Skip to content

amakuramio/XPrivacy

 
 

Repository files navigation

XPrivacy

The ultimate, yet easy to use, privacy manager for Android

Index

Description

XPrivacy can prevent applications from leaking privacy sensitive data. XPrivacy can restrict the categories of data an application can access. This is done by feeding an application with no or fake data. There are several data categories which can be restricted, for example contacts or location. For example, if you restrict access to contacts for an application, this will result in sending an empty contact list to the application. Similarly, restricting an application's access to your location will result in a fake location being sent to the application.

XPrivacy doesn't revoke (i.e. block) permissions from an application, which means that most applications will continue to work as before and won't force close. There are two exceptions to this, access to the internet and to external storage (typically an SD card) is restricted by denying access (revoking permissions). There is no other way to implement this, since these permissions are handled by Android in a special way. Android delegates handling of these permission to the underlying Linux network/file system. XPrivacy will fake offline (internet) and/or unmounted (storage) state, but some applications try to access the internet/storage nevertheless, potentially resulting in crashes or error messages.

If restricting a category of data for an application results in problems for the application, it is possible to allow access to the data category again to solve the issue.

By default, all newly installed applications will have no access to any data category at all, to prevent a new application from leaking sensitive data right after installation. Shortly after installing a new application, XPrivacy will ask which data categories you want the new application to have access to. XPrivacy comes with an application browser, which allows you to quickly enable or disable applications' access to a particular data category for example to view your calendar. It is also possible to edit all data categories for one application.

To help you identify potential data leaks, XPrivacy will monitor attempts made by all applications to access sensitive data. XPrivacy will display an orange warning triangle icon as soon as data of a data category has been used. If an application has requested Android permissions to access data in a data category, this will be displayed with a green key icon. XPrivacy will also display if an application has internet access, indicating that the application poses a risk of sharing the data it obtains with an external server.

XPrivacy is built using the Xposed framework. XPrivacy taps into a vast number of carefully selected functions of Android through the Xposed framework. Depending on the function, XPrivacy conditionally skips execution of the original function (for example when an application tries to set a proximity alert) or alters the result of the original function (for example to return an empty message list).

XPrivacy has been tested with CyanogenMod 10, 10.1 and 10.2 (Android 4.1, 4.2 and 4.3), and is reported to work with most Android version 4.0, 4.1, 4.2 and 4.3 variants, including stock ROMs. Root access is needed to install the Xposed framework.

XPrivacy was a lot of work, so please support this project

Donate a few dollars for the pro version

OR

buy the pro enabler from Google play

OR

Flattr

Using XPrivacy is entirely at your own risk

Applications Application Expert Help Settings Usage data

Features

  • Simple to use
  • No need to patch anything (no source, no smali or anything else)
  • For any (stock) variant of Android version 4.0, 4.1, 4.2 or 4.3 (ICS, JellyBean)
  • Newly installed applications are restricted by default
  • Displays data actually used by an application
  • Free and open source

Restrictions

For easy usage, data is restricted by category:

  • Accounts
    • return an empty account list
    • return fake account info
    • return empty authorization tokens
  • Browser
    • return an empty bookmark list
    • return empty search history
  • Calendar
    • return an empty calendar
  • Calling
    • prevent calls from being placed
    • prevent SMS messages from being sent
    • prevent MMS messages from being sent
    • prevent data messages from being sent
  • Clipboard
    • prevent paste from clipboard (both manual and from an application)
  • Contacts
    • return an empty contact list
      • content://com.android.contacts/data
      • content://com.android.contacts/raw_contacts
      • content://com.android.contacts/phone_lookup
      • content://com.android.contacts/profile
  • Dictionary
    • return an empty user dictionary
  • E-mail
    • return an empty list of accounts, e-mails, etc (provider)
  • Identification
    • return a fake Android ID
    • return a fake device serial number
    • return a fake host name
    • return a fake Google services framework ID
    • return file not found for folder /proc
    • return a fake Google advertising ID
    • return a fake system property cid (Card Identification Register)
    • return file not found for /sys/block/.../cid
    • return file not found for /sys/class/.../cid
  • Internet
    • revoke access to the internet
    • return fake disconnected state
    • return fake supplicant disconnected state
  • Location
    • return a random or set location
    • return empty cell location
    • return an empty list of (neighboring) cell info
    • prevents geofences from being set
    • prevents proximity alerts from being set
    • prevents sending NMEA data to an application
    • prevent phone state from being sent to an application
      • Cell info changed
      • Cell location changed
    • prevent sending extra commands (aGPS data)
    • return an empty list of Wi-Fi scan results
    • prevents connecting to Google Play services
  • Media
    • prevent recording audio (including from the microphone)
    • prevent taking pictures
    • prevent recording video
    • you will be notified if an application tries to perform any of these actions
  • Messages
    • return an empty SMS/MMS message list
    • return an empty list of SMS messages stored on the SIM (ICC SMS)
    • return an empty list of voicemail messages
  • Network
    • return fake IP's
    • return fake MAC's (network, Wi-Fi, bluetooth)
    • return fake BSSID/SSID
    • return an empty list of Wi-Fi scan results
    • return an empty list of configured Wi-Fi networks
    • return an empty list of bluetooth adapters/devices
  • NFC
    • prevent receiving NFC adapter state changes
    • prevent receiving NDEF discovered
    • prevent receiving TAG discovered
    • prevent receiving TECH discovered
  • Notifications
    • prevent receiving statusbar notifications (Android 4.3+)
    • prevent C2DM messages
  • Phone
    • return a fake own/in/outgoing/voicemail number
    • return a fake subscriber ID (IMSI for a GSM phone)
    • return a fake phone device ID (IMEI): 000000000000000
    • return a fake phone type: GSM (matching IMEI)
    • return a fake network type: unknown
    • return an empty ISIM/ISIM domain
    • return an empty IMPI/IMPU
    • return a fake MSISDN
    • return fake mobile network info
      • Country: XX
      • Operator: 00101 (test network)
      • Operator name: fake
    • return fake SIM info
      • Country: XX
      • Operator: 00101
      • Operator name: fake
      • Serial number (ICCID): fake
    • return empty APN list
    • return no currently used APN
    • return an empty call log
    • prevent phone state from being sent to an application
      • Call forwarding indication
      • Call state changed (ringing, off-hook)
      • Mobile data connection state change / being used
      • Message waiting indication
      • Service state changed (service/no service)
      • Signal level changed
    • return an empty group identifier level 1
  • Sensors
    • return an empty default sensor
    • return an empty list of sensors
  • Shell
    • return I/O exception for Linux shell
    • return I/O exception for Superuser shell
    • return unsatisfied link error for load/loadLibrary
  • Storage
    • revoke permission to the media storage
    • revoke permission to the external storage (SD card)
    • return fake unmounted state
  • System
    • return an empty list of installed applications
    • return an empty list of recent tasks
    • return an empty list of running processes
    • return an empty list of running services
    • return an empty list of running tasks
    • return an empty list of widgets
    • return an empty list of applications (provider)
    • prevent package add, replace, restart and remove notifications
  • View
    • prevent links from opening in the browser
      • you will be notified if an application tries to open a link
    • return fake browser user agent string
      • Mozilla/5.0 (Linux; U; Android; en-us) AppleWebKit/999+ (KHTML, like Gecko) Safari/999.9

Limitations

  • /proc and system properties cannot be restricted for Android (serial number, IMEI, MAC address, etc)
  • Phone number cannot be restricted for the standard phone application
  • Internet and storage can only be restricted for applications/providers/services started by the Android package manager
  • Due to its static nature Build.Serial can only be randomized on application start

Compatibility

XPrivacy has been tested with CyanogenMod 10, 10.1 and 10.2 (Android 4.1, 4.2 and 4.3), and is reported to work with most Android version 4.0, 4.1, 4.2 and 4.3 variants, including stock ROMs.

Installation

Instead of following the steps below, you can use the XPrivacy Installer.

It seems like a lot of steps, but it is done in no time:

  1. Requirements:
    • Android 4.0+ (ICS) or 4.1/4.2/4.3+ (JellyBean); check with System Settings > About phone > Android version
    • Custom recovery (CWM, TWRP or similar)
  2. Make a backup
  3. If not done already: root your device; the procedure depends on the brand and model of your device
    • You can find a guide here for most devices
  4. Enable System settings > Security > Unknown sources
  5. Install the Xposed framework
  6. Download and install XPrivacy from here
    • Alternatively download from here
  7. Enable XPrivacy from the Xposed installer
  8. Reboot

I do not recommend using XPrivacy in combination with any of the similar solutions, because it could result in conflicts (with as possible consequence data leakage).

