Is there any way to change the rights given to an app after it is installed?
In terms of internet access/SMS access? Maybe decompiling it and hanging the manifest. Othewise, not sure
Related
I'm wondering. Is there any app like adfree/adblock to get rid on those pesky ads be it only on the browser or phone wide? Is it/will it be soon possible to edit the hostfile?
Such an app (either an ad-blocker or a HOSTS file editor) would require higher privileges than third-party apps are able to have. We're working on getting around the permissions limits, but so far, there's no promises we can make.
Could someone tell me how privacy is managed in WP8?
When I install an app, I have to give some permissions to it or I can't install that app. Is there any way to install the app with only part of the requested permissions approved?
Once installed, can't I revoke some of that permissions? (assuming that the app could loose functionality or crash)
Is there any option to manage application's permissions? (from system or 3rd party application)
Nope. Eventually with interop unlock maybe. But not before.
Sent from my RM-893_nam_tmous_201 using Tapatalk
Technically, I think it *is* actually possible with interop-unlock. I haven't tried yet - not much point modifying the permissions of another app when I can already just *install* an app with whatever permissions I want - but the question raised is a good one. With that said, apps getting access-denied exceptions when attempting things that should just work is unlikely to be useful; it will almost certainly just make the app crash.
I have an idea, which worked on a test app.
How about creating a registry editor, but deploy without adding ID_CAP_INTEROPSERVICES to the WMAppManifest.xml , then the app, once successfully deployed, will replace the WMAppManifest.xml with one that has ID_CAP_INTEROPSERVICES and the PlayReady Header.
I tried it with Fruit Ninja (which I bought), I backed up the XAP, deployed it. XBL svcs were disabled but once I put the PlayReady Header, I could connect to XBL and earn achievements.
That *might* work for apps that are supposed to be signed to enable certain features (as your experiment appears to show), but modifying the app capabilities in the manifest has no effect at all once the app is installed. I tested that already. If there's any part of the manifest that is parsed at launch (rather than install) - and there may not be - it's not that one. As for the PR manifest, my guess is that unless the PlayReady header actually matches the app in question, it won't help. Could be wrong there, though.
AlvinPhilemon said:
I have an idea, which worked on a test app.
How about creating a registry editor, but deploy without adding ID_CAP_INTEROPSERVICES to the WMAppManifest.xml , then the app, once successfully deployed, will replace the WMAppManifest.xml with one that has ID_CAP_INTEROPSERVICES and the PlayReady Header.
I tried it with Fruit Ninja (which I bought), I backed up the XAP, deployed it. XBL svcs were disabled but once I put the PlayReady Header, I could connect to XBL and earn achievements.
Click to expand...
Click to collapse
Now go generate valid WMPRHeader Actually, it won't work. Capabilities aren't checked on start, they are checked on deployment.
Ok so I installed lucky patcher and I am wondering if its possible to get rid of all access to internet for a particle app.
And if I can't do it with lucky patcher can someone point me in the direction of how I can do it?
Thanks ahead of time!
Sent from my Russian AK-57
Given the intended purpose of that "l.p." app, it is not obvious that anyone on XDA should help you - potentially that is the same thing as assisting someone who is trying to defraud a software developer.
Having said that though, I'll assume that you are merely a researcher.
1) You can repackage the app by only modifying it's Android manifest to remove networking privileges, and repackage it by signing with your own key. (A researcher would never redistribute such an .apk however, as that would not only be fraud, but theft as well).
2) The above alone will likely cause a failure in the application's code - possibly even a FC. Even if it does not cause a complete app failure, there is nothing that prevents an app's internal state & control from being contingent on results from network communication. So (for instance) the only away around something like
Code:
if ( network_checks_pass() ) { good_stuff(); }
(assuming a soft-fault in network_checks_pass(), rather than a FC)
would be to reverse the code, modify it, and recompile it (in addition to the privilege changes in the manifest). For that you probably want small/baksmali and some coding skills.
Again, to be perfectly clear: a researcher would never redistribute such an .apk however, as that would not only be fraud, but theft as well. Using a paid app for it's intended purpose without compensating the developer is fraud, plain and simple.
About the only time such behaviors are acceptable is if you modify an app that you have already paid for - and then you keep it for only your private use.
good luck
.
