Related
I have a question that is purely out of curiosity. I'm not a developer, nor do I have any desire to become one... at this time.
In the process of answering questions for my father about his new Android phone, I came across the Android Developers website. Being the infinity curious person that I am, I started to browse through it and came across something that I was particularly curious about, the "Forward-Locked Application" market filter. It states that an application in the market can be set to not be visible to developer devices and unreleased devices. What I'm curious about is why would a developer not want their app to not be visible to said devices? Wouldn't it be to their advantage to allow their app to be visible, installed, and possibly tested if the owner of the developer phone or new unreleased phone so chose to do, after all, this is potentially new hardware that the app developer may not have support for in their app. Now not being a developer myself, I'm sure there are valid reasons for the filter and I am just curious as to what they may be.
Because you haven't tested your app on a new OS build, and want ensure compatibility before offering it for sale. Other reason is that the new OS build either obsoletes, duplicates, or just plain breaks your app. An example would be the updates to the calendar API's in Android 2.2. Every calendar widget in the market that tied into the built-in calendar app ceased to function because the way it interacted with outside apps had changed.
So the lock is not in reference to developer or unreleased hardware, it pertains to developer or unreleased software or OS?
They would check build/version number in the build.prop or whatever they use... It's just like how FroYo builds couldn't see protected apps while it was in pre-release.
garfnodie said:
So the lock is not in reference to developer or unreleased hardware, it pertains to developer or unreleased software or OS?
Click to expand...
Click to collapse
yes this is correct. The developer phones have different software that allow native root access and this would be defined in the build.prop . That would also allow people to rip applications and pirate them.
That switch is mainly a quality assurance/anti-piracy measure.
ATnTdude said:
Because you haven't tested your app on a new OS build, and want ensure compatibility before offering it for sale. Other reason is that the new OS build either obsoletes, duplicates, or just plain breaks your app. An example would be the updates to the calendar API's in Android 2.2. Every calendar widget in the market that tied into the built-in calendar app ceased to function because the way it interacted with outside apps had changed.
Click to expand...
Click to collapse
Actually, those apps that broke, broke because they were using private APIs. As explained, if you stick to public APIs your app should not break when updating OS iterations because ALL APIs are frozen as soon as a release is cut.
Here's another question then, are app's allowed to do automatic bug reporting back to a developer with out the user consent, or even with the users consent. It seems to me that say Google is testing Android 3.0, and one of their in house testers decides to install your app, but your app does not support 3.0 for whatever reason, if there is automatic bug reporting, you could be made aware of a potential incompatibility with a new API and have time to fix it long before the new OS is ever released. This all could never happen though if you have the market filter set.
garfnodie said:
Here's another question then, are app's allowed to do automatic bug reporting back to a developer with out the user consent, or even with the users consent. It seems to me that say Google is testing Android 3.0, and one of their in house testers decides to install your app, but your app does not support 3.0 for whatever reason, if there is automatic bug reporting, you could be made aware of a potential incompatibility with a new API and have time to fix it long before the new OS is ever released. This all could never happen though if you have the market filter set.
Click to expand...
Click to collapse
bug reporting is going to be a new feature of 3.0. I dont think many if any apps have their own built in bug reporting. Also it really is on the developers side if their app doesnt work with new OS revisions. They should program their apps in such a way that they wont have to make drastic changes for updates. Google also give plenty of time for developers to make fixes before the first iterations of the new update goes out (almost 1 month in the case of froyo)
however some developers just dont care (e.g Co-Pilot)
Hi,
Is it possible to completely stop information leakage to google from my telephone, such as contacts or even aps purchased?
Oxy20 said:
Hi,
Is it possible to completely stop information leakage to google from my telephone, such as contacts or even aps purchased?
Click to expand...
