FORUMS

[APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager

20,540 posts
Thanks Meter: 42,876
 
By M66B, Recognized Developer on 5th January 2018, 05:32 PM
Post Reply Email Thread
4th February 2020, 02:35 PM |#5041  
Senior Member
Thanks Meter: 43
 
More
Quote:
Originally Posted by I am Groot!

Back in the old day, Nokia had an option to specify a Location Server to connect to via Settings app. Now, on Android, I am not sure.

As far as I can recall, I think that was where the phone would download AGPS information from and not where the phone would send your location data to.
Quote:
Originally Posted by I am Groot!

Relieved to hear that but since there is no option to customize this, the user is automatically forced into using whatever is pre-configured by a manufacturer. That is clearly a violation of privacy. I mean say if I am travelling in foreign country and not want to use their service then I should be given an option. But now I'll be using whatever is already designed for me with me having no say.

Now, I am not saying this is a very serious concern but I really think that location data is the key to building a user specific profile. I found something on YouTube: youtu.be/Xh5hFUyf-qg?t=599

Although in above video privacy concerns are well described, but I doubt we live in a perfect world where companies are going to keep their words about user privacy.

This just gives a glimpse into the hyper connected and always on world of sensors.

You're right that location data is one of the key to build a user profile but I think this is out of scope/topic from XPLUA as this would depend on the Android build itself or even the hardware manufacturer (though I doubt it's the hardware manufacturer).
4th February 2020, 03:28 PM |#5042  
Junior Member
Thanks Meter: 8
 
More
Yes, what happens once the data is downloaded is up-to the apps. Nokia had the ability to define the location server. Now we don't even have that. I totally get that this might fall out of the scope of XPL but just wanted to hear from Marcel if something can be done about it. My best guess is that end result is in the hands of a manufacturer (note that chip makers give all the options to them.) as to how to use the technology. Unfortunately, we don't have a say.

Time to launch an "X-Privacy-Location" satellite!
Marcel, you in?
4th February 2020, 05:24 PM |#5043  
Senior Member
Thanks Meter: 934
 
More
Quote:
Originally Posted by I am Groot!

Yes, what happens once the data is downloaded is up-to the apps. Nokia had the ability to define the location server. Now we don't even have that. I totally get that this might fall out of the scope of XPL but just wanted to hear from Marcel if something can be done about it. My best guess is that end result is in the hands of a manufacturer (note that chip makers give all the options to them.) as to how to use the technology. Unfortunately, we don't have a say.

Time to launch an "X-Privacy-Location" satellite!
Marcel, you in?

If you really want to disable or change the aGPS data server, check out how to modify the gps.conf system file. There are a few Magisk modules that claim to do that.
This seems off-topic for this thread.
The Following User Says Thank You to Fif_ For This Useful Post: [ View ] Gift Fif_ Ad-Free
4th February 2020, 06:18 PM |#5044  
Junior Member
Thanks Meter: 8
 
More
Not off-topic though as XPL has hooks to protect location and this falls under that category and therefore I asked. In all seriousness, it is really an important security as well as privacy concern right now. I get that the information received is passive but since user has no say in it, this violates privacy. We should have a say to which positioning server we want to use. That's it.

Thank you for that much needed info!
4th February 2020, 06:35 PM |#5045  
QkiZMR's Avatar
Senior Member
Flag Warsaw
Thanks Meter: 122
 
More
I'm struggling with ActivityManager.getRunningAppProcesses hook. I'm using log command to see what UID and CUID XPrivacyLua is trying to match in this hook. In logcat I see that only one UID and CUID (the same one) is used. It looks like something earlier made exclusion of UIDs. I'm testing it on Facebook app and it looks that this hook sees only Facebook UID, 10361 in my case. This hook is using after function. Is there any before function in XPrivacyLua hooks related to ActivityManager? I checked every hook and I saw only after function.
12th February 2020, 01:32 PM |#5046  
Member
Thanks Meter: 3
 
More
It is found that even restricted all permissions with Xprivacylua, the apps are still able to get IMEI using simple code. Just test it in your terminal emulator / adb shell:
getprop |grep imei
Note: you dont need root / phone permission to do that.
please update rules to patch that. thanks
12th February 2020, 03:22 PM |#5047  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 42,876
 
More
Quote:
Originally Posted by John Chu

It is found that even restricted all permissions with Xprivacylua, the apps are still able to get IMEI using simple code. Just test it in your terminal emulator / adb shell:
getprop |grep imei
Note: you dont need root / phone permission to do that.
please update rules to patch that. thanks

The shell (uid 2000) has special permissions. Apps do not have these permissions.
Also, there are definitions in the repository to restrict system properties of your choice.
The Following User Says Thank You to M66B For This Useful Post: [ View ]
12th February 2020, 05:17 PM |#5048  
Member
Thanks Meter: 3
 
More
Quote:
Originally Posted by M66B

The shell (uid 2000) has special permissions. Apps do not have these permissions.
Also, there are definitions in the repository to restrict system properties of your choice.


I did a simple test using Tasker, it is able to run the command without root or phone permission and i stored the imei into a variable.
https://i.imgur.com/iLAa9wB.png
https://i.imgur.com/xfT6nxs.png
I believe it doesn't have any "special permission".
Also with Runtime exec(), apps are able to get imei in this way easily.

BTW i need to point out that the result of that command varies. Most phones with chinese rom(xiaomi, meizu and so on) have that, but samsung and huawei return zero result.
14th February 2020, 07:41 PM |#5049  
Senior Member
Thanks Meter: 62
 
More
Quote:
Originally Posted by John Chu

I did a simple test using Tasker, it is able to run the command without root or phone permission and i stored the imei into a variable.
https://i.imgur.com/iLAa9wB.png
https://i.imgur.com/xfT6nxs.png
I believe it doesn't have any "special permission".
Also with Runtime exec(), apps are able to get imei in this way easily.

BTW i need to point out that the result of that command varies. Most phones with chinese rom(xiaomi, meizu and so on) have that, but samsung and huawei return zero result.

Restrict shell (mind: temporary) and try again.
19th February 2020, 07:48 AM |#5050  
Senior Member
Thanks Meter: 934
 
More
Quote:
Originally Posted by John Chu

I did a simple test using Tasker, it is able to run the command without root or phone permission and i stored the imei into a variable.
https://i.imgur.com/iLAa9wB.png
https://i.imgur.com/xfT6nxs.png
I believe it doesn't have any "special permission".
Also with Runtime exec(), apps are able to get imei in this way easily.

Try the new repo hooks for ProcessBuilder.start and Runtime.exec* (Fif variants).
That loophole is now closed.
The Following 12 Users Say Thank You to Fif_ For This Useful Post: [ View ] Gift Fif_ Ad-Free
19th February 2020, 03:27 PM |#5051  
Member
Thanks Meter: 3
 
More
Quote:
Originally Posted by Fif_

Try the new repo hooks for ProcessBuilder.start and Runtime.exec* (Fif variants).
That loophole is now closed.

Thanks for your work!
I used two different apps to test it. Tasker can't get imei using shell command now. But Terminal Emulator can still get that without root. Both of them are restricted with "Use shell" in XPL. Should I worry about it?
The Following User Says Thank You to John Chu For This Useful Post: [ View ] Gift John Chu Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes