Privacy Digest: June 2024.

Previous report: https://news.1rj.ru/str/AppManagerDebug/4083

Time interval: July 2023 - December 2023 (including 18 previously active crash reports)
Total crash reports: 88
Total active crash reports: 12 (76 reports were deleted)
Total missing signature reports: 110 (29 reports were deleted)

📣 July’24 Updates.
1. The situation in my country wasn’t very well this month (and won’t be in this month). The police, the special forces, the armed forces along with the student wing of the current political party attacked the students and civilians, protesting against a discriminating quota system in govt jobs, throughout the country resulting in the death of 277 or even more, which is highest number of deaths in a single movement since its independence in 1971 (we’re now calling it the July Massacre). In addition, the Internet wasn’t available for five days throughout the country, and the cellular Internet wasn’t available for ten days, and the Internet speed is still very slow. I posted some updates earlier in the debug channel on Telegram, and a few users emailed me and offered to help me in any way they can. Thank you for your emails. Just to give you an update, I’m well and safe, and I don’t need any help right now. I also couldn’t focus on anything else, including this project. So, I couldn’t make a beta release like I announced earlier.
2. “Contributor of the Month” will be skipped for July due to the above circumstances.
3. I’ve been seriously working on the backup/restore feature. It needs a lot of improvements including support for importing/exporting contacts, SMS/MMS, Wi-Fi configurations, VPN apps, autofill apps, accessibility apps, input methods, spell checkers, notification channels, and so on. Some of the features require a lot of work, and won’t be available anytime soon. Be sure to take a look at the changelogs to find what’s new in backups!
4. It appears that some directories aren’t accessible on some devices (Amazon Fire TV, or example) in ADB mode. What’s more curious is that newer Androids don’t support opening streams via ADB in some directories (blocked via SELinux). As a result, we may need alternative methods (such as no-root usage or streaming via shell) for those cases. However, further investigation is needed.

5. As I started looking into the permission issues, it appears that the sorting out all the permissions is not an easy thing to do, and a lot of people in the past have tried to come up with solutions, but none of them have offered any perfect solution. This is almost an impossible task for several reasons: a) There are two permission APIs (i.e., PermissionManager and AppOpsManager), b) Some permissions are merged with each other in those APIs which can cause unexpected behaviour both aren’t altered at the same time, c) Although each permission (or app op) supports a wide set of modes or flags, only a few specific modes or flags actually work with a permission and finding this out is complicated, especially for the infrequently used permissions (as they are not available in Android Settings to find how they should actually be granted or revoked), d) Many permissions (and most app ops) have no public documentation, making it difficult to find out what they are supposed to do, e) There are some other APIs that should’ve been included with the permission APIs (e.g., battery optimisation, sensor, net policy) as their independent presence makes no sense, f) Some vendors include their own sets of permissions and app ops whose behaviours are largely unknown, g) Vendors provide permission whitelists for some applications (fortunately, this is manageable through the permission flags), h) Same permissions work differently in each version of Android, and i) Some app ops depend on other app ops. Therefore, in creating a permission model, we’ll have to unify all those permission APIs and present them to the user in a way so that it would look as if the permissions are handled by a single permission API, and this isn’t an easy thing to do. Because we still have to provide a way to show which permissions are affected by the change and offer an option to alter them manually. This is further complicated by other apps (e.g., App Ops, Permission Pilot) that offer their own sets of abstraction, and the user expects similar behaviour from App Manager. Another issue is that the purpose of the “Uses Permissions” and “Permissions” tabs were to display the permissions declared in the manifest of the app. If such a permission model is implemented, it should not replace those tabs.

Bangladesh v2.0!

We have just got our second independence through a historical revolution! Congratulations to all Bangladeshis who follow this channel!

📣 August’24 Updates.

1. The month August has been quite eventful. The tyrannical govt of Bangladesh was ousted on 5 August as people joined the students in their one-point demand. The prime minister fled the country, police fled from their stations, students and army were in charge of law and order, and an interim govt was formed. Then, we saw many unsuccessful attempts by various parties to oust the new govt. Also, there was a sudden and massive flood in the Southeastern part of the country. Finally, when all things were settling down, I lost my grandmother in 22 August as she had multiple strokes due to old age. It was also my last month in my job as I am starting Ph.D. from September. I also needed to prepare for my journey to a new country, which will also be my first ever visit to any country as well as plane journey.
2. I am trying my best to update documentation so that I can release the next beta as soon as possible. v4.0.0 introduces a lot of changes. So, it’s taking some time, not to mention the distractions that I’m constantly facing.
3. Many people are talking about the latest Magisk privilege escalation vulnerability which allows a third-party application to obtain root without any prompt. The vulnerability is discovered by the Magisk contributors themselves and cannot be exploited easily. So, there’s no need to panic. You can also switch to the Canary channel to have a fix, but it’s not urgent.
4. On another news, Samsung users should really focus on debloating their stock ROM as we’re seeing a surge of vulnerabilities in their system and preinstalled applications. One of the primary reasons for privilege escalation vulnerabilities is the lack of audit of the system applications. UID < 10000 are special UIDs that need special care, especially UID 1000. Unfortunately, we can expect nothing from them as it seems that the security audits are skipped even for their kernel modules. My question is: if you cannot audit your system applications, why do you develop them in first place? Why not rely on the AOSP instead.

📣 September’24 Updates.

1. Writing documentation for v4.0.0 is more complicated than I thought. So, I shall release a new beta with partial documentation as the time is running out for beta, and complete the documentation in the RC.
2. One of the reasons for me being slow in the development is that my Xiaomi phone does not work in the US due to bandwidth limitations. I have also moved to a place which is about 1,000 feet higher than where I used to live. As a result, the battery also does not last long. I also have a (cheap) iPhone which I now use regularly (which is unbearable, by the way). However, I have ordered a Pixel phone which, hopefully, will be delivered at the end of this week. Once I get my new phone, I can be more regular in the development as well.
3. Due to study and research pressure, I need to be more efficient with the development. So, I decided to discontinue alpha-beta testing from this release. From now on, only RC and stable releases will be provided. This also means that features will be a bit unstable and inconsistent for the stable users. What this means is that features as well as bug fixes will be delivered as soon as sufficient contributions are made. If there are new and exciting features, the minor section shall be increased (e.g., 4.0.x → 4.1.x), and if there are only minor features or fixes, the patch section shall be increased (e.g., 4.x.0 → 4.x.1). This also implies that there won’t be any major releases until I believe that I can handle alpha-beta testing again. This may be a bad news for some users, but this has to be done to prevent potential “burn-out” on my part.

Translators.
I have updated the strings on Weblate. Please bear in mind that you'll get roughly a week to translate the new strings before the next release, and three weeks before the next RC. (Unless something bad happens, there will only be one RC for this version before the stable release.)

📣 October’24 Updates.

1. I’ve received my Pixel phone which is a bit dull compared to my old phone. It seems as if Google Pixel itself is at least two years behind Lineage OS even though Google is (more or less) the sole maintainer of the AOSP. Weird! Anyway, my phone will be unlocked this month, so I can try better alternatives.
2. I’ve more or less finished writing the documentation. I’m currently merging the translations from Weblate which is a bit tedious task because I need to verify each contribution one by one (and there are 91 such contributions). Most users of App Manager do not speak English. So, this is something where I pay a lot of attention. As I said last year, this task would’ve been easier for me if Weblate had provided a way to moderate the translations on the FOSS tier.
3. The next (and final) beta is scheduled for 12 November if you’re looking for an exact date. I’ve got an extended weekend in the US which I plan to utilize for this purpose.

Translation Updates.

[previous update]

I have reviewed and merged 47 commits out of 91 commits (51.65%) from Weblate.

These translators were blocked due to abuse:
- Adminslot69
- Valter Skot

These translators didn’t ask for permission as per policy:
- marciozomb13 (suspected machine translation)
- BahmanMD
- Denis Nemtsov
- H Vergnol
- tabby
- Jose Delvani
- kekomenos
- LucaS D. (mistakenly translated to Simplified Chinese instead of Portuguese and didn’t put them back)
- Luke Jakn
- Muhammad Bahaa
- George Mihăilă
- translater 616
- Nazar
- Mohammed al-Qubati
- Besnik Bleta
- Pablo
- Astoritin Ambrosius

These translators also didn’t ask for permission, but their contributions were considered valuable:
- Yuxuan He
- Miokoba
- Alireza Rashidi
- hugoalh
- Luna
- acress1

These translators have either altered their email address or been subjected to impersonation:
- ShareASmile <ShareASmile@users.noreply.hosted.weblate.org>
- LY <51789698+Young-Lord@users.noreply.github.com>

These translations are asked to be more careful about translations as they made one or more translation mistakes:
- ngocanhtve (Partial translation in Vietnamese)
- Andrey F. (Translated non-translatable strings in Russian)

These translators have tried to translate in a language they didn’t request:
- ℂ𝕠𝕠𝕠𝕝 (𝕘𝕚𝕥𝕙𝕦𝕓.𝕔𝕠𝕞/ℂ𝕠𝕠𝕠𝕝) (Translated Russian, but was assigned Latvian)

Thanks Rex_sa for fixing the Arabic strings!

#ustable #beta #release
App Manager v4.0.0-beta02

Private messages should be emailed to am4android@riseup.net. Emails sent to any other email addresses shall be discarded.

- Added full support for Android 14-r29 and later

App Details page
- [App Info] Added a new tag: Sensors disabled
System may misreport this permission. The best way to check if sensors are indeed disabled is by opening the app first and then visiting the App Info tab leaving the other app running in the background.
- [App Info] Added option to enable/disable sensors
- [App Info] Display detailed installer info
An info button is added next to the installer which displays the installer, the actual installer (AKA initiator), and the APK source (originator). Clicking on each item opens the corresponding App Details page. It also fixed displaying the installer app in certain devices.
- [App Info] Use the configured naming format when sharing an APK(S)
- Display blocking method in the components tabs
IFW+Dis = The component is blocked using both IFW and disable
IFW = The component is blocked using IFW
Dis = The component is disabled.
- Hide “Data usage” for apps without the internet permission
- Disabled “IFW” and “IFW+Disable” in the providers tab
In Rules settings, the denoscription for “Default blocking method” was also updated with a note that says IFW feature does not work with providers, “disable” is used for them instead.
- Fixed applying IFW method in the components tabs
Fixed applying IFW rules if the previous rules were “IFW+Disable” or “Disable”.

App Usage page
- Improve the usage time calculation method
The usage events returned by the UsageStatsManager were assumed to be in order of their timestamp which does not seem to be true and resulted in missing a few events due to the standard calculation method, that is, calculating the time difference between activity resume and pause timestamps. In addition, it appears that the system may log activity stop timestamp without logging any pause timestamp (a typical activity cycle would be resume → pause → stop → resume → …) causing further miss of events. These issues were addressed by sorting the events in order of their timestamp as well as measure the time difference between resume and stop timestamps instead of resume and pause timestamps.
- Fixed the “times opened” value
In order to calculate a more reliable number of times an app was opened, the time difference between each activity opening and closing are now relaxed. So, when the user navigates to another activity from an activity belonging to the same app and the time difference is less than 500 ms, the time difference is added to the total usage time. This calculation is technically more precise than the system's own open count because certain navigation involves the use of system UI (e.g., the arrow in the gesture navigation is emitted from the System UI app and should be considered as such) which are ignored. However, the issues with choosing 500 ms (half of a second) time difference are as follows:
1. Due to an user waiting a long time to trigger the back gesture or simply bad coding, an app may take more than this time to open an activity which will cause them to be listed as two accesses.
2. Some apps support multiple windows. If the user opens another activity in a new window shortly after opening the first activity, the two accesses may be counted as one instead of two.
These events are considered extraordinary and can be negligible in a real-life setting.

Backup/restore
- Improved handling custom users in backups
* Properly handle backup/restore for a single app. “Custom users” in the backup options is displayed only if the app is installed for multiple users. Similarly, cross-user restore is supported via the “Custom users” option. In addition, fixed issues causing the backup or restore to be performed for the wrong users.
* Unless the “Custom users” option is selected, backup or restore is made only for the current user in the batch selection mode. Others retain the old behaviour. For example, in the batch selection mode, restore is only made with the “base” backup which is defined to be the primary backup for the current user. So, if “Custom users” option is selected for restore operation, App Manager will try to find the base backup of each selected user and restore those for that user.
These behaviours are applied throughout the app to reduce complexity and remove any ambiguous behaviour.
- Fixed creating custom backups
When custom backups are enabled but the backup name is empty, create a custom backup with the current date and time instead of creating a base backup.
- Fixed the “cache” “no cache” confusion in the backup flags selection dialog
The “No cache” flag was replaced by the “cache” flag, but the translations still use the former. So, the string ID is altered to invalidate the translations.

DexOpt
- Set default compiler filter from the pm.dexopt.install property
- Fixed applying force dexopt in Android 14
These fixes may not work for every device. A novel approach is needed to reduce the complexity as well as put an end to the cat-and-mouse game.

