XPrivacy icon indicating copy to clipboard operation
XPrivacy copied to clipboard

Published 20 hours ago verified publisher icon M66B

Location Services restricted, but Apps get the Location via Play Services - how to prevent?

Open UweRammelt opened this issue 10 years ago • 13 comments

Example: "Mehr-Tanken". Log shows no access to location services, but the app finds the correct location. Uploading attachment.php.png . . .

UweRammelt avatar Feb 24 '15 16:02 UweRammelt

Please provide a link to the application.

M66B avatar Feb 24 '15 17:02 M66B

Here is the link to the Usage Data: http://forum.xda-developers.com/attachment.php?attachmentid=3179634&d=1424685475

The App can be installed from here: https://play.google.com/store/apps/details?id=de.msg

UweRammelt avatar Feb 24 '15 17:02 UweRammelt

Refs #1822

M66B avatar Feb 24 '15 17:02 M66B

Play services locating: https://developer.android.com/reference/com/google/android/gms/location/package-summary.html

Old Play services location restriction in XPrivacy: https://github.com/M66B/XPrivacy/blob/master/src/biz/bokhorst/xprivacy/XLocationClient.java

New Play services location restriction in XPrivacy https://github.com/M66B/XPrivacy/blob/master/src/biz/bokhorst/xprivacy/XGoogleApiClient.java https://github.com/M66B/XPrivacy/blob/master/src/biz/bokhorst/xprivacy/XConnectionCallbacks.java https://github.com/M66B/XPrivacy/blob/master/src/biz/bokhorst/xprivacy/XFusedLocationApi.java

Theory: dynamic hooking might not work (anymore), which would result in an XPrivacy warning ClassNotFoundException or NoSuchFieldException.

I will look into this as soon as there is a stable Xposed for Android 5.1.

M66B avatar Mar 16 '15 07:03 M66B

"but Apps get the Location via Play Services": the application is definitely not getting a location from Play services and unfortunately I have no idea where the location is coming from.

M66B avatar Apr 17 '15 13:04 M66B

Note that the above commit does not fix this issue, but allows you to see that an application connects to Play services, which mehr-tanken does not.

M66B avatar Apr 17 '15 14:04 M66B

mehr-tanken is also not using the standard Android location manager, so I am puzzled about how the application gets the current location.

I have checked all location restrictions and they work.

M66B avatar Apr 17 '15 15:04 M66B

@UweRammelt: how do you know the application is using the Play services to obtain a location?

M66B avatar Apr 17 '15 15:04 M66B

Restricting Play services location and rebooting will restrict location for mehr-tanken, so the application is using the Play services to get the last location.

XPrivacy restricts all documented location requests for the Play services, both the old way (LocationClient) and the new way (FusedLocationApi). So, my conclusion the application is connecting to the Play services in a non-standard way.

M66B avatar Apr 17 '15 15:04 M66B

So it is using both the Play Services and another way? I wonder what that way could be: do they have their own database of cell towers?

Cerberus-tm avatar Apr 17 '15 15:04 Cerberus-tm

The application is using the Play services (most probably only), but in a non standard way.

M66B avatar Apr 17 '15 16:04 M66B

Ahh OK, I get it.

Cerberus-tm avatar Apr 17 '15 16:04 Cerberus-tm

Play services location services interface: https://github.com/microg/android_external_GmsApi/blob/master/play-services-api/src/main/aidl/com/google/android/gms/location/internal/IGoogleLocationManagerService.aidl

M66B avatar Apr 25 '15 06:04 M66B