The ultimate, yet easy to use, privacy manager for Android
([publication](http://www.blackducksoftware.com/news/releases/black-duck-announces-open-source-rookies-year-winners))- Description
- Features
- Restrictions
- Limitations
- Compatibility
- Installation
- Upgrading
- Usage
- Permissions
- Frequently asked questions
- Support
- Changelog
- Similar solutions
- News
- Contributing
- License
XPrivacy can prevent applications from leaking privacy-sensitive data by restricting the categories of data an application can access. XPrivacy feeds applications fake data or no data at all. It can restrict several data categories, such as contacts or location. For example, if you restrict an application's access to contacts, that application will receive an empty contacts list (don't try this with the contacts application itself without a backup). Similarly, restricting an application's access to your location will send a fake location to that application.
XPrivacy doesn't revoke or block permissions from an application, so most applications will continue to work as before and won't force close (crash). There are two exceptions: access to the internet and to external storage (typically an SD card) are restricted by denying access (revoking permissions). There is no other way to restrict such access because Android delegates handling these permissions to the underlying Linux network/file system. XPrivacy can fake an offline (internet) and unmounted (storage) state, but some applications still try to access the internet and storage, potentially resulting in crashes or error messages. If restricting a category of data for an application causes functional limitations, XPrivacy can once again allow access to the data category to solve the issue. There is a convenient on/off switch for all restrictions for each application.
By default, all newly installed applications cannot access any data category, which prevents a new application from leaking sensitive data right after installing it. Shortly after installing a new application, XPrivacy will ask which data categories you want the new application to have access to. XPrivacy comes with an application browser that allows you to quickly enable or disable applications' access to any data category. You can edit all of an application's data categories.
To help you identify potential data leaks, XPrivacy monitors all applications' attempts to access sensitive data. XPrivacy displays an orange warning triangle icon when an application has attempted to access data. If an application has requested Android permissions to access data, XPrivacy displays a green key icon. XPrivacy also displays an internet icon if an application has internet access, which clarifies that the application poses a risk of sharing data with an external server.
XPrivacy is built using the Xposed framework, which it uses to tap into a vast number of carefully selected Android functions. Depending on the function, XPrivacy skips execution of the original function (for example when an application tries to set a proximity alert) or alters the result of the original function (for example to return an empty message list).
XPrivacy has been tested with Android version 4.0.3 - 5.0.2 (ICS, JellyBean, KitKat, Lollipop), and is reported to work with most Android variants, including stock ROMs. Root access is needed to install the Xposed framework.
XPrivacy was a lot of work, so please support this project
If you want to donate, see here for all options.
Using XPrivacy is entirely at your own risk
- Simple to use
- No need to patch anything (no source, no smali or anything else)
- For any (stock) variant of Android version 4.0.3 - 5.0.2 (ICS, JellyBean, KitKat, Lollipop)
- Newly installed applications are restricted by default
- Displays data actually used by an application
- Option to restrict on demand
- Free and open source
- Free from advertisements
For easy usage, data is restricted by category:
- Accounts
- Browser
- Calendar
- Calling
- Clipboard
- Contacts
- Dictionary
- Identification
- return a fake Android ID
- return a fake device serial number
- return a fake host name
- return a fake Google services framework ID
- return file not found for folder /proc
- return a fake Google advertising ID
- return a fake system property CID (Card Identification Register = SD card serial number)
- return file not found for /sys/block/.../cid
- return file not found for /sys/class/.../cid
- return a fake input device descriptor
- return a fake USB id/name/number
- return a fake Cast device ID / IP address
- Internet
- revoke permission to internet access
- revoke permission to internet administration
- revoke permission to internet bandwidth statistics/administration
- revoke permission to VPN services
- revoke permission to Mesh networking services
- return fake extra info
- return fake disconnected state
- return fake supplicant disconnected state
- IPC
- Location
- return a random or set location (also for Google Play services)
- return empty cell location
- return an empty list of (neighboring) cell info
- prevents geofences from being set (also for Google Play services)
- prevents proximity alerts from being set
- prevents sending NMEA data to an application
- prevent phone state from being sent to an application
- Cell info changed
- Cell location changed
- prevent sending extra commands (aGPS data)
- return an empty list of Wi-Fi scan results
- prevent activity recognition
- Media
- Messages
- Network
- NFC
- Notifications
- prevent applications from receiving statusbar notifications (Android 4.3+)
- prevent C2DM messages
- Overlay
- Phone
- return a fake own/in/outgoing/voicemail number
- return a fake subscriber ID (IMSI for a GSM phone)
- return a fake phone device ID (IMEI): 000000000000000
- return a fake phone type: GSM (matching IMEI)
- return a fake network type: unknown
- return an empty ISIM/ISIM domain
- return an empty IMPI/IMPU
- return a fake MSISDN
- return fake mobile network info
- Country: XX
- Operator: 00101 (test network)
- Operator name: fake
- return fake SIM info
- Country: XX
- Operator: 00101
- Operator name: fake
- Serial number (ICCID): fake
- return empty APN list
- return no currently used APN
- prevent phone state from being sent to an application
- Call forwarding indication
- Call state changed (ringing, off-hook)
