

Just installed latest version 1.23.22 from xposed repo and I'm running xposed 90-beta3 on Oreo 8.0.0 (API 26) on a Samsung Galaxy S8 rooted Stock ROM with Magisk Manager as root solution.

Problem is when I start XprivacyLUA it displays main screen for 2-3 seconds and then leads to a reboot of the phone. I guess it has problems reading the app list. I have quite a lot of user apps installed, titanium backup lists 371 user apps and a total of 720 user+system.

Is this a bug of XprivacyLUA that can be dealt with or is it just not working on my xposed version?

Cheers
Marc
28th November 2018, 05:17 AM |#3646  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,695
 
More
Quote:
Originally Posted by marcelser

Hi,

Just installed latest version 1.23.22 from xposed repo and I'm running xposed 90-beta3 on Oreo 8.0.0 (API 26) on a Samsung Galaxy S8 rooted Stock ROM with Magisk Manager as root solution.

Problem is when I start XprivacyLUA it displays main screen for 2-3 seconds and then leads to a reboot of the phone. I guess it has problems reading the app list. I have quite a lot of user apps installed, titanium backup lists 371 user apps and a total of 720 user+system.

Is this a bug of XprivacyLUA that can be dealt with or is it just not working on my xposed version?

Cheers
Marc

Without a log file it's not really possible to tell what is going on, but my best guess is Xposed bug #325.
28th November 2018, 02:12 PM |#3647  
Senior Member
Thanks Meter: 10
 
More
Quote:
Originally Posted by M66B

Without a log file it's not really possible to tell what is going on, but my best guess is Xposed bug #325.

Can I still get a log after phone rebooted?
28th November 2018, 02:15 PM |#3648  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,695
 
More
Quote:
Originally Posted by marcelser

Can I still get a log after phone rebooted?

No, you'll need to capture the log while the problem occurs using adb (use your favorite search engine to find a guide).
28th November 2018, 08:11 PM |#3649  
huckky's Avatar
Senior Member
Thanks Meter: 31
 
More
Greetings.
I have a dual sim xiaomi mi a2 with single simcard in it.
With apps that require device id, i get the following error log ending with my sim 1 imei.

Obviously I did something but have no clue. Anyone would point me to right direction please?
Thank you.


Privacy.TelephonyManager.getDeviceId

Exception:
org.luaj.vm2.LuaError: script:20 attempt to call nil
at org.luaj.vm2.LuaValue.checkmetatag(SourceFile:3365 )
at org.luaj.vm2.LuaValue.callmt(SourceFile:1997)
at org.luaj.vm2.LuaValue.call(SourceFile:1450)
at org.luaj.vm2.LuaClosure.execute(SourceFile:366)
at org.luaj.vm2.LuaClosure.onInvoke(SourceFile:183)
at org.luaj.vm2.LuaClosure.invoke(SourceFile:176)
at org.luaj.vm2.LuaValue.invoke(SourceFile:1789)
at eu.faircode.xlua.XLua$5.execute(SourceFile:491)
at eu.faircode.xlua.XLua$5.afterHookedMethod(SourceFi le:457)
at de.robv.android.xposed.XposedBridge.handleHookedMe thod(XposedBridge.java:375)
at android.telephony.TelephonyManager.getDeviceId(<Xp osed>)
at com.oksijen.smartsdk.core.utils.e.f(Unknown Source:31)
at com.oksijen.smartsdk.core.utils.e.q(Unknown Source:7)
at com.oksijen.smartsdk.core.service.SmartService.e(U nknown Source:31000)
at com.oksijen.smartsdk.core.service.SmartService.onS tartCommand(Unknown Source:21)
at android.app.ActivityThread.handleServiceArgs(Activ ityThread.java:3474)
at android.app.ActivityThread.-wrap20(Unknown Source:0)
at android.app.ActivityThread$H.handleMessage(Activit yThread.java:1692)
at android.os.Handler.dispatchMessage(Handler.java:10 6)
at android.os.Looper.loop(Looper.java:164)
at android.app.ActivityThread.main(ActivityThread.jav a:6501)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsC aller.run(RuntimeInit.java:438)
at com.android.internal.os.ZygoteInit.main(ZygoteInit .java:807)
at de.robv.android.xposed.XposedBridge.main(XposedBri dge.java:108)


