Android Enthusiasts
Q&A for enthusiasts and power users of the Android operating system
Latest Questions
1
votes
0
answers
145
views
Running multiple instance of a sandboxed (isolated) application?
I have a client that wants me to use an Authenticator App that I _already_ use for work **AND** home. Currently I'm using [Shelter](https://f-droid.org/packages/net.typeblog.shelter/) to provide work and home, but it's limited to those two "profiles". The functionality provided is fine, but I need _...
I have a client that wants me to use an Authenticator App that I _already_ use for work **AND** home. Currently I'm using [Shelter](https://f-droid.org/packages/net.typeblog.shelter/) to provide work and home, but it's limited to those two "profiles". The functionality provided is fine, but I need _something_ that provides more profiles or units of isolation?
Is there any work around?
Magisk is allowed. The phone is also rooted.
Evan Carroll
(4661 rep)
Sep 4, 2024, 09:12 PM
2
votes
0
answers
158
views
Comparison of isolation methods in Android
Where can I find a table that compares what information is and is-not accessible from an Android app with various isolation methods? I need to install a piece of malware on my Android device. This is definitely a very dangerous app that was designed by someone powerful, malicious, and actively tryin...
Where can I find a table that compares what information is and is-not accessible from an Android app with various isolation methods?
I need to install a piece of malware on my Android device. This is definitely a very dangerous app that was designed by someone powerful, malicious, and actively trying to attack me. I don't want them to learn anything about my device, and I definitely don't want their app to see any data on my device or be able to interact with other apps or files on the device (even with an accidental tap caused by me clicking something after the app spawned maliciously-timed INTENT).
On desktop, I use QubesOS. So I have no issue running and playing with malware. I just fire-up a new DispVM, and I'm very confident that it's isolated. Android, however, leaks so much info to apps that I'm not sure how best to go about this.
I've considered a few isolation methods:
1. Do nothing (default app "sandboxing"),
1. Install in a Work Profile (eg [Insular](https://f-droid.org/packages/com.oasisfeng.island.fdroid/)) ,
1. Install in a new User Profile,
1. Buy (and install it on) a second phone, or
1. Something even better?
Is there any table that lists all of the data that is made available to apps that are compartimienalized with each of these methods?
Michael Altfield
(526 rep)
Sep 1, 2024, 02:35 PM
• Last activity: Sep 1, 2024, 07:30 PM
3
votes
1
answers
1035
views
Do AOSP users have "usernames"?
As [this relevant Stack Overflow question revision](https://stackoverflow.com/revisions/23454000/2#:~:text=Actually%20I%20know%20the%20user%20names%20of%20them%20are%20u0_a22%2C%20u0_a11%2C%20system.) demonstrates, calling `$USER` inside a terminal (like [Termux](https://github.com/termux/termux-app...
As [this relevant Stack Overflow question revision](https://stackoverflow.com/revisions/23454000/2#:~:text=Actually%20I%20know%20the%20user%20names%20of%20them%20are%20u0_a22%2C%20u0_a11%2C%20system.) demonstrates, calling
$USER inside a terminal (like [Termux](https://github.com/termux/termux-app/releases/tag/v0.118.1)) provides a username like u0_a272. However, every application developer I've spoken to about this who was able to discuss this informed me that [that value differs for each application](https://github.com/termux/termux-app/discussions/2696#discussioncomment-5623350:~:text=This%20name%20is%20generated%20on%20the%20fly%20by%20libc%20from%20number%20of%20parameters%20(device%20user%20id%2C%20runtime%20Linux%20user%20id)) , and the AOSP documentation appears to corroborate this.
Consequently, should I consider the u0 section as the [user](https://android.googlesource.com/platform/frameworks/base/+/a48127f0276e1fb4e309776b4216160fd5b67e56/core/java/android/os/Users.md#user) identifier, and the _.* section as the identifier for the application, or is an entirely different method utilized to refer to a [user](https://android.googlesource.com/platform/frameworks/base/+/a48127f0276e1fb4e309776b4216160fd5b67e56/core/java/android/os/Users.md#user) ?