- Mobile data connection state change / being used
- Message waiting indication
- Service state changed (service/no service)
- Signal level changed
- return an empty group identifier level 1
- Sensors
- Shell
- Storage
- revoke permission to the media storage
- revoke permission to the external storage (SD card)
- revoke permission to MTP
- return fake unmounted state
- prevent access to provided assets (media, etc)
- System
- return an empty list of installed applications
- return an empty list of recent tasks
- return an empty list of running processes
- return an empty list of running services
- return an empty list of running tasks
- return an empty list of widgets
- return an empty list of applications (provider)
- prevent package add, replace, restart and remove notifications
- View
- prevent links from opening in the browser
- return fake browser user agent string
- Mozilla/5.0 (Linux; U; Android; en-us) AppleWebKit/999+ (KHTML, like Gecko) Safari/999.9
General
- /proc, CID and system (build) properties cannot be restricted for Android (serial number, IMEI, MAC address, etc), because restricting these will result in bootloops
- /proc/self/cmdline will not be restricted by /proc, because it will result in instability
- The phone number cannot be restricted for the standard phone application
- The browser bookmarks and history cannot be restricted for the browser itself
- Internet and storage can only be restricted for applications, providers, and services started by the Android package manager
- There is no usage data for inet, media and sdcard, since this is technically not possible
- Because it is static, Build.SERIAL can only be randomized when an application starts, and there is no usage data
- Due to a bug in Chromium, the user agent cannot be restricted in all cases (issue)
- Due to a custom implementation, the clipboard cannot be restricted on some Samsung stock ROMs (issue)
- It is not possible to restrict external hardware MAC addresses or the external IP address, see also FAQ 33
- You cannot restrict Configuration.MCC/MNC on demand
- Allowing contacts for SIM-contacts isn't supported (who is using these anyway these days?)
- Calendars and contacts cannot be restricted for specific accounts; it is all or nothing; however, it is possible to allow individual contacts with a pro license
- It is possible to unhook methods in user space using native libraries, see for more details FAQ 68
- In some situations the on demand restricting dialog freezes, notably when using volume keys. This cannot be fixed due too limitations of Android.
- In some situations the on demand restricting dialog is overlayed by other windows, notably notifications. This cannot be fixed due too limitations of Android.
- Restricting Internet/connect and/or View/loadURL for the stock browser doesn't prevent loading of pages (issue)
XPrivacy
- You cannot restrict some functions in the Identification category, because it is used for submitting restrictions
- The Android ID is salted with the serial number and MD5 hashed before communicating with the crowd sourced restrictions server
- This means that the crowd sourced restrictions server never gets the serial number nor the Android ID
- You cannot restrict IPC because it is needed for internal checks
- You cannot restrict Storage because it is needed to read the pro license file
- You cannot restrict System because it is needed to get an application list
- You cannot restrict View because it is needed to open links to the crowd sourced restrictions
You can still restrict the XPrivacy app's access to accounts, contacts, and other things.
XPrivacy has been tested with Android version 4.0.3 - 5.0.2 (ICS, JellyBean, KitKat, Lollipop) and is reported to work with most Android variants, including stock ROMs.
Android 5.0.x: XPrivacy will cause a bootloop on some ROMs due to a bug in Xposed (issue).
XPrivacy is incompatible with LBE Security Master (issue).
XPrivacy is incompatible with the security center of MIUI (issue). See here for a solution.
You need to use the quirk "noresolve" when using GoPro and some other wireless camera's, like the Sony QX1/10/30/100 (issue).
Candy Crush is known to crash on some ROMs, see here.
Instead of following the steps below, you can use the XPrivacy Installer, except for Android 5.x - Lollipop.
Installation may seem lengthy, but you can actually do it quickly:
- Requirements:
- Android version 4.0.3 - 5.0.2 (ICS, JellyBean, KitKat, Lollipop); check with System Settings > About phone > Android version
- Read about compatibility before installing
- Make a backup
- For Android 5.x (Lollipop) / XPrivacy version 3.6.6 (you can skip this step for later XPrivacy versions):
- This is not optional, unless you are using a custom ROM/kernel with SELinux disabled or in permissive mode!
- Note that applications to set SELinux to permissive mode will probably not work, since this is probably done too late in the boot process
- You need to be able to flash a kernel image
- Mostly this means the bootloader needs to be unlocked
- You need to have/obtain a kernel image (boot.img) for your device
- Edit the kernel image and add this line as the second to last to the file ramdisk/service_contexts (before the blank line):
- xprivacy453 u:object_r:system_server_service:s0
- You can do this with for example Android Image Kitchen
- Make sure you preserve the Linux line endings of the file
- My advice is to use Geany to edit the file
- Flash the edited kernel image
- Mostly this is done using the fastboot command
- Download the latest release of XPrivacy here
- The releases in the Xposed repository do not work on Android 5.x (Lollipop)
- This is not optional, unless you are using a custom ROM/kernel with SELinux disabled or in permissive mode!
- If you haven't already, root your device; the rooting procedure depends on your device's brand and model.
- You can find a guide here for most devices
- Enable System settings > Security > Unknown sources
- Install the Xposed framework
- Be sure to install the latest version
- The Xposed fix is not needed anymore
- Download and install XPrivacy from here
- Alternatively download it from here
- Enable XPrivacy from the Xposed installer
- Start XPrivacy one time
- Reboot
I do not recommend using XPrivacy in combination with any of the similar solutions, because this could result in conflicts and potential data leaks.