Package:
com.vodafone.selfservis:10141

Method:
after public java.lang.String android.telephony.TelephonyManager.getDeviceId()

Arguments:
null

Return:
xxxxxxxxxxxxxxx (java.lang.String)
28th November 2018, 08:27 PM |#3650  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,695
 
More
Quote:
Originally Posted by huckky

Greetings.
I have a dual sim xiaomi mi a2 with single simcard in it.
With apps that require device id, i get the following error log ending with my sim 1 imei.

Obviously I did something but have no clue. Anyone would point me to right direction please?
Thank you.


Privacy.TelephonyManager.getDeviceId

Exception:
org.luaj.vm2.LuaError: script:20 attempt to call nil
at org.luaj.vm2.LuaValue.checkmetatag(SourceFile:3365 )
at org.luaj.vm2.LuaValue.callmt(SourceFile:1997)
at org.luaj.vm2.LuaValue.call(SourceFile:1450)
at org.luaj.vm2.LuaClosure.execute(SourceFile:366)
at org.luaj.vm2.LuaClosure.onInvoke(SourceFile:183)
at org.luaj.vm2.LuaClosure.invoke(SourceFile:176)
at org.luaj.vm2.LuaValue.invoke(SourceFile:1789)
at eu.faircode.xlua.XLua$5.execute(SourceFile:491)
at eu.faircode.xlua.XLua$5.afterHookedMethod(SourceFi le:457)
at de.robv.android.xposed.XposedBridge.handleHookedMe thod(XposedBridge.java:375)
at android.telephony.TelephonyManager.getDeviceId(<Xp osed>)
at com.oksijen.smartsdk.core.utils.e.f(Unknown Source:31)
at com.oksijen.smartsdk.core.utils.e.q(Unknown Source:7)
at com.oksijen.smartsdk.core.service.SmartService.e(U nknown Source:31000)
at com.oksijen.smartsdk.core.service.SmartService.onS tartCommand(Unknown Source:21)
at android.app.ActivityThread.handleServiceArgs(Activ ityThread.java:3474)
at android.app.ActivityThread.-wrap20(Unknown Source:0)
at android.app.ActivityThread$H.handleMessage(Activit yThread.java:1692)
at android.os.Handler.dispatchMessage(Handler.java:10 6)
at android.os.Looper.loop(Looper.java:164)
at android.app.ActivityThread.main(ActivityThread.jav a:6501)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsC aller.run(RuntimeInit.java:438)
at com.android.internal.os.ZygoteInit.main(ZygoteInit .java:807)
at de.robv.android.xposed.XposedBridge.main(XposedBri dge.java:108)


Package:
com.vodafone.selfservis:10141

Method:
after public java.lang.String android.telephony.TelephonyManager.getDeviceId()

Arguments:
null

Return:
xxxxxxxxxxxxxxx (java.lang.String)

Actually, this is being caused by a bug in the app or maybe in Xposed. XPrivacyLua should handle this better and I will improve it after I have received my Acer Chromebox back (why is it that if you purchase something and get it delivered the next day and that warranty claims takes weeks?). If this will make the restriction work for you is another question.

Edit: getThis() in the hook definition returns null. This should never happen, but never say never ...
The Following 2 Users Say Thank You to M66B For This Useful Post: [ View ]
28th November 2018, 08:31 PM |#3651  
huckky's Avatar
Senior Member
Thanks Meter: 31
 
More
Quote:
Originally Posted by M66B

Actually, this is being caused by a bug in the app or maybe in Xposed. XPrivacyLua should handle this better and I will improve it after I have received my Acer Chromebox back (why is it that if you purchase something and get it delivered the next day and that warranty claims takes weeks?). If this will make the restriction work for you is another question.

So I did nothing wrong?? Well, that's new
Thank you for weirdly fast answer.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes