has anyone tried to build this?
http://selinuxproject.org/page/SEAndroid
i would love to have it on my phone.
It it's cool, but right now, very few apps work, and don't expect root out of the gate. The military is working on qualifying apps for it and I phone.
Sent from my Galaxy Nexus using xda premium
Why wouldn't all apps work? its a port of SELinux right? I don't see what apps have to do with it..
I looked into it as well a few months ago, there were quite a few commits for it in aosp master branch, some have been merged, and it's something that will come along eventually.
sent from my tf201
DroidMahn said:
Why wouldn't all apps work? its a port of SELinux right? I don't see what apps have to do with it..
Click to expand...
Click to collapse
Android security != Linux security. On stock Android, have you ever noticed how you don't have to put in a password every time you want to install an app? There isn't a single Linux distribution out there that I can name where you're given the ability to modify the system like that without prompting for root or admin privileges. The app gives you a single "Are you sure?" prompt and then it goes about its business.
The fact that apps have the inherent ability to sidestep the standard Linux permissions pretty much breaks all of the functionality of SELinux, so it has to be rebuilt specifically for Android.
That makes sense.
Sent from my Transformer Prime TF300T using Tapatalk 2
Related
So it doesn't need to verify online?
I'm the paranoid type.
apps that are working perfect right now, do not need to connect to the internet one day and force me to update into a possible (probable) change that ruins functionality, or renders such app useless due to who knows.
IMHO.
They also do not need to one day suddenly shut down, because so-and-so's server won't verify my apps.
So let's pretend that I, myself, am an amazingly successful android app developer..
(starting to like this game already)
And I have a string of aps that require online verification, every use. (Or weekly, montly, etc.)
Each app must connect to the internet, communicate with my servers, and verify app contents and credentials before launching.
This is to ensure that the users of my apps are not only up to date but also legitimate.
If I wanted to remove this process, and instead give my users apps that never need to have network access again, thus never needing to force update..
How would I go about doing any of this?
Would it be to each app his own? Meaning there are many different codings, and checks between separate apps?
Or is there a rather cookie-cutter way to get this done?
Remember these are all my apps, and I have every right to alter them in any way.
Any help or links that can get me on my way?
Sent from my SPH-D710 using xda premium
I would guess that each app developer builds in their own security measures. Why not just use something like droidwall or lbe privacy guard and deny the apps internet access?
someguyatx said:
Why not just use something like droidwall or lbe privacy guard and deny the apps internet access?
Click to expand...
Click to collapse
This works for some, but not for apps that need to verify..
Sent from my SPH-D710 using xda premium
Well if you can spoof the verification somehow you can modify the hosts file to direct the app wherever you want. You could setup your own verification server essentially.
Google lucky patcher apk
Sent from my SPH-D710 using Tapatalk 2
I recently did my ota to jellybean and restored my root access with voodoo. When I enabled lbe privacy app it caused my phone to continually reboot. I had to yank the battery out to stop it. I ended having to restore it to factory settings in recovery mode. Was not happy about this to say the least. Lost root basically had to start over. Beware of this app.
Sent from my Galaxy Nexus using xda premium
Update on this I did not loose root after the hard reset
Sent from my Galaxy Nexus using xda premium
For me, LBE Privacy Guard is a must HAVE app. Unfortunately, it is not compatible with jellybean. I hope developers update it asap.
Sent from my Galaxy Nexus using xda premium
To echo the OP:
DO NOT HAVE LBE INSTALLED WHEN UPDATING TO JB.
efrant said:
To echo the OP:
DO NOT HAVE LBE INSTALLED WHEN UPDATING TO JB.
Click to expand...
Click to collapse
I was up at 4 am as you can see with my post fixing my phone.
Sent from my Galaxy Nexus using xda premium
I was looking at the app and it has serious conflicts with Google now. Google now has various hooks in a variety of apps which causes this.
Sent from my Galaxy Nexus using xda premium
lazl0 said:
I was looking at the app and it has serious conflicts with Google now. Google now has various hooks in a variety of apps which causes this.
Sent from my Galaxy Nexus using xda premium
Click to expand...
Click to collapse
Hopefully the Dev team will sort it out. It was very useful on ICS, but I ran into the same issue as you when I tried using it in JB.
