XPrivacy
The ultimate, yet easy to use, privacy manager for Android
Index
- Description
- Features
- Restrictions
- Limitations
- Compatibility
- Installation
- Upgrading
- Usage
- Permissions
- Frequently asked questions
- Support
- Changelog
- Similar solutions
- News
- Contributing
- License
Description
XPrivacy can prevent applications from leaking privacy sensitive data. XPrivacy can restrict the categories of data an application can access. This is done by feeding an application with no or fake data. There are several data categories which can be restricted, for example contacts or location. For example, if you restrict access to contacts for an application, this will result in sending an empty contact list to the application. Similarly, restricting an application's access to your location will result in a fake location being sent to the application.
XPrivacy doesn't revoke (i.e. block) permissions from an application, which means that most applications will continue to work as before and won't force close. There are two exceptions to this, access to the internet and to external storage (typically an SD card) is restricted by denying access (revoking permissions). There is no other way to implement this, since these permissions are handled by Android in a special way. Android delegates handling of these permission to the underlying Linux network/file system. XPrivacy will fake offline (internet) and/or unmounted (storage) state, but some applications try to access the internet/storage nevertheless, potentially resulting in crashes or error messages.
If restricting a category of data for an application results in problems for the application, it is possible to allow access to the data category again to solve the issue.
By default, all newly installed applications will have no access to any data category at all, to prevent a new application from leaking sensitive data right after installation. Shortly after installing a new application, XPrivacy will ask which data categories you want the new application to have access to. XPrivacy comes with an application browser, which allows you to quickly enable or disable applications' access to a particular data category for example to view your calendar. It is also possible to edit all data categories for one application.
To help you identify potential data leaks, XPrivacy will monitor attempts made by all applications to access sensitive data. XPrivacy will display an orange warning triangle icon as soon as data of a data category has been used. If an application has requested Android permissions to access data in a data category, this will be displayed with a green key icon. XPrivacy will also display if an application has internet access, indicating that the application poses a risk of sharing the data it obtains with an external server.
XPrivacy is built using the Xposed framework. XPrivacy taps into a vast number of carefully selected functions of Android through the Xposed framework. Depending on the function, XPrivacy conditionally skips execution of the original function (for example when an application tries to set a proximity alert) or alters the result of the original function (for example to return an empty message list).
XPrivacy has been tested with Android version 4.0.3 - 4.4.2 (ICS, JellyBean, KitKat), and is reported to work with most Android variants, including stock ROMs. Root access is needed to install the Xposed framework.
XPrivacy was a lot of work, so please support this project
Donate a few dollars for the pro version
OR
buy the pro enabler from Google play
OR
Using XPrivacy is entirely at your own risk
Features
- Simple to use
- No need to patch anything (no source, no smali or anything else)
- For any (stock) variant of Android version 4.0.3 - 4.4.2 (ICS, JellyBean, KitKat)
- Newly installed applications are restricted by default
- Displays data actually used by an application
- Free and open source
Restrictions
For easy usage, data is restricted by category:
- Accounts
- Browser
- Calendar
- Calling
- Clipboard
- Contacts
- Dictionary
- Identification
- return a fake Android ID
- return a fake device serial number
- return a fake host name
- return a fake Google services framework ID
- return file not found for folder /proc
- return a fake Google advertising ID
- return a fake system property cid (Card Identification Register)
- return file not found for /sys/block/.../cid
- return file not found for /sys/class/.../cid
- return fake input device descriptor
- Internet
- Location
- return a random or set location
- return empty cell location
- return an empty list of (neighboring) cell info
- prevents geofences from being set
- prevents proximity alerts from being set
- prevents sending NMEA data to an application
- prevent phone state from being sent to an application
- Cell info changed
- Cell location changed
- prevent sending extra commands (aGPS data)
- return an empty list of Wi-Fi scan results
- prevents connecting to Google Play services
- Media
- Messages
- Network
- NFC
- Notifications
- prevent receiving statusbar notifications (Android 4.3+)
- prevent C2DM messages
- Overlay
- Phone
- return a fake own/in/outgoing/voicemail number
- return a fake subscriber ID (IMSI for a GSM phone)
- return a fake phone device ID (IMEI): 000000000000000
- return a fake phone type: GSM (matching IMEI)
- return a fake network type: unknown
- return an empty ISIM/ISIM domain
- return an empty IMPI/IMPU
- return a fake MSISDN
- return fake mobile network info
- Country: XX
- Operator: 00101 (test network)
- Operator name: fake
- return fake SIM info
- Country: XX
- Operator: 00101
- Operator name: fake
- Serial number (ICCID): fake
- return empty APN list
- return no currently used APN
- return an empty call log
- prevent phone state from being sent to an application
- Call forwarding indication
- Call state changed (ringing, off-hook)
- Mobile data connection state change / being used
- Message waiting indication
- Service state changed (service/no service)
- Signal level changed
- return an empty group identifier level 1
- Sensors
- Shell
- Storage
- revoke permission to the media storage
- revoke permission to the external storage (SD card)
- return fake unmounted state
- System
- return an empty list of installed applications
- return an empty list of recent tasks
- return an empty list of running processes
- return an empty list of running services
- return an empty list of running tasks
- return an empty list of widgets
- return an empty list of applications (provider)
- prevent package add, replace, restart and remove notifications
- View
- prevent links from opening in the browser
- return fake browser user agent string
- Mozilla/5.0 (Linux; U; Android; en-us) AppleWebKit/999+ (KHTML, like Gecko) Safari/999.9
Limitations
- /proc and system properties cannot be restricted for Android (serial number, IMEI, MAC address, etc)
- Phone number cannot be restricted for the standard phone application
- Internet and storage can only be restricted for applications/providers/services started by the Android package manager
- Due to its static nature Build.SERIAL can only be randomized on application start and there is no usage data
- Due to a bug in Chromium the user agent cannot be restricted in all cases (issue)
- Due to a custom implementation the clipboard cannot be restricted on some Samsung stock ROMs (issue)
- You cannot restrict the Android ID used for submitting restrictions (only pro version)
- There is no usage data for isolated processes (a new concept in Android 4.4)
Compatibility
XPrivacy has been tested with Android version 4.0.3 - 4.4.2 (ICS, JellyBean, KitKat), and is reported to work with most Android variants, including stock ROMs.
Installation
Instead of following the steps below, you can use the XPrivacy Installer.
It seems like a lot of steps, but it is done in no time:
- Requirements:
- Make a backup
- If not done already: root your device; the procedure depends on the brand and model of your device
- You can find a guide here for most devices
- Enable System settings > Security > Unknown sources
- Install the Xposed framework
- Be sure to install the latest version
- The Xposed fix is not needed anymore
- Download and install XPrivacy from here
- Alternatively download from here
- Enable XPrivacy from the Xposed installer
- Reboot
I do not recommend using XPrivacy in combination with any of the similar solutions, because it could result in conflicts (with as possible consequence data leakage).
If you want to uninstall XPrivacy, you have two options:
- Disable XPrivacy in the Xposed installer
- Uninstall Xposed using the Xposed installer
Upgrading
- Make a backup
- Do not remove the previous version (else your settings will get lost)
- Download the new version
- Install the new version over the previous version
- Reboot your device
When following this procedure your data will not leak, because the Xposed part of XPrivacy keeps running.
Usage
The application starts in the main view, where at the top a data category can be selected. By ticking one or more check boxes in the list below, the selected data category can be restricted for the chosen applications. The default category is All, meaning that all data categories will be restricted.
Tapping on an application icon shows the detailed view, where all the data categories for the selected application can be managed. This view will also appear by tapping on the notification that appears after updating or installing an application. By default all data categories will be restricted for new installed applications to prevent leaking privacy sensitive data from the beginning. You can change which data categories will be restricted by changing the Template available from the main menu.
Data categories exist to make it easier to manage restrictions. The data categories in the detailed view can be drilled down to individual functions. If the category is restricted, individual functions can be allowed by clearing the function check boxes.
To see it in action: try restricting the category Identification for Android Id Info or try restriction the category Contacts for the Contacts application.
Applying some restrictions require restarting applications and/or your device
If an application requested Android permissions for a data category, the category will be marked with a green key icon. If an application used/tried to use data, the data category will be marked with an orange warning triangle icon. If an application has internet permissions a world globe icon will be shown. These icons are just a guideline, because an application can access some privacy sensitive data without Android permissions, for example the serial number of your device and because is not possible to monitor data usage in each and every situation, for example not for access to the internet or the external storage. Be aware that an application could access the internet through other (sister) applications.
