Hey folks, I've searched and searched and searched, and to date I haven't been able to track down a salient answer on this subject.
When doing a clean install of my rom, which I typically do when there are major changes in an update or when my phone has started to run really poorly, unless I set SELinux permanently to permissive (which is an arduous process on the nexus 6 and requires specific SU), and app that I restore from backup crashes.
I would like an option that allows me to leave SELinux in enforcing mode while also being able to restore app backups. This is really important for apps like google authenticator, among others.
I'm running a Nexus 6 with CM 13 (typically within the most recent couple of nightly builds). I have to use SuperSU in order to run the scripts to persistently set SELinux to permissive, which gets annoying to do every time I update.
Have you tried using another ROM
rollerce said:
Hey folks, I've searched and searched and searched, and to date I haven't been able to track down a salient answer on this subject.
When doing a clean install of my rom, which I typically do when there are major changes in an update or when my phone has started to run really poorly, unless I set SELinux permanently to permissive (which is an arduous process on the nexus 6 and requires specific SU), and app that I restore from backup crashes.
I would like an option that allows me to leave SELinux in enforcing mode while also being able to restore app backups. This is really important for apps like google authenticator, among others.
I'm running a Nexus 6 with CM 13 (typically within the most recent couple of nightly builds). I have to use SuperSU in order to run the scripts to persistently set SELinux to permissive, which gets annoying to do every time I update.
Click to expand...
Click to collapse
I have a feeling the app in question isn't XDA friendly... So I have no advice... Unless you feel like divulging the name...
I encounter this after a clean flash, especially with AdAway. Only in my case, SELinux is always enforcing. The solution in my case is to run the app once so it generates its data and configuration files, then restore its data using the backup app of choice.
rignfool said:
I have a feeling the app in question isn't XDA friendly... So I have no advice... Unless you feel like divulging the name...
Click to expand...
Click to collapse
I already said Google authenticator, which offers no way to restore your 2-factor authenticators on the app (of which I have 6). Is that not XDA friendly? But, hey since you asked, here is a list of the apps that are affected by this issue, being as you feel the need to know.
Google Authenticator
Microsoft Account
Steam Guard
Grindr
A handful of hidden object games I'm addicted to
A handful of clicker games that I'm also addicted to
A handful of other games that offer no save backup.
My banking app (which requires a half hour on hold with my bank to set up if I have to do a clean setup of the app)
Weather and Clock widget (Offers no configuration backup)
Snapchat (requires an annoying workaround to set up when rooted with xposed)
Please, illuminate which of these are not XDA friendly. I'd sure like to know, Mr. Arrogant Presumptypants.
I use a pre-malware copy of ES File Explorer (see signature) to back up and restore apps and don't have this problem with Google Authenticator or my banking app. On the apps where I do encounter this, clearing data, running the app once, then restoring the data works for me. What are you using to back up apps?
rollerce said:
I already said Google authenticator, which offers no way to restore your 2-factor authenticators on the app (of which I have 6). Is that not XDA friendly? But, hey since you asked, here is a list of the apps that are affected by this issue, being as you feel the need to know.
Google Authenticator
Microsoft Account
Steam Guard
Grindr
A handful of hidden object games I'm addicted to
A handful of clicker games that I'm also addicted to
A handful of other games that offer no save backup.
My banking app (which requires a half hour on hold with my bank to set up if I have to do a clean setup of the app)
Weather and Clock widget (Offers no configuration backup)
Snapchat (requires an annoying workaround to set up when rooted with xposed)
Please, illuminate which of these are not XDA friendly. I'd sure like to know, Mr. Arrogant Presumptypants.
Click to expand...
Click to collapse
First off... No... You didn't say google authenticator...
I thought you were talking about lucky patcher...
Oh...
And good luck...
rignfool said:
First off... No... You didn't say google authenticator...
I thought you were talking about lucky patcher...
Oh...
And good luck...
Click to expand...
Click to collapse
Third paragraph of my original post: "This is really important for apps like google authenticator, among others." Your observational skills leave much to be desired.
In his defense, you used Google Authenticator as an example, which is where the confusion likely came in. No one knew which apps you had installed until you listed them. However, he was wrong to assume Lucky Patcher here.
In short, you both messed up here, so think about moving on to actually trying to resolve your problem.
rollerce said:
Third paragraph of my original post: "This is really important for apps like google authenticator, among others." Your observational skills leave much to be desired.
Click to expand...
Click to collapse
You seem to have me confused with customer service...
Good day sir
Ok, so now that we have the confusion with Sir Snooty Presumptypants from Upper Harumphington figured out, can anyone tender some advice on how to backup these apps and run them after a restore WITHOUT having to set SELinux permissive?
Would it help if encryption was disabled (which is yet another arduous process on the nexus 6).
Strephon Alkhalikoi said:
I use a pre-malware copy of ES File Explorer (see signature) to back up and restore apps and don't have this problem with Google Authenticator or my banking app. On the apps where I do encounter this, clearing data, running the app once, then restoring the data works for me. What are you using to back up apps?
Click to expand...
Click to collapse
I use Rom Toolbox Pro.
rollerce said:
I use Rom Toolbox Pro.
Click to expand...
Click to collapse
One last question: what Superuser app are you using?
Strephon Alkhalikoi said:
One last question: what Superuser app are you using?
Click to expand...
Click to collapse
In order to disable SELinux at boot (so that i'm not flooded with app crash dialogues), I have to do a complicated thing. AFAIK, only superSU supports the complicated thing. I'm looking for other options, though. Preferably ones that allow me to use magisk.
rollerce said:
In order to disable SELinux at boot (so that i'm not flooded with app crash dialogues), I have to do a complicated thing. AFAIK, only superSU supports the complicated thing. I'm looking for other options, though. Preferably ones that allow me to use magisk.
Click to expand...
Click to collapse
I don't think any of the open source Superuser options will work for your needs, as their authors don't like the fact SuperSU can manipulate SELinux on the fly. Thus SELinux has to be set to permissive for things to function correctly, if not using SuperSU.