Sent from my Galaxy Nexus using Tapatalk 2
Boot to safe mode and uninstall it. I ran in to this too before reading up on it, not expecting the app to make the phone unusable.
http://www.myvusers.com/forums/samsung-galaxy-nexus/10880-safe-mode-galaxy-nexus-samsung.html
I got hit with this too.
On the plus side Droidwall works again after Jelly bean
I just simply denied it root access, and it stopped rebooting.
I had the same problem as you, the phone soft-rebooted when LBE was given root access.
But i quickly (had like 1 minute before LBE kicked in) went into superuser-app and told it to prompt LBE, and when LBE wanted root access, i denied it, and the phone worked as usual again
to get LBE to work install it, grant root, reboot into recovery and fix permissions no need to wipe
LBE still needs to be updated for JB compatibility ... active protection is not working but traffic monitoring is
I am going to install it in a SDK see if I can play with it.
my other phone is a Nokia n900 maemo
I guess for now if I feeling paranoid and wearing my tin hat I will switch my Sim card to my Nokia. I have lookout on my phone so I know which apps are tracking lbe was there to control them.
my other phone is a Nokia n900 maemo
dreamhawk said:
I just simply denied it root access, and it stopped rebooting.
I had the same problem as you, the phone soft-rebooted when LBE was given root access.
But i quickly (had like 1 minute before LBE kicked in) went into superuser-app and told it to prompt LBE, and when LBE wanted root access, i denied it, and the phone worked as usual again
Click to expand...
Click to collapse
I guess my fingers were not that quick. I had all my important stuff backed of course. Just tedious logging back into all my services. Reloading and installing all the apps I use.:banghead:
my other phone is a Nokia n900 maemo
Lbe kicked in like 20 seconds for me.
my other phone is a Nokia n900 maemo
I have been looking at jelly bean and it incorporates random memory allocation. I need to look at lbe wondering if this hurting it.
my other phone is a Nokia n900 maemo
lazl0 said:
I have been looking at jelly bean and it incorporates random memory allocation. I need to look at lbe wondering if this hurting it.
my other phone is a Nokia n900 maemo
Click to expand...
Click to collapse
did you read my post at all? i have lbe working
blowtorch said:
did you read my post at all? i have lbe working
Click to expand...
Click to collapse
Yeah, but without the active protection service. And i use LBE for that. I don't care for traffic monitoring .
So keep on going lazl0 :good:
I tried the LBE-version which is included in MIUI 4.1 and it works great
Maybe has not that much features like the market-LBE but it's enough for me.
You can't install it, you have to copy it to /system/app and set the permissions to 755.
I've uploaded the current version(1.3.6) for you:
http://www.mediafire.com/?sjna4lfmo9b1vpo
hi there,
i loved LBE PG on my Galaxy Nexus with ICS. the most useful/important app for my peace of mind...
since Jelly Bean i have the same problem with reboot loops and an inevitable restore.
what do you guys think of Permissions Free? it isnt as easy to use as LBE PG, but it seems it delivers the same feature of per-app setting of permissions. when you start it though, you have to be patient as the app does a check procedure first. and after diasallowing a permission for an app the phone needs a reboot... there is also a couple of features only on the paid version...
pdroid is obviously not available for JB either...
how is this type of app not the main issue??? setting these things is so crucial to privacy!
I want to be able to granularly set the permissions for each app. From what I understand my options are:
Cyanogenmod - except CM10 for SGS2 is missing this at this time
Pdroid for GB
Pdroid 2.0 - running CM10 only
LBE (from China)
I have had Pdroid 2.0 running on CM10 for a few weeks but CM10 isn't stable - just had it auto-reboot in the middle of a call. Does anybody have any other ideas / suggestions?
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?
Mrktmind said:
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?
Click to expand...
Click to collapse
Because phone security is generally easy to manage. Most apps make a good name for themselves. And many people check the security of an app as soon as it were to hit the Play Store. It doesn't mean we are young it means that we aren't dumb and know how modern technology works.
hrffd said:
Because phone security is generally easy to manage. Most apps make a good name for themselves. And many people check the security of an app as soon as it were to hit the Play Store. It doesn't mean we are young it means that we aren't dumb and know how modern technology works.[/QUOTE
I highly doubt that anyone on XDA, regardless of age, is dumb. I do believe, however, that there are quite a few younger members who could be a bit naive due to a lack of experience. Younger folks tend to take most things at face value. Just because something is free monetarily doesn't mean it isn't costing you something. Just because an app is on Play Store doesn't mean it is "secure" - especially since the Play Store (as well as Android, Google, et.al.) operate on the same business model as the apps!
