AppManager v2.5.23 Pre-release
- [Feature] Added screen lock
- [Feature] Added Add to profile in the batch ops and app info tab
- [Feature] Added enable/disable features in settings (replacing interceptor setting)
- [Feature] Added leanback launcher support with banner (Android TV)
- [Feature] Backup/restore SSAID (requires immediate restart)
- [Feature] Backup APK in external SD card
- [Feature] AppInfo: Added options to configure battery optimization, net policy, SSAID. For each of them, tag clouds will be displayed if the values are not default.
- [Feature] AppInfo: Added options to select tracker components to block/unblock
- [Feature] Improved backup volume selection
- [Feature] Interceptor: add/remove extras
- [Feature] Made settings page accessible from Android Settings
- [Feature] Main: Added filter by installed app, sort by number of trackers and last actions (the latter is not stable yet)
- [Feature] Main: Batch selection on long click after the selection mode is turned on (i.e. selection mode is turned on if you click on any app icon or long click on any app)
- [Feature] Main: Replaced sort and filter with list options
- [Feature] Main: Set backup to red if the app is not installed
- [Feature] New language: Japanese
- [Feature] Removed F-Droid, Aurora Droid in favour of F-Droid links (to support user preferred clients)
- [Feature] Search using app initials in the main page (e.g. TS will list TrebleShot in the search results)
- [Feature] Updated trackers, libraries, profile presets
- [Feature] Use of database as a middle man to improve load time
- [Fix] Fixed app icon (it now matches app theme)
- [Fix] Fixed crash while blocking app components of a recently updated app
- [Fix] Fixed various crashes in the app info tab
- [Fix] Properly sanitize profile names and exported APK(S) file names
- [Fix] Remove rules for all users (rather than the current user) in settings
- [Fix] Replaced
- [Fix] Replaced image buttons with material buttons (fixes crash when using Substratum themes)
Don't set folders inside
- [Feature] Added screen lock
- [Feature] Added Add to profile in the batch ops and app info tab
- [Feature] Added enable/disable features in settings (replacing interceptor setting)
- [Feature] Added leanback launcher support with banner (Android TV)
- [Feature] Backup/restore SSAID (requires immediate restart)
- [Feature] Backup APK in external SD card
- [Feature] AppInfo: Added options to configure battery optimization, net policy, SSAID. For each of them, tag clouds will be displayed if the values are not default.
- [Feature] AppInfo: Added options to select tracker components to block/unblock
- [Feature] Improved backup volume selection
- [Feature] Interceptor: add/remove extras
- [Feature] Made settings page accessible from Android Settings
- [Feature] Main: Added filter by installed app, sort by number of trackers and last actions (the latter is not stable yet)
- [Feature] Main: Batch selection on long click after the selection mode is turned on (i.e. selection mode is turned on if you click on any app icon or long click on any app)
- [Feature] Main: Replaced sort and filter with list options
- [Feature] Main: Set backup to red if the app is not installed
- [Feature] New language: Japanese
- [Feature] Removed F-Droid, Aurora Droid in favour of F-Droid links (to support user preferred clients)
- [Feature] Search using app initials in the main page (e.g. TS will list TrebleShot in the search results)
- [Feature] Updated trackers, libraries, profile presets
- [Feature] Use of database as a middle man to improve load time
- [Fix] Fixed app icon (it now matches app theme)
- [Fix] Fixed crash while blocking app components of a recently updated app
- [Fix] Fixed various crashes in the app info tab
- [Fix] Properly sanitize profile names and exported APK(S) file names
- [Fix] Remove rules for all users (rather than the current user) in settings
- [Fix] Replaced
AppManager/tmp with AppManager/.tmp- [Fix] Replaced image buttons with material buttons (fixes crash when using Substratum themes)
Don't set folders inside
/mnt/media_rw/ as the backup volume. It doesn't work for backup/restore.👍1
Sneak-peek: My attempt to redesign Android Terminal Emulator, the best terminal ever created for Android.
Source code: https://github.com/MuntashirAkon/termoneplus
Source code: https://github.com/MuntashirAkon/termoneplus
👍1
Dependencies of Firebase Android SDKs on Google Play services
Some Firebase Android SDKs depend on Google Play services, which means they will only run on devices and emulators with Google Play services installed. These Firebase SDKs communicate with the Google Play services background service on the device to provide a secure, up-to-date, and lightweight API to your app. Certain Android devices, such as Amazon Kindle Fire devices or those sold in some regions, do not have Google Play services installed.
HINT: Most of the Firebase SDKs do not require Google Play services with the exception of FCM, AdMob, App Indexing and ML related stuffs.
https://firebase.google.com/docs/android/android-play-services
Some Firebase Android SDKs depend on Google Play services, which means they will only run on devices and emulators with Google Play services installed. These Firebase SDKs communicate with the Google Play services background service on the device to provide a secure, up-to-date, and lightweight API to your app. Certain Android devices, such as Amazon Kindle Fire devices or those sold in some regions, do not have Google Play services installed.