As to Magisk, I can't answer that as I don't use any apps that require su be hidden.
Strephon Alkhalikoi said:
I don't think any of the open source Superuser options will work for your needs, as their authors don't like the fact SuperSU can manipulate SELinux on the fly. Thus SELinux has to be set to permissive for things to function correctly, if not using SuperSU.
As to Magisk, I can't answer that as I don't use any apps that require su be hidden.
Click to expand...
Click to collapse
Are there any options for setting selinux permissive permanently rather than waiting till after booting into the rom?
rollerce said:
Are there any options for setting selinux permissive permanently rather than waiting till after booting into the rom?
Click to expand...
Click to collapse
I'm not sure. seSuperuser does have a configuration script that you can set, and I believe it affects SELinux. The Play Store should also have apps that can change SELinux.
Strephon Alkhalikoi said:
I'm not sure. seSuperuser does have a configuration script that you can set, and I believe it affects SELinux. The Play Store should also have apps that can change SELinux.
Click to expand...
Click to collapse
I'll invistigate seSuperuser. An app that runs after boot won't work for me, because of the constant app crash dialogues preventing me from actually doing anything.
rollerce said:
I'll invistigate seSuperuser. An app that runs after boot won't work for me, because of the constant app crash dialogues preventing me from actually doing anything.
Click to expand...
Click to collapse
From what I recall the apps in question permanently change SELinux to the desired setting, but I simply don't know as I haven't needed to use one.
Checking out what you linked to, you should be able to automate that by modifying one of the boot scripts in /system/etc so it runs on every boot.
Well, dissapointingly, I've fixed the issue by restoring backups using titanium backup instead of rom toolbox. I'll have to communicate with the developer of rom toolbox about the shortcoming.
Related
Hi guys Im one of the developers of SwitchMe - an app that creates multiple user spaces. We have just released a new build which should fully support the T2s. Please have a look and let me know if everything is working as it should!
Thanks in advance, PR after the break:
.................................................................................................
SwitchMe - share your device!
SwitchMe is a unique application for root users that allows you to log in and out of multiple installations of Android just as you would on a desktop computer.
SwitchMe is a unique application for root users that allows you to log in and out of multiple user spaces just as you would on a desktop computer, with each profile having its own separate system settings, apps and data.
Some of the benefits of this technology:
Privacy
Securely share one device among many users, protect your accounts with passwords and log out automatically.
Kids
Create a profile for the kids, with only the apps and access you feel comfortable with.
Gaming
Overclock your profile for maximum performance in intensive games
Speed
Imagine a buttery smooth profile, with no kids games, messengers or bloatware to slow things down.
Testing
Create a sandbox profile to easily test applications and themes - no more nandroid nightmares!
Battery
Switch to a profile which only contains the essentials to save power through brute force.
Critical usage warning:
Incorrect use of this application can potentially harm your device. Before proceeding with use we strongly recommend that you perform a full nandroid backup through the device recovery.
READ THE HELP FILE CAREFULLY TO AVOID ISSUES
Without the Key, this application allows a maximum of 2 profiles and no security features.
Only the standard Android implementation of Apps2SD is currently supported. Use all others at your own risk.
Most devices should be compatible as long as they have enough free internal memory to create secondary profiles. The application will warn users if available memory is low.
These of course are only suggestions - there are plenty of other uses for the functionality SwitchMe offers.
Market link:
https://market.android.com/details?id=fahrbot.apps.switchme
The free version allows the creation of two profiles and has no security features.
Screens:
Looks cool. I'd try it out but I hate crippled apps that need a key to work properly.
Good luck.
scottx . said:
Looks cool. I'd try it out but I hate crippled apps that need a key to work properly.
Good luck.
Click to expand...
Click to collapse
And yet there you are, trying it out.
Also, the free app already gives you everything. You just have to use you brain to make it work.
Attitude... it affects the best of us.
Anything to report?
oh, this is great, now you can share the tablet with family members
R1kARD0 said:
oh, this is great, now you can share the tablet with family members
Click to expand...
Click to collapse
Yep, it does that.
Hi
very helpful app for a family with only one tablet, works almost 100% OK for us.
everytime i switch profile a android OS update is done, and after a few seconds im loged out again, after second logon it's OK
Galaxy Tab 2 10.1 GT-P5110 4.0.4 XXBLH4
Installed it on my GT2 3113 this morning and have been playing around with it. I do get the same android OS update thing as listed above when switching users. Also sometimes when the app opens it is a blank screen with no profiles or details listed. Running RomsWell V1.1 stock rooted/deodexed 4.0.4 rom
gooffeyguy said:
Installed it on my GT2 3113 this morning and have been playing around with it. I do get the same android OS update thing as listed above when switching users. Also sometimes when the app opens it is a blank screen with no profiles or details listed. Running RomsWell V1.1 stock rooted/deodexed 4.0.4 rom
Click to expand...
Click to collapse
Write through the app please.
ftgg99 said:
Write through the app please.
Click to expand...
Click to collapse
Will do
Thnks....
I love this app
I've noticed that if I don't use the switch screen options then the app works fine and doesn't give me the blank main page that I was experiencing previously.
---------- Post added at 01:14 AM ---------- Previous post was at 01:02 AM ----------
Also, what folder are the additional users profile/apps installed to?
Sent from my GT-P3113 using xda app-developers app
Im looking into it.
/DATA/.PROFILES is where everything is kept.
Guys there have been reports of the app being blank sometimes. Im trying to work out if this is something to do with superuser vs supersu. If youve experienced this, please let me know and be sure to tell me which of the two youre using...
I haven't been having that problem since I disabled the "switch screen functionality" in the settings. I do use the "fast switch" option and just open the app when I want to switch profiles. I am using SuperSU v0.96
gooffeyguy said:
I haven't been having that problem since I disabled the "switch screen functionality" in the settings. I do use the "fast switch" option and just open the app when I want to switch profiles. I am using SuperSU v0.96
Click to expand...