Click to collapse
some options:
work without google apps! most custom roms come without it! GApps package is a additional zip!
many custom roms included privacy manager from cm. you define what the app is allowed to. for example read contacts yes or no
In AOSP Android (I think since 4.3 or 4.2) is app ops included. It's like privacy manager with detailed options.
hope it hepls. What rom you are using?
carepack said:
some options:
work without google apps! most custom roms come without it! GApps package is a additional zip!
many custom roms included privacy manager from cm. you define what the app is allowed to. for example read contacts yes or no
In AOSP Android (I think since 4.3 or 4.2) is app ops included. It's like privacy manager with detailed options.
hope it hepls. What rom you are using?
Click to expand...
Click to collapse
I am on 4.3 stock ROM. The phone is unlocked and rooted.
I tried CM Rom as part of 2 way call recording patch trial but had to revert back to ROM due to stability problems. But the problems were due to the trial nature of the patched ROM http://forum.xda-developers.com/showpost.php?p=45730852&postcount=47 I tried rather then general CM problems. So I suppose could try a stable, up to date version of CM ROM.
I suppose without Google Play I can not have paid apps like skvalex call recorder? If I have to leak some info to Google can I ensure no call details, contacts, calendar etc are shared / backed up etc to Google?
Oxy20 said:
I am on 4.3 stock ROM. The phone is unlocked and rooted.
I tried CM Rom as part of 2 way call recording patch trial but had to revert back to ROM due to stability problems. But the problems were due to the trial nature of the patched ROM http://forum.xda-developers.com/showpost.php?p=45730852&postcount=47 I tried rather then general CM problems. So I suppose could try a stable, up to date version of CM ROM.
I suppose without Google Play I can not have paid apps like skvalex call recorder? If I have to leak some info to Google can I ensure no call details, contacts, calendar etc are shared / backed up etc to Google?
Click to expand...
Click to collapse
try a look at here:
http://www.androidpolice.com/2013/0...ager-control-permissions-for-individual-apps/
Technically yes, but practically no. Even if you stop now, you probably have used Google services in the past and they already have those info. Even if you do not use Google apps, there are lots of way for your phone to connect to Google server (various core Google apks). Lots of apps and websites use Google Analytic as well, although that info is supposed to be anonymous, or apps that utilize Google services in some way or purchased apps that required verification. You basically have to micromanage the permission of every app and this isn't exactly easy and is time consuming, slips up are easy too.
My recommends are:
Most effective: Be lke Richard Stallman, stop using internet completely, except for devices that isn't your. Don't use telephone at all. Have no WiFi running in your house and remove your address from Google Maps, then move to South Georgia and the South Sandwich Islands.
Less effective: Don't use 'gapps' and Google apps at all. You can use Amazon AppStore to download apps. Or use Firefox OS or Ubuntu Touch instead.
Less effective alternative: Use permission management. There are many ways to do this. Android 4.3 have AppOps and there are shortcut apps to let you access to the hidden menu, however it's not very convenient to use. It's better to use CM or SlimRoms which in addition have the Privacy Guard toggle feature (Settings -> Security-> bottom of list). SlimRoms let you turn it on for installed apps by default. It blocks access to contacts and location. I'm not sure if it block network and phone IDs info though.
For more refined permission management, there is the Xposed Framework module called XPrivacy. It has a high learning curve and blocking the wrong permission will cripple your apps or make it not working. There is also LBE Security Master and OpenPDroid, but I much prefer XPrivacy.
You can also use AFwall+ which modify the Linux kernel's iptables to block internet connection, this is the most assured method to block internet connection access for apps imo.
If you still need to make use of Google apps or services, such as facelock and photosphere, but want to avoid installing 'Google services framework', you can use these gapps packages and not install the core package. Keep in mind, 'Google services framework' is important for connecting to Google server and without it some 'find your phone' apps won't work like Cerberus.
You can see if your phone is connected or syncing to Google server by the color of the WiFi icon color, gray means no, and blue means yes.
I have always wondered about why someone would buy a smartphone, Android or iOS and then worry about security? Why not just buy a simple TracPhone or something similar?
Not trying to knock on anyone, just wondering.
Sent from the Far Reaches Of The Earth!
