Modified Privacy Manager for android.
Based on Access control System.
Index
- Description
- Features
- Screenshots
- Restrictions
- Limitations
- Compatibility
- Installation
- Upgrading
- Usage
- Permissions
- Frequently Asked Questions (FAQ)
- Support
- Changelog
- Similar Solutions
- In The Media
- Contributing
- License
Description
XPrivacy can prevent applications from leaking privacy-sensitive data by restricting the categories of data an application can access. XPrivacy feeds applications fake data or no data at all. It can restrict several data categories, such as contacts or location. For example, if you restrict an application's access to contacts, that application will receive an empty contacts list (don't try this with the contacts application itself without a backup). Similarly, restricting an application's access to your location will send a fake location to that application.XPrivacy doesn't revoke or block permissions from an application, so most applications will continue to work as before and won't force close (crash). There are two exceptions: access to the internet and to external storage (typically an SD-card) are restricted by denying access (revoking permissions). There is no other way to restrict such access because Android delegates handling these permissions to the underlying Linux network/file system. XPrivacy can fake an offline (internet) and unmounted (storage) state, but some applications still try to access the internet and storage, potentially resulting in crashes or error messages. If restricting a category of data for an application causes functional limitations, XPrivacy can once again allow access to the data category to solve the issue. There is a convenient on/off toggle switch for all restrictions for each application.
By default, all newly installed applications cannot access any data category, which prevents a new application from leaking sensitive data right after installing it. Shortly after installing a new application, XPrivacy will ask which data categories you want the new application to have access to. XPrivacy comes with an application browser that allows you to quickly enable or disable applications' access to any data category. You can edit all of an application's data categories.
To help you identify potential data leaks, XPrivacy monitors all applications' attempts to access sensitive data. XPrivacy displays an orange warning triangle icon when an application has attempted to access data. If an application has requested Android permissions to access data, XPrivacy displays a green key icon. XPrivacy also displays an internet icon if an application has internet access, which clarifies that the application poses a risk of sharing data with an external server.
XPrivacy is built using the Xposed framework, which it uses to tap into a vast number of carefully selected Android functions. Depending on the function, XPrivacy skips execution of the original function (for example, when an application tries to set a proximity alert) or alters the result of the original function (for example, to return an empty message list).
XPrivacy has been tested with Android version 4.0.3 - 6.0.1 (Ice Cream Sandwich, Jelly Bean, KitKat, Lollipop, Marshmallow), and is reported to work with most Android variants, including stock ROMs. Root access is needed to install the Xposed framework.
XPrivacy was a lot of work, so please support this project.
If you want to donate, see here for all options.
Use XPrivacy entirely at your own risk.
Features
- Simple to use
- No need to patch anything (no source, no smali or anything else)
- For any stock variant of Android version 4.0.3 - 6.0.1 (ICS, Jelly Bean, KitKat, Lollipop, Marshmallow)
- Newly installed applications are restricted by default
- Displays data actually used by an application
- Option to restrict on demand
- Free and open source
- Free from advertisements
Usage
Brief tutorial
- Find the application to restrict in the main application list
- Tap on the application icon
- Tap the first check box of any category you want to restrict
Get used to XPrivacy before using more advanced features, like function exceptions.
Detailed tutorial
XPrivacy starts in the main view, where a data category can be selected at the top. By ticking one or more check boxes in the list below, you can restrict the selected data category for the chosen applications. The default category is All, meaning that all data categories will be restricted.Tapping on an application icon shows the detailed view where you can manage each of the data categories for the selected application. This view will also appear when you tap on the notification that appears after installing or updating an application. By default, all data categories will be restricted for newly installed applications to prevent leaking privacy-sensitive data. You can change which data categories will be restricted by changing the Template available from the main menu.
Data categories make it easier to manage restrictions. You can drill down the data categories in the detailed view to reveal individual functions. If the category is restricted, you can un-restrict individual functions by clearing the function's check box.
To see restrictions in action, try restricting the category Identification for Android Id Info.
Applying some restrictions requires restarting applications.
You can turn on and off all restrictions for an application using the on/off toggle switch.
Since version 1.99, you can also restrict on demand. This means you will be asked to allow or deny a category/function when the category/function is used by an application. Restricting on demand is the default for newly installed applications (when using the default template). You can turn on and off restricting on demand in the application details view using either the settings or the check box to the right of the on/off toggle switch. You can turn on and off restricting on demand for individual categories and functions using the second column of check boxes.
If an application has requested Android permissions for a data category, the category will be marked with a green key icon. If an application has used or tried to use data, the data category will be marked with an orange warning triangle icon. If an application has internet permissions, a world globe icon will be shown to the left of the application name. These icons are just guidelines because an application can still access some privacy-sensitive data without Android permissions, such as your device's serial number, and because it is not possible to monitor data usage in each and every situation, such as access to the internet or external storage. Be aware that an application can still access the internet through other (sister) applications.
Restricting internet or storage means blocking access to the internet and to external storage (typically the SD-card), respectively. Either of these may result in error messages and even cause applications to force close (crash).
Function restrictions considered 'dangerous' are marked with a reddish background color. These 'dangerous' functions are more likely to cause applications to crash if you restrict them. 'Dangerous' functions can be turned into normal functions by long-clicking them in the default template. This is only recommended for experienced users who know how to identify the cause of a crash in the logcat!
Global settings and application specific settings are accessible from the application list's menu and from the menu of the application's detailed view. The global settings, such as randomized or set latitude/longitude, apply to all applications unless you override them with specific application settings. But saving an empty set of specific application settings (you can use the clear button) will erase all application specific settings so that the global settings will again be in force.
The default restrictions template (in the main menu) is applied automatically to newly installed applications and manually via the menu item 'Apply template' in the application's detailed view.
You can find a very useful overview of all menu items here.
Use XPrivacy entirely at your own risk.
Permissions
XPrivacy asks for the following Android permissions:- Accounts: to be able to restrict applications' access to accounts
- Contacts: to be able to restrict applications' access to contacts
- Boot: to be able to check if XPrivacy is enabled
- Internet: to be able to submit and fetch crowd sourced restrictions
- Storage: to be able to read the pro license file and to be able to export XPrivacy's settings to the SD-card (only with a pro license)
- Wakelock: to keep the processor running during batch operations
Please note that any Xposed module basically has root permissions and therefore can circumvent any Android permission.
Frequently Asked Questions (FAQ)
(1) Will XPrivacy make my device slower?Maybe a little bit, but you probably won't notice.
If you run comparison benchmarks, please submit them.
But my device is slow with XPrivacy! It appeared that in some cases this was caused by the TRIM bug. See here for more information and a solution.
(2) Does XPrivacy use a lot of memory and battery?
Almost nothing.
(3) Can you help me with rooting my device?
There are many guides to help you to root your device. Use your favorite search engine to find one.
(4) How can I reset an application's XPrivacy settings?
While viewing an application's restrictions, select Menu > Clear, then reboot.
(5) Can I backup XPrivacy's restrictions, settings, and usage data?
Starting with version 1.11.13, you can no longer backup XPrivacy's data with standard backup tools, such as Titanium Backup. This is because the database is no longer stored in the XPrivacy data folder, but in a system folder. I have tried to store the database in the XPrivacy data folder, but this leads to all kinds of permission problems.
The best practice is to use XPrivacy's export function (Main Menu > Export) to backup XPrivacy data, but please note that this requires a pro license.
You can automate backups by sending an intent:
adb shell am start -a biz.bokhorst.xprivacy.action.EXPORT
If you want to specify a file name for the backup:adb shell am start -a biz.bokhorst.xprivacy.action.EXPORT -e FileName /sdcard/test.xml
You can do this with Tasker, for example:- New task: Any name you like
- Action Category: Misc/Send Intent
- Action: biz.bokhorst.xprivacy.action.EXPORT
- Target: Activity
- Extra: FileName:/sdcard/test.xml (optional, to specify an export location and file name)
Many. See here for details.