If you want to uninstall XPrivacy, you have two options:

  1. Disable XPrivacy in the Xposed installer
  2. Uninstall Xposed using the Xposed installer

Upgrading

  • Make a backup
  • Do not remove the previous version (else your settings will get lost)
  • Download the new version
  • Install the new version over the previous version
  • Reboot your device

When following this procedure your data will not leak, because the Xposed part of XPrivacy keeps running.

Usage

The application starts in the main view, where at the top a data category can be selected. By ticking one or more check boxes in the list below, the selected data category can be restricted for the chosen applications. The default category is All, meaning that all data categories will be restricted.

Tapping on an application icon shows the detailed view, where all the data categories for the selected application can be managed. This view will also appear by tapping on the notification that appears after updating or installing an application. By default all data categories will be restricted for new installed applications to prevent leaking privacy sensitive data from the beginning. You can change which data categories will be restricted by changing the Template available from the main menu.

Data categories exist to make it easier to manage restrictions. The data categories in the detailed view can be drilled down to individual functions. If the category is restricted, individual functions can be allowed by clearing the function check boxes.

To see it in action: try restricting the category Identification for Android Id Info or try restriction the category Contacts for the Contacts application.

Applying some restrictions require restarting applications and/or your device

If an application requested Android permissions for a data category, the category will be marked with a green key icon. If an application used/tried to use data, the data category will be marked with an orange warning triangle icon. If an application has internet permissions a world globe icon will be shown. These icons are just a guideline, because an application can access some privacy sensitive data without Android permissions, for example the serial number of your device and because is not possible to monitor data usage in each and every situation, for example not for access to the internet or the external storage. Be aware that an application could access the internet through other (sister) applications.

Enabling the internet or storage restriction means blocking access to the internet or to the external storage (typically the SD card). This may result in error messages and even in forced closes of the application.

Some category and function restrictions are considered dangerous. These categories and functions are marked with a redish background color. Some applications will crash if you restrict these categories and/or functions.

There are global settings and application specific settings, respectively accessible from the menu of the application list and the menu of the application details view. The global settings, like a randomized or set latitude/longitude, apply to all applications, unless you set any application specific setings. In that case all global settings are overriden by the application specific settings. There is one special case: saving empty specific application settings (you can use the clear button) will erase all application specific settings, so that the global settings will be used again.

The template, available from the main menu is applied to newly installed applications or if you use the menu apply template from the application details view.

Using XPrivacy is entirely at your own risk

Permissions

XPrivacy asks for the following Android permissions:

  • Accounts: to select accounts to allow for applications
  • Contacts: to select contacts to allow for applications
  • Boot: to check if XPrivacy is enabled
  • Internet: to submit/fetch crowd sourced restrictions
  • Storage: to export settings to the SD card (only pro version)

If you don't like this, you can always restrict XPrivacy itself ...

Frequently asked questions

(1) Will XPrivacy make my device slower?

Maybe a little bit, but it will probably not be noticeable.

(2) Does XPrivacy use a lot of memory or battery?

Almost nothing.

(3) Can you help me with rooting my device?

There are already enough guides to help you to root your device. Use your favorite search engine to find one.

(5) How can I reset all XPrivacy settings?

Manage apps > XPrivacy > Clear data

Reboot.

(6) Can I backup XPrivacy and settings?

Yes, you can, for example with Titanium backup, but you can only restore into the same environment (device/ROM). Exporting/importing settings will work across devices/ROMs. To export/import settings you will need the pro version.

(10) Which functions are exactly restricted?

Many, see here for all details.

(12) How safe is XPrivacy?

Great care has been taken to develop XPrivacy, nevertheless data could leak and applications can crash, although this is fortunately rare.

(14) I get 'Incompatible ...' !

An internal check of XPrivacy failed, resulting in potential data leakage. Please press OK to send me the support information, so I can look into it.

(15) What is the procedure for a ROM update?