Hi guys,
Being OmniRom an open source oriented ROM, probably most of us try to use Open Source apps as possible. So what about share our preferred ones?
Here goes mines
Mail: aosp or K-9
Calendar: aosp
Keyboard: aosp
Chat: Whattsapp, Hangouts. Telegram too but not many of my friends use it unfortunately
Cloud: Owncloud. Thinking in creating my own cloud with it also.
Social: Twidere, G+.
Search engine: DDG (Google sometimes when I don't find something)
To do: ?? haven't found a good one for my needs yet, I want sync.... MyOwnNotes is too much basic yet but hoping it gets upgraded. Testing Mirakel also.
File Manager: CM File Manager
News: Feedly; still trying to learn how to use ownCloud News Reader. Pocket; in the way to learn how In the Poche exactly works...
Browser: Firefox
Video player: VLC
Music player: Apollo
Navigator: OsmAnd
Reading: CoolReader or FBReader. Amazon one also sometimes, I got some books there.
Others
Github official client, aLogcat or Catlog, AdAway, DavDroid and some others that I dont remember...
What about your preferred open source apps?? Any better option than mine?
Greetings!
Some of those aren't open source, although they're at least freely available from the Play Store.
I always have OsmAnd installed for when I'm in a place with no network coverage (gmaps will fail here).
While OsmAnd is GPL, updating from the Play Store requires a paid version of the app for full functionality. (This is perfectly legal under the GPL as complete source for the paid version is available. I consider the Play Store builds to be a "support service" myself and YES - I do pay for OsmAnd+ to facilitate my laziness. )
There are a number of opensource apps we'd like to include with Omni, but the nature of package signing in Android makes it difficult to do this except by grabbing prebuilts which we'd prefer not to do. (this is what CM does with Terminal Emulator.) I believe our inclusion of DashClock has caused some issues, which is why I'm considering putting in a patch that changes the package name to allow people to install the Play Store version without conflicts. (Similar to the patches I have in place to deconflict Google Camera with AOSP Camera.)
Entropy512 said:
Some of those aren't open source, although they're at least freely available from the Play Store.
I always have OsmAnd installed for when I'm in a place with no network coverage (gmaps will fail here).
While OsmAnd is GPL, updating from the Play Store requires a paid version of the app for full functionality. (This is perfectly legal under the GPL as complete source for the paid version is available. I consider the Play Store builds to be a "support service" myself and YES - I do pay for OsmAnd+ to facilitate my laziness. )
There are a number of opensource apps we'd like to include with Omni, but the nature of package signing in Android makes it difficult to do this except by grabbing prebuilts which we'd prefer not to do. (this is what CM does with Terminal Emulator.) I believe our inclusion of DashClock has caused some issues, which is why I'm considering putting in a patch that changes the package name to allow people to install the Play Store version without conflicts. (Similar to the patches I have in place to deconflict Google Camera with AOSP Camera.)
Click to expand...
Click to collapse
Yeah I know some of them aren't Open Source, in some cases it's hard to find a OS apps that work as desired.
You're right, DashClock gives some problems when you try to actualize, it may be a better option letting it work trough Play Store.
Thanks 4 your time @Entropy512! :good:
Greetings
If you are interested in open source software for Android click the button in my signature
F-Droid might be what you are looking for
k-kuchen said:
If you are interested in open source software for Android click the button in my signature
F-Droid might be what you are looking for
Click to expand...
Click to collapse
Yup what he said. Tons of open source apps on there
Sent from my SGH-T499 using XDA Free mobile app
k-kuchen said:
If you are interested in open source software for Android click the button in my signature
F-Droid might be what you are looking for
Click to expand...
Click to collapse
yup I know, I downloaded most of them from there
All features, full flexibility, no bloat -- one simple solution!
On the one hand, it is frequently being suggested to build into Lineage various apps and features. Most of these suggestions are required by some users only, would bloat the core ROM, or have other downsides. On the other hand, these apps and features are usually already implemented somewhere, most users want incremental updates and many would prefer a fully-featured ROM without GApps installed.
