❌ Software Removal | XPrivacyLua #1124
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1124
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
@blacklight447-ptio has been asking if we shouldn't list apps requiring root on Android and with a quick glance XPrivacyLua is the only root requiring app we list.
yh, i don't think increasing the attack surface this much and breaking the os's fundamental security model is worth it.
Root destroy the whole system security.
You got no advantage which such solutions. Just wait for Android 10 / Q for new internal privacy improvement
If something I would remove it, because of Xposed and not root.
I propose that it will not be removed but there should be some badges like, a green badge for root access app only if its open source and proven to be safe but the pop up it should state "warning: root access equals the app can access and modify all the file system of your device which means that even a safe app if updated before cheching if the update is safe or if the pp has a bug or has evaded detection by first evaluation could compromise your safety"
A orange root access badge if the app has auto update or a way to update the app by pressing a button
And maybe a red badge for root access that is not open source and even if it's open source and it hasn't it been audited by specialists
Even if the root app is clean/ safe, root still isn't safe. No matter for what
from GrapheneOS Dev: https://www.reddit.com/r/GrapheneOS/comments/bx2uq9/internal_firewall_feature/eq30ric/
Well there should be a page just for root that explains the risks but some people (like me) want root cause Of want full control, so privacytools.io should include root apps and if they are safe and open source they should be promoted
And here a comment about XPrivacy itself:
And
https://www.reddit.com/r/GrapheneOS/comments/ch5kv8/is_magisk_and_edxposedxprivacylua_working/euqzel7/
The problem is, if anything gets control over the GUI layer, it can trivially trick the user into granting root access, so just saying "just don't grant root access" sadly doesn't hold up.
I would like to add to the discussion with this:
If an attack gains control over the UI layer, you likely already have bigger problems than tricking the user into anything. Root access would be "the final straw", but once an application is this powerful the device is basically lost.
About the statement from the GOS dev:
It's true that apps can technically bypass XPL, however that doesn't mean it's generally useless. It won't be of too much help when you install an app that specifically tries to do harm or circumvent XPL. But I'd say that this is rather unlikely in your average threat model. Instead, the usual use of XPL is to prevent apps that just "casually" collect data in the background from doing so. XPL isn't popular enough to be deliberately circumvented by the major data collection companies, which means that in the majority of cases, using it will be an improvement - especially, when the OS you're using just allows access to what XPL would usually fake! This is still quite a lot, even with the improvements from the latest versions of Android.
I can agree that XPL isn't the solution to all of our privacy problems, but it can still help significantly. It can be used without root, with solutions like the aforementioned VirtualXposed.
IMO it should be made clear for what XPL is good for and for what it isn't, but not being a perfect solution should not be the reason to discard it.