Privacy manager using the Xposed framework
XPrivacy can prevent leaking privacy sensitive data for any application (including associated background services and content providers). XPrivacy can restrict the categories of data an application can access. This is done by feeding an application with no or fake data. There are several easy to use data categories, for example contacts or location. Restricting for example access to contacts for an application, will result in sending an empty contact list to the application. Similar, restricting access to your location for an application, will result in sending random locations to the application.
XPrivacy doesn't revoke permissions from an application, which means that most applications will continue to work as before and won't force close. There is one exception to this, access to external storage (typically an SD card) is restricted by denying access. There is no other way to realize this, since this permission is handled by Android in a special way. Android delegates handling of this permission to the underlying Linux file system.
You can always allow an application access to a data category again in case restricting the data category resulted into problems for the application.
Any new installed application will have no access to any data category to prevent leaking privacy sensitive data from the beginning. Soon after installing a new application XPrivacy will ask which data categories you want the new application to allow access to. XPrivacy comes with a category browser, which allows you to easily enable or disable access to a data category for applications selected from a list of all installed applications.
To help you identify potential data leakage, XPrivacy will monitor (attempts of) data usage for all applications. XPrivacy will highlight a data category for an application (or an application name in the category browser) as soon as data of the data category has been used. XPrivacy will also display if an application has internet access and if an application has Android permissions to access data in a data category (not in the category browser, since checking permissions for all applications is quite slow).
XPrivacy is accessible for each application from the Android manage apps menu. The category browser is accessible from the application list or application drawer.
XPrivacy is built using the Xposed framework. XPrivacy taps into a number of selected functions of Android through the Xposed framework. Depending on the function XPrivacy conditionally skips execution of the original function (for example when an application tries to set a proximity alert) or alters the result of the original function (for example to return empty calendar data).
XPrivacy has been tested with CyanogenMod 10 and 10.1 (Android 4.1 and 4.2), and will likely work with any Android version 4.1 or 4.2 variant, including stock ROM's. Root access is needed to install the Xposed framework. Because of a bug in the Xposed framework, XPrivacy currently needs a fixed Xposed binary, which is provided as download for both Android version 4.1 and 4.2.
Using XPrivacy is entirely at your own risk
- Simple to use
- No need to patch anything (source, smali)
- For any (stock) variant of Android version 4.1 or 4.2 (JellyBean)
- New apps are restricted by default
- Displays data actually used by an app
- Open source
- Accounts (including auth token)
- APN data
- Application data (installed apps)
- Browser (bookmarks, searches)
- Calendar
- Contacts
- Identification (Android ID, Wi-Fi MAC address)
- Location (coarse/fine, cell location/info)
- Messages (SMS/MMS, voicemail: untested, ICC SMS)
- Phone (call log, in/outgoing/voicemail number, phone ID/number, subscriber ID, SIM info, ISIM, IMPI, IMPU, MSISDN, network details)
- Recording audio (including microphone)
- Recording video
- Reading sdcard (revoke permission)
- Taking photos
- Root your device
- Make a backup
- Install the Xposed framework, including the disabler
- Install XPrivacy from here
- Enable XPrivacy from the Xposed Installer app
- Reboot into recovery
- Flash the correct Xposed fix from here
- Reboot
- Uninstall the previous version
- Reboot your device
- Follow the installation instructions
- Select Manage apps from the main menu
- Select an app
- Press the XPrivacy button
To see it in action: try disabling Identification for Android Id Info or try disabling Contacts for the Contacts app.
Applying some restrictions requires an app restart
Enabling storage restriction means blocking access to external storage (typically the SD card). Because of the nature of this restriction, there is no usage data for this restriction. All other restrictions have usage data and send no or fake data.
Tricks:
- Click the application icon in the category browser to go to the app restriction settings
- Click the orange triangle to see the actual Android functions that were used by the app
- Will you restrict internet access? No, you can use a firewall app, like AFWall+.
- Will you block outgoing SMS/MMS, the iptables command or force online state? No, XPrivacy is about restricting data, not about blocking actions.
- Will you make it possible to enter fake data? No, I want to keep things as simple as possible for maximum stability.
- Which functions are exactly restricted? See here.
- What did you fix in the Xposed framework? See here.
- Does XPrivacy use the Android permissions for something? No, Android permissions are just displayed as a guideline.
- How can I reset all XPrivacy settings? Manage apps > XPrivacy > Clear data
- Will XPrivacy make my device slower? Not noticeable.
If you encounter any bug or data leakage please report an issue, preferably including a logcat (use pastebin or a similar service).
If you have any question or want to request a new feature, you can leave a message in the XDA XPrivacy forum thread.
Version 0.12
- Several user interface improvements
- Android version check
- Async app list fetch
- Added Dutch/Flemish translation
- Added Bulgarian translation, thank you Borislav
Translations:
Restrict new data:
- Find the package/class/method that exposes the data (look into the Android documentation/sources)
- Figure out a way to get a context (see existing code for examples)
- Create a class that extends XHook
- Hook the method in XPrivacy
- Write a before and/or after method to restrict the data
- Do a pull request if you want to contribute
GNU General Public License version 3
Copyright (c) 2013 Marcel Bokhorst (M66B)
This file is part of XPrivacy.
XPrivacy is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
XPrivacy is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with XPrivacy. If not, see http://www.gnu.org/licenses/.