Enabling the internet or storage restriction means blocking access to the internet or to the external storage (typically the SD card). This may result in error messages and even in forced closes of the application.
Some category and function restrictions are considered dangerous. These categories and functions are marked with a redish background color. Some applications will crash if you restrict these categories and/or functions.
There are global settings and application specific settings, respectively accessible from the menu of the application list and the menu of the application details view. The global settings, like a randomized or set latitude/longitude, apply to all applications, unless you set any application specific setings. In that case all global settings are overriden by the application specific settings. There is one special case: saving empty specific application settings (you can use the clear button) will erase all application specific settings, so that the global settings will be used again.
The template, available from the main menu is applied to newly installed applications or if you use the menu apply template from the application details view.
Using XPrivacy is entirely at your own risk
Permissions
XPrivacy asks for the following Android permissions:
- Accounts: to select accounts to allow for applications
- Contacts: to select contacts to allow for applications
- Boot: to check if XPrivacy is enabled
- Internet: to submit/fetch crowd sourced restrictions
- Storage: to export settings to the SD card (only pro version)
If you don't like this, you can always restrict XPrivacy itself ...
Frequently asked questions
(1) Will XPrivacy make my device slower?
Maybe a little bit, but it will probably not be noticeable.
(2) Does XPrivacy use a lot of memory or battery?
Almost nothing.
(3) Can you help me with rooting my device?
There are already enough guides to help you to root your device. Use your favorite search engine to find one.
(5) How can I reset all XPrivacy settings?
Manage apps > XPrivacy > Clear data
Reboot.
(6) Can I backup XPrivacy and settings?
Yes, you can, for example with Titanium backup, but you can only restore into the same environment (device/ROM). Exporting/importing settings will work across devices/ROMs. To export/import settings you will need the pro version.
(10) Which functions are exactly restricted?
Many, see here for all details.
Great care has been taken to develop XPrivacy, nevertheless data could leak and applications can crash, although this is fortunately rare.
(14) I get 'Incompatible ...' !
An internal check of XPrivacy failed, resulting in potential data leakage. Please press OK to send me the support information, so I can look into it.
(15) What is the procedure for a ROM update?
The right order for ROM updates is:
- Export XPrivacy settings
- Enable flight mode
- Reboot to recovery
- Flash ROM
- Flash Google apps (optional)
- Re-activate Xposed using Xposed toggle
- Reboot to Android
- Restore the android ID (when needed; with for example Titanium backup)
- Clear XPrivacy data (please note that this will erase the imported pro license file if any)
- Import XPrivacy settings
- Disable flight mode
- Fake network type (Wi-Fi, mobile)
(this assumes no data wipe and Xposed and XPrivacy installed before updating the ROM)
If you skip the XPrivacy import/clear/export steps some system applications can have the wrong restrictions, because the uid's of these applications might have been changed.
For export/importing XPrivacy data you need pro version.
(16) Can I restrict an application with root access?
Yes, you can by restricting su shell access.
(17) Will restrictions be applied immediately?
It can take up to 15 seconds before changes in restrictions will be effective, because of caching. Changing the internet and storage restriction requires an application restart. Please note that in many cases pressing back, only moves the application to the background.
(18) Can XPrivacy ask for restrictions on demand / display a message on data usage?
It cannot always, since it works deep within Android, and therefore it is IMHO not a good idea to ask for restrictions when it could, because this will probably result into confusion only.
There is a lot of privacy sensitive data processed within Android, especially if there are a lot of applications installed. It would slow down your device significantly if XPrivacy would notify data usage.
Newly installed applications are by default fully restricted. Restricting an application should not result into any force closes (crashes), please create an issue if this happens (see the support section below), it only means that an application cannot see the restricted data. If an application should see the data, you can remove the associated restriction at any time.
(19) Does XPrivacy have a firewall?
Yes, you can restrict internet access for any application. If you want to partly enable internet, for example for Wi-Fi only, you will have to use a firewall application, like AFWall+. The reason is that XPrivacy works within Android and detailed firewall rules can only be applied within the Linux kernel.
(21) I get 'Unable to parse package'
This means the downloaded apk is corrupt. Try disabling your popup blocker or download using another computer.
Enable logging using the settings menu and see here.
(23) Where are the settings of XPrivacy stored?