To satisfy those wishes and yet avoid the downsides, I suggest simply supporting F-Droid and microG instead:
Idea outline:
Provide API for and build in F-Droid Privileged Extension
Thus have a Store, with automatic updates, and all bells and whistles
Ship with (rebranded fork of) F-Droid pre-installed and a custom LineageOS repository pre-configured (like Guardian Project in F-Droid)
Add AOSP apps, Lineage apps and Lineage-specific versions / branches of apps to LineageOS repository
Use "unstable update" marker in F-Droid to beta test new versions, e.g. of launcher, locker, ...
For additional, bloating apps and features, have users install what's already there (for instance, Location Services: UnifiedNLP with LocalWifiNlpBackend)
Add to Lineage Wiki a curated list of well-tested app suggestions for basic tasks (for instance, WebDAV: DAVdroid, Tasker, Etar, ...).
Key Advantages:
Developer effort most efficiently used
Faster time to market, because much is already implemented
Higher quality, less bloat, more features by referring users to existing apps and joining efforts
Easier innovation, because versions of pre-installed / system apps are publishable like regular apps
Developers happy, because LineageOS is clean at its core
Enthusiasts happy, because they can built on a minimal ROM
End Users happy, because they can easily use ROM, using curated list of apps
Regular, normal app updates for all system apps and pre-installed apps through Lineage repository
Does not prevent using GApps, but improves life without
Major step towards fully featured ROM, and yet without any proprietary apps or services
For good reasons, it's what Google does, it's what GNU/Linux distributions do.
One framework will solve most problems, provide most features ever suggested.
This will make everybody happy.
tldr
Bump!!!!
1, 2, 3 - Fully agree. If I had a proper Play Store alternative I wouldn't need Gapps at all.
4 - Essential in what way? I'd say its best to have only AOSP apps and to let every user download the apps he uses.
There would be practically no bloatware available and the ROM would truly give users the best choices.
8 - Additional preinstalled apps? Rather not.
9 - Rather AOSP mail. Someone might not want to use K-9, but for those who do they can always download it.
10 - Same as 9, avoid preinstalling apps that are already provided by AOSP.
11 - Eleven is OK for me, but still I find it somehow way underpowered. I really miss Apollo from early CM days...
14, 15 - I agree on ROM type. Allow users to select nightly, weekly or stable update channel through settings. Regarding basic preloaded apps, it would be OK only by means of AROMA installer where you could choose which ones you actually want/need.
Cheers!
In this thread it is being suggested to build into Lineage various Launchers, Themes, Widgets, Apps, WebDAV support, et cetera. As a contrasting response to that, I suggest simply supporting F-Droid and microG instead. A Lineage repository for F-Droid could include all AOSP apps; F-Droids own repository would supplement this.
It appears to me, almost everything which has been popularly requested would thereby be solved.
dj_chapz said:
4 - Essential in what way? I'd say its best to have only AOSP apps and to let every user download the apps he uses.
There would be practically no bloatware available and the ROM would truly give users the best choices.
Click to expand...
Click to collapse
Here, "essential" refers to, more or less, what's needed to install other apps (launcher, browser, file manager),
but could be thought of as to include functions, which were typical for feature phones, too (basic messenger, dailer, calendar).
dj_chapz said:
8 - Additional preinstalled apps? Rather not.
9 - Rather AOSP mail. Someone might not want to use K-9, but for those who do they can always download it.
10 - Same as 9, avoid preinstalling apps that are already provided by AOSP.
11 - Eleven is OK for me, but still I find it somehow way underpowered. I really miss Apollo from early CM days...
Click to expand...
Click to collapse
These were just written-out to illustrate what would be possible.
I'll adjust the original post for clarity.
Anybody can fork it and add their ideas. Some people do not want to support fdroid. Keep it clean + gapps.
goorek said:
Anybody can fork it and add their ideas. Some people do not want to support fdroid. Keep it clean + gapps.
Click to expand...
Click to collapse
Even if F-droid wasn't preinstalled, could be a Lineage repo for it?
LineageOS IMHO should really seek to become the ROM for professional PIM, self-employed, small-business or even big-business device users which seek to avoid GApps and rely on a clean slim ROM. So I like many of grefnab's ideas but currently have no clear idea what the stakeholders of LineageOS have as main goals for the midterm.
Having everything App based in an "FOSS App Package" (as GApps and commercial/device App replacement) with advanced support by LineageOS and/or other main CustomROMs would be geat. See my post in What features would you like to see in Lineage that CM didn't have?
support 1-3
I really hope that this thread will get recognition. I really like the idea of having priviliged F-Droid build into the ROM.
That would make everything much easier.
I fully support the three first points
Provide API for and build in F-Droid Privileged Extensio
Thus have a Store, with automatic updates, and all bells and whistles
Ship with F-Droid pre-installed and a custom LineageOS repository (like Guardian Project) pre-configured
Click to expand...
Click to collapse
The rest is nice but I would put emphasis on the first three points. They seem like a real advantage to have.
Rephrased some sentences to clarify
This seems like a very good idea to me :good:
I mean it is basically the same procedure Google has in place to keep its apps up-to-date without people having to update their firmwares. Being able to update the apps independently from the rom would be a huge benefit in my opinion. While I don't use gapps on my phone at all, I understand, that some people find it essential. Therefore it would be a bad idea if this interfered with installing gapps in any way.
herrritschwumm said:
While I don't use gapps on my phone at all, I understand, that some people find it essential. Therefore it would be a bad idea if this interfered with installing gapps in any way.
Click to expand...
Click to collapse
This would not prevent installing GApps, it would simplify and improve usage without them, though.
+1 for having LOS F-droid repo and bundling F-droid and having fewer other preinstalled apps.
I think this thread is a very good idea!
Just a clarification on technicalities:
microG kinda requires signature spoofing. More specifically MicroG effectively has two principal frameworks inside -- location services and GCM. Location services would work regardless, but iirc for GCM to work properly the ROM itself would need a signature spoofing support. All other ways to enable spoofing employing needlepatch or whatever are ridiculously impractical and one cannot expect normal users to bother with them.
I have two phones (OP1 and OP3) and for both the choice is of exactly ONE custom rom only (based on LineageOS14.1) with a spoofing patch. Therefore applying spoofing patch into the main code base would be great. However the caveat here is that any app or framework like SafetyNET would most likely stop working. Since the developers decided to push for compatibility, I seriously doubt that they would implement signature spoofing.
They could try to implement the patch in a flashable zip like with root but I don't know if it is possible.
fully agree for spoofing support since we are out ot cm
Sent from my Nexus 5 CAF using Tapatalk
I would like to see signature spoofing built into lineageOS or an optional flashible zip, too. But right now a flashible zip could take a long time to flash. See: https://github.com/microg/android_packages_apps_GmsCore/issues/196
Sounds great.
dj_chapz said:
If I had a proper Play Store alternative I wouldn't need Gapps at all.
Click to expand...
Click to collapse
You could try Yalp Store, it's there in the F-Droid repository.
@grefnab: My flashable zip help those that want to automatically without any effort: remove GApps, install microG and F-Droid Privileged Extension.
1plus said:
Just a clarification on technicalities:
microG kinda requires signature spoofing. More specifically MicroG effectively has two principal frameworks inside -- location services and GCM. Location services would work regardless, but iirc for GCM to work properly the ROM itself would need a signature spoofing support. All other ways to enable spoofing employing needlepatch or whatever are ridiculously impractical and one cannot expect normal users to bother with them.
However the caveat here is that any app or framework like SafetyNET would most likely stop working. Since the developers decided to push for compatibility, I seriously doubt that they would implement signature spoofing.
Click to expand...
Click to collapse
Tingle is very easy to use, if you find something impratical just tell me.
SafetyNet do pass for me.