There is an unofficial backported Gingerbread version available here. Please note that only the official version is supported.
If you want to uninstall XPrivacy, you have two options:
- Disable XPrivacy in the Xposed installer
- Uninstall the XPrivacy application
Don't forget to reboot.
To save space you can delete the folder /data/system/xprivacy after uninstalling.
- Make a backup
- Do not remove the previous version (or else your settings will get lost)
- Download the new version (with a pro license you can use the menu Help ... > Check for updates)
- Install the new version over the previous version
- Wait until the Xposed installer recognizes the update (else XPrivacy might not be enabled)
- Start the new version once (else Android will not send the boot completed event)
- Reboot your device
- Wait until the XPrivacy update service has been completed (showing 100%)
When following this procedure, your data will not leak because the Xposed part of XPrivacy keeps running.
Very short tutorial
- Find the application to restrict in the main application list
- Tap on the application icon
- Tap the first check box of any category you want to restrict
Use common sense when restricting, don't expect internet access if you restricted the internet category, etc.
Get used to XPrivacy before using more advanced features, like function exceptions.
Longer explanation
The application starts in the main view, where a data category can be selected at the top. By ticking one or more check boxes in the list below, you can restrict the selected data category for the chosen applications. The default category is All, meaning that all data categories will be restricted.
Tapping on an application icon shows the detailed view where you can manage all the data categories for the selected application. This view will also appear when you tap on the notification that appears after updating or installing an application. By default, all data categories will be restricted for newly installed applications to prevent leaking privacy-sensitive data. You can change which data categories will be restricted by changing the Template available from the main menu.
Data categories make it easier to manage restrictions. You can drill down the data categories in the detailed view to reveal individual functions. If the category is restricted, you can un-restrict individual functions by clearing the function's check box.
To see restriction in action, try restricting the category Identification for Android Id Info.
Applying some restrictions require restarting applications
You can turn on and off all restrictions for an application using the on/off switch.
Since version 1.99 you can also restrict on demand. This means you will be asked to allow or deny a category/function when the category/function is used by an application. Restricting on demand is the default for newly installed applications. You can turn on and off restricting on demand in the application details view using either the settings or the check box next to the on/off switch. You can turn on and off restricting on demand for individual categories and functions using the second column of check boxes.
If an application has requested Android permissions for a data category, the category will be marked with a green key icon. If an application has used or tried to use data, the data category will be marked with an orange warning triangle icon. If an application has internet permissions, a world globe icon will be shown. These icons are just a guideline because an application can still access some privacy sensitive data without Android permissions, such as your device's serial number, and because it is not possible to monitor data usage in each and every situation, such as access to the internet or the external storage. Be aware that an application can still access the internet through other (sister) applications.
Restricting internet or storage means blocking access to the internet and to external storage (typically the SD card), respectively. Either of these may result in error messages and even cause applications to force close (crash).
Function restrictions considered dangerous are marked with a reddish background color. These dangerous functions are more likely to cause applications to crash if you restrict them.
Global settings and application specific settings are accessible from the application list's menu and from the menu of the application's detailed view. The global settings, such as randomized or set latitude/longitude, apply to all applications unless you override them with specific application settings. But saving an empty set of specific application settings (you can use the clear button) will erase all application specific settings so that the global settings will again be in force.
The restrictions template (in the main menu) is applied automatically to newly installed applications and manually via the menu item "Apply template" in the application's detailed view.
You can find an overview of all menu items here.
Using XPrivacy is entirely at your own risk
XPrivacy asks for the following Android permissions:
- Accounts: to be able to restrict applications' access to accounts
- Contacts: to be able to restrict applications' access to contacts
- Boot: to be able to check if XPrivacy is enabled
- Internet: to be able to submit and fetch crowd sourced restrictions
- Storage: to be able to export XPrivacy's settings to the SD card (only with a pro license)
- Wakelock: to keep the processor running during batch operations
If desired, you can even restrict XPrivacy from accessing any of the above, but there are some limitations.
Please note that any Xposed module has basically root permissions and can therefore circumvent any Android permission.
(1) Will XPrivacy make my device slower?
Maybe a little bit, but you probably won't notice.
But my device is slow with XPrivacy! It appeared that in some cases this was caused by the TRIM bug. See here for more information and a solution.
(2) Does XPrivacy use a lot of memory and battery?
Almost nothing.
(3) Can you help me with rooting my device?
There are already enough guides to help you to root your device. Use your favorite search engine to find one.
(4) How can I reset an application's XPrivacy settings?
While viewing an application's restrictions, do "Menu > Clear" then reboot.
(5) Can I backup XPrivacy's restrictions, settings, and usage data?
Starting with version 1.11.13, you can no longer backup XPrivacy's data with standard backup tools, such as Titanium Backup. This is because database is no longer stored in the XPrivacy data folder, but in a system folder. I have tried to store the database in the XPrivacy data folder, but this leads to all kinds of permission problems.
The best practice is to use XPrivacy's export function (Main Menu > Export) to backup XPrivacy data, but please note that this requires a pro license.