The restriction settings of XPrivacy are stored as private application data. It is possible to backup the application and the data, but you can restore it onto the same environment (device/ROM) only. This is because Android assigns different uid's to the same applications on different devices. Exporting settings on one device and importing settings onto another device will work, but this requires the pro version. If you want to backup the exported settings, they are in the folder .xprivacy on the SD card.
(25) Why doesn't undoing a data category restriction disable the function exceptions too?
If you accidentally undo a data category restriction all the function exception would be lost. The function exceptions only apply when the data category is restricted.
(26) How can I export/import my settings?
For this you need the pro version. Exported settings are stored in the folder .xprivacy in the file XPrivacy.xml. You can copy this file to the same place on a second device. When importing, settings are only applied to applications that exist on the second device. This also applies to system applications.
Note that allowed accounts and allowed contacts (not the accounts and contacts itself) can only be imported when the android ID is the same. See question 15 about what to do when updating your ROM.
(28) I have restricted locations but my GPS status icon still appears
That is correct, XPrivacy only replaces the real location by a fake location. It even uses the real location to randomize the fake location. The idea is that everything should appear as normal as possible to an application.
(29) How about multi-user support?
Each application is identified by a uid and all restrictions are based on this unique identifier. Each user has his/her own set of applications, which are identified by separate uids. So, each user can manage the restrictions for the applications available to him/her.
(30) Why is the location search in the settings disabled?
Because some Google components are not installed.
(31) Do I still need root after installing Xposed?
No.
(32) Why is XPrivacy not available in the Play store anymore?
Read here why.
(33) What is 'Template' used for?
The template is used to apply restrictions to newly installed applications and when you use the menu Apply template.
(34) Will there be a iOS / Window phone version?
No, because these OS'es are to closed to implement something like XPrivacy.
- The device brand/manufacturer
- The device model/product name
- The device (phone) type
- The network type (mobile, Wi-Fi, etc.)
- Synchronization state
- Screen locking
- Display settings
- Wi-Fi settings
- Bluetooth settings
- Shortcuts
- Android version
- Vibration
No, because I don't consider this as privacy sensitive data (=able to identify you and collect data about you). I am happy to add new restrictions for data that is really privacy sensitive.
Expert mode disables the dangerous restrictions warning and enables some advanced settings.
(37) Does XPrivacy work with SELinux (Fort Knox) ?
Yes.
(38) What is 'Android usage data' and 'Extra usage data' ?
The setting Android usage data enables sending more usage data for Android itself (uid=1000).
The setting Extra usage data enables sending more usage data for all applications.
Enabling these settings can cause instability and/or decrease performance on some devices.
Usage data = orange triangles.
(39) How does the tri-state check box work?
The tri-state check box follows this pattern:
- Unchecked = no retrictions
- Solid square = some restrictions
- Check mark = all restrictions
Some/all is determined as follows:
- All category: some/all other categories
- Other categories: some/all functions
Be aware that by default categories and functions are filtered by permission, so you may not see all of them. The check box state is independent of this.
(40) How can I get usage data for all applications?
Try enabling the setting Extra usage data from the main menu, but be aware that this might cause instability on some ROMs.
(41) Why are not all pro features available with the pro enabler?
The pro enabler is in the Play store on request of some early XPrivacy users. In the beginning there was just one pro feature: export/import of all restrictions and settings. In a later stage fetching crowd sourced restrictions were added as a pro feature. Processing of the crowd sourced restrictions requires a big server which has to be paid for. The low price of the pro enabler, don't forget Google takes already 30%, didn't allow to give this feature for free to existing users. Looking back I would never have put the pro enabler into the Play store, but I cannot remove it anymore now, because of the existing users.
(42) What should I do if an application force closes (crashes)?
Take a look into the usage view of the application, available through the menu in the application details view, to see which functions the application uses. Disable category and/or function restrictions one by one until you have found the one causing the force close. Help others by submitting your working restrictions.
(43) Can XPrivacy handle non-Java applications?
In general, due to the architecture of Android (isolated virtual machines), any call to native libraries and binaries is through Java and can thus be restricted by XPrivacy. As far known any route to a native library or binary is covered by XPrivacy.
XPrivacy cannot hook into native libraries, but can prevent native libraries from loading. This could break applications, like Facebook, but can prevent malware from doing its work.
