[StavrosK]

This is probably completely off-topic, but could this be used to create the ability to deny permissions to applications? As a privacy-sensitive person, I would like to prevent some applications from receiving certain permissions, while still using them (for example, why should a game have access to my contacts?), but Android doesn't provide that functionality.

Would this be possible/viable with this framework? I might give it a shot, if so.

[apendleton]

Not answering your question, but applications for Android are generally written with the assumption that they have whatever permissions they requested at install time, and may behave unpredictably if calls to things that are supposed to have already been authorized raise exceptions. I would expect that if you managed to do this, lots of applications would crash.

[StavrosK]

I'm pretty sure you could fake most permissions convincingly. After all, how is an app to know that that empty contact list or those GPS coordinates on the top of mount Everest aren't actually real?

[yareally]

There's been a few mods out on xda for at least a year or two that let you fake most permissions per app so the app would think it was getting legit data and not just blindly crash if it was denied the data totally. I think one was built into MIUI and could also be used standalone. The other one I can't recall the name, but if I think of it I will edit my post in a bit. Both had their source out though so you could mod them.

Cyanogenmod 7 tried to totally deny permissions for apps and it was not a good idea. It resulted in apps crashing a lot. Also the reason they didn't continue to do it in Cyanogenmod 9 and 10. Faking permissions is definitely the way to go though.

edit: pdroid was the other (http://forum.xda-developers.com/showthread.php?t=1357056)

[616c]

Pdroid is fantastic. I waste time patching my ROM every time I need to upgrade with that tool. The amount of information you can disable or manipulate to hand to app providers is amazing.

I think Android would have much better cred in the geek community if this was standard, but the legal and business hoops it jumps around and out of make it a pipe dream. I will say when I meet Infosec guys in my area and show them that app, even the iPhone guys are impressed and want to know how to get it if they got Android phones.

[StavrosK]

What legal and business hoops are you talking about? I can't see any legal problem with Android letting me disable my own permissions...

[StavrosK]

Yeah, my problem is that I use stock, so no love there :/

[yareally]

Stock as in a Nexus device or stock as in some other OEM skinned device? You shouldn't have problems applying either if you're using stock vanilla AOSP and rooted. OEM skins (touchwiz/sense/etc) though are another thing since you don't have any source code to work off of without modding or using something like Cyanogenmod and they tend to mod a lot of the framework base. Pdroid's patches were to the framework_base part of the Android source from what I recall working with it before. Modding the Android source isn't too bad if you import it into Intellij IDEA or Eclipse though. If you have some questions about where to start, feel free contact me.

[StavrosK]

Nexus device, yep. I didn't know takju was AOSP, I thought AOSP is sort of the "base". I'll try to set up OpenPDroid (I think PDroid doesn't work with ICS), thank you!

[fpgeek]

Very true. Personally, I wish there were a way for apps to specify optional permissions (ones an app can run without, but might require for specific features) as an alternative to required ones.

To take a simple example, I've noticed that many third-party launchers request the "Services that can cost you money" permission, so that they can create dialing shortcuts, I believe. I'd prefer not to give them that permission because I don't want dialing shortcuts, but I'm sure other people do.

[randallu]

Yes, you could hook the permission checking methods and deny them. I think there are packages that do this already (or don't throw the Permission exception but instead return an empty contact list, etc).

[angryasian]

just to add what the other commenters in thread said. Open pdroid is now the project you want to look at. Its open source but needs to be compile with the rom. Depending on your phone or if you know how to build a rom then its great if you want to fake permission data. http://www.xda-developers.com/android/openpdroid-brings-an-o...

The other alternative mentioned is lbe. The issue with lbe is that its a Chinese app thats translated to english and only distributed through xda found here. http://forum.xda-developers.com/showthread.php?t=1422479 . Now everything I've read and what others have looked into is that nothing malicious is occurring but of course YMMV. I've used it and I have very rarely found any issues blocking all permissions.

Also another good app is droidwall to enable data for apps based on wifi or mobile.

[StavrosK]

Hmm, could you point me to any? A search didn't turn anything up, but I haven't done any Android development, so I'm far from an expert.

[justinrickity]

There's LBE Privacy Guard which is available in the Play store: https://play.google.com/store/apps/details?id=com.lbe.securi...

It's broken at the moment but used to provide the feature you requested

[StavrosK]

Yeah, I saw that, but it has a lot of 1-star reviews. Something about all these apps doesn't inspire confidence, I don't know why...

[randallu]

Here's one: https://play.google.com/store/apps/details?id=com.privacy.pd...

[StavrosK]

Oh huh, that actually looks very nice! Thank you!

EDIT: Oh, Gingerbread-only :/

EDIT 2: It seems that the only "good/working" app is PDroid (and OpenPDroid for ICS). Unfortunately, it's only available for custom ROMs, and it's a lot of work to add it to stock ROMs. It looks like that this will either need a lot of hard work to do (and be hard to install), or Android will need to do it natively. Too bad neither option is very feasible...

[gcb0]

That's easily implementable. But breaks lots of apps.

I have it currently on my nexus one with CyanogemMod7. standard feature.

Use it to prevent my closed source keyboard from talking to the web.