You can automate backups by sending an intent:
adb shell am start -a biz.bokhorst.xprivacy.action.EXPORT
If you want to specify a file name:
adb shell am start -a biz.bokhorst.xprivacy.action.EXPORT -e FileName /sdcard/test.xml
You can do this with Tasker, for example:
- New task: Any name you like
- Action Category: Misc/Send Intent
- Action: biz.bokhorst.xprivacy.action.EXPORT
- Target: Activity
- Extra: FileName:/sdcard/test.xml (optional, to specify an export location and file name)
(6) Precisely which functions does XPrivacy restrict?
Many. See here for all details.
Great care has been taken to develop XPrivacy. Nevertheless, on rare occasions, data can leak and applications can crash.
(8) I get "An internal check failed ..." !
An internal check of XPrivacy failed, resulting in potential data leakage. Please press OK to send me the support information so I can look into it.
(9) What is the procedure to update a ROM?
Assuming you don't wish to wipe data and that Xposed and XPrivacy are already installed before updating the ROM, the best procedure to update a ROM is:
- Export XPrivacy settings
- Enable flight mode
- Use the menu option in XPrivacy to clear all data.
- Reboot to recovery
- Flash ROM
- Flash Google apps (optional)
- Re-activate Xposed using Xposed toggle
- Reboot to Android
- Restore the android ID (when needed. For example, with Titanium backup)
- Import XPrivacy settings
- Disable flight mode
- Fake network type (Wi-Fi, mobile)
If you skip the export, clear, or import steps above, some system applications can end up with the wrong restrictions because the ROM update might have changed these applications' UID's.
To import and export XPrivacy's data, you need a pro license.
(10) Can I restrict root access?
Yes, via "Shell (commands, superuser) > su", but be aware that applications can acquire root privileges through native libraries too. An example is Android Terminal Emulator.
(11) Will restrictions be applied immediately?
Changes to restrictions may require up to 15 seconds to take effect because of caching. Changing internet and storage restrictions requires restarting the application. Please note that in many cases pressing back merely moves the application to the background.
(12) Does XPrivacy have a firewall?
You can restrict internet access for any application. But if you want to partly enable internet, for example for Wi-Fi only, you will have to use a firewall application, such as AFWall+. XPrivacy works within Android, and detailed firewall rules can only be applied within the Linux kernel.
The latest versions of XPrivacy allow you to white and black list IP addresses and host names.
(13) I get "Unable to parse package."
This means XPrivacy's apk file is corrupt. Try disabling your popup blocker or download using another computer.
The simplest way is to use an application, like Catlog, but logcats captured this way are not always sufficient. The best way to capture a logcat is:
- Install the Android SDK (Click Download for other platforms for a minimal download)
- Make sure you can connect to your device via USB (see here for drivers and instructions)
- Enable XPrivacy debug logging in the main settings
- Power off your device
- Start logging by entering this command on the command line: adb logcat >log.txt
- Power on your device
- Reproduce the problem
If you need a logcat from system start, you can run this command on your device (this will force restart Android):
killall system_server; logcat | grep -i xprivacy
Upload the captured logcat somewhere, for example using Google Drive, and link to it from the issue you (should) have created. Don't forget to mention the uid of the application to look into when relevant.
(15) Where are XPrivacy's settings stored?
XPrivacy's restrictions, settings, and usage data are stored in an sqlite3 database in this folder:
/data/system/xprivacy
(16) Why doesn't clearing the check box for a data category also clear the functions inside that category?
In the app details view, it will. In the main list view you are protected against losing the restriction settings inside a data category by accidentally unchecking that category's checkbox. The restriction settings inside a category only apply when that category is restricted.
(17) How can I export/import my settings?
You need a pro license to import your settings. Exported settings are stored in the folder .xprivacy in the file XPrivacy.xml. You can copy this file to the same place on any other device. When importing, settings are only applied to user and system applications that actually exist on the other device.
The export file will contain all restrictions and settings, but note that allowed accounts and contacts (not the accounts and contacts themselves) can only be imported when the Android ID is the same.
Also see the above FAQ about what to do when updating your ROM.
(18) I have restricted locations, but my GPS status icon still appears.
That is correct. XPrivacy only replaces the real location with a fake location. It even uses the real location to randomize the fake location. The idea is that everything should appear as normal as possible to an application.
See here for some addtional information.
(19) How about multi-user support?
Secondary users can install and use XPrivacy the same way as the primary user. The primary user cannot manage the restrictions of secondary users. This is because Android totally separates the environments of the users (which is a good thing from a security perspective). Each user has its own set of settings, so each user can define its own template and global fake values.
- Only the primary user can clear all data
- Only the primary user can define dangerous functions
- Only the primary user can enable/disable debug logging
- The primary user can see all usage data
- Secondary users can only see their own usage data
- The pro license needs to be activated for all users individually
(20) Why is the "Settings > Fake data > Search" button disabled?
Because some Google components are not installed.
(21) Do I still need root after installing Xposed?
No, root is only required to install Xposed one time.
(22) Why isn't XPrivacy available in the Play Store anymore?
Read the explanation here.
(23) What is "Template" used for?
XPrivacy uses the template to apply restrictions to newly installed applications and when you select "Apply template" from the menu inside the application detail view.
(24) Will there be iOS or Windows Phone versions?
No, because it's too difficult to implement something like XPrivacy on these OS's, because they are not open source.
- device brand/manufacturer
- device model/product name
- device (phone) type
- network type (mobile, Wi-Fi, etc.)
- synchronization state
- screen locking
- display settings (DPI, resolution, etc)
- Wi-Fi settings
- Bluetooth settings
- shortcuts
- autostarting
- starting other applications
- Android version
- vibration
- checks for root
- lockscreen
- time(zone), alarm
- nag-screens, popups
- statusbar notifications
- installing shortcuts
- wake ups / wakelocks
No, because I don't consider this information to be privacy-sensitive data, i.e., able to identify you and collect data about you. I am happy to add new restrictions for data that is really privacy-sensitive.
- Calendars by account
- Contacts by account
For the few users who will be using this, it is too much work to implement. The calendar and contacts API are quite complicated. There is also a better way to accomplish this. You can use different users on your device with different accounts. To enable multiple users for a phone you can follow these instructions or install this Xposed mod. Note that the user selector on the lockscreen works in landscape only.
(26) Will you revoke permissions?
Android permissions cover only a part of the functions that leak privacy sensitive information. Revoking permissions will make a lot of applications unusable/crash. XPrivacy feeds applications with fake or no data, which keeps most applications working. In other words, XPrivacy is not a permission manager, but a privacy manager. If you need a permission manager, there are several Xposed modules that offer this feature.
(27) Does XPrivacy work with SELinux (Fort Knox)?
Yes, I am developing XPrivacy on a device with SELinux in restrictive mode.
(28) How does the tri-state check box work?
The tri-state check box works this way:
- unchecked = nothing in the category is restricted
- solid square = some things in the category are restricted
- check mark = everything in the checked category is restricted
Note: by default, categories and functions are filtered by permission, so you may not see all of them. The check box state is independent of this.
(30) What should I do if an application force closes (crashes) or something doesn't work?
Inspect the application's usage view, via the main menu item Usage data to see which restrictions were enforced. Restrict and unrestrict one by one until you have found which one causes the application to force close. Wait 15 seconds after each change to let the XPrivacy cache time-out. Help others by submitting your working set of restrictions.
See also this FAQ.
(31) Can XPrivacy handle non-Java applications?
In general, due to Android's isolated virtual machine architecture, calls to native libraries and binaries are via Java and so XPrivacy can restrict them. XPrivacy can cover any route to a native library or binary.
XPrivacy cannot hook into native libraries, but can prevent native libraries from loading. This can break applications such as Facebook, but can prevent malware from doing its work.
XPrivacy can also restrict access to the Linux shell (including superuser) to prevent native binaries from running. You can find these restrictions in the Shell category.
Starting with version 2.0, XPrivacy will protect against direct interprocess communication (IPC).
(32) I see data usage without Android permissions!
Many functions do not require Android permissions, so this is quite normal. Sometimes an application tries to access a function that it doesn't have Android permission for. Since XPrivacy usually runs prior to the function, such access will be registered.
If you filter on permissions and an application tries to use a function without having permission, the application will still be shown.
If you think a function requires permissions while XPrivacy shows it doesn't, please report it.
(33) How can I restrict the hardware, external MAC, IP, and IMEI number?
You can restrict the (internal) IP and MAC addresses and IMEI number for any application.
The external IP is assigned by your provider and cannot be changed. You could use a VPN or TOR to hide your external IP to a certain extent.
The hardware MAC address can be changed on some devices, but this is device-dependent and can only be done at the driver or kernel level. XPrivacy only works on the Android level and is device-independent.
The same applies to the IMEI number, additionally complicated by legal issues in most countries.
(34) What is the logic behind on demand restricting?
- The on demand restricting dialog will appear if:
- On demand restricting is enabled in the main settings
- On demand restricting is enabled in the application settings
- The category and the function are marked with question marks
- However a few functions are exempted from prompting (only Phone/Configuration.MCC/MNC)
- Prompts will not be shown for dangerous functions
- An exception are functions with white/black lists
- Prompts will not be shown for System applications
- Apply to entire category will:
- Set the entire category definitively according to your choice (deny/allow)
- Existing settings for individual functions are forgotten
- When applying to a function only (Apply to entire category not checked):
- The function is set definitively according to your choice
- The default after dialog timeout is taken from the current restriction settings
- There are four possibilities for the restriction / on demand checkboxes:
- a. [ ] [ ] You will not receive an on demand popup, the permission will always be allowed
- b. [ ] [?] You will receive an on demand popup, if this times out or the screen is locked the permission will be allowed once
- c. [V] [?] You will receive an on demand popup, if this times out or the screen is locked the permission will be denied once
- d. [V] [ ] You will not receive an on demand popup, the permission will always be denied
- Be aware that the on demand popups are global, which could be an issue if your device has multiple users. Unfortunately this cannot be changed.
(37) Do I need to have the Play store/services installed for the pro version?
Only for the pro license fetcher, not for a pro license acquired through a PayPal donation. The pro license fetcher needs the Play store/services for fetching a pro license, but not for using a pro license.