HINT: Most of the Firebase SDKs do not require Google Play services with the exception of FCM, AdMob, App Indexing and ML related stuffs.
https://firebase.google.com/docs/android/android-play-services
👍1
What are bloatware and how to remove them?
Bloatware are the unnecessary apps supplied by the vendors/OEMs and are usually the system apps. These apps are often used to track users and collect user data which they might sell for profits. System apps often do not need to request any permission in order to access device info, contacts and messaging data, and other usage info such as your phone usage habits and everything you store on your shared storage(s) as they are already granted/whitelisted by the vendors/OEMs.
The bloatware may also include Google apps (such as Google Play Services, Google Play Store, Gmail, Google, Messages, Dialer, Contacts), Facebook apps (the Facebook app consists of four or five apps), Facebook Messenger, Instagram, Twitter and many other apps which can also track users and/or collect user data without consent given that they all are system apps. You can disable a few permissions from the Android settings but be aware that Android settings hides almost every permission any security specialist would call potentially dangerous.
If the bloatware were user apps, you could easily uninstall them either from Android settings or AM. Uninstalling system apps is not possible without root permission. You can also uninstall system apps using ADB, but it may not work for all apps. AM can uninstall system apps with root or ADB (the latter with certain limitations, of course), but these methods cannot remove the system apps completely as they are located in the system partition which is a read-only partition. If you have root, you can remount this partition to manually purge these apps but this will break Over the Air (OTA) updates since data in the system partition have been modified. There are two kind of updates, delta (small-size, consisting of only the changes between two versions) and full updates. You can still apply full updates in some cases, but the bloatware will be installed again, and consequently, you have to delete them all over again. Besides, not all vendors provide full updates.
Another solution is to disable these apps either from Android settings (no-root) or AM, but certain services can still run in the background as they can be started by other system apps using Inter-process Communication (IPC). One possible solution is to disable all bloatware until the service has finally stopped (after a restart). However, due to heavy modifications of the Android frameworks by the vendors, removing or disabling certain bloatware may cause the System UI to crash or even cause bootloop, thus, (soft) bricking your device. You may search the web or consult the fellow users to find out more about how to debloat your device.
From v2.5.19, AM has a new feature called profiles. The profiles page has an option to create new profiles from one of the presets. The presets consist of debloating profiles which can be used as a starting point to monitor, disable, and remove the bloatware from a proprietary Android operating system.
Note: In most cases, you cannot completely debloat your device. Therefore, it is recommended that you use a custom ROM free of bloatware such as Graphene OS, Lineage OS or their derivatives.
Note 2: In future, AM will add systemless removal of the system apps which can prevent communication using IPC.
https://muntashirakon.github.io/AppManager/faq/misc.html#what-are-bloatware-and-how-to-remove-them
Bloatware are the unnecessary apps supplied by the vendors/OEMs and are usually the system apps. These apps are often used to track users and collect user data which they might sell for profits. System apps often do not need to request any permission in order to access device info, contacts and messaging data, and other usage info such as your phone usage habits and everything you store on your shared storage(s) as they are already granted/whitelisted by the vendors/OEMs.
The bloatware may also include Google apps (such as Google Play Services, Google Play Store, Gmail, Google, Messages, Dialer, Contacts), Facebook apps (the Facebook app consists of four or five apps), Facebook Messenger, Instagram, Twitter and many other apps which can also track users and/or collect user data without consent given that they all are system apps. You can disable a few permissions from the Android settings but be aware that Android settings hides almost every permission any security specialist would call potentially dangerous.
If the bloatware were user apps, you could easily uninstall them either from Android settings or AM. Uninstalling system apps is not possible without root permission. You can also uninstall system apps using ADB, but it may not work for all apps. AM can uninstall system apps with root or ADB (the latter with certain limitations, of course), but these methods cannot remove the system apps completely as they are located in the system partition which is a read-only partition. If you have root, you can remount this partition to manually purge these apps but this will break Over the Air (OTA) updates since data in the system partition have been modified. There are two kind of updates, delta (small-size, consisting of only the changes between two versions) and full updates. You can still apply full updates in some cases, but the bloatware will be installed again, and consequently, you have to delete them all over again. Besides, not all vendors provide full updates.
Another solution is to disable these apps either from Android settings (no-root) or AM, but certain services can still run in the background as they can be started by other system apps using Inter-process Communication (IPC). One possible solution is to disable all bloatware until the service has finally stopped (after a restart). However, due to heavy modifications of the Android frameworks by the vendors, removing or disabling certain bloatware may cause the System UI to crash or even cause bootloop, thus, (soft) bricking your device. You may search the web or consult the fellow users to find out more about how to debloat your device.
From v2.5.19, AM has a new feature called profiles. The profiles page has an option to create new profiles from one of the presets. The presets consist of debloating profiles which can be used as a starting point to monitor, disable, and remove the bloatware from a proprietary Android operating system.
Note: In most cases, you cannot completely debloat your device. Therefore, it is recommended that you use a custom ROM free of bloatware such as Graphene OS, Lineage OS or their derivatives.