(7) How safe is XPrivacy?
Great care has been taken to develop XPrivacy. Nevertheless, on rare occasions, data can leak and applications can crash.
(8) What does "An internal check failed..." error message mean?
An internal check of XPrivacy failed, resulting in potential data leakage. Please press OK to send me the support information so I can look into it.
(9) What is the procedure to update a ROM?
Assuming you don't wish to wipe data, and that Xposed and XPrivacy are already installed before updating the ROM, the best procedure to update a ROM is:
- Export XPrivacy settings
- Enable airplane/flight mode
- Use the menu option in XPrivacy to clear all data
- Reboot to recovery
- Flash ROM
- Flash Google apps (optional)
- Re-activate Xposed using Xposed toggle
- Reboot to Android
- Restore the android ID (when needed. For example, with Titanium backup)
- Import XPrivacy settings
- Disable airplane/flight mode
- Fake the network type (Wi-Fi, mobile)
To import and export XPrivacy's data, you need a pro license.
(10) Can I restrict root access?
Yes, via Shell > su, but be aware that applications can acquire root privileges through native libraries too. An example is Android Terminal Emulator.
(11) Will restrictions be applied immediately?
Changes to restrictions may require up to 15 seconds to take effect because of caching. Changing internet and storage restrictions requires restarting the application. Please note that in many cases pressing back within target applications merely moves the application to the background.
(12) Does XPrivacy include a firewall?
You can restrict internet access for any application. But if you want to partly enable internet, for example for Wi-Fi only, you will have to use a firewall application, such as AFWall+. XPrivacy works within Android, and detailed firewall rules can only be applied within the Linux kernel.
The latest versions of XPrivacy allow you to white and black list IP addresses and host names.
(13) What does the "Unable to parse package." message mean?
This means XPrivacy's apk file is corrupt. Try disabling your popup blocker or downloading using another device.
(14) How do I make a logcat?
The simplest way is to use an application like Logcat Extreme or Catlog, but logcats captured this way are not always sufficient. The best way to capture a logcat is:
- Install the Android SDK (Click Download for other platforms for a minimal download)
- Make sure you can connect to your device via USB (see here for drivers and instructions)
- Enable XPrivacy debug logging in the main settings
- Power off your device
- Start logging by entering this command in the command line: adb logcat >log.txt
- Power on your device
- Reproduce the problem
killall system_server; logcat | grep -i xprivacy
Upload the captured logcat somewhere, for example to Google Drive, and link to it from the issue you created. Don't forget to mention the UID of the application to look into, when relevant.(15) Where does XPrivacy store its settings?
XPrivacy's restrictions, settings, and usage data are stored in an sqlite3 database in this folder:
/data/system/xprivacy
(16) Why doesn't clearing the check box for a data category also clear the functions inside that category?In the application details view, it will. In the main list view, you are protected against losing the restriction settings inside a data category by accidentally unchecking that category's check box. The restriction settings inside a category only apply when that category is restricted.
(17) How can I export/import my settings?
You need a pro license to import your settings. Exported settings are stored in the folder .xprivacy in the file XPrivacy.xml. You can copy this file to the same place on any other device. When importing, settings are only applied to user and system applications that actually exist on both devices.
The export file will contain all restrictions and settings, but note that allowed accounts and contacts (not the accounts and contacts themselves) can only be imported when the Android ID is the same.
Also see the above FAQ about what to do when updating your ROM.
(18) Why does a GPS status icon still appear after I have restricted locations?
This is by design. XPrivacy only replaces the real location with a fake location. It even uses the real location to randomize the fake location. The idea is that everything should appear as normal as possible to an application.
See here for some addtional details.
(19) How about multi-user support?
Secondary users can install and use XPrivacy the same way as the primary user. The primary user cannot manage the restrictions of secondary users. This is because Android totally separates the environments of the users (which is a good thing, from a security perspective). Each user has its own set of settings, so each user can define its own template and global fake values.