I was just wondering why sailfishOS has still really bad apps.
and why is not developers are doing more apps for this amazing OS?
just wondering
it's very simple: no market.
In general you make apps to earn money. perhaps you'll find some developer or group of developers that will port a popular app as a hobby, student project, or simply because they are using sailfish and want an specific app.
so basically, if there is no market, there is no money. therefore no apps
Actually I have just bought xperia 10 plus to move away from toxic android ecosystem (from google to all the app junk), after I have figured out that I could delete 90% of application on my android phone and I would never miss them.
If you are using sailfish phone, you have an option to run apks there is no real need for native applications. Quite frankly in last few years I could hardly find any application that was something that "I have to have". All the really needed applications were added to the first smartphones: email, gps, browser, sms, mms, calls, video player, music player, camera, contacts, text editor, sound recording... and I am already stretching it with last two, I cant remember when I have last time wrote high volume of text on those tiny useless on screen keyboard or had a need to record some sound.
There is one app on android which I will need (access to online banking) and I hope it will work, it didnt work even on my previous android until I have reversed it and change some code to stop verifying for root and safetynet, so it should work here too.
Everything else is... more a toy than useful or actually some security application to prevent all others doing something that you don't want, from rolling ads to stealing data. I am waiting for this mobile application market to slowly collapse, there is no more value in it except maybe games. Everything else is just wasting time in the least constructive way.
And not having market is a huge bonus, if you check sailfish apps (jolla store and openrepos) you will find that you have everything you need for having a great phone, made by enthusiasts not people that want to become rich. And no one is making useless junk as, as valthunder said, there is no market. And this is fine. Actually great.
root said:
There is one app on android which I will need (access to online banking) and I hope it will work, it didnt work even on my previous android until I have reversed it and change some code to stop verifying for root and safetynet, so it should work here too.
Click to expand...
Click to collapse
Great to read about your decision!
For banking apps that require Google Services you could try to tweak your Sailfish Alien Dalvik with Signature Spoofing and a GServices replacement like MicroG.
The SafetyNet replacement here is the DroidGuard Helper that should be installed alongside GmsCore.
eltmosen said:
Great to read about your decision!
For banking apps that require Google Services you could try to tweak your Sailfish Alien Dalvik with Signature Spoofing and a GServices replacement like MicroG.
The SafetyNet replacement here is the DroidGuard Helper that should be installed alongside GmsCore.
Click to expand...
Click to collapse
Naah, I am having my own "cracked" apk build from previous phone, I have removed all checks to root and safetynet and it works fine, no need to change it. Since the app is just front end for web interface it works since forever, I have also removed version matching with server. Took a day or two but worth it
But I have one question: I am trying to integrate xposed framework (last version as there si no boot/recovery img to try with magisk) into system.img (8.1). And same goes for su. Is there any "official" way how to do it without unpacking system.img, adding binaries, repacking it...
root said:
But I have one question: I am trying to integrate xposed framework (last version as there si no boot/recovery img to try with magisk) into system.img (8.1). And same goes for su. Is there any "official" way how to do it without unpacking system.img, adding binaries, repacking it...
Click to expand...
Click to collapse
Following all things sfos quite closely i did not witness anyone get xposed framework to work. (at least no public report) That might be due to sfos users generally are not Android wizards. The matter might still be a low hanging fruit to anyone with deeper knowledge
Whenever rooting/xposed/su is brought up, much more competent guys then me hint at Alien Dalvik just being an AOSP tailored to run inside LXC on non android kernel plus filesystem integration, Intents integration, shared clipboard etc.
quoting my friend olf:
"Jolla uses many modern measures to confine the Android container: at LXC level, with cgroups, firewall rules, SElinux policies etc.
You may configure additional measures at all these levels, it is just a Linux machine and you are the administrator!"
So maybe what you want to achieve practically is even possible using a whole set of different tools then available in Android?
And yes, my vague explanation hinting at me being a simple user having no clue and just putting things together from forum posts is a correct observation