Just a random example - Why would Angry Birds need my Sim Card Serial number to operate properly? Why would it need to know the phone numbers of all my incoming calls? Answer - it doesn't - in fact it doesn't need ANY of the permissions it asks for to operate properly. So why does it ask for these permissions? Answer - it is data mining your phone.
Ok, so I think most XDA members are aware of WHAT these apps are doing. My original question is WHY don't more people seem to care?
Click to expand...
Click to collapse
Mrktmind said:
I want to be able to granularly set the permissions for each app. From what I understand my options are:
Cyanogenmod - except CM10 for SGS2 is missing this at this time
Pdroid for GB
Pdroid 2.0 - running CM10 only
LMB (from China)
I have had Pdroid 2.0 running on CM10 for a few weeks but CM10 isn't stable - just had it auto-reboot in the middle of a call. Does anybody have any other ideas / suggestions?
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?
Click to expand...
Click to collapse
I believe MIUI is also a viable option for this, no? You can set app permission on a "per-app" basis with MIUI security I believe.
Sent from my SPH-D710 using Tapatalk 2
I tried this app a while back and it basically does what you want but it got annoying https://play.google.com/store/apps/details?id=com.lbe.security.lite
I don't use these because I am very selective about what goes on my phone.
Thanks Luke!
Not very familiar with MIUI ROM's will have to look into them.
someguyatx said:
I tried this app a while back and it basically does what you want but it got annoying https://play.google.com/store/apps/details?id=com.lbe.security.lite
I don't use these because I am very selective about what goes on my phone.
Click to expand...
Click to collapse
Yes, this is the app I listed above - just had the initials wrong! :silly: It is a lot like pdroid but, like you, it scares me.
I have my own small business and run most of it from my phone, in the beginning I used the standard flip phone then graduated on to a touch pro 2 with Windows Mobile 6.5 as I began to accumulate massive amounts of data on my Windows Mobile phone, for some reason I still felt secure in the applications like ActiveSync that I was in control of my data.... A year ago last October I upgraded to the Samsung Galaxy s2.. this was my first real experience with Google's Android operating system. in the first few minutes of using the new phone I could see how deeply the hooks were being placed to data mine my information. I resisted at first but then came to realize if I wanted all the bells and whistles Google was offering I had to play the game... I use the security program mentioned above... maybe they should have an app were you sign a consent of exactly which data you would like to keep on your phone and not share with other people. then when you visit the play store apps that request more of your private data than you're willing to share won't show up? I would like to have an open sourced built firewall that monitors traffic, letting me choose the permissions per app as I see fit.
Mrktmind said:
Thanks Luke!
Not very familiar with MIUI ROM's will have to look into them.
Click to expand...
Click to collapse
I've ran both Adhvanlt's and Lens's JB MIUI Roms, and they're both amazing! The standard MIUI launcher feels a bit like the iphone, and there is no app drawer, but that's easily fixed by downloading [insert favorite launcher here] if you don't care for it. There's hundreds of options for customization. They are literally the most customizable ROMs you'll ever run; All of this on top of the fact that it has the security features I believe you are after baked right in to it.
Sent from my SPH-D710 using Tapatalk 2
Looked at two MIUI ROM's for the E4GT. Both of them have issues with Google Voice. I need Google Voice.
I am also going to try +AF (Droidwall fork) firewall tonight to see if it will work on FK23. It apparently has issues with some ICS/JB ROM's. That will at least give some protection from apps that don't need network access at all. But for apps that need network access to do their intended job it's useless. Just read last night that the developer has added profiles to +AF - that should be really cool.
I guess I'm spoiled a bit with Pdroid - it works so well and is very detailed.
Thanks for all the replies! Other suggestions, ideas, thoughts, opinions welcomed!
Mrktmind said:
I want to be able to granularly set the permissions for each app. From what I understand my options are:
Cyanogenmod - except CM10 for SGS2 is missing this at this time
Pdroid for GB
Pdroid 2.0 - running CM10 only
LBE (from China)
I have had Pdroid 2.0 running on CM10 for a few weeks but CM10 isn't stable - just had it auto-reboot in the middle of a call. Does anybody have any other ideas / suggestions?