- Only the primary user can clear all data
- Only the primary user can define 'dangerous' functions
- Only the primary user can enable/disable debug logging
- The primary user can see all usage data
- Secondary users can only see their own usage data
- The pro license needs to be individually activated for each user
Because some Google components are not installed.
(21) Do I still need root after installing Xposed?
No, root is only required to install Xposed one time.
(22) Why isn't XPrivacy available in the Google Play Store anymore?
Because Google removed it. Read the explanation here.
(23) What is "Template" used for?
XPrivacy uses the default template to apply restrictions to newly installed applications. Templates can also be used when you select "Apply template" from the menu inside the application detail view.
(24) Will there be iOS or Windows Phone versions?
No. Because they are not open source, it's too difficult to implement something like XPrivacy on these OS's.
(25) Will you restrict...?
- device brand/manufacturer
- device model/product name
- device (phone) type
- network type (mobile, Wi-Fi, etc.)
- synchronization state
- screen locking
- display settings (DPI, resolution, etc.)
- Wi-Fi settings
- Bluetooth settings
- shortcuts
- autostarting
- starting other applications
- Android version
- vibration
- checks for root
- lockscreen
- time(zone), alarm
- nag-screens, popups
- statusbar notifications
- installing shortcuts
- wake ups / wakelocks
- Calendars by account
- Contacts by account
(26) Will you revoke permissions?
Android permissions cover only a part of the functions that leak privacy-sensitive information. Revoking permissions will make quite a few applications unusable/crash. XPrivacy feeds applications with fake or no data, which keeps most applications working. In other words, XPrivacy is not a permission manager, but a privacy manager. If you need a permission manager, there are several Xposed modules that offer this functionality.
(27) Does XPrivacy work with SELinux (Fort Knox)?
Yes, I develop XPrivacy on a device with SELinux in restrictive mode.
(28) How does the tri-state check box work?
The tri-state check box works this way:
- unchecked = no items in the category are restricted
- solid square = some items in the category are restricted
- check mark = all items in the category are restricted
(30) What should I do if an application force closes (crashes) or something doesn't work?
Inspect the application's usage view, via the main menu item Usage data to see which restrictions were enforced. Restrict and unrestrict one by one until you have found which one causes the application to force close. Wait 15 seconds after each change to let the XPrivacy cache time-out. Help others by submitting your working set of restrictions.
See also this FAQ item.
(31) Can XPrivacy handle non-Java applications?
In general, due to Android's isolated virtual machine architecture, calls to native libraries and binaries are via Java and so XPrivacy can restrict them. XPrivacy can cover any route to a native library or binary.
XPrivacy cannot hook into native libraries, but can prevent native libraries from loading. This can break applications such as Facebook, but can prevent malware from doing its work.
XPrivacy can also restrict access to the Linux shell (including superuser) to prevent native binaries from running. You can find these restrictions in the Shell category.
Starting with version 2.0, XPrivacy can protect against direct interprocess communication (IPC).
(32) Why do I see data usage when an application does not have the corresponding Android permission?
Many functions do not require Android permissions, so this is quite normal. Sometimes an application tries to access a function for which it doesn't have an Android permission. Since XPrivacy usually runs prior to the function, such access will be noted.
If you filter on permissions, and an application tries to use a function without having permission, the application will still be shown.
If you think a function requires permissions while XPrivacy shows it doesn't, please report it.
(33) How can I restrict the hardware, external MAC, IP, and IMEI number?
You can restrict the (internal) IP and MAC addresses and IMEI number for any application.
The external IP is assigned by your provider and cannot be changed. You could use a VPN or TOR to hide your external IP to a certain extent.
The hardware MAC address can be changed on some devices, but this is device-dependent and can only be done at the driver or kernel level. XPrivacy only works on the Android level and is device-independent.
The same applies to the IMEI number, additionally complicated by legal issues in most countries.
(34) What is the logic behind on demand restricting?