XPrivacy can also restrict access to the Linux shell (including superuser), to prevent native binaries from running.
You can find the restrictions in the Shell category.
Support
If you encounter a bug please create an issue.
Include a logcat when relevant (use pastebin or a similar service).
Do not forget to enable XPrivacy logging using the settings menu!
Please describe the exact steps to reproduce the issue and include information about your device type and Android version.
If you have a feature request, please create an issue.
If you have any question, you can leave a message in the XDA XPrivacy forum thread.
Before submitting any issue please make sure you are running the latest version of XPrivacy.
Before submitting any issue please make sure XPrivacy is causing the problem by disabling XPrivacy.
One bug report / feature request per issue please!
Do not use my personal or XDA e-mail for bug reports and feature requests.
Changelog
The changelog has been moved here.
Similar solutions
- PDroid
- PDroid 2.0
- OpenPDroid
- LBE Privacy Guard
- CyanogenMod Incognito Mode
- Per App Settings Module
- Android 4.3+ Permission Manager
The PDroid family provides fake or no data, more or less in the same way as XPrivacy does. A difference is that you need to patch Android and that there is (therefore) only limited stock ROM support. The PDroid family is open source.
LBE Privacy Guard revokes permissions, which will make some applications unusable. LBE Privacy Guard also features malware protecting and data traffic control. Some consider the closed source code of Chinese origin as a problem.
The members of the PDroid family and XPrivacy hardly use memory, but LBE Privacy Guard does.
The CyanogenMod Incognito Mode seems not to be fine grained and provides only privacy for personal data, if the associated content provider chooses to do so.
The Per App Settings Module revokes permissions like LBE Privacy Guard does. This modules offers a lot of other, interesting features.
Android 4.3+ Permission Manager is like CyanogenMod Incognito Mode.
XPrivacy can restrict more data than any of the above solutions, also for closed source applications and libraries, like Google Play services.
News
- Manage Individual App Permissions with XPrivacy (June 20, 2013)
- XPrivacy Gives You Massive Control Over What Your Installed Apps Are Allowed To Do (June 23, 2013)
- Protect Your Privacy with XPrivacy - XDA Developer TV (July 17, 2013)
- XPrivacy Android - Schutz gegen Datensammler (August 1, 2013)
Contributing
Translations:
- Translate the strings in this file
- Omit lines with translatable="false"
- If you know how to, please create a pull request
- Else send me the translated file via XDA PM
Current translations:
- Bulgarian (bg)
- Catalan (ca)
- Czech (cs)
- Danish (da)
- Dutch/Flemish (nl)
- English
- Estonian (ee)
- Farsi (fa)
- Finnish (fi)
- French (fr)
- German (de)
- Greek (el)
- Hebrew (he/iw)
- Hindi (hi)
- Hungarian (hu)
- Irish (ga)
- Italian (it)
- Japanese (ja)
- Lithuanian (lt)
- Norwegian (nb-rNO, nn-rNO, no-rNO)
- Polish (pl)
- Portuguese (pt)
- Romanian (ro)
- Rusian (ru)
- Serbian (sr)
- Simplified Chinese (zh-rCN)
- Slovak (sk)
- Slovenian (sl)
- Spanish (es)
- Swedish (sv)
- Traditional Chinese (zh-rTW)
- Turkish (tr)
- Ukrainian (ua)
- Vietnamese (vi)
Restrict new data:
- Find the package/class/method that exposes the data (look into the Android documentation/sources)
- Figure out a way to get a context (see existing code for examples)
- Create a class that extends XHook
- Hook the method in XPrivacy
- Write a before and/or after method to restrict the data
- Do a pull request if you want to contribute
Using Eclipse:
- Clone the GitHub project to a temporary location
- Import the GitHub project into Eclipse, copy the files
- Close Eclipse and copy the project from the temporary location over the imported project
- Make sure you copy all hidden files
- Add the Xposed library to the build path as described here
Testing:
Serious contributors do not have to donate for the pro version. New translations are considered as a serious contribution, but translating a few lines of text is not.
License
GNU General Public License version 3
Copyright (c) 2013-2014 Marcel Bokhorst (M66B)
This file is part of XPrivacy.
XPrivacy is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
XPrivacy is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with XPrivacy. If not, see http://www.gnu.org/licenses/.