Click to collapse
You disabled the two main functions just because you sometimes couldn't see the statistics page? That seems a little extreme...
ftgg99 said:
You disabled the two main functions just because you sometimes couldn't see the statistics page? That seems a little extreme...
Click to expand...
Click to collapse
No, not just because it didn't show statistics, but I wouldn't be able to switch users unless I rebooted the device. When the problem would occur it also wouldn't bring up the switch user screen on the lock screen after waking up. If the icon notification was enabled it just opened up the statistic screen, not the user switch screen. I would get stuck in the current users profile until I rebooted and hoped the switch user screen would show after start up.
I like the functionality of the switch user screen but with it glitching like that on my device the only sure way to be able to switch profiles is to disable all that and just go into the app/statistic screen and click switch at the bottom.
I just noticed that there is a widget for this app that allows switching profiles without opening the app.
gooffeyguy said:
I just noticed that there is a widget for this app that allows switching profiles without opening the app.
Click to expand...
Click to collapse
I think your problem is with supersu (if thats what youre using). If possible, change it to superuser or at least make sure that youve set supersu up to always grant and whatever.
Supersu is very green and i wouldnt recommend it to anyone.
I have used this app for awhile now and really love it as it allows both my girlfriend and I to separately use my nexus 7 without interfering with each others settings. However, I recently flashed a CM 10 nightly (which i really like) and the switcher no longer works, freezing during each switch attempt.
I know it says CM 10 is not supported at the current time on the app page, but are there an plans to include this support in the future? Any info is appreciated and thanks for your work.
Hi,
As Xposed apparently won't be ported soon to LP if ever, I was wondering if I update to LP (Galaxy S4 got GE LP), what options I have to protect my privacy and manage those permissions? I am too much spoiled by Xprivacy I doubt if there is anything as good as Xprivacy but need at least something that can do a minimum job to block and deny some permissions.
Thanks for all your suggestions
P.S I was also thinking of making a post to list all alternatives to different xposed module, what do you guy say ? I can keep the OP uptodate if you share your alternative Mods/Apps to xposed modules
Alternative solution I am personally using right know which serve me quite well till we have some real privacy mod/tool :
You will need 2 apps :
- AFWall+ (open source firewall) : https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall
- App Ops : https://play.google.com/store/apps/details?id=com.findsdk.apppermission
Ideally to prevent leaks, install them before installing or restoring any data after flashing your ROM
1- In AFWall+
- Enable the Firewall by pressing 3 dot menu and Enable firewall,
- Then for apps which you want to grant access Check the Icons First is for LAN Network acces, 2nd is for Wifi Internet, 3rd is your Mobile Data (some system apps like Media server, download etc.. must have internet access other wise Youtube, or downloading in browsers wont work, read the FAQ question for more info.)
- Once all app you want to grant access are checked, click on 3 dot menu and click Apply. (each time you change permission don't forget to apply).
2- App Ops : This one is very easy all Apps installed are organized by Type of permissions you go in and then uncheck the permission to to Block it, once ou are in App you will see all blockable Permissions that this app is asking not only of that category and that is handy
Please Note that App Ops don't list and block each and every permissions, but most essentials are there. Combined with AFWall you are good to go to protect your privacy till some good Mod or Xposed for LP come out.
Now instead of being fully naked without Xprivacy on LP, now we are at least in Bikini
App ops? https://play.google.com/store/apps/details?id=droidmate.appopsinstaller
Nothing as good as Xprivacy. I'm still on KK and I'll stay on this version for a while I guess.
FYI: http://www.xda-developers.com/android/protecting-your-privacy-app-ops-privacy-guard-and-xprivacy/
not as good as xprivacy
frigidazzi said:
App ops? https://play.google.com/store/apps/details?id=droidmate.appopsinstaller
Click to expand...
Click to collapse
App ops deny permission per app basis, but sometimes denying permission break the app, xprivacy instead send fake data to the app, so you can still use the app without giving your real info
Xposed and Xprivacy are just the single best privacy guards
I know but how long can we stay on KK at one point we need to update or when we buy future devices there won't be any choices. So we need to find alternatives to all those xposed modules
Netuser said:
I know but how long can we stay on KK at one point we need to update or when we buy future devices there won't be any choices. So we need to find alternatives to all those xposed modules
Click to expand...
Click to collapse
From what I can see, devs are more interested in custom roms/kernels rather than in security/privacy purposes.
Marcel (M66B) is almost ready for Lollipop. We 'just' need Xposed. He is also working on another project which could have the same goal (no available information).
I really hope that rovo89 have enough motivation and will be successful in developing Xposed for Lollipop.
I don't want to loose control because of Google updates. Future devices is another subject and I think there is still a long way to go before not being able to use a KK device.
i really think that a moderator should open a thread for indexing all of the 'Alternative to xposed mod *name* for LP 5.0.*'
just until we will have xposed or something else for android L...
There is "privacy guard" by cyanogenmod in cm12, I think it sends fake data too instead of just block the permission. But you have to install custom rom for this.
haimn said:
There is "privacy guard" by cyanogenmod in cm12, I think it sends fake data too instead of just block the permission. But you have to install custom rom for this.
Click to expand...
Click to collapse
This does not offer the same level of protection. I would not call Privacy Guard an alternative of Xprivacy.
There is no real alternative for Xprivacy, but at least it is something
I won't stay on a old version of Android only because one developer is going like "i'm god, don't ask me questions" ... we will never see xposed for LP, get used to it and move on.
I have moved to LP as I couldn't just leave my self open to all privacy leak, I came up with a solution while waiting for Xposed or any other other Mod to come out.