The right order for ROM updates is:

  1. Export XPrivacy settings
  2. Enable flight mode
  3. Reboot to recovery
  4. Flash ROM
  5. Flash Google apps (optional)
  6. Re-activate Xposed using Xposed toggle
  7. Reboot to Android
  8. Restore the android ID (when needed; with for example Titanium backup)
  9. Clear XPrivacy data (please note that this will erase the imported pro license file if any)
  10. Import XPrivacy settings
  11. Disable flight mode

(this assumes no data wipe and Xposed and XPrivacy installed before updating the ROM)

If you skip the XPrivacy import/clear/export steps some system applications can have the wrong restrictions, because the uid's of these applications might have been changed.

For export/importing XPrivacy data you need pro version.

(16) Can I restrict an application with root access?

Yes, you can by restricting su shell access.

(17) Will restrictions be applied immediately?

It can take up to 15 seconds before changes in restrictions will be effective, because of caching. Changing the internet and storage restriction requires an application restart. Please note that in many cases pressing back, only moves the application to the background.

(18) Can XPrivacy ask for restrictions on demand / display a message on data usage?

It cannot always, since it works deep within Android, and therefore it is IMHO not a good idea to ask for restrictions when it could, because this will probably result into confusion only.

There is a lot of privacy sensitive data processed within Android, especially if there are a lot of applications installed. It would slow down your device significantly if XPrivacy would notify data usage.

Newly installed applications are by default fully restricted. Restricting an application should not result into any force closes (crashes), please create an issue if this happens (see the support section below), it only means that an application cannot see the restricted data. If an application should see the data, you can remove the associated restriction at any time.

(19) Does XPrivacy have a firewall?

Yes, you can restrict internet access for any application. If you want to partly enable internet, for example for Wi-Fi only, you will have to use a firewall application, like AFWall+. The reason is that XPrivacy works within Android and detailed firewall rules can only be applied within the Linux kernel.

(21) I get 'Unable to parse package'

This means the downloaded apk is corrupt. Try disabling your popup blocker or download using another computer.

(22) How can I make a logcat?

Enable logging using the settings menu and see here.

(23) Where are the settings of XPrivacy stored?

The restriction settings of XPrivacy are stored as private application data. It is possible to backup the application and the data, but you can restore it onto the same environment (device/ROM) only. This is because Android assigns different uid's to the same applications on different devices. Exporting settings on one device and importing settings onto another device will work, but this requires the pro version. If you want to backup the exported settings, they are in the folder .xprivacy on the SD card.

(25) Why doesn't undoing a data category restriction disable the function exceptions too?

If you accidentally undo a data category restriction all the function exception would be lost. The function exceptions only apply when the data category is restricted.

(26) How can I export/import my settings?

For this you need the pro version. Exported settings are stored in the folder .xprivacy in the file XPrivacy.xml. You can copy this file to the same place on a second device. When importing, settings are only applied to applications that exist on the second device. This also applies to system applications.

Note that allowed accounts and allowed contacts (not the accounts and contacts itself) can only be imported when the android ID is the same. See question 15 about what to do when updating your ROM.

(28) I have restricted locations but my GPS status icon still appears

That is correct, XPrivacy only replaces the real location by a fake location. It even uses the real location to randomize the fake location. The idea is that everything should appear as normal as possible to an application.

(29) How about multi-user support?

The XPrivacy engine works deep within Android and has no information about users. Each application is identified by a uid and all restrictions are based on this unique identifier. Each user has his own set of applications. Each user can manage the restrictions for the applications available to him/her. If Android uses the same uid for an application that two users share, both users can manage the restrictions for this application.

(30) Why is the location search in the settings disabled?

Because some Google components are not installed.

(31) Do I still need root after installing Xposed?

No.

(32) Why is XPrivacy not available in the Play store anymore?

Read here why.

(33) What is 'Template' used for?

The template is used to apply restrictions to newly installed applications and when you use the menu Apply template.

(34) Will there be a iOS / Window phone version?

No, because these OS'es are to closed to implement something like XPrivacy.

(35) Will you restrict ...?

  • The device brand/manufacturer
  • The device model/product name
  • Synchronization state
  • Screen locking
  • Display settings
  • Wi-Fi settings
  • Bluetooth settings
  • Shortcuts
  • Android version
  • Starting of applications
  • Vibration

No, because I don't consider this as privacy sensitive data. I am happy to add new restrictions for data that is really privacy sensitive.

(36) What does expert mode?

Expert mode disables the dangerous restrictions warning and enables some advanced settings.

(37) Does XPrivacy work with SELinux (Fort Knox) ?

Yes.

(38) What is 'Android usage data' and 'Extra usage data' ?

