Related
[Closing message]
Hi,
I am discontinuing the work on the Android Permission Spoofing Framework as I am not using Android anymore.
If anybody is interested in taking over the development I would be very happy to help her or him getting started as much as possible.
Feel free to contact me if you would like to work on it.
Sorry and have fun - Guhl
[End closing message]
This ROM is based on Cyanogenmod CM10.1.
In addition to the original CM10.1 rom it includes the permission spoofing framework enhancement that was originally developed by Plamen K. Kosseff for Android 2.3. The functionality has been ported to Android 4.x and enhanced by me and is now available.
My work was/is originally done for the HTC vision (G2/DZ) for which i provide ROMs based on ASOP and CM10.1 (see posting in the vision forum) but since i do have a N4 now too i will provide ROMs for it also.
If you as a developer want to add the permission spoofing framework to your ROM please go ahead it should be portable easily. I will keep the commit list updated. If you need help don't hesitate to ask!
The source of the enhancement can be found on github in the repositories:
cm-android_frameworks_base
cm-android_frameworks_opt_telephony
android_packages_apps_Settings
The current work is done in the CM-10.1 branch and the relevant commits are:
framework initial commit
framework bug fix 1
framework bug fix 2
frameworks telephony initial commit
app settings initial commit
framework permission spoofing - location
framework pff: infrastructure code cleanup
framework pff: permission spoofing - contacts and phone log
framework pff: permission spoofing - calendar (Instances)
framework pff: permission revoking - initial commit
framework pff: add PFFInfoDatabase to make spoofed informations persistant and changeable
framework pff: bug fix for permission revoking
What is permission spoofing
Permission spoofing means that the framework will return spoofed informations to Apps instead of the original information based on permissions that the App requested during installation. The main motivation for the development of this functionality is the protection of the privacy of the phones owner.
Examples for spoofed information are:
Empty contact list instead of real contacts - READ_CONTACTS
False location instead of real location - ACCESS_COARSE_LOCATION / ACCESS_FINE_LOCATION
False Information for phone id and phone number - READ_PHONE_STATE
Empty log instead of real phone call log - READ_CALL_LOG
Empty calendar list instead of real calendar entries - READ_CALENDAR
....
Current implementation
Currently the following permissions are available:
READ_PHONE_STATE
While this permission allows the App to read the state of the phone (in call, ...) it also allows the App to read information like the phone number or the IMEI of the phone. Instead of revoking the permission that has to be granted to an App, permission spoofing provides spoofed information for this sensitive data.
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION
Instead of the real location the top of Mount Everest will be reported. The implementation is not perfect yet (Google maps and Latitude still seem to know the location - working on that)
READ_CONTACTS and READ_CALL_LOG
Instead of the contacts and the call log an empty list will be reported. The implementation sets the limit parameter of the query to 0 if the permission is spoofed.
READ_CALENDAR
The implementation changes the date for which the items will returned to the first week of 1970.
More permissions will be added in the near future.
Usage
Spoofing can be enabled on a per App basis. To enable spoofing go to Settings - Apps, choose the App for which you want to spoof the permission. Below the spoofable permission will be a switch that can be set to On to enable spoofing or Off to disable spoofing for this App.
Optional Apps
The source of these apps is also available at https://github.com/guhl
PFF-GPSPath
The PFF-GPSPath App can be used to set the spoofed location and in addition it can also be used to define a path the can then be simulated in the App (by effectively moveing the spoofed location)!
HowTo for PFF-GPSPath HowTo
PFF-Settings
The PFF-Settings app provides the same functionality as App - Settings but in a more comprehensive way.
It provides a list of all Apps (including system Apps) that have a spoofable permission and allows you to set spoofing On/Off for them
PFF-Test
If you spoof a spoofable permission for the app PFF-Test you can check the info that the framework provides to PFF-Test
Downloads
ROM cm-10.1-20130929-UNOFFICIAL-mako-pff.zip
Gapps are not included in the rom - they can be found at gapps-jb-20130301-signed.zip
PFF-GPSPath_1_2.apk (needs a ROM >= 20130513)
PFF-AppSettings_1_1.apk
PFF-Test
Communication
I do not want to start a flame war on spoofing on XDA. Whiile spoofing is important for me I do understand people opposing it.
If you want to talk to me, the best way to do this is to look for me (Guhl) at #G2ROOT or #andromadus on freenode IRC.
