FORUMS
Remove All Ads from XDA

[APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager

18,906 posts
Thanks Meter: 38,810
 
By M66B, Recognized Developer on 5th January 2018, 04:32 PM
Post Reply Email Thread
27th August 2019, 08:53 PM |#4621  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,810
 
More
Quote:
Originally Posted by I am Groot!

So true! I miss the unforgiving restrictions of XP and the detailed log was just amazing to dig up and the list goes on and on. With XPL, apps are able to breath while XP put them on life support!

There is not much difference in restrictions, but it is true some problematic restrictions are not supported anymore (some of which can be found in the repo and all of them could be added by writing custom hook definitions). See here for a detailed comparison with XPrivacy:

https://github.com/M66B/XPrivacyLua/...er/XPRIVACY.md

See also this FAQ:
https://github.com/M66B/XPrivacyLua/...r-content-faq4

In the now closed XPrivacy thread you can find some more background info in the latest comments if you are interested.
27th August 2019, 09:15 PM |#4622  
Senior Member
Thanks Meter: 833
 
More
Quote:
Originally Posted by I am Groot!

@Fif_
Found something by coincident. While installing Reddit, the UI switched to Night Mode at startup of the app. The app was able to detect Battery Saver status, which was on at the time.

Does that mean the Battery Saver function somehow managed to communicate with apps letting them know the status of the device? The definitions, in this case failed to mask the battery values.

The Battery Saver status is not covered by any hooks that I'm aware of, so that's not surprising at all.
The hooks you're thinking about are the BatteryManager* hooks and Intent.createFromParcel/battery, they cover the battery manager methods and intents for. These hide your battery level and charging status, but not the battery saver status.
You are correct that apps could very loosely infer your battery status from the saver status.
This illustrates how hard it is to prevent information from leaking on Android.
I'll see if something can be done about it.

Edit:
It's doable, it would require a new hook, BatteryManager.isPowerSaveMode and an update to Intent.createFromParcel/battery to fake the corresponding intent.
However I think it's a bad idea as you would pretty much prevent the apps you'd apply these hooks to from taking any action when the user has requested to save power, potentially draining the battery.
Furthermore, turning on power saving is entirely under the user's control, if you don't want apps to detect a low power condition, then don't turn on power save.
Feel free to try to convince me otherwise, but I won't be looking any further into this at the moment.
The Following 3 Users Say Thank You to Fif_ For This Useful Post: [ View ] Gift Fif_ Ad-Free
28th August 2019, 03:27 PM |#4623  
Junior Member
Thanks Meter: 7
 
More
@M66B
I actually took a look at Lua in general and I was not able to understand. Back in the day, I used to use C++ but it's all gone now and now on a completely different path. Always interested in your work so of course I am gonna read them. Thank you!

@Fif_
I am gonna try convince you with these:
  • Battery Saver function is really helpful and since it's under System's control, apps (most) have to obey. So they don't need to know about this.
  • Knowing about Battery Saver status can easily make apps know the "user behavior" over long period and as you'd guess it, would use them in broader analytics.
  • This new definition would help user have more control while letting the System do its thing silently without alerting the apps of how a user uses its phone.

And as always, I am thankful and in case I sound a bit off then please don't take it the wrong way. You are one of the major contributors and I respect you a lot and hope for you to continue support this amazing project!
The Following User Says Thank You to I am Groot! For This Useful Post: [ View ] Gift I am Groot! Ad-Free
28th August 2019, 04:33 PM |#4624  
Senior Member
Thanks Meter: 833
 
More
Quote:
Originally Posted by I am Groot!

Battery Saver function is really helpful and since it's under System's control, apps (most) have to obey. So they don't need to know about this.

Knowing about Battery Saver status can easily make apps know the "user behavior" over long period and as you'd guess it, would use them in broader analytics.

This new definition would help user have more control while letting the System do its thing silently without alerting the apps of how a user uses its phone.

Thanks!
These would have to be at least two definitions, but I would need to dig in further.
If I were to go ahead I'd probably create yet another group "Read battery saver" because I'd want to control the saver separately from the "Read battery" group that covers battery level, charge count and power status.
The Following 2 Users Say Thank You to Fif_ For This Useful Post: [ View ] Gift Fif_ Ad-Free
29th August 2019, 02:14 AM |#4625  
Junior Member
Thanks Meter: 7
 
More
So glad to hear from you!
29th August 2019, 03:30 PM |#4626  
Senior Member
Thanks Meter: 16
 
More
Daniel Micay, the developer of GrapheneOS, says XPrivacyLua is useless because any app can easily bypass it via client side checks. Is it really that easy to do it?

https://www.reddit.com/r/GrapheneOS/...262/?context=3
The Following User Says Thank You to J3:16 For This Useful Post: [ View ] Gift J3:16 Ad-Free
29th August 2019, 03:47 PM |#4627  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,810
 
More
Quote:
Originally Posted by J3:16

Daniel Micay, the developer of GrapheneOS, [says XPrivacyLua is useless](https://www.reddit.com/r/GrapheneOS/...62/?context=3) because any app can easily bypass it via client side checks. Is it really that easy to do it?