Note 2: In future, AM will add systemless removal of the system apps which can prevent communication using IPC.
https://muntashirakon.github.io/AppManager/faq/misc.html#what-are-bloatware-and-how-to-remove-them
👍1
More on the INTERNET permission.
After I’ve explained the reasons for AM to use the INTERNET permission, some of you have asked if there are any privacy benefits in blocking an app’s Internet connection via Firewall. The answer is: Maybe.
If an app has declared the INTERNET permission, the app can make socket connection. Socket connection can be opened in any port and can connect to any IP address (both local/private and the Internet). For some weird reasons, Android doesn’t differentiate between private and public IP addresses which means if a developer want to use socket (others include Binder and Message) to communicate between two apps or processes i.e. with no intention of connecting to the Internet, they must declare this permission.
Communication between two apps or processes is called Inter-process communication or IPC in short. Android uses SELinux and separate user ID (UID) and group ID (GID) to ensure that each non-shared (shared processes can communicate freely) process cannot communicate among each other directly. However, they can still communicate using methods such as (Web) Socket, Binder and Message. As I said earlier, Socket needs a port and an IP address (for IPC, IP address could be
Got an app that uses root but has no INTERNET permission? Don’t get excited. The app can access and send all your data without any permission! How? Android can only check the permission of the immediate caller. So, if the app creates a root process and connects to the Internet from there (the app in turn communicates to the root process via Binder), Android would allow that since the caller is a root process and not the app. So, never trust an unaudited app, specially, the closed source ones.
To conclude, determine your threat model. If you only need to protect yourself from the evil corporations or to improve privacy, use DNS or hosts based blocking because they are more effective than the firewalls. If you need to block the Internet connection from certain apps only, first check if firewall works for it (in my experience, NetGuard works better than AFWall+) and if not, use an APK editor to remove the INTERNET permission from the AndroidManifest file and install it.
This is a detailed explanation of @madaidan’s guide on Firewalls which can be found here: https://madaidans-insecurities.github.io/android.html#firewalls
After I’ve explained the reasons for AM to use the INTERNET permission, some of you have asked if there are any privacy benefits in blocking an app’s Internet connection via Firewall. The answer is: Maybe.
If an app has declared the INTERNET permission, the app can make socket connection. Socket connection can be opened in any port and can connect to any IP address (both local/private and the Internet). For some weird reasons, Android doesn’t differentiate between private and public IP addresses which means if a developer want to use socket (others include Binder and Message) to communicate between two apps or processes i.e. with no intention of connecting to the Internet, they must declare this permission.
Communication between two apps or processes is called Inter-process communication or IPC in short. Android uses SELinux and separate user ID (UID) and group ID (GID) to ensure that each non-shared (shared processes can communicate freely) process cannot communicate among each other directly. However, they can still communicate using methods such as (Web) Socket, Binder and Message. As I said earlier, Socket needs a port and an IP address (for IPC, IP address could be
0.0.0.0 and port number can be anything that is allowed and free-to-use at that time). However, Binder and Message do not require any IP address or port number. An example of this is the clipboard. When you copy some texts, say, in Bromite, it uses Binder to communicate to the ClipboardManager which is a service defined in AOSP, and then it uses the service to store the texts in the clipboard. The similar is possible for a service (actually any service that uses Binder) called DownloadManager. If the app requests an webpage or a file using the DownloadManager service, it connects to the caller app via Binder and checks if the caller has the INTERNET permission. If it has, then it initiates the download and sends the result. Otherwise, it simply fails. So, if you enable Internet firewall of the caller app, then the app itself cannot connect to the Internet. But it can still connect to the Internet using DownloadManager since you haven’t blocked the Internet connection for DownloadManager. What if you block Internet connection for the DownloadManager? If you do that, then all apps that rely on DownloadManager will not be able to connect to the Internet and anything you download from a browser such as Bromite will simply fail. The solution, here, is to edit out the INTERNET permission from the APK file itself (or use GrapheneOS which can revoke this permission effectively). However, this isn’t the end of the irony. The app can also utilise other apps with unpatched vulnerabilities to make the same connection (either via Binder or calling an infected service via Intent). In the latter case, editing out the INTERNET permission may not help at all (and GrapheneOS may not be able to block that either).Got an app that uses root but has no INTERNET permission? Don’t get excited. The app can access and send all your data without any permission! How? Android can only check the permission of the immediate caller. So, if the app creates a root process and connects to the Internet from there (the app in turn communicates to the root process via Binder), Android would allow that since the caller is a root process and not the app. So, never trust an unaudited app, specially, the closed source ones.
To conclude, determine your threat model. If you only need to protect yourself from the evil corporations or to improve privacy, use DNS or hosts based blocking because they are more effective than the firewalls. If you need to block the Internet connection from certain apps only, first check if firewall works for it (in my experience, NetGuard works better than AFWall+) and if not, use an APK editor to remove the INTERNET permission from the AndroidManifest file and install it.
This is a detailed explanation of @madaidan’s guide on Firewalls which can be found here: https://madaidans-insecurities.github.io/android.html#firewalls
👍5❤2
Release Types, Schedules and Sources
App Manager has several types of releases based on user requirements and stability.
1. Stable release. Stable releases like any good software are very infrequent and long term supported. In future, when we finally reach v2.6, we will follow the major.minor.patch version naming instead of 2.major.minor and provide special fixes for stable releases so that users can continue to use stable releases without switching to pre-release. (Non-linear versioning is difficult to handle but we will do that anyway to improve experience for the stable release users.) Stable releases are available on GitHub, F-Droid (may lag behind updates) or Telegram channel.
2. Pre-release. Pre-releases are the unstable releases that are usually made when the number of commits has reached or surpassed 100 (with the exception of the source code being too unstable). Prereleases are discontinued. Use debug releases instead.
3. Debug release. Debug releases are usually served on each push to the repository. This is for the people who want to try out features as they are rolled out and want to contribute to App Manager by sorting out issues. Debug builds use a different package name and a signature, and can be installed side by side with the normal releases. Signature used in debug builds is public and, therefore, they should only be installed from a trusted source such as GitHub actions and Telegram channel.
Unofficial sources may distribute modified versions of App Manager, and none but you shall be responsible for the consequences of using such distributions.
App Manager has several types of releases based on user requirements and stability.
1. Stable release. Stable releases like any good software are very infrequent and long term supported. In future, when we finally reach v2.6, we will follow the major.minor.patch version naming instead of 2.major.minor and provide special fixes for stable releases so that users can continue to use stable releases without switching to pre-release. (Non-linear versioning is difficult to handle but we will do that anyway to improve experience for the stable release users.) Stable releases are available on GitHub, F-Droid (may lag behind updates) or Telegram channel.
2. Pre-release. Pre-releases are the unstable releases that are usually made when the number of commits has reached or surpassed 100 (with the exception of the source code being too unstable). Prereleases are discontinued. Use debug releases instead.
3. Debug release. Debug releases are usually served on each push to the repository. This is for the people who want to try out features as they are rolled out and want to contribute to App Manager by sorting out issues. Debug builds use a different package name and a signature, and can be installed side by side with the normal releases. Signature used in debug builds is public and, therefore, they should only be installed from a trusted source such as GitHub actions and Telegram channel.
Unofficial sources may distribute modified versions of App Manager, and none but you shall be responsible for the consequences of using such distributions.
👍2❤1
App Manager v2.5.24 Pre-release
- [Feature] New language: Tradition Chinese
- [Feature] Added filter by uninstalled apps, apps without backups in the main page
- [Feature] Added wildcard support for app ops and permissions for profiles.
- [Feature] Allow specifying custom installer package which may or may not be installed
- [Feature] App icons are cached to improve load time
- [Feature] Complete rewrite of running apps internals in Java
- [Feature] Copy package name on clicking on the package name in the app info tab
- [Feature] Display file size, requirement, etc. for split APKs in the APK selection dialog
- [Feature] Display version and tracker info in the install confirmation dialog
- [Feature] Display uninstalled system apps and display installation prompt on clicking them
- [Feature] Improved ADB detection and persistence of such detection
- [Feature] Removed toybox along with its dependencies
- [Feature] Updated trackers and libraries
- [Feature] Updated credits
- [Feature] Utilise multiple CPUs for back up/restore
- [Feature] Verify copied checksum with the checksum of the signing certificate of the app on clicking on the app icon in the app info page
- [Fix] Added additional verifications to ensure that screen lock is not bypassed
- [Fix] Fixed back up/restore failure on some Android devices
- [Fix] Fixed crashes in the app details page when system configuration changes
- [Fix] Fixed crash on creating shortcuts on devices that do not support pin shortcut
- [Fix] Fixed generating wrong checksum for certificates in the signatures tab
- [Fix] Fixed uninstalling app for multiple users
- [Fix] Fixed various crashes on opening APK files from external apps
- [Fix] Hide backup option if one of the selected apps is not installed
- [Fix] Verify KeyStore backups during restoring a backup
- [Feature] New language: Tradition Chinese
- [Feature] Added filter by uninstalled apps, apps without backups in the main page
- [Feature] Added wildcard support for app ops and permissions for profiles.
* can be used instead of specifying app ops or permissions to revoke all configured/dangerous permissions/app ops- [Feature] Allow specifying custom installer package which may or may not be installed
- [Feature] App icons are cached to improve load time
- [Feature] Complete rewrite of running apps internals in Java
- [Feature] Copy package name on clicking on the package name in the app info tab
- [Feature] Display file size, requirement, etc. for split APKs in the APK selection dialog
- [Feature] Display version and tracker info in the install confirmation dialog
- [Feature] Display uninstalled system apps and display installation prompt on clicking them
- [Feature] Improved ADB detection and persistence of such detection
- [Feature] Removed toybox along with its dependencies
- [Feature] Updated trackers and libraries
- [Feature] Updated credits
- [Feature] Utilise multiple CPUs for back up/restore
- [Feature] Verify copied checksum with the checksum of the signing certificate of the app on clicking on the app icon in the app info page
- [Fix] Added additional verifications to ensure that screen lock is not bypassed
- [Fix] Fixed back up/restore failure on some Android devices
- [Fix] Fixed crashes in the app details page when system configuration changes
- [Fix] Fixed crash on creating shortcuts on devices that do not support pin shortcut
- [Fix] Fixed generating wrong checksum for certificates in the signatures tab
- [Fix] Fixed uninstalling app for multiple users
- [Fix] Fixed various crashes on opening APK files from external apps
- [Fix] Hide backup option if one of the selected apps is not installed
- [Fix] Verify KeyStore backups during restoring a backup
❤1👍1
We're now hitting a major release (v2.6.0). This is going to be the first long term supported release, i.e. this will be the first version of app manager to receive patches until the next stable release is made.
App Manager is something I made for myself and never really thought that it would reach so much audiences. Now, I can feel that there are many people like me who were waiting for an app that would help them replace privacy invading, non-free apps as well as help those who're suffering from the guilt of using cracked software. The development of App Manager was so fast because I've spent a lot of time analysing other not-so-usable and, often abandoned projects which has given me insights on how to implement such features. I'm also working very hard to ensure security of the data because a rooting app itself is never fully secured (and you're welcome to find any security issues!).
Therefore, it's time to change the name of the app to something special so that it can be uniquely identified (the package name will still be the same though and the old repository will be redirected to the new one).
The best name will be chosen based on the apps functions and/or creativity, and the person will be credited in the about section!
Post your ideas here: https://github.com/MuntashirAkon/AppManager/issues/339
App Manager is something I made for myself and never really thought that it would reach so much audiences. Now, I can feel that there are many people like me who were waiting for an app that would help them replace privacy invading, non-free apps as well as help those who're suffering from the guilt of using cracked software. The development of App Manager was so fast because I've spent a lot of time analysing other not-so-usable and, often abandoned projects which has given me insights on how to implement such features. I'm also working very hard to ensure security of the data because a rooting app itself is never fully secured (and you're welcome to find any security issues!).
Therefore, it's time to change the name of the app to something special so that it can be uniquely identified (the package name will still be the same though and the old repository will be redirected to the new one).
The best name will be chosen based on the apps functions and/or creativity, and the person will be credited in the about section!
Post your ideas here: https://github.com/MuntashirAkon/AppManager/issues/339
👍2❤1
For developers only.
As you might know that
This library is developed as part of App Manager’s upcoming feature which would allow users to import signing/encryption keys from Java KeyStore or create new signing/encryption keys.
As you might know that
sun.security API is hidden in Android and some important features can’t be used such as creating a new X509 certificate or Java KeyStore, I’ve ported sun.security from JDK 7 and can be used as a library to manage Java KeyStore (JKS) as well as PKCS #12. It can also be used to import PKCS #8 formatted private keys. See README here to learn more about its usage: https://github.com/MuntashirAkon/sun-security-android. If you're looking for a Java library to sign and verify APK files, take a look at my Android port of the apksig library here: https://github.com/MuntashirAkon/apksig-android.This library is developed as part of App Manager’s upcoming feature which would allow users to import signing/encryption keys from Java KeyStore or create new signing/encryption keys.
GitHub
GitHub - MuntashirAkon/sun-security-android: Use the Android-private sun.security library
Use the Android-private sun.security library. Contribute to MuntashirAkon/sun-security-android development by creating an account on GitHub.
👍2
App Manager v2.6.0 “First” Stable Release
Introducing Backups
Back up/restore feature is now finally out of beta! Read the corresponding guide to understand how it works.
Introducing Log Viewer
Log viewer is essentially a front-end for logcat. It can be used to filter logs by tag or pid (process ID), or even by custom filters. Log levels AKA verbosity can also be configured. You can also save, share and manage logs.
Lock App Manager
Lock App Manager with the screen lock configured for your device.
Extended Modes for App Ops
You can set any mode for any app ops that your device supports, either from the 1-click ops page or from the app ops tab.
New Batch Ops: Add to Profile
You can now easily add selected apps to an existing profile using the batch operations.
App Info: Improved
App info tab now has many options, including the ability to change SSAID, network policy (i.e. background network usage), battery optimization, etc. Most of the tags used in this tab are also clickable, and if you click on them, you will be able to look at the current state or configure them right away.
Advanced Sort and Filtering Options in the Main Page
Sort and filter options are now replaced by List Options which is highly configurable, including the ability to filter using profiles.
About This Device
Interested in knowing about your device in just one page? Go to the bottom of the settings page.
Enable/disable Features
Not interested in all the features that AM offers? You can disable some features in settings.
New Languages
AM now has more than 19 languages! New languages include Arabic, Farsi, Japanese and Traditional Chinese.
Signing the APK Files
You can now import external signing keys in AM! For security, App Manager has its own encrypted KeyStore which can also be imported or exported.
New Extension: UnAPKM
Since APKMirror has removed encryption from their APKM files, it’s no longer necessary to decrypt them. As a result, the option to decrypt APKM files has been removed. Instead, this option is now provided by the UnAPKM extension which you can grab from F-Droid. So, if you have an encrypted APKM file and have this extension installed, you can open the file directly in AM.
This is a promotional changelog, the typical changelog will be displayed when the APK is uploaded 30 minutes later. Foods for thought, eh?
Introducing Backups
Back up/restore feature is now finally out of beta! Read the corresponding guide to understand how it works.
Introducing Log Viewer
Log viewer is essentially a front-end for logcat. It can be used to filter logs by tag or pid (process ID), or even by custom filters. Log levels AKA verbosity can also be configured. You can also save, share and manage logs.
Lock App Manager
Lock App Manager with the screen lock configured for your device.
Extended Modes for App Ops
You can set any mode for any app ops that your device supports, either from the 1-click ops page or from the app ops tab.
New Batch Ops: Add to Profile
You can now easily add selected apps to an existing profile using the batch operations.
App Info: Improved
App info tab now has many options, including the ability to change SSAID, network policy (i.e. background network usage), battery optimization, etc. Most of the tags used in this tab are also clickable, and if you click on them, you will be able to look at the current state or configure them right away.
Advanced Sort and Filtering Options in the Main Page
Sort and filter options are now replaced by List Options which is highly configurable, including the ability to filter using profiles.
About This Device
Interested in knowing about your device in just one page? Go to the bottom of the settings page.
Enable/disable Features
Not interested in all the features that AM offers? You can disable some features in settings.
New Languages
AM now has more than 19 languages! New languages include Arabic, Farsi, Japanese and Traditional Chinese.
Signing the APK Files
You can now import external signing keys in AM! For security, App Manager has its own encrypted KeyStore which can also be imported or exported.
New Extension: UnAPKM
Since APKMirror has removed encryption from their APKM files, it’s no longer necessary to decrypt them. As a result, the option to decrypt APKM files has been removed. Instead, this option is now provided by the UnAPKM extension which you can grab from F-Droid. So, if you have an encrypted APKM file and have this extension installed, you can open the file directly in AM.
This is a promotional changelog, the typical changelog will be displayed when the APK is uploaded 30 minutes later. Foods for thought, eh?
👍1
App Manager v2.6.0 Stable
All the changes introduced in v2.5.21, v2.5.22, v2.5.23, v2.5.24, and the ones below:
- New Feature: Log Viewer (accessible from the main menu, “running” tag in the app info page and three-dots menu in each item of the running apps page).
- New Language: Arabic
- [Feature] Removed unAPKM from the app as newer APKMs are no longer encrypted. (Use UnAPKM extension from F-Droid to continue to decrypt the encrypted APKM files.)
- [Feature] Added AES and RSA encryption (AES/GCM/NoPadding with 12 bytes IV) for backups
- [Feature] Added clear cache option in ADB mode
- [Feature] Added compatibility support for mobile data usage in old operating systems
- [Feature] Added colour codes to the “backup” tag in the main page denoting the age of the backups: Red => Uninstalled, Dark cyan => Up to date backup, Orange => Outdated backup
- [Feature] Added filter by profile in the main page
- [Feature] Added options to disable log viewer
- [Feature] Added select all button in various multiple choice dialogs
- [Feature] Added the ability to import (JKS, BKS and PKCS #12 KeyStores and PK8 formatted private key and PEM certificate) and generate signing keys
- [Feature] Added the option to import/export App Manager's KeyStore. It's a typical Bouncy Castle KeyStore in BKS extension
- [Feature] Added SAF tag in the app info page for apps that uses storage access framework. Clicking on it lists the granted URIs.
- [Feature] Added Verify and redo backups and back up apps with changes in 1-click ops page (in the back up section)
- [Feature] Display native libraries alongside shared libraries in the shared libs tab
- [Feature] Display file names that could not be imported (when importing files from Blocker or Watt)
- [Feature] Improved formatting of the backup info dialogs
- [Feature] Moved usage access to enable/disable features in the settings page
- [Feature] Organized settings by moving a rules and installer settings to a different fragment
- [Feature] Replaced block trackers with block/unblock trackers
- [Feature] Store backup hashes in the database to detect changes in data (will be enhanced in future)
- [Feature] Updated trackers and libraries
- [Fix] Renamed global component blocking to instant component blocking
- [Fix] Renamed Backup APK to Save APK
- [Fix] Removed the backup option Source and renamed APK only to APK files
- [Fix] Replaced the backup option Data with Internal data. External data no longer depends on this option.
- [Fix] Replaced the backup option Exclude cache with Cache (i.e., the flag has been inverted).
- [Fix] Avoided crash in the app details page when device configuration (night mode, orientation, etc.) changes
- [Fix] Backup URI grants only for the given users
- [Fix] Fixed a crash occurs occasionally when detecting whether an app is running
- [Fix] Fixed a crash when yesterday data isn't available in the app usage page
- [Fix] Fixed a crash when back button is pressed immediately after pressing the add button in the profile page
- [Fix] Fixed backup service from hanging if it encounters invalid file types
- [Fix] Fixed fetching storage info for users other than the current user
- [Fix] Fixed hidden API restriction bypass issue for Android 11 (which unfortunately increased the APK size)
- [Fix] Fixed displaying wrong data usage in Android Lollipop devices
- [Fix] Fixed restoring backups with symbolic links
- [Fix] Foreground service notification is removed immediately after the operation is complete
Notice: After restoring apps that use SAF and SSAID, the device has to be restarted immediately.