Changelog
2013-10-21
Fix permission unspoofing bug in PFF-AppSettings -> Version 1.1 - see downloads
2013-09-29
Update from CM sources
2013-06-30
Update from CM sources
2013-06-15
Update from CM sources
Bug fix for permission revoking (PackageManager crashed when installing apk from file system)
PFF-GPSPath_1_2.apk added Altitude detection and routing!
2013-06-02
Update from CM sources - no new spoofing
2013-05-25
Update from CM sources
Fixed keymaster problem (Settings -> Security crash)
2013-05-13
Framework change to make the spoofed information persistent and changeable
App PFF-GPSPath to set and simulate the spoofed location
Update from CM sources
permission revoking moved to Main-ROM and removed the Test-ROM
2013-04-17
Enabled permission revoking (in Test-ROM)
2013-04-17
Update from CM sources - no new spoofing
2013-04-09
Update from CM sources - no new spoofing
Added buttons to PFF-AppSettings to spoof/unspoof all apps with one click
2013-03-24
Update from CM sources - no new spoofing
2013-03-17
Update from CM sources - no new spoofing
2013-03-09
Update from CM sources - no new spoofing
2013-03-03
Added spoofing for READ_CALENDAR
2013-02-21
Added spoofing for READ_CONTACTS and READ_CALL_LOG
Updated PFF-AppSettings to reflect the new permissions
2013-01-14]
Added location spoofing
Added location testing to PFF-Test
Credits
Plamen K. Kosseff for the original framework changes
Flinny for his huge work on the Andromadus roms and supporting me with my original development for the vision
pierre_ja, Nipqer, Hymie and all the others at #G2ROOT for their endless help and entertainment
and of course cyanogenmod!
Read_calendar
Hi,
I added spoofing for READ_CALENDAR.
Have fun - Guhl
Re: [ROM][03-03-13][Guhl] Permission Spoofing Framework CM10.1
Thank you for your work.
Sent from my Nexus 4 using xda premium
Hi,
Updated the ROM from the CM-sources.
No new spoofing yet.
Have fun - Guhl
Re: [ROM][09-03-13][Guhl] Permission Spoofing Framework CM10.1
Thanks for your work
Sent from my Nexus 4 using xda app-developers app
Re: [ROM][09-03-13][Guhl] Permission Spoofing Framework CM10.1
Absolutely a fan, and plan on seeing to merging this code into our repos asap! So very grateful for your work, guhl. Thanks! And btw - you rock!
Sent from my Nexus 4 using xda premium
Re: [ROM][09-03-13][Guhl] Permission Spoofing Framework CM10.1
Amplified said:
Absolutely a fan, and plan on seeing to merging this code into our repos asap! So very grateful for your work, guhl. Thanks! And btw - you rock!
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
Hi,
Thanks for the feedback.
Looking forward to seeing what you make of it in your builds.
Have fun - Guhl
Sent from my HTC Vision using xda app-developers app
Re: [ROM][09-03-13][Guhl] Permission Spoofing Framework CM10.1
guhl99 said:
Hi,
Thanks for the feedback.
Looking forward to seeing what you make of it in your builds.
Have fun - Guhl
Sent from my HTC Vision using xda app-developers app
Click to expand...
Click to collapse
Anything in specific things I should keep in mind when merging? Feel free to talk me: [email protected] . I would love to implement this and get experimental builds out asap.
Preparing to work on it now.
Sent from my Nexus 4 using xda premium
Hi,
Updated the ROM from the CM-sources. No new spoofing.
Working on a new version of the settings app that will allow to spoof/unspoof all apps with one click.
Have fun - Guhl
Hi,
Updated the ROM from the CM-sources. No new spoofing.
Have fun - Guhl
Hi,
I added buttons to the Apps-View of the PFF-AppSettings App.
This allows to spoof or unspoof all (non system) Apps with one button.
The current implementation has problems refreshing the list after one pressed the button.
If you move the list a bit or go back out and in you'll see the changes.
I will try to fix that in the next days but these fragments drive me crazy.
Have fun - Guhl
Hi,
Updated the ROM from the CM-sources. No new spoofing.
Have fun - Guhl
Hi,
I improved the buttons in PFF-AppSettings to spoof/unspoof all apps (system and non-system) with one click.