(38) What does the update service do?
The update services runs after upgrading XPrivacy and after boot. It takes care of migrating settings, randomization of fake data and upgrading settings for new versions.
(46) Why do I need to register to submit restrictions?
To prevent a malicious application maker from automatically submitting a lot of allow restrictions to outvote the other users.
See here and here for more information.
(48) Can XPrivacy be detected by other application?
Yes, but I don't see this as a problem, since security through obscurity is not a good principle.
(49) I keep getting 'restart required'
Things to do / check:
- Make sure the Xposed framework is (still) installed using the Xposed installer
- Make sure the XPrivacy application is stored on the internal storage and not moved to the SD card or somewhere else
- Fairphone users, see here
- Make sure LBE Security Master is not installed (disabling is not enough)
- Make sure the security center of MIUI is disabled (see here)
- Disable, wait a few seconds and then enable XPrivacy again in the Xposed installer and reboot
- Clear the (Dalvik) cache using the recovery
The most common problem seems to be the storage location of the applications.
If these suggestions don't help, please create an issue and provide a logcat (see Support below).
(50) Do you have suggestions about additional privacy related software?
IMHO you should at least install an ad blocker and a firewall.
- AdAway (source code)
- AFWall+ (source code)
- CrappaLinks (source code)
- PlayPermissionsExposed (source code)
- Xabber (source code)
- Wi-Fi Privacy Police
Please note that these applications are not written by me and that you should contact the author for support questions.
(51) What does the on/off switch do in the application details view?
It turns all restrictions for the application on or off, but still allows you to change the restrictions.
I have really spent a lot of time developing XPrivacy and I am happy to look into any issue, but I am asking you to properly document your issue. It doesn't work or it crashes is insufficient. So, please describe the exact steps to reproduce the problem and/or provide a logcat.
See here for more details.
(53) What happens if I make XPrivacy device administrator?
This ensures that other applications cannot uninstall XPrivacy without your knowledge.
(54) Exporting and importing takes a long time
There are more than 400 restrictions per application and additionally there can be quite some application specific settings, for example when you use white/black lists. So, yes, exporting and importing restrictions and settings can take quite some time. The default is to export everything, since the export is meant to be a full backup. However, it is possible to filter the applications you want to export using the filter icon in the action bar, for example only user applications with restrictions, and to select these applications using the action bar select all (first icon) to only export a part of the applications.
(56) How can I recover from a bootloop?
For devices with a custom recovery (TWRP/CWM) you can flash the Xposed-Disabler-Recovery.zip. Alternatively (on most devices) press the volume down button 5 times during boot (there will be a vibration with each press when done correctly).
See here on how to enable debug logging without XPrivacy activated in Xposed.
(57) How does 'Expert mode' work?
Expert mode has the following sub-options which can be toggled individually:
- Restrict system components (Android)
- Enabling this option will allow you to restrict applications which have a UID less than 10000 (Android System, Bluetooth Share, Dialer, NFC, Phone, etc.). Note that restricting these core functions is quite dangerous, and can easily lead to boot loops. Always make a backup (export/nandroid) before changing these restrictions.
- Use secure connections
- This will force communications with the crowd sourced restrictions server (submitting/fetching, device registration) to travel through a secure socket. Note that this is enabled by default and can only be disabled by enabling Expert mode.
- Maximum fetch confidence interval
- Increasing this value will result in fetching less reliable crowd sourced restrictions
- Quirks
- Used to fix some application compatibility issues or to enable special or expert features
- freeze: shows the on demand restriction dialog, even if there is the possibility it will freeze
- resolve, noresolve: enabled/disables resolving IP addresses to names for usage data / on demand restricting
- test: let check for updates check for test versions
- safemode: hide unsafe function restrictions
- Used to fix some application compatibility issues or to enable special or expert features
- Clear cache will clear settings and restrictions caches for all applications and the privacy service
- Clear all data will erase all settings and restrictions; use with care
(58) Can I write a thesis about XPrivacy?
Yes, you can and I will even help you with it. However, I will not write or review code or text for you. Nevertheless, I will try to answer any questions you have. XPrivacy is open source (see also the license section) and all code you write needs to be contributed back to the project. To help you I want to see an e-mail from your professor with a confirmation he or she has read and agrees to this FAQ.
(59) Will you implement multiple profiles?
No, because privacy is not something that is optional. It makes no sense to restrict something during the day and not during the night or on your work and not at home.
(60) The upgrade notification is stuck at 100% !
This is by design, so you can see the upgrade has completed successfully. You can swipe away the notification after you have seen it.
(61) Can the default on demand restricting time-out be increased?
Unfortunately this is not possible. The on demand restricting dialog is holding up system processes and Android reboots automatically if there is too long no response. Recent version of XPrivacy have a reset button, use at your own risk.
(62) How can I 'toggle' multiple applications?
Multiple selection works as in any Android application. Tap and hold down on an application in the application list to start selecting and tap other applications to select more applications. Toggle restrictions will work on the selected applications.
You can also use the filters to show the applications you want to act on, since toggle restrictions works on the visible applications by default. There is one exception to this: exporting will be done for all applications by default, since the export is meant as full backup.
(63) How can I troubleshoot an issue believed to be caused by XPrivacy?
