XPrivacy icon indicating copy to clipboard operation
XPrivacy copied to clipboard

Published 20 hours ago verified publisher icon M66B

Allow own package to queryIntentActivities

Open KOLANICH opened this issue 9 years ago • 10 comments

List of installed packages is leaked someway (probably through list of intent receivers) even when getInstalledApplications and getInstalledPackages are restricted.

KOLANICH avatar Jul 27 '15 18:07 KOLANICH

This issue is missing important information. https://github.com/M66B/XPrivacy#support

M66B avatar Jul 27 '15 19:07 M66B

I am missing steps to reproduce, a link to the application used to test and a logcat with XPrivacy logging enabled.

M66B avatar Aug 02 '15 04:08 M66B

Probably list of packages was retrieved in the following way

private List<String> getApps() {
    PackageManager pm;
    List<String> apps = new ArrayList<String>();
    List queryIntentActivities = pm.queryIntentActivities(new Intent("android.intent.action.MAIN", (Uri)null), 0);
    Iterator<ResolveInfo> it = queryIntentActivities.iterator();
    while (it.hasNext()) {
        String packageName = it.next().activityInfo.packageName;//according the docs there is no such a field in ActivityInfo
        /*
        invokeinterface java/util/Iterator.next:()Ljava/lang/Object;
        checkcast       Landroid/content/pm/ResolveInfo;
        getfield        android/content/pm/ResolveInfo.activityInfo:Landroid/content/pm/ActivityInfo;
        getfield        android/content/pm/ActivityInfo.packageName:Ljava/lang/String;
        */
        if (!apps.contains(packageName)) {
            apps.add(packageName);
        }
    }
    return apps;
}

Sorry for the delay, had no time to analyse the app until now.

KOLANICH avatar Aug 06 '15 17:08 KOLANICH

I will add a (dangerous) restriction for queryIntentActivities, but you'll have to wait at least a week until I have returned home again.

M66B avatar Aug 06 '15 18:08 M66B

Such restriction already exists, but restricting it can create troubles with app operation. I think that there should be a way to mask identifiers. You can make masking based on crypto, but I think it is overkill here (it won't be an overkill if you have a lot of values to mask, if you decided to to use crypto, use authenticated encryption scheme). So 1 for each package generate a random id 2 use associative container mapping generated id and real package id to each others 3 if app is restricted to get package ids but allowed to call queryIntentActivities, give it masked ids and unmask them in other APIs.

KOLANICH avatar Aug 06 '15 18:08 KOLANICH

This is too complicated (too slow and will give maintenance headaches). It is better to allow only the own package and filter the rest.

M66B avatar Aug 06 '15 18:08 M66B

This is too complicated (too slow and will give maintenance headaches).

Why? I don't think that mapping masked id to id and back is slower than hooked call itself.

KOLANICH avatar Aug 06 '15 19:08 KOLANICH

Even then I don't want to maintain such a feature.

M66B avatar Aug 06 '15 19:08 M66B

Can't we just use the list of allowed packages for this app when this call is restricted?

Magissia avatar Sep 19 '15 18:09 Magissia

That is why I have marked this issue as an enhancement (=feature request).

M66B avatar Sep 19 '15 18:09 M66B