Have fun - Guhl
Hi,
Updated the ROM from the CM-sources. No new spoofing.
Have fun - Guhl
guhl99,
Very interesting work. I'm considering updating the stock rom I'm on to yours....is your rom 4.2.2? I ask because CM 10.1 could be 4.2.1 or 4.2.2 and it's not specified...also can you clarify the change date of 03-04-17?
What has to be done to run this on other rom's? I ask because I'd like to run this also on my hd2, desire hd and off brand tablet. How does it differ from pdroid/openpdroid?
*note* I'm not making lite of your work at all...merely wanting to know of any differences.
famewolf said:
guhl99,
Very interesting work. I'm considering updating the stock rom I'm on to yours....is your rom 4.2.2? I ask because CM 10.1 could be 4.2.1 or 4.2.2 and it's not specified...also can you clarify the change date of 03-04-17?
What has to be done to run this on other rom's? I ask because I'd like to run this also on my hd2, desire hd and off brand tablet. How does it differ from pdroid/openpdroid?
*note* I'm not making lite of your work at all...merely wanting to know of any differences.
Click to expand...
Click to collapse
Hi,
The ROM is 4.2.2 based
To run this on other roms one has to apply the commits I link in the OP to the (CM) source tree and then use the usual build procedure for the ROM. The changes are changes deep in framework and I don't think that binary patching would work reliable.
I am currently providing builds for the G2/Desire Z and the N4 and will probably also provide one for the GNex soon.
The difference to pdroid is that pdroid mainly blocks access to certain info on the phone while this here fakes the information that is returned. So i.e. if the App tries to read your device ID it will receive a syntactical valid device ID but not yours.
Or i.e. it will receive a valid location (the top of the mount everest) but not yours.
Currently I am working on changing the systematic behind the scenes with the following goals:
- Make the faked info transparent and customizable for the user
- Allow the usage of customizable fake accounts that can be used to fake to contacts, calendar ... entries
(then i will also add permissions like WRITE_CONTACT so the app that has a spoofed WRITE_CONTACT will basically add the contact to your fake account and not your reall)
...
I hope this clarifies things - Have fun Guhl
Have
Have you looked at the xposed framework as a possible method to simplify things? It already has an app settings module that allows turning permissions on and off....looks like spoofing could be done as an option....and would make the changes available to a larger group. Possible collaberation?
Xposed Framework
http://forum.xda-developers.com/showthread.php?t=1574401
App settings module
http://www.villainrom.co.uk/forum/threads/app-settings.5486/
The project and modules are open source so modifications wouldn't be an issue.
famewolf said:
Have you looked at the xposed framework as a possible method to simplify things? It already has an app settings module that allows turning permissions on and off....looks like spoofing could be done as an option....and would make the changes available to a larger group. Possible collaberation?
Xposed Framework
http://forum.xda-developers.com/showthread.php?t=1574401
App settings module
http://www.villainrom.co.uk/forum/threads/app-settings.5486/
The project and modules are open source so modifications wouldn't be an issue.
Click to expand...
Click to collapse
Hi,
Thanks for the link, did not know it yet - I looked at it now.
Well turning permissions on an off is the easy part.
It is actually included in my patches but commented as it is not my primary interest.
Have fun - Guhl
Rom is working great. Are you going to support any of the OTA update apps like goo.im's goomanager? They would also give you a 2nd mirror on the rom's.
https://play.google.com/store/apps/...251bGwsMSwxLDMsImNvbS5zMHVwLmdvb21hbmFnZXIiXQ..
famewolf said:
Rom is working great. Are you going to support any of the OTA update apps like goo.im's goomanager? They would also give you a 2nd mirror on the rom's.
https://play.google.com/store/apps/...251bGwsMSwxLDMsImNvbS5zMHVwLmdvb21hbmFnZXIiXQ..
Click to expand...
Click to collapse
Hi,
great idea. Did not think about it myself.
Currently I am (cause there are already several requests) re-enabling the permission revoke functionality.
Hope that I will be done withing the next 2 days.
Have fun - Guhl
Tired of updating your mod for every new ROM release?
You want give users the possibility to combine different mods without creating tons of different files for all possible combinations?
Then have a look at my Xposed framework - modifications without APK changes!
Click to expand...
Click to collapse
There are a lot of excellent modules which realize much more settings and options than some custom ROMs.