I have updated the OP with my solution . here is what i am doing :
Alternative solution I am personally using right know which serve me quite well till we have some real privacy mod/tool :
You will need 2 apps :
- AFWall+ (open source firewall) : https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall
- App Ops : https://play.google.com/store/apps/details?id=com.findsdk.apppermission
Ideally to prevent leaks, install them before installing or restoring any data after flashing your ROM
1- In AFWall+
- Enable the Firewall by pressing 3 dot menu and Enable firewall,
- Then for apps which you want to grant access Check the Icons First is for LAN Network acces, 2nd is for Wifi Internet, 3rd is your Mobile Data (some system apps like Media server, download etc.. must have internet access other wise Youtube, or downloading in browsers wont work, read the FAQ question for more info.)
- Once all app you want to grant access are checked, click on 3 dot menu and click Apply. (each time you change permission don't forget to apply).
2- App Ops : This one is very easy all Apps installed are organized by Type of permissions you go in and then uncheck the permission to to Block it, once ou are in App you will see all blockable Permissions that this app is asking not only of that category and that is handy
Please Note that App Ops don't list and block each and every permissions, but most essentials are there. Combined with AFWall you are good to go to protect your privacy till some good Mod or Xposed for LP come out.
Now instead of being fully naked without Xprivacy on LP, now we are at least in Bikini
Thanks pal, I'll give it a try later
Sent from Tapatalk 4 Android
I've installed LBE Security Master, which finally has Lollipop support. Search xda for translated version.
CptChaosNL said:
I've installed LBE Security Master, which finally has Lollipop support. Search xda for translated version.
Click to expand...
Click to collapse
Yes! the bootloop problem is finally solved hahaha
nEUTRon666 said:
I won't stay on a old version of Android only because one developer is going like "i'm god, don't ask me questions" ... we will never see xposed for LP, get used to it and move on.
Click to expand...
Click to collapse
Well, the saying goes "Do Not Feed The Trolls", yet here I am, feeding one: He does not play "god". He has a valid point by saying that it is his hobby, and should stay his hobby. If he feels like it, he could leave XDA and the whole Android-platform completely, and I would be fine with this decision and others should be, too! It is and has to be his choice, and if he does not find the time, muse, etc., then it is how it is.
You clearly have no idea how coding works, how Lollipop works, how the xposed framework works, else you would shut up and be patient.
If you are so much better than him, do it yourself. Everything you need is just a few clicks and downloads away. All his work is on github, and Anrdoid itself is open source. Go understand how xposed works, go understand how Dalvik works/worked, go understand how ART works, and then write it yourself.
Unless you really are better, and can do this, just wait silently. Don't be yet another huso cancerous forum member. There are enough of them as it is. Don't be ungrateful. Especially now!
For f* sake, I shouldn't even have to "defend" his choices.
Netuser said:
I have moved to LP as I couldn't just leave my self open to all privacy leak, I came up with a solution while waiting for Xposed or any other other Mod to come out.
I have updated the OP with my solution . here is what i am doing :
Alternative solution I am personally using right know which serve me quite well till we have some real privacy mod/tool :
You will need 2 apps :
- AFWall+ (open source firewall) : https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall
- App Ops : https://play.google.com/store/apps/details?id=com.findsdk.apppermission
Ideally to prevent leaks, install them before installing or restoring any data after flashing your ROM
1- In AFWall+
- Enable the Firewall by pressing 3 dot menu and Enable firewall,
- Then for apps which you want to grant access Check the Icons First is for LAN Network acces, 2nd is for Wifi Internet, 3rd is your Mobile Data (some system apps like Media server, download etc.. must have internet access other wise Youtube, or downloading in browsers wont work, read the FAQ question for more info.)
- Once all app you want to grant access are checked, click on 3 dot menu and click Apply. (each time you change permission don't forget to apply).
2- App Ops : This one is very easy all Apps installed are organized by Type of permissions you go in and then uncheck the permission to to Block it, once ou are in App you will see all blockable Permissions that this app is asking not only of that category and that is handy
Please Note that App Ops don't list and block each and every permissions, but most essentials are there. Combined with AFWall you are good to go to protect your privacy till some good Mod or Xposed for LP come out.
Now instead of being fully naked without Xprivacy on LP, now we are at least in Bikini
Click to expand...
Click to collapse
Can you fake your IMEI with one of those?
Here's the link to LBE Privacy Guard (english):
http://forum.xda-developers.com/showthread.php?p=46695347#post46695347
And yes, you can block IMEI, I'm not sure if you can fake it.
Grinface
I'm also awaiting an updated version of Xposed and Xprivacy for my incoming M9, but it seems a 64bit version is a long way off.
What do you guys know about this? Looks to be developed by faculty and students at Carnegie Mellon University.
Protect My Privacy (PMP)
http://www.appbrain.com/app/protect-my-privacy(pmp)/com.synergylabs.pmpandroid#descriptionsection
In the Google Play store here:
https://play.google.com/store/apps/details?id=com.synergylabs.pmpandroid
From this day onwards, apps that Change state of SELinux are forbidden on Google Play Store. Those, who have such apps, have 14 days to fix violations or their apps will be removed.
Here's example of message from google:
This is a notification that your application, SELinux Mode Changer, with package ID com.mrbimc.selinux, is currently in violation of our developer terms.
…
REASON FOR WARNING: Violation of the dangerous products provision of the Content Policy:
“Don’t transmit or link to… items that may introduce security vulnerabilities to or harm user devices, apps, or personal data.”
After a regular review, we have determined that your app lowers a user’s device security by modifying or disabling SELinux on the device. To ensure a safe user experience for Play users, we have determined that apps with this functionality are noncompliant.
Please remove this functionality from your app within 14 days to achieve policy compliance. Once approved, your application will again be available with all installs, ratings and reviews intact.
This notification also serves as notice for other apps in your catalog. You can avoid further administrative action by immediately ensuring that no other apps in your catalog are in violation of (but not limited to) the above policy. Please also ensure your apps’ compliance with the Developer Distribution Agreement and Content Policy.
All violations are tracked. Additional suspensions of any nature may result in the termination of your developer account, and investigation and possible termination of related Google accounts. If your account is terminated, payments will cease and Google may recover the proceeds of any past sales and/or the cost of any associated fees (such as chargebacks and transaction fees) from you.