- The on demand restricting dialog will appear if:
- On demand restricting is enabled in the main settings
- On demand restricting is enabled in the application settings
- The category and the function are marked with question marks
- However a few functions are exempted from prompting (only Phone/Configuration.MCC/MNC)
- Prompts will not be shown for 'dangerous' functions
- An exception are functions with white/black lists
- Prompts will not be shown for System applications
- Apply to entire category will:
- Set the entire category according to your choice (deny/allow)
- Existing settings for individual functions are forgotten
- When applying to a function only (Apply to entire category not checked):
- The function is set according to your choice
- The default after dialog timeout is taken from the current restriction settings
- There are four possibilities for the restriction / on demand checkboxes:
- ☐ ☐ You will not receive an on demand popup, the permission will always be allowed
- ☐ [?] You will receive an on demand popup, if this times out or the screen is locked the permission will be allowed once
- ☑ [?] You will receive an on demand popup, if this times out or the screen is locked the permission will be denied once
- ☑ ☐ You will not receive an on demand popup, the permission will always be denied
- Be aware that the on demand popups are global, which could be an issue if your device has multiple users. Unfortunately, this cannot be changed.
Only for the pro license fetcher, not for a pro license acquired through a PayPal donation. The pro license fetcher needs the Google Play Store/services for fetching a pro license, but not for using a pro license.
(38) What does the update service do?
The update services runs after upgrading XPrivacy and after each boot. It takes care of migrating settings, randomization of fake data, and upgrading settings for new versions.
(46) Why do I need to register to submit restrictions?
To prevent a malicious application author from automatically submitting many allow restrictions to outvote the legitimate users.
(47) What is IPC?
It is an acronym for Inter-Process Communication. See here and here for more information.
(48) Can XPrivacy be detected by other application?
Yes, but I don't see this as a problem, since security through obscurity is not a good principle.
(49) Why do I keep getting a 'Restart required' message?
Things to do / check:
- Ensure the Xposed framework is (still) installed using the Xposed installer
- Ensure the XPrivacy application is stored on the internal storage and not moved to the SD-card or somewhere else
- Fairphone users, see here
- Ensure LBE Security Master is not installed (disabling is not enough)
- Ensure the security center of MIUI is disabled (see here)
- In the Xposed installer, disable XPrivacy, wait a few seconds, and then enable it again. Then reboot.
- Clear the (Dalvik) cache using the device's recovery
If these suggestions don't help, please create an issue and provide a logcat (see Support).
(50) Do you have suggestions about additional privacy-related software?
IMHO, in addition to XPrivacy, you should at least install an ad blocker and a firewall:
Here is a list of additional privacy-related software:
- CrappaLinks (source code)
- PlayPermissionsExposed (source code)
- Xabber (source code)
- Wi-Fi Privacy Police
(51) What does the on/off toggle switch do in the application details view?
It turns all restrictions for the application on or off, but still allows you to change the restrictions.
(52) Why was my issue closed?
I have really spent a lot of time developing XPrivacy and I am happy to look into any issue, but I am asking you to properly document your issue. It doesn't work or it crashes is not sufficient! So, please help me help you by describing the exact steps to reproduce the problem and/or provide a logcat.
See Support for more details.
(53) What happens if I make XPrivacy a device administrator?
This will ensure that other applications cannot uninstall XPrivacy without your knowledge.
(54) Why do exporting and importing take so long?
There are more than 400 restrictions per application. Additionally, there can be quite a few application specific settings (for example, when you use white/black lists). So, yes, exporting and importing restrictions and settings can take quite some time. The default is to export restrictions for all applications, since the export is meant to be a full backup. However, it is possible to filter the applications whose restrictions you want to export using the filter icon in the action bar (for example, only user applications with restrictions), and then to select only these applications using the action bar select all (first icon).
(56) How can I recover from a bootloop?
For devices with a custom recovery (TWRP/CWM) you can flash the Xposed-Disabler-Recovery.zip. Alternatively, (on most devices) press the volume down button 5 times during boot (there will be a vibration with each press when done correctly).
See here on how to enable debug logging without XPrivacy activated in Xposed.
(57) How does Expert mode work?