So my question is: many of Xposed users have signature with Device & ROM information, including name, version, build, etc... even color and SD card size and vendor. But nobody write information about special Xposed mod usage. Why?
Remember that devs do and share all their hard work for free and against other things in their personal life, so... RESPECT please the devs and their work at least with information in your signatures!
Why are you quoting my signature for this???
I want to use MicroG instead of using GApps. Are there any ROMs with signature spoofing enabled for Xperia SP?
Possible ways to add signature spoofing
I was just reading about this yesterday, as I too had the intention of replacing GApps with MicroG. The usual methods require you to install a module called 'FakeGApps' in Xposed before flashing MicroG. But since there's no Xposed available for 7.1, there seem to be a few workarounds.
Here's what I found:
Guide to allow signature spoofing on any LOS14.1 device without Xposed (http://www.gabsoftware.com/tips/how-to-use-microg-on-lineageos-or-cyanogenmod-without-xposed/)
You need a PC-based tool made by @ale5000 to first patch your rom to enable signature spoofing (https://forum.xda-developers.com/android/development/tingle-fork-needle-t3438764)
I'm not sure if you have to flash MicroG files before or after patching your rom with the above mentioned tool. Anyway, here's a couple of links to MicroG posted in other devices' forums: Link 1, Link 2
Alternatively, I think we can use a Magisk-based module called NanoMod made by @Setialpha.
I haven't tried either method yet. Will try it out later today. Meanwhile, you may experiment with one of the two methods posted above at a time; I don't think its wise to try installing both at the same time. Just saying. Do share the results with us!
Have a nice day!
lex.vr7 said:
I'm not sure if you have to flash MicroG files before or after patching your rom with the above mentioned tool. Anyway, here's a couple of links to MicroG posted in other devices' forums: Link 1, Link 2
Click to expand...
Click to collapse
It is always better to patch before installing microG, but in most cases is the same.
To install microG, there is also microG unofficial installer (compatible with all devices and all ROMs).
ale5000 said:
It is always better to patch before installing microG, but in most cases is the same.
To install microG, there is also microG unofficial installer (compatible with all devices and all ROMs).
Click to expand...
Click to collapse
Whoa, thanks! I didn't come across this installer before. Guess I didn't do my research properly.
Wow I didn't see the replies till now. I actually tried tingle on RR and it worked fine and did use that flashable zip for microg.
Sadly Mozilla location is horrible compared to Google's for me here in India. Even playing around with TopNTP didn't help even though that helps usually if GPS is wonky.
ale5000 said:
It is always better to patch before installing microG, but in most cases is the same.
To install microG, there is also microG unofficial installer (compatible with all devices and all ROMs).
Click to expand...
Click to collapse
In the tingle repo please mention that you need p7zip-full I was confused for so long why it wasn't working.
__ganeshanand said:
In the tingle repo please mention that you need p7zip-full I was confused for so long why it wasn't working.
Click to expand...
Click to collapse
@__ganeshanand: I have to make a lot of changes but I didn't have time yet, I will do it surely.
I will add a possibility to configure and maybe add other backends in the installer in the future.
ale5000 said:
@__ganeshanand: I have to make a lot of changes but I didn't have time yet, I will do it surely.
I will add a possibility to configure and maybe add other backends in the installer in the future.
Click to expand...
Click to collapse
Oh cool. Looking forward to that then.
AICP now has implemented signature spoofing into their latest nightly builds
Please stop putting template=1500 in your props. you can not install even when V15 is installed. it throws an error saying saying please install magisk 15+. you have to put minMagisk=1500. i know wireguard installer 1.1 did this and Systemless_TZData did this. thank you very much and happy holidays and new year to all
"minMagisk=1500" is also in the actual module-template, so if the update to new template is done properly it should be not a problem.
Nevertheless, the change could be stated clearly or magisk can accept it silently (at least for some time).
According to the release post for v15.0 and the 1500 template, "template" and "minMagisk" should both work...
Great find!
Didgeridoohan said:
According to the release post for v15.0 and the 1500 template, "template" and "minMagisk" should both work...
Great find!
Click to expand...
Click to collapse
I did not read this.
Didgeridoohan said:
According to the release post for v15.0 and the 1500 template, "template" and "minMagisk" should both work...
Great find!
Click to expand...