If you feel we have made this determination in error -or feel that this functionality has been misinterpreted, please submit an appeal to the Google Play policy team through this Google Play Help Center article.
The Google Play Team
New definition of "dangerous product
Google play content policy
Google play distribution agreement
What are we going to do?
I can confirm this issue as I also received this message by Google-Play some hours ago.
My app is using "setenforce 0" to allow the "mediaserver"-process loading an .SO-file from the /data-partition.
The loaded .SO-file is then using some C-commands to modify the internal audio-routings of the device.
As hereby the "mediaserver"-process is executing the by SELinux blocked commands and not the initial commands executed via "su", the modification by SuperSU doesn't take affect here ("SU-commands are always permissive").
What's the workaround? Modifying/scrambling the "setenforce 0" to not get scanned by Google's bots?
funtax said:
I can confirm this issue as I also received this message by Google-Play some hours ago.
My app is using "setenforce 0" to allow the "mediaserver"-process loading an .SO-file from the /data-partition.
The loaded .SO-file is then using some C-commands to modify the internal audio-routings of the device.
As hereby the "mediaserver"-process is executing the by SELinux blocked commands and not the initial commands executed via "su", the modification by SuperSU doesn't take affect here ("SU-commands are always permissive").
What's the workaround? Modifying/scrambling the "setenforce 0" to not get scanned by Google's bots?
Click to expand...
Click to collapse
Same here. Got 4 emails from Google for same violation. Not exactly if I can bypass this problem by using superSU properly.
jerryfan2000 said:
Same here. Got 4 emails from Google for same violation. Not exactly if I can bypass this problem by using superSU properly.
Click to expand...
Click to collapse
Might I ask you which apps and features are affected?
PhinxApps said:
Might I ask you which apps and features are affected?
Click to expand...
Click to collapse
Button Savior (root). Assistive Zoom, oneClick Scroll. In my app, I create a jar with private API invocation in it and start the jar as a shell command by exec or something that I dont quit remember.
I got the same note, too. Oddly, two selinux mode changer apps are still in Play. Maybe they're less worried about apps that say in the title that they turn off selinux. Or maybe they just haven't got to them?
arpruss said:
I got the same note, too. Oddly, two selinux mode changer apps are still in Play. Maybe they're less worried about apps that say in the title that they turn off selinux. Or maybe they just haven't got to them?
Click to expand...
Click to collapse
Hmm, the e-mail is just a warning.. I think the apps will be removed in 13 days.
The title shouldn't matter, I assume it's just a scanner/grep which they run against eg. the classes.dex and search for "setenforce".
My app doesn't use this command normally, nor is it an app which is used by the 0815-user - it cannot be a human who decides about good/bad
But does this help us in any way?
This zip is just as good if not better. Only problem is is I don't think there's a way to go back and forth between permissive and enforcing. I did not make this trip, I'm not a programmer, and I'm taking no credit for it. I just found it awhile ago and decided to hold onto it.. Going to recovery, flash the zip, presto.
https://mega.co.nz/#!jhgA3Spb!oOS9ru9q5dDfS5V9iHLFXUTiuZVTSbNk1iyrLrq-lus
tmjm28 said:
This zip is just as good if not better. Only problem is is I don't think there's a way to go back and forth between permissive and enforcing. I did not make this trip, I'm not a programmer, and I'm taking no credit for it. I just found it awhile ago and decided to hold onto it.. Going to recovery, flash the zip, presto.
https://mega.co.nz/#!jhgA3Spb!oOS9ru9q5dDfS5V9iHLFXUTiuZVTSbNk1iyrLrq-lus
Click to expand...
Click to collapse
Thanks for sharing!
I fear we cannot tell our (sometimes quite stupid) users "flash a permissive kernel" if it's "in theory" simple to temporary make SELinux permissive by a single command.
funtax said:
Thanks for sharing!
I fear we cannot tell our (sometimes quite stupid) users "flash a permissive kernel" if it's "in theory" simple to temporary make SELinux permissive by a single command.
Click to expand...
Click to collapse
... which isn't possible on bootloader locked (exploit freed) devices
Has anyone an idea how to exactly interprete this message from Google?
I assume they parse the APK for "setenforce" and blame all apps which use it.
I fully understand and confirm Google's decision, no matter that it's realy a pain in the a** for some of us.
So, what are your thoughts about the following:
1. use a crypted version of "setenforce 0" which hopefully bypasses Google's scanners
2. do the modifications you need to do and hope this modifications are still working after enforced-mode is active again (how would a "execmod"-exception perform if the text-relocations have been made while SELinux was off?)
3. now call setenforce again but with "1", to re-renable SELinux
In other words:
1. would SELinux recognize that a text-relocation was made while it was disabled and then activated?
2. would it be ok to temporary disable SELinux but then re-enable it shortly after the required modifications?
@Chainfire: maybe #1 is something you might know due to SuperSU?
Removed setenforce 0 and surprisingly my app is still working. Guess newer superSU can bypass selinux restriction to some level.
jerryfan2000 said:
Removed setenforce 0 and surprisingly my app is still working. Guess newer superSU can bypass selinux restriction to some level.
Click to expand...
Click to collapse
Yes, that's correct. SuperSU sets itself to "permissive" in most times afaik - so if you run your restricted commands via SuperSU, you might not get problems with SELinux.
But if another process/pid is running into issues with SELinux, that won't help you.
To anyone still having to modify the SELinux state I would advice you guys to use the Audit messages.
You might not even need to change SELinux to permissive. It's even mentioned in Chainfire's SU documentation in detail.
Catalyst06 said:
To anyone still having to modify the SELinux state I would advice you guys to use the Audit messages.
You might not even need to change SELinux to permissive. It's even mentioned in Chainfire's SU documentation in detail.
Click to expand...
Click to collapse
This might indeed help some of the devs to adjust their commands to work with SELinux enforced - good hint, pretty sure many users are not familar with that
Ohh.. I must adjust myself: I wasn't aware of the SELinux-patcher. Might be an acceptable workaround?
funtax said:
1. use a crypted version of "setenforce 0" which hopefully bypasses Google's scanners
Click to expand...
Click to collapse
If Google catches this, they may be more tough on you.
I got notices for 3 variants of my Spirit FM apps. Was just a debug/test menu item.
Not needed for my Spirit2 app, but the Spirit1 app did direct access to audio and other devices and won't work on Lollipop otherwise. Not a big deal for Spirit1 really though, because I will likely never release a non-beta compatible with Lollipop.
So I removed the code.
Now I have a tricky issue because I was trying to slowly roll out a new version to KitKat users. So now, 80% of my Lollipop users may still have the "bad" app and I can only fix that by increasing the KK rollout to 100%.
Wonder if Google will kick me at the 14 day mark if I don't go to 100%.
mikereidis said:
Now I have a tricky issue because I was trying to slowly roll out a new version to KitKat users. So now, 80% of my Lollipop users may still have the "bad" app and I can only fix that by increasing the KK rollout to 100%.
Wonder if Google will kick me at the 14 day mark if I don't go to 100%.
Click to expand...
Click to collapse
Any news since? It seems Google pulled the trigger...
Sine. said:
Any news since? It seems Google pulled the trigger...
Click to expand...
Click to collapse
I went to 100% with my rollout just to be on the safe side.
I have had no followup problems. My affected apps are still selling.
Would have been nice for Google to send a "Thank you for co-operating" email.
I am sorry to hear that the SCR Pro developer has had his developer account terminated.
Termination is an EXTREME measure seemingly intended for confirmed malware spreaders.
I think it is VERY rare (if not impossible) to get a terminated account re-instated. I don't recall ever hearing of a re-instatement.
All of us small developers dependent on Google Play for our income are just a few Google mouse clicks away from having our indie careers ended and Google just does not care.
Why are they doing this?
I'm not sure if this is a good decision from Google. I fully understand that this could help to protect users, but in my opinion, a warning on the device would have been enough.
Android should be an open System. A user installing a permissive kernel, or changing a existing one to permissive mode, could be expected to know what she or he is doing.
I have to recompile the kernel for my SM-P605 because it was the only way to get it to work in permissive mode. Without the ability to do the mode switching by app, I have
to do this ugly changes by hand or make them persistent. Without this I'm even not able to do a chroot and run another Linux-distro on such a device. Forcing developers
to bypass such restirctions is the bigger security issue. If I'm not able to do such things, I could just as well buy a device made by apple.
What would a normal Linux user say, if he isn't allowed to get root access or couldn't download programs which don't work on a Kernels not enforcing SELinux.
mame82 said:
I'm not sure if this is a good decision from Google.
Click to expand...
Click to collapse
Google doesn't care.
Android is now dominant, and Google is closing it off, going closed source on the increasingly important Gapps/GMS etc.
Android Auto, TV, Wear, Play, etc. etc: closed source.
DRM will come and Google doesn't want us bypassing it. We already have it in locked bootloaders for non-Nexus.
This likely makes business sense for Google. They are the new Microsoft, not quite as evil perhaps, but getting closer all the time.
I have searched internet for below mentioned queries but could not find a solution. Hope someone can help out here.
(1) How to remove the unnecessary Google apps?
I read somewhere (and on this forum as well) that this can be done through Google Playstore but I dont see the options in Google Playstore account. (Maybe it doesnt work anymore)
(2) How do I remove Mi App Store and other Mi apps?
Can it be uninstalled... or atleast disabled?
(3) What is authenticity of Security app?... remove Cheetah, Tencent?
I am not sure how reliable this pre-installed Security app is or whether it is authentic as I dont see it in Google Playstore (I dont feel comfortable to have any app in my mobile which is not on Google Playstore).
New Android devices actually dont need app/memory cleaner, etc. There are numerous negative reviews about Cheetah, etc. I saw that Security app uses engine of Cheetah, Tencent, etc. Better to remove it?
(4) I dont see many settings in Camera. Is there guide to actually understand the settings, how to use, etc?
(5) I see that there are guides thread in bit and pieces, but is there any complete PDF, user maual or user guide for Redmi 4A or MIUI 8?
Thanks!
Easy solution is to install custom ROM.
Check this, https://forum.xda-developers.com/general/general/update-redmi-4a-users-t3706184.
As I know, user manual for Redmi 4A has not yet been available on the manufacturer's official website.
But manuals for other Redmi phones, such as Redmi 5A, are available there.
1. Removal via Play Store only applicable if you're installing them via Play Store i.e. not pre-installed. If you want to remove the pre-installed ones without root then try this
2. You can't really remove any of the system app if you're on official MIUI ROM because of its stock kernel (dm-verity). Try to remove them and it'll put your phone on a bootloop on the next boot because it checks the system integrity and refuses to boot if it detects any changes to the system, including file deletion. Maaybe you can if you're rooted and you have a modified kernel installed that disables the dm-verity.
3. It's an OEM app, meaning it was from the ROM itself. The manufacturer may decide if their OEM apps will be up on Play Store, so it may or may not be available from there. Think of it like your stock launcher. And well, it's Cheetah. Disable all of its updates and configurations (virus definition, auto scan etc.) and you're good. You can just disable the cleaner engine to stop the cleaner altogether. And as mentioned earlier, don't try to remove a system app if you're on an official MIUI ROMs. Didn't want to risk yourself to putting your phone into a bootloop. Unless you can do it properly then sure thing. Make sure to take a backup beforehand.
4. Most camera settings are pretty self-explanatory, so maybe they decided to not put much on the camera 'guide'
5. No. Not all guides comes with a PDF, and there's not a single guide that covers everything. Sometimes they came like forum threads like this. The only user manual/user guide available is the booklet that came with your phone. And I'm pretty sure that's not the guide you're looking for, as that booklet only covers the very basic operations of your phone.
thatOneWeeaboo said:
1. If you want to remove the pre-installed ones without root then try this
2. You can't really remove any of the system app if you're on official MIUI ROM because of its stock kernel (dm-verity). Try to remove them and it'll put your phone on a bootloop.
Click to expand...
Click to collapse
Hi thatOneWeeaboo. Thanks for your kind help. :good:
Just a basic question.. are those Google apps and Mi Apps "pre-installed ones" or "system apps"?
I read somewhere that bloatware can be removed by simple app known as "Activity Launcher".. but will have research about it... Any inputs on it?
Biker Biker said:
are those Google apps and Mi Apps "pre-installed ones" or "system apps"?
I read somewhere that bloatware can be removed by simple app known as "Activity Launcher".. but will have research about it... Any inputs on it?
Click to expand...
Click to collapse
Technically speaking, System Apps are 'pre-installed' and pre-installed apps isn't always a system app. If the latter is your case, you can just remove them via your Apps section in your Settings menu, no need lengthy steps or commands.
You've probably read a similar guide that I linked and the "Activity Launcher" app's purpose is to launch a certain app's activity, therefore it's isn't actually removing the bloatware. As far as I know, it is used to launch the AOSP version of the Aplication Settings that normally isn't visible within the MIUI skin. You can actually disable most Google packages and some MIUI apps within there.
skmaiti2050 said:
Check out my thread for simple solution for system apps:
https://forum.xda-developers.com/android/help/miui-8-debloater-script-t3678972
And for camera, there is a mod you can try http://en.miui.com/thread-577424-1-1.html
After that you get the manual mode. In simple, set low ISO on good lighting scenes like sunrise or outdoors and high ISO for dark places, indoors and don't use flash when high ISO is set or you'll get a distorted image.
For shutter speed, set it to shortest on daylight scenes and for night scenes set it to the longest so it will be capable of capturing more light. For focus, when taking macro set focus to lower values and taking normal shots set it 35 to 50 and for broader views and distant object set it higher values.
Hope I helped you, but quite late
Click to expand...
Click to collapse
Thanks for replying mate, but I dont think I would want to install all those zip files in my mobile. You never know if they are itself corrupted/malware/spyware. But thanks for replying!
I dont want to install anything which doesnt come from google playstore.
Biker Biker said:
Thanks for replying mate, but I dont think I would want to install all those zip files in my mobile. You never know if they are itself corrupted/malware/spyware. But thanks for replying!
I dont want to install anything which doesnt come from google playstore.
Click to expand...
Click to collapse
If you're insisting to not install anything that doesn't come from Play Store, then try another camera app, like Open Camera. Other than that, there's isn't much you can do without installing things outside of the Store. Actually, LineageOS's stock camera, dubbed Snap Camera, is a pretty great camera app. But since it's not from the Play Store then I won't recommend it to you because, well, it's not from the Store.
Biker Biker said:
You never know if they are itself corrupted/malware/spyware.
Click to expand...
Click to collapse
That's a pretty much a valid concern, but there's other people's testimony if things are actually working. So you can see e.g. if it's fixed your problem or make it worse by messing up stuff.
Also, not all Play Store apps are safe, though. There are some apps that collects your information/personal data without you knowing e.g. a Keyboard app that asks for your Device ID
H! So I am actually unsure where to post this..
Here's hoping you can figure something out and not be mad at me if this is the wrong place to post this.
Initially, i was going to post this as a Bug report on Github. However, I figured this was not correct.
Technically speaking this also isn't really an issue with magisk itself, more that adobe might have found a way to circumvent magisk anti detection methods.
In short: The App "Adobe Account Access" (com.adobe.ims.accountaccess on the play store: https://play.google.com/store/apps/details?id=com.adobe.ims.accountaccess) seems to have found a way to detect magisk and/or root, even though root detection is hidden in magisk.
The App just displays a prompt, saying "Device not supported. Sorry, your phone is not supported for Adobe Account Access.", even though the device used should be supported.
I checked with adobe community support on whether my Phone is supported or not and according to them, it should indeed be supported: https://community.adobe.com/t5/acco...-access-app-device-not-supported/m-p/11696613
I suspect they have found a way to get around all magisk anti detection methods and i would be grateful if someone would be kind enough to check if there is a workaround or if magisk's detection prevention needs an update.
Unfortunately, i don't have much more to say other than that..
There aren't any magisk log entries that would indicate something went wrong (only entries mentioning the app are"i" loglevel, one coming from hide_list_add and one coming from proc_monitor).
I could not find anything out of the ordinary in the logcat, although i suppose i could be more thorough with my search.
My technical/general info would be:
Magisk Version used: 22.0 (22000) (18)
SafetyNet integrity: Both basicIntegrity AND ctsProfile = pass; evalType = BASIC
ROM used: OxygenOS 10.0.11.GM21BA
Android version: 10
Device name: OnePlus 7 Pro
"Adobe Account Access" App version: 1.6
+++ Please feel free to ask for any additional info in case I missed it +++
Thanks in advance for any productive suggestion!
When does it display this "device not supported" message? I tested just now and could log in and set everything up without even adding the app to the Hide list, and with the Magisk app unhidden.
Didgeridoohan said:
When does it display this "device not supported" message? I tested just now and could log in and set everything up without even adding the app to the Hide list.
Click to expand...
Click to collapse
Oh? That is peculiar.. Damn, that implies an issue somewhere else i reckon ://
It displays it immediately after launching the app. The very first screen..
What phone and which OS (/ROM) are you using? Might just be that my phone is genuinely not supported and the folks over at the adobe community forum lied when saying my phone should be compatible..
Also, which android version are you on if you don't mind me asking?
You don't have any modules installed? No edxposed or lsposed, or magisk modules?
Have you tried root detection apps like Root Beer Fresh to see if indeed the app is unable to detect root? If you try any such app, remember to add it to the Magisk Hide list beforehand, otherwise the app will clearly detect root.