- Always make sure you have a backup (XPrivacy export or nandroid)
- Most issues are caused by a "bad" restriction, so try to reproduce the issue and check the main usage data
- Verify that the issue is actually caused by XPrivacy
- Turn on Airplane mode
- Disable XPrivacy in the XPosed installer (don't forget to reboot)
- Check if the issue is still present, if yes, XPrivacy is not causing the issue
- Finding the culprit:
- Clear all XPrivacy restrictions (don't forget to reboot)
- Check if the issue is still present
- Import half of your restrictions, check if the issue is still present
- If yes, clear again and import only half of these restrictions
- Continue this process until you have found the "bad" restriction
- If following these steps fails to find the issue, please follow the Support instructions
(64) Is the on demand dialog always shown?
That depends on your ROM version. On stock ROM 4.4.4 (Nexus 5) the on demand dialog is always shown. On older or customized ROMs the on demand dialog is almost always shown, except sometimes for the functions inet, sdcard and media and sometimes for restrictions triggered by the hardware buttons, for example the volume buttons. This is to prevent the on demand dialog from freezing (locking up), caused by an internal Android lock. This freeze cannot be fixed by XPrivacy.
If you want to have the on demand dialog always shown, then you can add the quirk "freeze".
(65) My data is still visible!
The data might be cached by the application, so you might have to wait a while until the cache is updated. It may even be necessary to restart the application or reboot your device to clear the cache.
The Google Maps view can look like a part of an application, but is in fact not. Even if your current position is shown on the map, it doesn't mean the application knows your current position.
(66) How can I directly start ... ?
See question #5 for how to start an export and for details on Tasker.
Similarly you can start other activities:
- Settings
am start -a biz.bokhorst.xprivacy.action.SETTINGS
am start -a biz.bokhorst.xprivacy.action.SETTINGS --ei Uid 10123
- Application details view
am start -a biz.bokhorst.xprivacy.action.APPLICATION --ei Uid 10123
am start -a biz.bokhorst.xprivacy.action.APPLICATION --ei Uid 10123 --ei Action 1
am start -a biz.bokhorst.xprivacy.action.APPLICATION --ei Uid 10123 --ei Action 2
am start -a biz.bokhorst.xprivacy.action.APPLICATION --ei Uid 10123 -e RestrictionName location
am start -a biz.bokhorst.xprivacy.action.APPLICATION --ei Uid 10123 -e RestrictionName location -e MethodName GMS.addGeofences
Action 1 means clear; action 2 means settings.
- Usage data
am start -a biz.bokhorst.xprivacy.action.USAGE
am start -a biz.bokhorst.xprivacy.action.USAGE --ei Uid 10123
- Export, import, submit, fetch, toggle
am start -a biz.bokhorst.xprivacy.action.EXPORT
am start -a biz.bokhorst.xprivacy.action.EXPORT --eia UidList 10123,10124 --ez Interactive true
am start -a biz.bokhorst.xprivacy.action.IMPORT
am start -a biz.bokhorst.xprivacy.action.IMPORT --eia UidList 10123,10124 --ez Interactive true
am start -a biz.bokhorst.xprivacy.action.SUBMIT --eia UidList 10123,10124 --ez Interactive true
am start -a biz.bokhorst.xprivacy.action.FETCH --eia UidList 10123,10124 --ez Interactive true
am start -a biz.bokhorst.xprivacy.action.TOGGLE --eia UidList 10123,10124 --ez Interactive true
- Flush cache, check for updates
These actions require root or the permission biz.bokhorst.xprivacy.MANAGE_XPRIVACY.
am startservice -a biz.bokhorst.xprivacy.action.FLUSH
am startservice -a biz.bokhorst.xprivacy.action.UPDATE
With Tasker, you can create shortcuts on your homescreen:
- Create a task and give it a name (Tasker)
- Create a shortcut on your homescreen (launcher)
- Choose shortcut: "Task Shortcut" (launcher)
- Task Selection: "your_usage_data_task" (Tasker)
- Task Shortcut Icon: tap the Image Select button (lower right) and choose an icon (for example the XPrivacy icon) (Tasker)
- Create icon: tap the back button to finish creating the shortcut (Tasker)
(67) I get 'refused', 'forbidden' or an error while submitting/fetching/navigating to the crowd sourced restrictions!
This probably means your IP address has been blacklisted. Mostly this is because of spamming or other kind of abuses. TOR exit nodes and VPS servers are often black listed. Maybe your PC is infected and sending spam without your knowledge.
You can check if your IP address is blacklisted by checking if it is mentioned on one of these lists:
- Spamhaus DROP List
- Spamhaus EDROP List
- Stop Forum Spam (30 days or younger)
Another potential cause is documented here.
(68) What are unsafe restrictions?
Unsafe restrictions can be disabled by removing the Xposed method hook using a native library. See here for a proof of concept. You can prevent this by not allowing native libaries to load, which will unfortunately often result in a crash.
XPrivacy 3 does partly address this problem for vanilla Android KitKat and some other frequently used ROMs (see below). This is done by hooking into the Android counterparts of the user space functions. Unfortunately not all user space functions have an Android counterpart, meaning that this cannot be done for all restrictions. Nevertheless, the most sensitive data, like contacts and your location, can safely be protected by XPrivacy 3.