With early Xposed versions this was easily possible, but with newer Xposed versions this has become more difficult (but not completely impossible). There is however a big difference between can happen and will happen.

In any case this is incorrect: "XPrivacyLua doesn't help more than standard permissions" because XPrivacyLua covers a lot more than standard permissions. Moreover, not requiring permissions for privacy sensitive data and/or not having granular permissions is why XPrivacyLua exists in the first place.

I don't agree with "just adds attack surface" either, unless you consider unlocking the bootloader a danger or are installing rogue Xposed modules. Xposed in itself does nothing. If unlocking the bootloader is meant, using GrapheneOS is dangerous too ...

Anyway, IMO this statement is quite black and white and missing nuances.
The Following 7 Users Say Thank You to M66B For This Useful Post: [ View ]
29th August 2019, 05:04 PM |#4628  
Senior Member
Thanks Meter: 16
 
More
Yeah, they say many things in that thread, however Daniel Micay is regarded as a good developer, and he constantly says how keeping bootloader unlocked (after installing GrapheneOS) and root permissions are dangerous. I think he is exaggerated, I mean, is having sudo rights dangerous on Linux? Then why not root? He says modifying hosts file is silly and apps like Blokada work better (whereas AdAway is regarded as the best solution by the majority). Nonetheless he seems to be legit in his reasons, i.e. he is probably not shilling for his OS (probably), hence why many people are listening to him and waging battle against root and stuff. It's a bit confusing.
29th August 2019, 05:08 PM |#4629  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,810
 
More
Quote:
Originally Posted by J3:16

Yeah, they say many things in that thread, however Daniel Micay is regarded as a good developer, and he constantly says how keeping bootloader unlocked (after installing GrapheneOS) and root permissions are dangerous. I think he is exaggerated, I mean, is having sudo rights dangerous on Linux? Then why not root? He says modifying hosts file is silly and apps like Blokada work better (whereas AdAway is regarded as the best solution by the majority). Nonetheless he seems to be legit in his reasons, i.e. he is probably not shilling for his OS (probably), hence why many people are listening to him and waging battle against root and stuff. It's a bit confusing.

Like I already tried to say: it is not black and white. Yes, unlocking the bootloader is a risk, which is why there is a message shown about this on each device start. But also yes, unlocking the bootloader comes with advantages, like being able to install Xposed and XPrivacyLua to protect your privacy better.
The Following User Says Thank You to M66B For This Useful Post: [ View ]
29th August 2019, 06:08 PM |#4630  
Senior Member
Thanks Meter: 55
 
More
Quote:
Originally Posted by J3:16

Yeah, they say many things in that thread, however Daniel Micay is regarded as a good developer, and he constantly says how keeping bootloader unlocked (after installing GrapheneOS) and root permissions are dangerous. I think he is exaggerated, I mean, is having sudo rights dangerous on Linux? Then why not root? He says modifying hosts file is silly and apps like Blokada work better (whereas AdAway is regarded as the best solution by the majority). Nonetheless he seems to be legit in his reasons, i.e. he is probably not shilling for his OS (probably), hence why many people are listening to him and waging battle against root and stuff. It's a bit confusing.

Idc about what he said mate, having su permission comes with a lot of Advantages and 2-3 disadvantages.

Speaking about pros , there are these basic stuff like:
-Debloating your device
-Blocking ads by modifying the hosts file

And the advanced stuff like:

-Flashing xposed/edxposed
-using xposed modules to fully customize your device like gravitybox, boot animation and such modules (which makes CUSTOM ROMS somehow USELESS )
-Privacy, using xprivacy with netguard/afwall+ you can control permissions and internet access.

Cons:

-No longer having warranty
-You might brick your device if you're a newb.
-Breaking safetynet (old Android version)

That's all
The Following 2 Users Say Thank You to dope77 For This Useful Post: [ View ] Gift dope77 Ad-Free
29th August 2019, 06:12 PM |#4631  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 38,810
 
More
Quote:
Originally Posted by dope77

...

-No longer having warranty

...

At least in the EU this is not true, although the manufacturers try to let you believe this. This is only true if the hardware was damaged due to rooting your device.
The Following 2 Users Say Thank You to M66B For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes