🆕 Software Suggestion | Vigilante #2350

Open
opened 2021-06-19 10:32:08 +00:00 by FunkyMuse · 12 comments
FunkyMuse commented 2021-06-19 10:32:08 +00:00 (Migrated from github.com)

Basic Information

Name: Vigilante
Category: Android security
URL: https://github.com/FunkyMuse/Vigilante

Description

An app that focuses on your privacy and alerts you when a third-party application uses your device camera or microphone, plus few other goodies.

Why I am making the suggestion

It notifies you when an app uses your mic, camera in the background without you being aware.
It's open source app built on top of security oriented open source libraries.

My connection with the software

I am the author

  • I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.
## Basic Information **Name:** Vigilante **Category:** Android security **URL:** https://github.com/FunkyMuse/Vigilante ## Description An app that focuses on your privacy and alerts you when a third-party application uses your device camera or microphone, plus few other goodies. ## Why I am making the suggestion <!-- Anything you would like to tell us about the software? --> It notifies you when an app uses your mic, camera in the background without you being aware. It's open source app built on top of security oriented open source libraries. ## My connection with the software <!-- Are you the author? Enthusiastic or early adopter? Friends with the author or requested by them to open the issue? An employee of the software maker? --> I am the author - [x] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.
lrq3000 commented 2021-06-19 15:45:22 +00:00 (Migrated from github.com)

Licensed under GPL-v3.

Interesting app. What Android versions are compatible? All? What are the plans to support future versions?

Licensed under GPL-v3. Interesting app. What Android versions are compatible? All? What are the plans to support future versions?
FunkyMuse commented 2021-06-19 15:47:52 +00:00 (Migrated from github.com)

Licensed under GPL-v3.

Interesting app. What Android versions are compatible? All? What are the plans to support future versions?

Android +7.0

There's no problem of supporting new versions, the app doesn't rely on something version specific from API +24

> Licensed under GPL-v3. > > Interesting app. What Android versions are compatible? All? What are the plans to support future versions? Android +7.0 There's no problem of supporting new versions, the app doesn't rely on something version specific from API +24
ph00lt0 commented 2021-06-21 21:21:43 +00:00 (Migrated from github.com)

Can recommend, very nice app, UI is a bit odd, but likable.

Can recommend, very nice app, UI is a bit odd, but likable.
ph00lt0 commented 2021-07-11 12:31:44 +00:00 (Migrated from github.com)

I just learned about this:
https://blog.g3rt.nl/android-lollipop-encryption-user-interface-flaw.html

Do you guys know anything about this @FunkyMuse?

At least we should add a warning for devices that are effected.

More on the topic:

This is quite scary considering that by default android phones have the Talkback service. From my understanding the phone will use file-based encryption since android 10 as alternative, but that isn't nearly as secure (obviously).

I just learned about this: https://blog.g3rt.nl/android-lollipop-encryption-user-interface-flaw.html Do you guys know anything about this @FunkyMuse? At least we should add a warning for devices that are effected. More on the topic: - https://teddit.net/r/Android/comments/gt3ib8/why_was_fulldisk_encryption_removeddisallowed_in/ - https://teddit.net/r/Android/comments/3vry8k/users_running_lollipop_or_newer_may_be_using_a/ This is quite scary considering that by default android phones have the Talkback service. From my understanding the phone will use file-based encryption since android 10 as alternative, but that isn't nearly as secure (obviously).
FunkyMuse commented 2021-07-11 12:35:46 +00:00 (Migrated from github.com)

I just learned about this:
https://blog.g3rt.nl/android-lollipop-encryption-user-interface-flaw.html

Do you guys know anything about this @FunkyMuse?

At least we should add a warning for devices that are effected.

More on the topic:

* https://teddit.net/r/Android/comments/gt3ib8/why_was_fulldisk_encryption_removeddisallowed_in/

* https://teddit.net/r/Android/comments/3vry8k/users_running_lollipop_or_newer_may_be_using_a/

This is quite scary considering that by default android phones have the Talkback service. From my understanding the phone will use file-based encryption since android 10 as alternative, but that isn't nearly as secure (obviously).

The app is available on API +24

The app encrypta the database it uses

The app uses encrypted shared preferences

The app most IMPORTANTLY doesn't connect to internet

The app has an option to enable biometrics in order to proceed

Do more through research before you throw a shade.

> I just learned about this: > https://blog.g3rt.nl/android-lollipop-encryption-user-interface-flaw.html > > Do you guys know anything about this @FunkyMuse? > > At least we should add a warning for devices that are effected. > > More on the topic: > > * https://teddit.net/r/Android/comments/gt3ib8/why_was_fulldisk_encryption_removeddisallowed_in/ > > * https://teddit.net/r/Android/comments/3vry8k/users_running_lollipop_or_newer_may_be_using_a/ > > > This is quite scary considering that by default android phones have the Talkback service. From my understanding the phone will use file-based encryption since android 10 as alternative, but that isn't nearly as secure (obviously). The app is available on API +24 The app encrypta the database it uses The app uses encrypted shared preferences The app most IMPORTANTLY doesn't connect to internet The app has an option to enable biometrics in order to proceed Do more through research before you throw a shade.
ph00lt0 commented 2021-07-11 12:43:22 +00:00 (Migrated from github.com)

@FunkyMuse why are you so irritated? I am just asking a question. This isn't about the way your app stores data. This is about android seemingly disabling disk encryption when activating an accessibility service. This is not at all 'a shade' towards your app.

@FunkyMuse why are you so irritated? I am just asking a question. This isn't about the way your app stores data. This is about android seemingly disabling disk encryption when activating an accessibility service. This is not at all 'a shade' towards your app.
FunkyMuse commented 2021-07-11 12:52:36 +00:00 (Migrated from github.com)

@FunkyMuse why are you so irritated? I am just asking a question. This isn't about the way your app stores data. This is about android seemingly disabling disk encryption when activating an accessibility service. This is not at all 'a shade' towards your app.

Because this is from 6y ago

> @FunkyMuse why are you so irritated? I am just asking a question. This isn't about the way your app stores data. This is about android seemingly disabling disk encryption when activating an accessibility service. This is not at all 'a shade' towards your app. Because this is from 6y ago
ph00lt0 commented 2021-07-11 12:57:27 +00:00 (Migrated from github.com)

I tried a few devices, some do show warnings about encryption others do not. But isn't super obvious. Once again, this is not a rant on this app, but we should inform users of this security issue.

image

Edit: I do not see how this would not be relevant due to the article being from 6 years ago, but let me know why you disagree @FunkyMuse

I tried a few devices, some do show warnings about encryption others do not. But isn't super obvious. Once again, this is not a rant on this app, but we should inform users of this security issue. ![image](https://user-images.githubusercontent.com/15004290/125195853-210d3080-e247-11eb-8495-edba84230f03.png) Edit: I do not see how this would not be relevant due to the article being from 6 years ago, but let me know why you disagree @FunkyMuse
FunkyMuse commented 2021-09-04 18:04:35 +00:00 (Migrated from github.com)

I tried a few devices, some do show warnings about encryption others do not. But isn't super obvious. Once again, this is not a rant on this app, but we should inform users of this security issue.

image

Edit: I do not see how this would not be relevant due to the article being from 6 years ago, but let me know why you disagree @FunkyMuse

I'm now seeing the comment for some reason.

The app doesn't connect to the internet, you're safe, whatever happens.

That's how accessibility services work on Android, it is a system's shortcoming, my app is however now baked in Android 12 but without options to customize position/color.

> I tried a few devices, some do show warnings about encryption others do not. But isn't super obvious. Once again, this is not a rant on this app, but we should inform users of this security issue. > > ![image](https://user-images.githubusercontent.com/15004290/125195853-210d3080-e247-11eb-8495-edba84230f03.png) > > Edit: I do not see how this would not be relevant due to the article being from 6 years ago, but let me know why you disagree @FunkyMuse I'm now seeing the comment for some reason. The app doesn't connect to the internet, you're safe, whatever happens. That's how accessibility services work on Android, it is a system's shortcoming, my app is however now baked in Android 12 but without options to customize position/color.
ph00lt0 commented 2021-09-04 18:41:10 +00:00 (Migrated from github.com)

I got to know somethings about this encryption problem. This will only appear on devices that where originally released on Android Oreo or lower. However it is important to know that even if you upgrade the device to a newer version of android (like i had done on the device in the screenshot) it does not solve the problem.

I think the app can be recommended for people having a phone that was originally released with a version higher then Oreo and cannot be upgraded to android 12. Besides this PrivacyTools currently recommends the usage of Lineage-OS and GrapheneOS who also have similar features integrated.

I got to know somethings about this encryption problem. This will only appear on devices that where originally released on Android Oreo or lower. However it is important to know that even if you upgrade the device to a newer version of android (like i had done on the device in the screenshot) it does not solve the problem. I think the app can be recommended for people having a phone that was originally released with a version higher then Oreo and cannot be upgraded to android 12. Besides this PrivacyTools currently recommends the usage of Lineage-OS and GrapheneOS who also have similar features integrated.
FunkyMuse commented 2021-09-05 08:09:49 +00:00 (Migrated from github.com)
  1. Guide the user to go to Settings > Security > Screen lock.

  2. After entering the PIN or password, now tap on PIN or password. I'm using PIN for this example.

  3. A screen appears saying "You can further protect this device by requiring your PIN before it starts up...".

  4. Select the option "Require PIN to start device". Tap "Continue".

  5. A prompt appears saying "Require PIN? When you enter your PIN to start this device, accessibility services like won't yet be available." Tap "OK". Then tap "Continue".

  6. Choose and confirm your PIN.

  7. Done.

@ph00lt0

1. Guide the user to go to Settings > Security > Screen lock. 2. After entering the PIN or password, now tap on PIN or password. I'm using PIN for this example. 3. A screen appears saying "You can further protect this device by requiring your PIN before it starts up...". 4. Select the option "Require PIN to start device". Tap "Continue". 5. A prompt appears saying "Require PIN? When you enter your PIN to start this device, accessibility services like won't yet be available." Tap "OK". Then tap "Continue". 6. Choose and confirm your PIN. 7. Done. @ph00lt0
ghost commented 2021-09-05 11:29:24 +00:00 (Migrated from github.com)

Great App though, But Vigilante seems to be a alternative to Android 12's Privacy Dashboard for Older Android Version. But there was already named as Privacy Dasboard & Works Great though and it was also Open-Source. I think the PrivacyTools might recommend that in the Site. Just a Opinion.

Great App though, But Vigilante seems to be a alternative to Android 12's Privacy Dashboard for Older Android Version. But there was already named as Privacy Dasboard & Works Great though and it was also Open-Source. I think the PrivacyTools might recommend that in the Site. Just a Opinion.
This repo is archived. You cannot comment on issues.
No Milestone
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#2350
No description provided.