You can take away any permissions with the xprivacy module in xposed.
bftb0 said:
Given the intended purpose of that "l.p." app, it is not obvious that anyone on XDA should help you - potentially that is the same thing as assisting someone who is trying to defraud a software developer.
Having said that though, I'll assume that you are merely a researcher.
1) You can repackage the app by only modifying it's Android manifest to remove networking privileges, and repackage it by signing with your own key. (A researcher would never redistribute such an .apk however, as that would not only be fraud, but theft as well).
2) The above alone will likely cause a failure in the application's code - possibly even a FC. Even if it does not cause a complete app failure, there is nothing that prevents an app's internal state & control from being contingent on results from network communication. So (for instance) the only away around something like
Code:
if ( network_checks_pass() ) { good_stuff(); }
(assuming a soft-fault in network_checks_pass(), rather than a FC)
would be to reverse the code, modify it, and recompile it (in addition to the privilege changes in the manifest). For that you probably want small/baksmali and some coding skills.
Again, to be perfectly clear: a researcher would never redistribute such an .apk however, as that would not only be fraud, but theft as well. Using a paid app for it's intended purpose without compensating the developer is fraud, plain and simple.
About the only time such behaviors are acceptable is if you modify an app that you have already paid for - and then you keep it for only your private use.
good luck
.
Click to expand...
Click to collapse
I need it for ad removal and unfortunately I can't follow what you're saying. Not at a level to understand that.
Flying_Hellfish said:
You can take away any permissions with the xprivacy module in xposed.
Click to expand...
Click to collapse
Is it simple automated or needs some more knowledge on this topic to complete?
Sent from my Russian AK-57
Flying_Hellfish said:
You can take away any permissions with the xprivacy module in xposed.
Click to expand...
Click to collapse
Thanks man! This did the job for me!
Sent from my Russian AK-57
I hope that this is not the wrong place for my post.
I am trying to protect an apk from being copied/extracted/backed up off the phone and installed later, on another phone.
I have to mention that the app is not (and will not be) for sale on PlayStore or on any web store, being sold along with the phone. This is why I can not use apk protection offered by GooglePlay, which is anyway cracked at his time.
But I want to take advantages on this situation: every single phone will pass trough my hands (I will install myself the app) before hitting users. How can I use this advantage in order to protect my app?
At this time my app is not visible in Running Apps drawer, is having a default Android icon and the name is disguised in something pretty innocent. GUI access by dialing a code. No worries, is not malware but only a security app regarding GSM connection security.
Also, is running as a system app, which make it invisible for apps like Astro file manager, thus impossible to copy/back up by such file manager apps. Unfortunately there are a bunch of system app managers, that can convert a system app on user app, and then copying the apk file is easy.
I know that security sucks big time when it comes about Android OS, but I am determined to find a way to protect my app.
I know also that even a licensing scheme based on IMEI, WiFi MAC or Bluetooth MAC addresses can be bypassed by some skilled crackers. This values can be spoofed or even null.
I have tried apk encryption. Doesn't work: some apps supposed to encrypt other Android apps are actually encrypting only app libraries, not the apk file itself. By encrypting apk file, the app obviously will not work.
Code obfuscation is not an option as long the app can be duplicated off the phone and installed later on another phone.
The last idea that I had: pulling some app resources (like drawables) from a server. What do you think?
At this time I'm in a dead end. I have no more ideas how to protect my app. That's why I need your help. Can you give me please some feasible ideas, based on your huge experience?
Thank you very much for your time.
theres a thread
http://forum.xda-developers.com/showthread.php?t=2279813
where we're discussing about methods to protect apps from piracy u can post it there
Sent from my GT-S5302 using Tapatalk 2
Thanks
Thx a lot sak-venom1997.
Hello everyone,
Is it possible to remove ads on an app? (Like editing the app and removing the "ads" part?)
My phone is not rooted.
Without the use of an app that was made for just such a thing. The easiest way I can imagine to do something like that, would be to add [the offending] addresses to your /etc/hosts file. But w/o root access, I'm afraid that's about impossible.
Sorry, I know that's not what you wanted to hear. But in truth, [almost] all the apps that are created for ad removal, pretty implement what I've described, above.
--Chris