Click to collapse
yes your right. it says it should accept either but when i changed the two modules mentioned from template to minMagisk they both installed with no problems but using template they both gave me the error please install magisk 15+.
@Didgeridoohan already mentioned this issue in the magisk slack-group, so it should be fixed in the next beta/release. Unfortunately until this will be pushed, you have to stick with minMagisk.
And as written before: great find.
EDIT: It's too annoying to maintain and edit 6 separate threads. The installer works across all devices, so please visit this post for the latest version: https://forum.xda-developers.com/t/...or-patch-levels-2021-01-05-and-later.4226343/
Thanks!
NOTE: Download link in the OP will install mod for the current patch level down to January 2021. It will detect your current patch level and install the correct file. For earlier system builds from 2020 and prior, please use the official discontinued module on the Magisk Manager repo. I did not clone the entire Active Edge Mod repository; my unofficial repository only hosts January 2021 and later builds.
Changes:
I know, I know... I said I was done with releasing my Unofficial Active Edge Mod installer, yet here's another month's update. I might keep doing it for those that update immediately and want it a bit sooner, so long as it's fortunate enough to happen on a day when I'm able to do it relatively quickly. Since I'm building these anyway and sending them over to the dev, for now, to upload to the official Magisk repo, for now I don't mind also updating it here a bit sooner. Anyway, more on this below and some of the headache involved moving forward...
04-05-2021: Soooo... the script I wrote to churn these out as quickly as possible as Google releases the updates, relied on system image dumps on GitRip... unfortunately the domain was seized by the FBI (lol) and so it looks like the old dumper is no longer updating his Android dumps repo on GitRip. Fortunately, mikalovtch pointed me over to a new source that hosts such system dumps, and I was able to get these done relatively quickly afterwards. OP is updated with the 04-05-2021 installer now!
03-02-2021: Meant to post an update a week or two ago. Noticed the magisk module on the official Magisk repo now says [RE-CONTINUED], so there really isn't much need for me to continue updating this anymore! As a final gift, I ran my batch builder script and built the modded apk's for all variants for the 2021-03-05 patch level, and download link for the module installer is in the OP.
02-02-2021: February 2021 mod is now uploaded. Updated installer is in the link in the OP.
02-01-2021: Modified and uploaded modded SystemUIGoogle.apk files for 3 / 3 XL / 3a / 3a XL to GitHub repository. Updated Magisk installer slightly to accommodate this, and removed a few unnecessary lines. Won't make any difference if you already installed the first release.
i5lee8bit said:
ONLY WORKS FOR PIXEL 4 XL "CORAL" AND PIXEL 4 "FLAME"!!!!
(WON'T EVEN INSTALL ON OTHER DEVICES, SO DON'T BOTHER)
tl;DR - A continuation of the "[Discontinued]Active Edge Mod for Pixel devices" Magisk module on the Magisk Module Repository, discontinued and last released for 2020-12-05 patch level. This is simply the same exact mod applied to the 2021-01-05 patch level. PLEASE DO NOT BOTHER THE ORIGINAL DEV FOR ANY SUPPORT - THIS IS AN UNOFFICIAL MOD.
Click to expand...
Click to collapse
awesome work mate, love this mod. i saw ur post on pixel 4xl forum first and downloaded and flashed that. everything seems 2b working fine! but then i noticed this thread posted seperately on our phone's forum. is there any difference between them?? just wanna make sure that i flashed the rite file. thx again for all mate
vdevl said:
awesome work mate, love this mod. i saw ur post on pixel 4xl forum first and downloaded and flashed that. everything seems 2b working fine! but then i noticed this thread posted seperately on our phone's forum. is there any difference between them?? just wanna make sure that i flashed the rite file. thx again for all mate
Click to expand...
Click to collapse
Yep, you flashed the right file. Both posts link to the same zip file. The module installer, like the original module, gathers your device information and then downloads the correct file for your device and installs it. Even has an MD5 hash checksum check to make sure it's all good before installing. It was actually a really fun little project to work on, and interesting to see how Jan designed it to be semi-automated, with several fail-safe checks. For example, there's a post fs data script to also disable the module automatically if the user upgrades the system patch level and hasn't yet upgraded the module, likely to ensure the systemuigoogle mod isn't incompatible with the new update and potentially cause issues. Really well designed by the original dev!
How do I actually map it? I have installed on my pixel 4xl but it only opens an unusable google assistant UI.