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?
Click to expand...
Click to collapse
As an app developer, I can tell you that there are some shady apps, but if you download from good devs, the permissions are *usually* necessary. Here's some examples that people question the most:
Access to contacts... Assuming it's not a contact or sms app, if any app has a "share" feature needs this permission.
Access to sd card... Any app that saves anything or lets you change a background needs this.
Read phone state... So the app can properly call the "onpause" method when a call comes in.
Access to location... Assuming it's not a location app or game like ingress or zombies!Run!, you'll typically see this on free apps that have ads. Ads allow developers to get paid for their work while keeping the app free. They don't have access to the ad data, though. They just put in the api and the ad company handles the rest.
On top of that, large organizations will seek phone specific permissions like sim card numbers for analytics.
Google makes most of its money from ads, so it reads your usage to better target ads. Google also uses location data to improve location services like maps.
If you're worried about security, don't download a random app that only has 100+ downloads. If an app has 50000+ downloads, you can rest assured that it's already been vetted.
Also if you're downloading pirated apps, you're just a moron who is opening up his world to who knows who. Many (not all) pirated apps have added data mining code.
Sent from my SPH-D710 using Tapatalk 2
Nice article to read.. Just thought I would share.. MODS PLEASE DELETE IN CASE THIS IS A DUPLICATE.
http://news.yahoo.com/theres-zombie-security-flaw-almost-every-android-phone-013019842.html
There's a Zombie-like Security Flaw in Almost Every Android Phone
LikeDislike
Abby Ohlheiser 56 minutes ago
Technology & Electronics
.
View gallery
There's a Zombie-like Security Flaw in Almost Every Android Phone
Almost every Android phone has a big, gaping security weakness, according to the security startup who discovered the vulnerability. Essentially, according to BlueBox, almost every Android phone made in the past four years (or, since Android "Donut," version 1.6) is just a few steps away from becoming a virtual George Romero film, thanks to a weakness that can "turn any legitimate application into a malicious Trojan."
While news of a security vulnerability in Android might not exactly be surprising to users, the scope of the vulnerability does give one pause: "99 percent" of Android mobiles, or just under 900 million phones, are potentially vulnerable, according to the company. All hackers have to do to get in is modify an existing, legitimate app, which they're apparently able to do without breaking the application's security signature. Then, distribute the app and convince users to install it.
Google, who hasn't commented on the vulnerability yet, has known about the weakness since February, and they've already patched the Samsung Galaxy S4, according to CIO. And they've also made it impossible for the malicious apps to to install through Google Play. But the evil apps could still get onto a device via email, a third-party store, or basically any website. Here's the worst-case scenario for exploitation of the vulnerability, or what could potentially happen to an infected phone accessed via an application developed by a device manufacturer, which generally come with elevated access, according to BlueBox:
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
The company recommends users of basically every Android phone double check the source of any apps they install, keep their devices updated, and take their own precautions to protect their data. But as TechCrunch notes, Android users really should be doing this anyway, as the devices tend to come with a " general low-level risk" from malware. That risk, however, is elevated for users who venture outside of the Google Play store for their apps.
So while the actual impact of the vulnerability is not known, neither is the timeline for fixing it. Manufacturers will have to release their own patches for the problem in order to fix it, something that happens notoriously slowly among Android devices.
I was under the impression that the very latest android is not vulnerable (4.2.2). Is this true of CyanogenMod?
Sent from my SGH-T999 using xda app-developers app
It says almost everything since 1.6 is vulnerable. It also says its up to the device manufacturers to patch the vulnerability. So 4.2.2 is just as vulnerable. My guess is aosp will be patched in 4.3.
So unless the CM team already knew about this, and have already solved it, it'll be at risk. And I doubt they would have. Pretty sure they'd make it public if they did.
@op Thanks for posting! Hopefully this'll wake some golks up and they'll stop installing anything they find. This could be one helluva strike against software pirates too! Obviously one of the easiest way to infect someone is if they use pirated root capable apps.
Be aware too though, a simple themed system app could just as easily do this. I'd say that untill we know more, be cautious with any themed or modded system apps, even those you find here on xda. (Of course if they are from our RD/RC/RT's, or from reputable sources such as Wicked (Deviant Development) you're most likely ok) But watch for stuff released by people with brand new accounts.