RokeJulianLockhart
(556 rep)
Jun 17, 2024, 06:46 PM
• Last activity: Jun 18, 2024, 12:52 PM
1
votes
0
answers
269
views
Application Isolation and access control
I want to prevent an app from knowing whether certain files or directories exist on a device. For instance, if the application have some code like: if (/system/lib/libJohnDoe.so){ print("yes") } else{ print("no") } I want this to always evaluate to "no" even if the file does exist. I was thinking of...
I want to prevent an app from knowing whether certain files or directories exist on a device. For instance, if the application have some code like:
if (/system/lib/libJohnDoe.so){
print("yes")
}
else{
print("no")
}
I want this to always evaluate to "no" even if the file does exist. I was thinking of completely changing the directory tree that the application sees but I do not know if this is even possible.
What I would like even more is to only allow applications to see specific directories and files rather than hiding existing ones from them.
Lite Riyusaki
(61 rep)
Nov 5, 2021, 12:57 PM
• Last activity: Nov 5, 2021, 07:07 PM
59
votes
8
answers
32925
views
Are there any tools to sandbox a malware application even more than the granted permissions on Android?
Suppose I want to run some program which requests too many permissions. For example, record from the microphone or read IMEI of my phone. However, there are no practical explanation why recording from the mic or IMEI number is needed for this particular application, except for data mining. I want to...
Suppose I want to run some program which requests too many permissions. For example, record from the microphone or read IMEI of my phone. However, there are no practical explanation why recording from the mic or IMEI number is needed for this particular application, except for data mining.
I want to try this app, but restrict its permissions. For example, if it reads IMEI, it should get random IMEI (but the same every time). If it tries to read the mic, it should get silence.
Some other interesting permissions:
1. Phonebook read/write access -
returns zero contacts, pretend that
write is OK, but actually do
nothing.
2. Send SMS - pretend that SMS
is sent, but do nothing.
3. Get list of
visible Wi-Fi networks - return zero
networks.
Obviously the tool should require a rooted phone. Are there any such tools?
Denis Nikolaenko
(1516 rep)
Dec 1, 2010, 11:20 PM
• Last activity: Mar 27, 2021, 07:44 PM
2
votes
3
answers
2452
views
Installing Applications in Isolated Environments
Is it possible to install (multiple) instances of the same app in an isolated environment, whereby it can't detect other apps, or read/write files anywhere else?
Is it possible to install (multiple) instances of the same app in an isolated environment, whereby it can't detect other apps, or read/write files anywhere else?
radial9174
(121 rep)
Jul 6, 2017, 12:46 AM
• Last activity: Dec 19, 2020, 10:41 AM
2
votes
1
answers
2126
views
Is there a way for a website or app to view the contents of my internal storage without my permission?
I see there are a lot of articles about the restrictions imposed on JavaScript in Windows Chrome. It can't access the filesystem of a user without the user himself uploading it to the server of the PWA. But I see none about JavaScript running on Android Chrome. Are there the same restrictions on Jav...
I see there are a lot of articles about the restrictions imposed on JavaScript in Windows Chrome. It can't access the filesystem of a user without the user himself uploading it to the server of the PWA. But I see none about JavaScript running on Android Chrome. Are there the same restrictions on JavaScript in Android Chrome as that of Windows?
For example I open a PWA on my Chrome, suppose Telegram, so will Telegram be able to access my files like my photos, videos, documents etc. without my permission?
Concisely, if I grant storage permission to browser X and open a web application Y in that browser, does that mean that Y can also access my media, files etc?
JavaScript aside is there any other way for any PWA or web app or website to view the contents of my internal storage without my permission?