Expert mode has the following sub-options which can be toggled individually:
- Restrict system components (Android)
- Enabling this option allows you to restrict applications which have a UID less than 10000 (Android System, Bluetooth Share, Dialer, NFC, Phone, etc.). Restricting these core functions is quite dangerous, and can easily lead to bootloops. Always make a backup (export/nandroid) before changing these restrictions.
- Use secure connections
- Enabling this option (default), forces communications with the crowd sourced restrictions server (submitting/fetching, device registration) to travel through a secure socket. This option can only be disabled by first enabling Expert mode.
- Maximum fetch confidence interval
- Increasing this value will result in fetching less-reliable crowd sourced restrictions.
- Quirks
- Used to fix some application compatibility issues or to enable special or expert features
- freeze: show the on demand restriction dialog, even if there is the possibility it will freeze
- resolve, noresolve: enable/disable resolving IP addresses to names for usage data / on demand restricting
- test: allow the XPrivacy update checker to also check for test versions
- safemode: hide unsafe function restrictions
- Used to fix some application compatibility issues or to enable special or expert features
- Clear cache will clear settings and restrictions caches for all applications and the privacy service
- Clear all data will erase all settings and restrictions. Use with care!
Yes, you can. I will even help you with it. However, I will not write or review code or text for you. Nevertheless, I will try to answer any questions you have. XPrivacy is open source (see the license) and all code you write needs to be contributed back to the project. To help you, I want to see an e-mail from your professor with a confirmation he or she has read and agrees to this README.
(59) Will you implement multiple profiles?
No, because privacy is not something that is optional. It makes no sense to restrict something during the day and not during the night, or at work and not at home.
(60) Why is the upgrade notification stuck at 100%?
This is by design, so you can see the upgrade has completed successfully. You can swipe away the notification after you have seen it.
(61) Can the default on demand restricting time-out be increased?
Unfortunately this is not possible. The on demand restricting dialog is holding up system processes, and Android may reboot automatically if too much time has passed without a response. Recent versions of XPrivacy have a reset button; use at your own risk.
(62) How can I 'toggle' multiple applications?
Multiple selection works as in any Android application. Tap and hold down on an application in the application list to start selecting, and tap other applications to select more applications. Toggle restrictions will work on the selected applications.
You can use this as a powerful way to apply a template to multiple applications.
You can also use the filters to show the applications you want to act on, since toggle restrictions works on the visible applications by default. There is one exception to this: exporting will be done for all applications by default, since the export is intended to be a full backup.
(63) How can I troubleshoot an issue believed to be caused by XPrivacy?
- Always make sure you have a backup (XPrivacy export, or nandroid)
- Most issues are caused by a "bad" restriction, so try to reproduce the issue and check the main usage data
- Verify that the issue is actually caused by XPrivacy
- Turn on airplane/flight mode
- Disable XPrivacy in the Xposed installer (don't forget to reboot)
- Check if the issue is still present; if yes, XPrivacy is not causing the issue
- Finding the culprit:
- Clear all XPrivacy restrictions (don't forget to reboot)
- Check if the issue is still present
- Import half of your restrictions, check if the issue is still present
- If yes, clear again and import only half of these restrictions
- Continue this process until you have found the "bad" restriction
- If following these steps fails to find the issue, please follow the Support instructions
That depends on your ROM version. On stock ROM 4.4.4 (Nexus 5), the on demand dialog is always shown. On older or customized ROMs, the on demand dialog is almost always shown, except sometimes for the functions inet, sdcard and media, and sometimes for restrictions triggered by the hardware buttons (for example, the volume buttons). This is to prevent the on demand dialog from freezing (locking up), caused by an internal Android lock. This freeze cannot be fixed by XPrivacy.
If you want to have the on demand dialog always shown, then you can add the quirk "freeze".
(65) Why is my data is still visible?
The data might be cached by the application, so you might have to wait a while until the cache is updated. It may even be necessary to restart the application or reboot your device to clear the cache.
The Google Maps view can look like a part of an application, but is in fact not. Even if your current position is shown on the map, it doesn't mean the application knows your current position.