Skip to content
This repository has been archived by the owner on Sep 6, 2019. It is now read-only.

PHONE_STATE permission chained #2132

Closed
J316 opened this issue Feb 5, 2015 · 11 comments
Closed

PHONE_STATE permission chained #2132

J316 opened this issue Feb 5, 2015 · 11 comments
Labels
bug

Comments

@J316
Copy link

J316 commented Feb 5, 2015

It looks like the phone/android.intent.action.PHONE_STATE and the calling/android.intent.action.NEW_OUTGOING_CALL permissions are chained between apps. I try to explain, let's say I have 5 apps using the PHONE_STATE permission, I deny it for 1 of them, then, when I get a phone call XPrivacy processes the 5 intents in this order (allow, allow, deny, allow, allow). The result is the first two apps can see the number I've been called by, the third can't, because I restricted it, but the forth and the fifth see the defaced number the third app has been fed with, so it's like they are restricted too. The same goes when I call. I hope it's clear.
@M66B
Copy link
Owner

M66B commented Feb 5, 2015

Please provide a logcat of this with XPrivacy debugging enabled.

@M66B M66B added the question label Feb 5, 2015
@J316
Copy link
Author

J316 commented Feb 5, 2015

img_20150205_224620

This shows exactly what I described, I called the number 000000 for testing purpose, only one app was restricted, but all the apps processed after that were fed with those defaced data.

@M66B
Copy link
Owner

M66B commented Feb 5, 2015

Does XPrivacy run in AOSP or compatibility mode?

@J316
Copy link
Author

J316 commented Feb 5, 2015

AOSP

@J316
Copy link
Author

J316 commented Feb 5, 2015

It looks like the same applies for contacts, in particular I get empty contact list in Viber app, like I have no contacts saved at all

@Tragen
Copy link

Tragen commented Feb 6, 2015

Does this happen on 3.6.x only or also on older versions?

M66B added a commit that referenced this issue Feb 6, 2015
@M66B
Block ACTION_NEW_OUTGOING_CALL/ACTION_PHONE_STATE_CHANGED
f673a16 
Refs #2132
@M66B
Copy link
Owner

M66B commented Feb 6, 2015

I have changed the code to block the intents instead of changing the phone number to fix this problem. There is no other way of doing this, but the result is the same, an application cannot see your phone numbers.

Could you please check if this version solves the problem:
https://crowd.xprivacy.eu/XPrivacy_3.6.1-1.apk

The contact restriction is handled in another way, so I don't think this problem applies to contact restrictions (unless you restrict contacts for the contacts application/service itself).

@M66B M66B added bug and removed question labels Feb 6, 2015
@M66B
Copy link
Owner

M66B commented Feb 6, 2015

@Tragen: this will happen in any version 3.x

@J316
Copy link
Author

J316 commented Feb 6, 2015

It works, at least for outgoing calls, I didn't try for incoming calls. Now the restricted apps are not fed with fake data but with empty data

@J316
Copy link
Author

J316 commented Feb 6, 2015

Will be possible in the future to keep feeding apps with fake data?

@M66B
Copy link
Owner

M66B commented Feb 6, 2015

Not for these two restrictions.

@M66B M66B closed this as completed Feb 6, 2015
Repository owner locked and limited conversation to collaborators Feb 8, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@M66B @Tragen @J316