Tapper
(21 rep)
Nov 30, 2020, 07:14 PM
• Last activity: Dec 3, 2020, 04:23 PM
1
votes
1
answers
508
views
Is it posible for an android user to set up a work and personal profile and isolate whatsapp to personal profile
With the new GDPR regulations in Europe I see people freaking out and deleting whatsapp from their phone. I don't wish to get into the legal details of if this is legally necessary or not. However this seems only to apply to people using their personal phone for business purposes. My question is, ca...
With the new GDPR regulations in Europe I see people freaking out and deleting whatsapp from their phone. I don't wish to get into the legal details of if this is legally necessary or not. However this seems only to apply to people using their personal phone for business purposes.
My question is, can you create two profiles for android. One for business and the other personal. Each profile should come with it's own address book / contacts list. Then the next question is, is it possible to sandbox Whatsapp to only use/see the personal address list and not the business one.
Is this
(1) Possible
(2) Easy to do for the non technical user ?
bradgonesurfing
(111 rep)
May 29, 2018, 03:40 PM
• Last activity: Jun 24, 2018, 05:11 PM
1
votes
1
answers
238
views
Is shielding private data from apps possible by isolating/jailing them?
I want to keep my contacts list, call log, photos etc private. Xprivacy/Xposed looked like a viable path, but as of today (June 2017) it seems to be dead-ended and there is no sign of a Nougat release anytime soon. Thus, afaik, faking results for api call is not a possible option for Android Nougat....
I want to keep my contacts list, call log, photos etc private. Xprivacy/Xposed looked like a viable path, but as of today (June 2017) it seems to be dead-ended and there is no sign of a Nougat release anytime soon.
Thus, afaik, faking results for api call is not a possible option for Android Nougat.
An other option I had in mind is to run certain apps in an empty environment. I was thinking i could achieve that by creating multiple users. I don't know what effects this could bring for my privacy.
My hope would be that nothing would be shared between different users. After digging in the Android documentation I'm not so sure about that being true.
1. How much isolation does creating extra users bring?
2. Are there alternative ways to sandbox/isolate apps?
Exception e
(111 rep)
Jun 8, 2017, 03:09 PM
• Last activity: Jun 24, 2018, 04:04 PM
4
votes
0
answers
2190
views
How to containerize apps?
There are a lot of Android apps out there that request all sorts of permissions. They want access to your files, your contacts, etc. Many of them don't run properly and/or crash without these permissions. Is there a way of installing and running these apps without exposing information? Can I "contai...
There are a lot of Android apps out there that request all sorts of permissions. They want access to your files, your contacts, etc. Many of them don't run properly and/or crash without these permissions.
Is there a way of installing and running these apps without exposing information? Can I "containerize" apps, where it is still granted permissions but runs in a sandbox/container where my personal information isn't visible?
The usual way for me to do this on a computer is to run the app in a virtual machine, but VMs are not available on Android. Alternatives?
Ana
(41 rep)
Feb 25, 2017, 08:22 PM
• Last activity: Jun 24, 2018, 04:03 PM
2
votes
1
answers
1343
views
Security model when asking access to photo, media and files
When an app asks for permission to access photo, media an files, does the andriod security model sandbox the access to only files for that particular app? Or can the app then access files created by other apps? So many apps ask for permission to the file system, does that mean e.g. `App#1` can grab...
When an app asks for permission to access photo, media an files, does the andriod security model sandbox the access to only files for that particular app?
Or can the app then access files created by other apps?
So many apps ask for permission to the file system, does that mean e.g.
App#1 can grab files created by App#2?
I want to install WeChat but want to understand what security risk is involved potentially.
Blankman
(121 rep)
Sep 23, 2017, 05:25 PM
• Last activity: Jun 24, 2018, 04:02 PM
0
votes
1
answers
336
views
Security implications of remote (Meterpreter) shell to device
An attacker who uses an exploit for e.g. [CVE 2012-6636](http://www.cvedetails.com/cve-details.php?t=1&cve_id=2012-6636) can use a [Metasploit exploit](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/android/browser/webview_addjavascriptinterface.rb) to open a Meterpreter...
An attacker who uses an exploit for e.g. [CVE 2012-6636](http://www.cvedetails.com/cve-details.php?t=1&cve_id=2012-6636) can use a [Metasploit exploit](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/android/browser/webview_addjavascriptinterface.rb) to open a Meterpreter shell in the context of the stock Android browser.
But what are the implications of such an attack?
As far as I understand the sandbox prevents the attack from accessing contacts, the microphone, the camera or other apps. He is limited to the data of the browser and the SD card.
Even if a device is rooted, there is no way to gain root privileges from within such a shell, or is there?
So the only way to escape from the sandbox would be to tamper the app's memory and make use of another exploit, that leads to privilege escalation, right? Therefore the impact of such an attack would be very limited.
muffel
(101 rep)
Mar 11, 2015, 10:32 AM
• Last activity: Jun 24, 2018, 04:00 PM
0
votes
1
answers
936
views
Whats the best way to test android apk apps in an android virtualbox setting in windows 10?
I have alot of apk's I'd like isolated to test in a sandbox like environment. Is there something like this where I can duplicate the OS like a virtual machine? I want to test these new apk's on Android 8 Oreo.
I have alot of apk's I'd like isolated to test in a sandbox like environment. Is there something like this where I can duplicate the OS like a virtual machine? I want to test these new apk's on Android 8 Oreo.
Patoshi パトシ
(595 rep)
Nov 23, 2017, 06:38 PM
• Last activity: Jun 24, 2018, 03:58 PM
0
votes
1
answers
356
views
Does Chrome run in separate processes/sandboxes?
On Windows/macOS Chrome runs in separate sandboxes to prevent the whole application from crashing mostly. This does theoretically use more memory. I have not been able to establish how this works on Android. It seems to use one RAM slot from what I have gathered. I was hopefully that it separated th...
On Windows/macOS Chrome runs in separate sandboxes to prevent the whole application from crashing mostly.
This does theoretically use more memory.
I have not been able to establish how this works on Android. It seems to use one RAM slot from what I have gathered.
I was hopefully that it separated them into separate processes like on the PC so that Android can dispose of unused apps when aren't using them to save RAM usage. It may just be my phone but it appears to get slower the more tabs I have open.
William
(645 rep)
Apr 11, 2018, 05:11 AM
• Last activity: Jun 24, 2018, 03:57 PM
2
votes
1
answers
600
views
Application Sandboxing in Android
I came across a line [in this page][1]. > **"The Android system assigns a unique user ID (UID) to each Android application and runs it as that user in a separate process. This > approach is different from other operating systems (including the > traditional Linux configuration), where multiple appli...
I came across a line in this page .
> **"The Android system assigns a unique user ID (UID) to each Android application and runs it as that user in a separate process. This
> approach is different from other operating systems (including the
> traditional Linux configuration), where multiple applications run with
> the same user permissions."**
Can anyone please explain what the first line means?
Prakhar Singh
(23 rep)
Dec 28, 2016, 07:42 PM
• Last activity: Jun 24, 2018, 03:57 PM
0
votes
2
answers
515
views
Would it be possible to sandbox apps with SELinux?
Many apps require too much permissions that they do not need to function Most apps needs internet connection to talk to some API (let's say updates checking or notifications.. etc) and need to access SD Card (for buffering/caching). But if we grant them this they can take all of my data. It would be...
Many apps require too much permissions that they do not need to function
Most apps needs internet connection to talk to some API (let's say updates checking or notifications.. etc) and need to access SD Card (for buffering/caching). But if we grant them this they can take all of my data.
It would be great if the OS is structured in a way so that we can grant apps access only to specific directories that only belong to it (think of browser cache, youtube buffer ...) and when the user promptly and consciously want to pass files (eg. upload file throw a web browser) they get staged/promoted/linked to that area accessible by the app.
till that happens, we have SELinux in many android phones can we use it to sandbox apps (the idea is there since 2009 see http://danwalsh.livejournal.com/28545.html)
here is the question: can we define a policy that says (if yes how)
- those apps are not allowed to access my gallery directory (DCIM)
- those apps are allowed to access my gallery but are not allowed to use network connection
in desktop Linux it was successfully applied (here it was applied on firefox http://danwalsh.livejournal.com/31146.html)
Muayyad Alsadi
(103 rep)
Jan 19, 2014, 02:03 PM
• Last activity: Jun 24, 2018, 03:56 PM
1
votes
2
answers
2817
views
Run an application in an unrooted sandbox on a rooted phone?
I have an application that refuses to start on a rooted phone. I don't want to unroot my phone just for that application; is there any way to run an application inside an unrooted sandbox from a rooted phone (Nexus 5, Stock Android 5.1, rooted)?
I have an application that refuses to start on a rooted phone.
I don't want to unroot my phone just for that application; is there any way to run an application inside an unrooted sandbox from a rooted phone (Nexus 5, Stock Android 5.1, rooted)?
I don't want to unroot my phone just for that application; is there any way to run an application inside an unrooted sandbox from a rooted phone (Nexus 5, Stock Android 5.1, rooted)?
Thomas
(143 rep)
Jun 28, 2015, 08:57 AM
• Last activity: Jun 24, 2018, 03:55 PM
0
votes
2
answers
1437
views
Are there sandbox apps that does not require the phone to be rooted?
There are many sandbox apps such as `Permissions Denied` (which was mention in one of the [post][1]) that can effectively control the permissions that apps which are installed onto your phone. However, they require the user to root their phone. So, are there sandbox apps that does not require user t...
There are many sandbox apps such as
Permissions Denied (which was mention in one of the post ) that can effectively control the permissions that apps which are installed onto your phone.
However, they require the user to root their phone.
So, are there sandbox apps that does not require user to root their phones and at the same time, allow user to control what permission to be given to the apps.
Would appreciate if the apps can run in Android 2 and above.
Jack
(1036 rep)
Dec 5, 2012, 04:52 AM
• Last activity: Jun 24, 2018, 03:54 PM
1
votes
2
answers
1597
views
Prevent app from knowing about root access (sandbox)
I'm running CyanogenMod 12.1 on a Motorola Moto G3. When I tried setting up some app, it failed on me with the message that it won't run on rooted devices, even though I disabled root access. Now I'm looking for a way to sandbox said app, to prevent it from knowing about the ROM.
I'm running CyanogenMod 12.1 on a Motorola Moto G3. When I tried setting up some app, it failed on me with the message that it won't run on rooted devices, even though I disabled root access.
Now I'm looking for a way to sandbox said app, to prevent it from knowing about the ROM.
FallenWarrior
(113 rep)
Nov 3, 2016, 10:54 AM
• Last activity: Jun 24, 2018, 03:53 PM
1
votes
0
answers
536
views
Android root sandbox?
On Windows I would use a sandbox to easily see file-changes made by shady programs to see how it would affect my system. What are easy methods (except decompiling and looking at the actual program code) for that on android? Background: I ran the app 'stubborn trojan remover' showing me I'm infected...
On Windows I would use a sandbox to easily see file-changes made by shady programs to see how it would affect my system. What are easy methods (except decompiling and looking at the actual program code) for that on android?
Background: I ran the app 'stubborn trojan remover' showing me I'm infected with
ghost push, a trojan for android. I looked up more information, but it seems there is very little. 'Stubborn trojan remover' gives also very little info, it doesn't even say where it removes the trojan from or where it found it.
user2305193
(121 rep)
Jun 26, 2016, 09:51 PM
• Last activity: Jun 24, 2018, 03:52 PM
Showing page 1 of 20 total questions