File Manager
- Fixed remembering scroll position during navigation

Installer
- Accelerate the installation process in Android 12 onwards when possible
If an app is being installed in the foreground, App Manager will try to accelerate the installation process by delaying various post-installation tasks carried out by the system services.
- Properly handle the originating URI extra supplied by third-party apps via Intent.EXTRA_ORIGINATING_URI
- Set originating package in Android 7 onwards
The originating package is automatically determined from the Intent sent from the third-party apps. However, the determination logic may not always work, but it was ensured that there will not be any false positives, e.g., no spoofing can be done by a third-party app.
- Set package source to PACKAGE_SOURCE_OTHER by default in Android 13 onwards
This is done to prevent the system from applying various accessibility restrictions to the app. However, PACKAGE_SOURCE_STORE is set by default if the originating package is one of the supported app stores. At present, the supported app stores are: Aurora Store, Droid-ify, F-Droid, F-Droid Basic, F-Droid Classic and Neo Store. It is up to the developers to ensure that they send the APK installation requests in a proper way, i.e., by utilizing features such as startActivityForResult whenever possible.

Interceptor
- Intercept SAF, dialer, gallery, search, music player, and WhatsApp URLs

Main page
- [Batch Ops] Added option to export app list as CSV and JSON
- Display restore dialog for uninstalled apps with backups
Instead of displaying “App not installed” toast for the uninstalled apps with backups, open the restore dialog instead when clicking on such an item in the Main page.
- Fixed retrieving applications when there are too many applications installed on the device

Profiles page
- Display app op names instead of number in the profiles page

Settings page
- Added support for pure black theme
- Added a fallback server runner command from DE storage
Added a fallback server runner command in case SD card is inaccessible from the UID from which the noscript is being run. This leverages the device encrypted storage (data_de) by making certain folder and files globally accessible.
- Fixed displaying custom commands in the mode of ops page
- Fixed the noscript for the Mode of Ops settings page

UI Tracker
- Display current activity name when possible
In addition to displaying the class name and its hierarchies, the window will display the activity name if there's is an activity (not all windows are activities). This requires the usage stats permission which is enforced here even if it's disabled in the settings. This is because this feature is meant to be used as a useful tool separated from the rest of the app, but with some level of integration.
- Fixed freezing issues in certain devices (e.g., Samsung)

Others
- Allow opening an application in Android TV as well as for other users
This feature does not work in the installation completion dialog or notification.
- Allow the remote server to run under any privileged UID
- Made notification permission optional
Although denying notification permission will render many features useless, it is made optional for those who insists on denying it. However, the permission shall still be asked everytime the app is launched until it times out.
- Updated documentation to reflect latest changes
In addition, Oxygen OS specific ADB instructions were added.
- Fixed changing permissions in Android 14-r50 and later
- Fixed deleting the cached application after the installation attempt fails
- Fixed delivering changes made via batch operations
- Fixed issues with executing automated tasks from the third-party applications
- Fixed suspending packages in Android 14-r29 onwards
- Hide Code Editor if it's disabled in settings

Full Changelog: https://github.com/MuntashirAkon/AppManager/compare/v4.0.0-beta01...v4.0.0-beta02

BTW, Android 15 is the only Android OS for which I didn't need to apply any specific patches. Because, as it appears, most interesting patches to the AOSP have already been applied to Android 14 r29 and later. I think most AOSP developers here will agree that this is a very rare event in Android history (and makes system developer's life a bit difficult). As somebody said in Mishaal's Telegram group: there should've never been an Android 15, Google should've moved straight to Android 16 instead (I heard they're releasing it earlier than expected anyway). But you know, new year and new (useless) release. People in the systems and hardware research always talk about the end of Moore's law, but I think the entire technological advancements have slowed down, and it's likely that this trend will continue for a few more years.

📣 November’24 Updates.

1. If everything goes as planned, the v4.0.0 stable release will be made at the end of this month (December). But before that v3.1.8 will be released for the current stable users who aren’t able to suspend/unsuspend apps in v3.1.7.
2. Some users are reporting that they cannot install a few modded apps with App Manager because it fails to parse the APK files. There could be many reasons for this. For example, App Manager uses the standard zip library to read any APK files (since they are simply zip files). A zip file stores a lot of metadata apart from the file themselves to enable a zip file reader to understand what the zip file contains and how they contain. However, Android framework implementation of APK file reader disregards some of those information while reading an APK file. A clever developer can actually exploit this to create a zip file with invalid metadata, thus, making it impossible for a typical zip file viewer to extract those files. One way to mitigate this is to modify the metadata on the fly before parsing it using a zip file reader which I am currently looking into. Another example is the use of non-standard headers. A typical Android binary XML (not to be confused with ABX format introduced in Android 12) reader expects the binary to be formatted in a certain way which, unfortunately, is not how Android framework reads an Android binary XML. This allows a clever developer to inject those non-standard header, thus, rendering the reader useless. In App Manager, we use ARSCLib for this which is known to have such issues.
3. Some debug build users are complaining that the new Finder feature is great, but they cannot actually do anything with it other than listing the apps. Note that the feature is highly experimental, and I have a few exciting plans for the feature. For example, the filtering rules that you apply in Finder may actually be reused in other places such as in the main page and for profiles. More details will be available as the feature matures.
4. As I have started working on the app actions (that Autostarts support), I have realized that some features in the 1-click Ops page needs better UI to select and manage the search results. Such improvements will be gradually made in the future.
5. Many people have faced problems in connecting to ADB. I’ll add some troubleshooting options in the future to better assist you with those problems. While I admit that my solution to the ADB is not perfect (partly due to lack of time and resource), the library I developed for this project is currently the only free and open source solution that works on Android devices. So, if you want that your problems be solved, it’s better if you can assist me in troubleshooting the problems. This will not only be beneficial to App Manager, but also to other projects that utilize the library.

HyperOS 2.0 users.

If you have trouble updating the systems apps through App Manager, try setting the installer name to one of the system apps (such as Shell, Google Play Store, or File Explorer). This is a new restriction introduced in HyperOS 2.0, and non-root/non-ADB users, unfortunately, may no longer update the system apps through a third-party installer. For others, a better option will be be available soon. For reference: https://github.com/MuntashirAkon/AppManager/issues/1484

Announcement.

This is a time when people in many regions become generous and donate to their favorite charities and non-profits. While you cannot donate to App Manager right now, consider donating to the following non-profit organization and services*. They're part of the reason App Manager is still here:
1. IzzyOnDroid. Contrary to what many people think, IzzyOnDroid is not just a repository, it's a silent movement trying to set some standards on how an open source app should be. Many features in App Manager were possible because of IzzyOnDroid's constant efforts. https://android.izzysoft.de/help?topic=support_us
2. F-Droid. F-Droid is the de facto source of free and open source apps on Android. Many users of App Manager actually install the app from F-Droid. It has many faults, I admit, but it's still the best we've got. https://f-droid.org/en/donate/
3. Exodus Privacy. It is a community-led effort to maintain a list of trackers in Android applications. App Manager primarily uses this list to report potential trackers in an Android app. https://exodus-privacy.eu.org/en/page/contribute/
4. Bouncy Castle. App Manager exclusively makes use of the cryptographic libraries maintained by The Legion of Bouncy Castle Inc., an Australian charity and fundraiser. Without their libraries, much of the features of App Manager wouldn't have existed. https://www.bouncycastle.org/engage/donate/
5. Matrix. Matrix is where our support group is hosted. We've also reused some code related to cryptography from its SDK. https://www.matrix.org/support/
6. Riseup. App Manager makes use of Riseup's email service for secure communication and GitLab instance for hosting a mirror. https://riseup.net/en/donate
7. Codeberg. App Manager also has a mirror at Codeberg. Codeberg is a non-profit that aims to provide a space to free and open source projects such as App Manager. https://donate.codeberg.org
8. Weblate.** Localization/translations of App Manager are managed through Hosted Weblate, a free service run by Weblate. https://weblate.org/en/donate/
9. UN Crisis Relief Fund. As M. Gustave put it in the Grand Budapest Hotel: “There are still faint glimmers of civilization left in this barbaric slaughterhouse that was once known as humanity.” https://crisisrelief.un.org/opt-crisis

* I'm not affiliated in any way with any of these services or non-profits nor have they asked me to post this on their behalf.
** While Weblate software is free and open source, Weblate is NOT a non-profit.

📣 January'25 Updates.

- In the past couple of weeks, a lot of improvements have been made to the existing features, and I am happy to announce that v4.0.0 will be released in the next week. Writing changelog for 5 different platforms is not an easy task, but I'm almost finished writing the in-app changelog which is, by far, the most complicated one. Testers have also done a good job in reporting potential issues and fixes were made promptly.
- As App Manager is built on the principles of open source, privacy and security, and (according to the last poll) almost 60% of the users are using App Manager for privacy, I'll be focusing more on improving the most crucial projects that App Manager depend on in regards to privacy, such as ADL and Android Libraries. Advanced users and community members are encouraged to contribute to the ADL project since all the related projects are now more-or-less dead. ADL project, compared to App Manager, is a very small project and does not require any coding or programming skills. You may need to have some knowledge about JSON which is very easy to learn. I'd ask every one of you to try to contribute at least once a month to the ADL project to accelerate the process of listing and reviewing the bloatware in Android. Once we can bring it to a stable position, the maintenance would be quite easy.