The setting Android usage data enables sending more usage data for Android itself (uid=1000).

The setting Extra usage data enables sending more usage data for all applications.

Enabling these settings can cause instability and/or decrease performance on some devices.

Usage data = orange triangles.

(39) How does the tri-state check box work?

The tri-state check box follows this pattern:

  • Unchecked = no retrictions
  • Solid square = some restrictions
  • Check mark = all restrictions

Some/all is determined as follows:

  • All category: some/all other categories
  • Other categories: some/all functions

Be aware that by default categories and functions are filtered by permission, so you may not see all of them. The check box state is independent of this.

(40) How can I get usage data for all applications?

Try enabling the setting Extra usage data from the main menu, but be aware that this might cause instability on some ROMs.

Support

If you encounter a bug please create an issue.

Including a logcat when relevant (use pastebin or a similar service). Don't forget to enable XPrivacy logging using the settings menu!

Please describe the exact steps to reproduce the issue and include information about your device type and the ROM you are using.

Before submitting any issue please ensure you are running the latest version of XPrivacy.

Before submitting any issue please read this.

One bug/feature request per issue please!

If you have a feature request, please create an issue.

If you have any question, you can leave a message in the XDA XPrivacy forum thread.

Changelog

The changelog has been moved here.

Similar solutions

The PDroid family provides fake or no data, more or less in the same way as XPrivacy does. A difference is that you need to patch Android and that there is (therefore) only limited stock ROM support. The PDroid family is open source.

LBE Privacy Guard revokes permissions, which will make some applications unusable. LBE Privacy Guard also features malware protecting and data traffic control. Some consider the closed source code of Chinese origin as a problem.

The members of the PDroid family and XPrivacy hardly use memory, but LBE Privacy Guard does.

The CyanogenMod Incognito Mode seems not to be fine grained and provides only privacy for personal data, if the associated content provider chooses to do so.

The Per App Settings Module revokes permissions like LBE Privacy Guard does. This modules offers a lot of other, interesting features.

Android 4.3+ Permission Manager is like CyanogenMod Incognito Mode.

XPrivacy can restrict more data than any of the above solutions, also for closed source applications and libraries, like Google Play services.

News

Contributing

Translations:

  • Translate the strings in this file
  • Omit lines with translatable="false"
  • If you know how to, please create a pull request
  • Else send me the translated file via XDA PM

Current translations:

  1. Bulgarian (bg)
  2. Catalan (ca)
  3. Czech (cs)
  4. Danish (da)
  5. Dutch/Flemish (nl)
  6. English
  7. Estonian (ee)
  8. Farsi (fa)
  9. Finnish (fi)
  10. French (fr)
  11. German (de)
  12. Greek (el)
  13. Hebrew (he/iw)
  14. Hindi (hi)
  15. Hungarian (hu)
  16. Italian (it)
  17. Japanese (ja)
  18. Lithuanian (lt)
  19. Norwegian (nb-rNO, nn-rNO, no-rNO)
  20. Polish (pl)
  21. Portuguese (pt)
  22. Romanian (ro)
  23. Rusian (ru)
  24. Serbian (sr)
  25. Simplified Chinese (zh-rCN)
  26. Slovak (sk)
  27. Slovenian (sl)
  28. Spanish (es)
  29. Swedish (sv)
  30. Traditional Chinese (zh-rTW)
  31. Turkish (tr)
  32. Vietnamese (vi)

Restrict new data:

  • Find the package/class/method that exposes the data (look into the Android documentation/sources)
  • Figure out a way to get a context (see existing code for examples)
  • Create a class that extends XHook
  • Hook the method in XPrivacy
  • Write a before and/or after method to restrict the data
  • Do a pull request if you want to contribute

Using Eclipse:

  • Clone the GitHub project to a temporary location
  • Import the GitHub project into Eclipse, copy the files
  • Close Eclipse and copy the project from the temporary location over the imported project
    • Make sure you copy all hidden files
  • Add the Xposed library to the build path as described here

Testing:

Contributors do not have to donate for the pro version.

License

GNU General Public License version 3

Copyright (c) 2013 Marcel Bokhorst (M66B)

This file is part of XPrivacy.

XPrivacy is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

XPrivacy is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with XPrivacy. If not, see http://www.gnu.org/licenses/.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 97.2%
  • PHP 2.8%