Hopefully we will know more soon. And more hopeful that the oatch will be simple as in the past. (Dont remember the name right now but one was patched by an empty file with no permissions.)
Sent from my SGH-T999 using xda premium
And yet for all these years I don't have any problem of somebody broke my house. I would take this with reserve and as scare tactic. Of course there always be some hacks, even pentagon is prone and vulnerable to cyber attacks, just keep your private stuff private.
Sent from my SGH-T999 using xda app-developers app
vulnerabilities
dito33 said:
And yet for all these years I don't have any problem of somebody broke my house. I would take this with reserve and as scare tactic. Of course there always be some hacks, even pentagon is prone and vulnerable to cyber attacks, just keep your private stuff private.
Sent from my SGH-T999 using xda app-developers app
Click to expand...
Click to collapse
Don't panic or get scared just be aware. These days mass hysteria can be easily created by the mass media. Ahhhh!!!! My android phone turned my family and friends in ANDROID ZOMBIES.
Mass hysteria and mass hypnosis are spreading across North America like unstoppable waves of hypnosis. The concepts of vulnerability and media go hand and foot. But I find it to be crap .. Who care ?? It a phone not your person safe.. If you dont want it seen dont keep it or type it on you phone. Android is not the only phone there are exposed security holes in Apple products such as the iPhone which allowed applications to connect to remote computers and transfer personal data. It is extremely difficult to defend against unknown vulnerabilities. Especially if we choose to believe everything the media and the masses say.
LOL dont worry about it ...you should be worried about the app that unlocks your brain vulnerabilities and takes over your MIND....:good::good:
Common Sense is the best defense!
Sent from my SGH-T999 using xda premium
They have been talking about this a little on twit.tv , it's mostly a worry only if you side load apps you don't get from the play store. They are said to reveal the vulnerability at the next black hat convention.
Sent from my SGH-T999 using xda app-developers app
Trevorlay said:
They have been talking about this a little on twit.tv , it's mostly a worry only if you side load apps you don't get from the play store. They are said to reveal the vulnerability at the next black hat convention.
Sent from my SGH-T999 using xda app-developers app
Click to expand...
Click to collapse
Not mostly. You are only vulnerable if you side load. Google runs verification on apps before they are uploaded to play to ensure they don't have malicious behavior or request undocumented permissions.
With that said, just be careful what you download, as always. The best virus protection is common sense.
Sent from my SGH-T999 using xda premium
Maybe apple paid the person to write the article lol
Sent from my EVO using xda premium
Adreaver said:
Not mostly. You are only vulnerable if you side load. Google runs verification on apps before they are uploaded to play to ensure they don't have malicious behavior or request undocumented permissions.
With that said, just be careful what you download, as always. The best virus protection is common sense.
Sent from my SGH-T999 using xda premium
Click to expand...
Click to collapse
It's not fool proof. There have been several instances where malicious apps made it onto the play store. Just cause it's there doesn't make it safe.
Sent from my SGH-T999V using xda premium
Is anti-virus app can detect the zombie?
Sent from my SGH-T999 using xda premium
Didn't the article say? I don't think there is. It's been a while since I read it but I thought it touched on that.
Sent from my SGH-T999V using xda premium
Ive been running the Hybrid-x ROM for some time. I read an article the other day about how some (or all?) Apps have complete access to your phone. Is there a way (besides uninstalling) to prevent Apps from have free reign on your phone? Too, is there anyone custom ROM that has better security and privacy features than another? Many thanks!
Sent from my SM-N910P using XDA Free mobile app
Look up Ap op"s it is a function Google has hidden in the OS.. Essentially it is a permissions manager.... Exposed has a module called Ap op's to enable the function. .
You can disable permissions for applications but be prepared that disabling too many can break the application. . You can always change back and forth experimenting on what restricted permissions work best for any individual application. ..
Sent from my SM-N910P using Tapatalk
Used to use droid wall. Not sure if it works on lollipop.
Using the xprivacy module for xposed is the only real option. There are tons of reasons to root and use xposed but this is a great one. It sort of works on 5.1 but is really nest supported in kk (I'm staying on kk until there's a real reason to move off, way too many issues with lollipop).
tapa_talk 4 sucks