It's a OnePlus 3T with Android 9 ArrowOS. As stated above, it could very well be a module, like EdXposed. Or a root app, or a file or folder on your device, or something completely different.
It's not detecting Magisk at least, that's for sure...
General root hiding tips:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps
@Barrel Titor
Samsung Galaxy S7 Custom 9.0 Pie, Magisk 22 root with random name, application without hiding works fine.
Hi all!
First of all: Apologies! I meant to respond sooner to this, but work has kept me occupied and the one time I actually was available, XDA Forums went down into maintenance mode..
Secondly: Sorry for maybe jumping the gun here a bit!
It does look like I should have tested this issue a bit more! I am definitely going to keep on trying to fix this on my own using the resources and methods you have suggested!
I have tested com.adobe.ims.accountaccess on my sisters unrooted OnePlus Nord.. It works fine there, which is really confusing. None of the other apps I am using show this sort of issue :c Not even my banking app!
@mario0318 Thanks for your suggestion! I know it is good practice to remove/disable all your modules. However, none of the modules I have currently installed are particularly large and they certainly do not modify much compared to what is possible. I am going to attach a list to this response, however I am also going to try disabling them one by one and see if I can find the culprit! Unfortunately, I will not be able to disable the "Google Dialer Framework" module, since it causes the device to bootloop if the google dialer app is still present.
Here is a list of all the modules I have installed and enabled at the moment:
Spoiler
App Systemizer (Terminal Emulator)
Busybox for Android NDK
Google Dialer Framework
Looki75 Product Sans font
Systemless Hosts
ViPER4ANDROID FX
Honourable mentions (these modules are completely DISABLED):
Spoiler
Riru
Riru - EdXposed
However, please note again that SafetyNet seems to be INTACT, with "basicIntegrity" and "ctsProfile" still passing and "evalType" being "BASIC".
In any case. Thanks to everyone for their contribution! I really appreciate any suggestion!
Edit: @mario0318 right after I posted this message, I went ahead and gave "RootbeerFresh" a shot. It does not detect root when it is hidden from it. This makes my leading theory to be that the app truly does not support OnePlus 7 Pro devices. Wouldn't know why it doesn't support this model in particular though. Until I either unroot or find someone with the same device, willing to install Adobe Account Access, i can't say for sure though.
Barrel Titor said:
Hi all!
First of all: Apologies! I meant to respond sooner to this, but work has kept me occupied and the one time I actually was available, XDA Forums went down into maintenance mode..
Secondly: Sorry for maybe jumping the gun here a bit!
It does look like I should have tested this issue a bit more! I am definitely going to keep on trying to fix this on my own using the resources and methods you have suggested!
I have tested com.adobe.ims.accountaccess on my sisters unrooted OnePlus Nord.. It works fine there, which is really confusing. None of the other apps I am using show this sort of issue :c Not even my banking app!
@mario0318 Thanks for your suggestion! I know it is good practice to remove/disable all your modules. However, none of the modules I have currently installed are particularly large and they certainly do not modify much compared to what is possible. I am going to attach a list to this response, however I am also going to try disabling them one by one and see if I can find the culprit! Unfortunately, I will not be able to disable the "Google Dialer Framework" module, since it causes the device to bootloop if the google dialer app is still present.
Here is a list of all the modules I have installed and enabled at the moment:
Spoiler
App Systemizer (Terminal Emulator)
Busybox for Android NDK
Google Dialer Framework
Looki75 Product Sans font
Systemless Hosts
ViPER4ANDROID FX
Honourable mentions (these modules are completely DISABLED):
Spoiler
Riru
Riru - EdXposed
However, please note again that SafetyNet seems to be INTACT, with "basicIntegrity" and "ctsProfile" still passing and "evalType" being "BASIC".
In any case. Thanks to everyone for their contribution! I really appreciate any suggestion!
Edit: @mario0318 right after I posted this message, I went ahead and gave "RootbeerFresh" a shot. It does not detect root when it is hidden from it. This makes my leading theory to be that the app truly does not support OnePlus 7 Pro devices. Wouldn't know why it doesn't support this model in particular though. Until I either unroot or find someone with the same device, willing to install Adobe Account Access, i can't say for sure though.
Click to expand...
Click to collapse
So upon Google searching "oneplus 7 pro adobe account access" it appears to be a common problem.
mario0318 said:
So upon Google searching "oneplus 7 pro adobe account access" it appears to be a common problem.
Click to expand...
Click to collapse
I cannot find any results using this search term on google other than my own post on the adobe community forums.. This one: https://community.adobe.com/t5/acco...access-app-device-not-supported/td-p/11695914
@mario0318 do you happen to know a way to somehow "pretend" to the app that i am in fact using a different phone? Something that would allow me to make the app believe it is running on a different device?
Barrel Titor said:
@mario0318 do you happen to know a way to somehow "pretend" to the app that i am in fact using a different phone? Something that would allow me to make the app believe it is running on a different device?
Click to expand...
Click to collapse
Well, the well known magisk module MHPC or Magisk Hide Props Config comes to mind. You can change device fingerprints and maybe also give the Device Simulation feature a go, or custom edit any range of configurable props.
You could do so without the module editing the build.props yourself. Or if you stick with edxposed and deal with not having magisk manager's hide enabled, perhaps any of the device spoofers on the xposed repo could fool the app. Or Sudohide if you set Adobe app to hide from any and all apps that are root relevant. May also consider removing directories in your internal and removable storage for things like TWRP or PBRP, Titanium Backup, xposes, etc, you know, things that a simple media scan looking for any sign of root apps might pick up.
But for now, I'd give MHPC a try and change device fingerprint and maybe enable device simulation if simple fingerprint change doesn't work.
I'm having the same issue on a rooted OnePlus 8T
Same for me on op7 pro. Hiding with somiko but Adobe still not working. Nor could I bypass square, it notes root when it pairs Bluetooth