Currently, the users are not notified if a restart is necessary after restoring a backup.
If you are in confusion, make sure to restart your device after restoring a backup.
All the changes introduced in v2.5.21, v2.5.22, v2.5.23, v2.5.24, and the ones below:
- New Feature: Log Viewer (accessible from the main menu, “running” tag in the app info page and three-dots menu in each item of the running apps page).
- New Language: Arabic
- [Feature] Removed unAPKM from the app as newer APKMs are no longer encrypted. (Use UnAPKM extension from F-Droid to continue to decrypt the encrypted APKM files.)
- [Feature] Added AES and RSA encryption (AES/GCM/NoPadding with 12 bytes IV) for backups
- [Feature] Added clear cache option in ADB mode
- [Feature] Added compatibility support for mobile data usage in old operating systems
- [Feature] Added colour codes to the “backup” tag in the main page denoting the age of the backups: Red => Uninstalled, Dark cyan => Up to date backup, Orange => Outdated backup
- [Feature] Added filter by profile in the main page
- [Feature] Added options to disable log viewer
- [Feature] Added select all button in various multiple choice dialogs
- [Feature] Added the ability to import (JKS, BKS and PKCS #12 KeyStores and PK8 formatted private key and PEM certificate) and generate signing keys
- [Feature] Added the option to import/export App Manager's KeyStore. It's a typical Bouncy Castle KeyStore in BKS extension
- [Feature] Added SAF tag in the app info page for apps that uses storage access framework. Clicking on it lists the granted URIs.
- [Feature] Added Verify and redo backups and back up apps with changes in 1-click ops page (in the back up section)
- [Feature] Display native libraries alongside shared libraries in the shared libs tab
- [Feature] Display file names that could not be imported (when importing files from Blocker or Watt)
- [Feature] Improved formatting of the backup info dialogs
- [Feature] Moved usage access to enable/disable features in the settings page
- [Feature] Organized settings by moving a rules and installer settings to a different fragment
- [Feature] Replaced block trackers with block/unblock trackers
- [Feature] Store backup hashes in the database to detect changes in data (will be enhanced in future)
- [Feature] Updated trackers and libraries
- [Fix] Renamed global component blocking to instant component blocking
- [Fix] Renamed Backup APK to Save APK
- [Fix] Removed the backup option Source and renamed APK only to APK files
- [Fix] Replaced the backup option Data with Internal data. External data no longer depends on this option.
- [Fix] Replaced the backup option Exclude cache with Cache (i.e., the flag has been inverted).
- [Fix] Avoided crash in the app details page when device configuration (night mode, orientation, etc.) changes
- [Fix] Backup URI grants only for the given users
- [Fix] Fixed a crash occurs occasionally when detecting whether an app is running
- [Fix] Fixed a crash when yesterday data isn't available in the app usage page
- [Fix] Fixed a crash when back button is pressed immediately after pressing the add button in the profile page
- [Fix] Fixed backup service from hanging if it encounters invalid file types
- [Fix] Fixed fetching storage info for users other than the current user
- [Fix] Fixed hidden API restriction bypass issue for Android 11 (which unfortunately increased the APK size)
- [Fix] Fixed displaying wrong data usage in Android Lollipop devices
- [Fix] Fixed restoring backups with symbolic links
- [Fix] Foreground service notification is removed immediately after the operation is complete
Notice: After restoring apps that use SAF and SSAID, the device has to be restarted immediately.
Currently, the users are not notified if a restart is necessary after restoring a backup.
If you are in confusion, make sure to restart your device after restoring a backup.
👍2
NOTICE: If you are upgrading from a previous release, you must restart your device.
👍1
How back up/restore works in App Manager
[See related docs here.]
App Manager has introduced the first usable Android backup technology for the privacy enthusiasts. It's designed from scratch keeping privacy and security in mind. It's the first backup software that offers some form of verification to ensure the integrity of the backups, to ensure that the backups you've made are not meddled with, at the same time, leaving some way to restore them using third-party tools or even with noscripting languages. Issue #30 on GitHub describes my initial approaches which was further enhanced a number of times before it was become stable. This feature was introduced in v2.5.16 as an alpha feature and in v2.5.24 as a beta feature.
What does it back up? It backs up a number of data from an app which includes apk files, OBB files, app data (internal, external), permissions, app ops, network policies, battery optimization status, notification permission, uri grants (in Storage Access Framework) and SSAID. This may not seem a lot but I don’t know a single app that does as much (there is a non-free app which is pretty close to mine but it has many limitation and often restriction as well).
What format does it use? Backups are archived in tar format, compressed using either GZip or BZip2 (based on user preferences). We use standard extensions with a fixed naming convention so that they can be parsed using third-party noscripts. SD cards are often formatted in FAT32 which means the size of a single file can't be more than 4GB. As a result, each archive is split into multiple parts if necessary. Rules that you configure in App Manager are stored in a csv file in the standard rules file format. Extras such as permissions, app ops, SSAID are also stored in a separate csv file in the same format. App metadata are stored in a JSON file. Lastly, the checksums are stored in a normal text file using the same format used by the
How backups are protected? Currently AM supports OpenPGP (via OpenKeychain, a highly recommended app to manage your PGP keys on Android), RSA and AES. For now, encryptions are not enforced, but I highly recommend you to adopt an encryption otherwise your personal information could be accessed by other apps which have access to the storage and they can even manipulate the backups (creators of botnets are often smarter than you think!). RSA and AES keys can be configured in AM and they are stored in an internal Bouncy Castle KeyStore. If you try configure RSA or AES, you will be asked for the KeyStore password and the alias password for the key. The passwords are encrypted using a key generated and stored at Android KeyStore so that we don’t have to rely on the KeyStore in order to allow backups. You can also export or import the entire KeyStore in case you want to switch device or simply use a third-party tool. Since the KeyStore password is only known to you (and hopefully, you won’t tell to others), your backups can only be restored by you.
Everything but metadata are encrypted (if you allow encryption). Metadata not only contains information about the app but also information about the backup and encryption such as the AES key (for RSA), nonce (for RSA and AES) and key IDs (for OpenPGP). The checksum file contains the checksum of all files except the checksum itself. As a result, manipulating an encrypted backup is almost impossible. There is still one or two security issues that I have to deal with but are mostly related to how backups are made or restored and nothing to do with the backup themselves.
[See related docs here.]
App Manager has introduced the first usable Android backup technology for the privacy enthusiasts. It's designed from scratch keeping privacy and security in mind. It's the first backup software that offers some form of verification to ensure the integrity of the backups, to ensure that the backups you've made are not meddled with, at the same time, leaving some way to restore them using third-party tools or even with noscripting languages. Issue #30 on GitHub describes my initial approaches which was further enhanced a number of times before it was become stable. This feature was introduced in v2.5.16 as an alpha feature and in v2.5.24 as a beta feature.
What does it back up? It backs up a number of data from an app which includes apk files, OBB files, app data (internal, external), permissions, app ops, network policies, battery optimization status, notification permission, uri grants (in Storage Access Framework) and SSAID. This may not seem a lot but I don’t know a single app that does as much (there is a non-free app which is pretty close to mine but it has many limitation and often restriction as well).
What format does it use? Backups are archived in tar format, compressed using either GZip or BZip2 (based on user preferences). We use standard extensions with a fixed naming convention so that they can be parsed using third-party noscripts. SD cards are often formatted in FAT32 which means the size of a single file can't be more than 4GB. As a result, each archive is split into multiple parts if necessary. Rules that you configure in App Manager are stored in a csv file in the standard rules file format. Extras such as permissions, app ops, SSAID are also stored in a separate csv file in the same format. App metadata are stored in a JSON file. Lastly, the checksums are stored in a normal text file using the same format used by the
sha*sum commands in Linux (to make the parsing easier by third-party scrips).How backups are protected? Currently AM supports OpenPGP (via OpenKeychain, a highly recommended app to manage your PGP keys on Android), RSA and AES. For now, encryptions are not enforced, but I highly recommend you to adopt an encryption otherwise your personal information could be accessed by other apps which have access to the storage and they can even manipulate the backups (creators of botnets are often smarter than you think!). RSA and AES keys can be configured in AM and they are stored in an internal Bouncy Castle KeyStore. If you try configure RSA or AES, you will be asked for the KeyStore password and the alias password for the key. The passwords are encrypted using a key generated and stored at Android KeyStore so that we don’t have to rely on the KeyStore in order to allow backups. You can also export or import the entire KeyStore in case you want to switch device or simply use a third-party tool. Since the KeyStore password is only known to you (and hopefully, you won’t tell to others), your backups can only be restored by you.
Everything but metadata are encrypted (if you allow encryption). Metadata not only contains information about the app but also information about the backup and encryption such as the AES key (for RSA), nonce (for RSA and AES) and key IDs (for OpenPGP). The checksum file contains the checksum of all files except the checksum itself. As a result, manipulating an encrypted backup is almost impossible. There is still one or two security issues that I have to deal with but are mostly related to how backups are made or restored and nothing to do with the backup themselves.
👍1
Limitations. Along with other issues Android is not made to store snapshots of apps’ activities. After restoring a backup, one would expect the app to be in the same state as before but this is not possible on Android without taking a snapshot of the entire operating system. The apps that use Android KeyStore may not restore correctly due to how Android KeyStore works and how the app interacts with it which is why their backups are disable by default. Apps with SSAID and Storage Access Framework only works correctly after a restart because the new configurations can only be written to disks (not in memory) which are read only during the boot.
This is just the beginning of my exploring the Android ecosystem. There's still more to work on and to improve. However, it is a tale told by an idiot, full of sound and fury, signifying nothing.
This is just the beginning of my exploring the Android ecosystem. There's still more to work on and to improve. However, it is a tale told by an idiot, full of sound and fury, signifying nothing.
👍1