[apendleton]

Not answering your question, but applications for Android are generally written with the assumption that they have whatever permissions they requested at install time, and may behave unpredictably if calls to things that are supposed to have already been authorized raise exceptions. I would expect that if you managed to do this, lots of applications would crash.

[StavrosK]

I'm pretty sure you could fake most permissions convincingly. After all, how is an app to know that that empty contact list or those GPS coordinates on the top of mount Everest aren't actually real?

[yareally]

There's been a few mods out on xda for at least a year or two that let you fake most permissions per app so the app would think it was getting legit data and not just blindly crash if it was denied the data totally. I think one was built into MIUI and could also be used standalone. The other one I can't recall the name, but if I think of it I will edit my post in a bit. Both had their source out though so you could mod them.

Cyanogenmod 7 tried to totally deny permissions for apps and it was not a good idea. It resulted in apps crashing a lot. Also the reason they didn't continue to do it in Cyanogenmod 9 and 10. Faking permissions is definitely the way to go though.

edit: pdroid was the other (http://forum.xda-developers.com/showthread.php?t=1357056)

[616c]

Pdroid is fantastic. I waste time patching my ROM every time I need to upgrade with that tool. The amount of information you can disable or manipulate to hand to app providers is amazing.

I think Android would have much better cred in the geek community if this was standard, but the legal and business hoops it jumps around and out of make it a pipe dream. I will say when I meet Infosec guys in my area and show them that app, even the iPhone guys are impressed and want to know how to get it if they got Android phones.

[StavrosK]

What legal and business hoops are you talking about? I can't see any legal problem with Android letting me disable my own permissions...

[StavrosK]

Yeah, my problem is that I use stock, so no love there :/

[yareally]

Stock as in a Nexus device or stock as in some other OEM skinned device? You shouldn't have problems applying either if you're using stock vanilla AOSP and rooted. OEM skins (touchwiz/sense/etc) though are another thing since you don't have any source code to work off of without modding or using something like Cyanogenmod and they tend to mod a lot of the framework base. Pdroid's patches were to the framework_base part of the Android source from what I recall working with it before. Modding the Android source isn't too bad if you import it into Intellij IDEA or Eclipse though. If you have some questions about where to start, feel free contact me.

[StavrosK]

Nexus device, yep. I didn't know takju was AOSP, I thought AOSP is sort of the "base". I'll try to set up OpenPDroid (I think PDroid doesn't work with ICS), thank you!

[yareally]

Yeah, pdroid as in its Android 2.3 form is wont work. Before OpenPdroid, I had to manually merge changes into the ASOP source by hand and do a little tweaking. You should be all good with takju. I have a Verizon Galaxy Nexus (toro) and build AOSP fine with that.

All the proprietary binaries are on Google's site[1] for Nexus devices or can be pulled from your device under /vendor/ (in the past, google sometimes failed to put up a few like the camera or bluetooth so had to get those via your device or a trusted repository). Alternatively, you can pull them from a repository maintained by a some of the more well known Android ROM modders using the directions I put up here (https://github.com/yareally/android_proprietary_files). Also you'll have to get a google apps package (or alternatively build it yourself) if you compile AOSP since you won't have access to the Android Market and such otherwise (stock AOSP resembles what you get in the emulator). A premade google apps package I would trust (and use myself when I don't want to build my own) can be located on goo.im[2]. They'll say Cyanogenmod, but they'll work for stock AOSP just the same.

[1] https://developers.google.com/android/nexus/drivers

[2] http://goo.im/gapps

[fpgeek]

Very true. Personally, I wish there were a way for apps to specify optional permissions (ones an app can run without, but might require for specific features) as an alternative to required ones.

To take a simple example, I've noticed that many third-party launchers request the "Services that can cost you money" permission, so that they can create dialing shortcuts, I believe. I'd prefer not to give them that permission because I don't want dialing shortcuts, but I'm sure other people do.