XPrivacy 3 modes
- AOSP mode = vanilla (Google) Android KitKat or:
- Compatibility mode = all other Android versions/variants
About will show if XPrivacy 3 is running in compatibility mode, which means XPrivacy 3 is behaving as XPrivay 2. If there is no message about compatibility mode, XPrivacy 3 is running in AOSP mode. XPrivacy 3 will always run in compatibility mode on Android versions before KitKat.
You can force XPrivacy 3 into AOSP mode using the main settings. There is no need to force AOSP mode if XPrivacy recognizes your ROM as a compatible ROM.
If you force AOSP mode, privacy sensitive data may leak. XPrivacy has lots of internal checks, so if something is going wrong, you will probably sooner or later get a debug info popup.
For the benefit of others, please report if XPrivacy 3 works for the ROM you are using (also post a screenshot of the About of XPrivacy so I can see how the ROM can be recognized).
(69) When do the state colors change?
- Grey: set/clear restriction/on demand asking, import, on demand choice (not for once)
- Orange: fetch, new/updated application, delete restrictions
- Green: submit
(70) I get '429 Too Many Requests'
This can happen when checking for updates using the main menu. Everybody can download a new version of XPrivacy five times in 12 hour, after this you will get '429 Too Many Requests'. This is to limit the bandwidth of the server to acceptable levels. Just wait 12 hour after the last download and you can download again. Please note that I will not make exceptions to this, because the limit is there for a reason.
(71) I don't see the changelog
Make sure you have an internet connection and that XPrivacy has internet access (check your firewall). The changelog is an in application display of this page
(72) Can you make XPrivacy available on F-Droid, Amazon, etc?
I don't want to publish XPrivacy in dozens of places, because it is extra work, which doesn't add any value. The current download locations, the Xposed repo and GitHub, should be accessible to almost everybody.
F-Droid also doesn't allow me to sign the APK with my own signature.
(74) I miss an application in the application list!
First of all, XPrivacy allows you to restrict each and every application, including XPrivacy itself as well as core Android system components, although there are a few limitations. However, these are for your own safety, for example to prevent a bootloop or to keep XPrivacy usable in all circumstances.
The application you are searching for is most probably filtered, for example because it is a system application. You can change the filters by using the main menu Filter. By default system applications and applications without permissions for the selected category are filtered.
Some applications (components) share data, which mean they share the same uid. These applications are shown once only in XPrivacy (this cannot be changed). An example is Dolphin browser and its plugins/addons.
(75) Will XPrivacy work with ART?
XPrivacy will work if either Xposed or a similar hooking framework is working.
Xposed has no ART support currently. It is unknown to me if Cydia Substrate supports or will support ART.
Android 5.0 (Lollipop) supports ART only, which means that developing/testing XPrivacy for Android 5.0 can only be done if either Xposed or a similar hooking framework is available for ART.
Note that I have started the preparations for Android 5.0 quite some time ago.
Some people have asked me to make XPrivacy independent of Xposed. This would mean integration of the Xposed features into XPrivacy. Apart from the amount of work, this is not a logical step, since there are quite some other useful Xposed modules. Therefore it is better to get Xposed working for ART.
(76) What happened with the import/export enabler?
Please read here.
(77) My pro license does not work!
- Make sure that the license file name and contents were not altered while downloading the file, for example by a virus scanner or simply by your e-mail client (the most common problem is that some e-mail clients rename the file)
- Make sure that you have put the license file into the root folder of the SD-card (this is the folder you will see when you connect your device to a PC)
- After starting XPrivacy, the license file will be imported, which means the license file will be removed from the root folder of the SD-card and that the about dialog will show Licensed
If your device doesn't have an SD-card, you will need to put the license file into the root folder of the external storage folder. This is the folder you will see if you connect your device to a PC. When in doubt, you can use the menu Help, About to see the correct folder name.
(78) I get "The Play store says not licensed" when I tried to fetch a license
This message basically means that the Play stores thinks you didn't pay for the pro license fetcher.
Please make sure you are using the original Play store application and that the Play store and the Play services have internet access (mind firewall applications). Make sure you are not using Lucky Patcher, Freedom or similar applications. Also make sure you didn't restrict the Play store, the Play services and the pro license fetcher using XPrivacy.
Start the Play store and wait a minute or so, so that the Play store can synchronize with the Google servers.
Try to fetch a license again. If you keep having this problem, please contact me (again).
(79) How can I disable restrictions at boot (experts only)
By creating this file:
/data/system/xprivacy/disabled
Each line should either contain a category name or a category name and function name separated by a slash (/). See here for the correct category and function names.
Please read everything below first
Do not use my personal or XDA e-mail for bug reports, feature requests or questions.
It is okay to use my personal or XDA e-mail for things that cannot be shared in public, such as security reports.
There is only support for official XPrivacy releases.
There is no support for versions before the last stable version.
It is already enough work to support the official versions from the last stable version.
There is no support for XPrivacy on Ice cream sandwich anymore and there is limited support for XPrivacy on Jelly Bean. Limited support means I will try to fix bugs, but only if it doesn't take much time.
I will not look into issues of applications that have to be paid for.
I will not look into issues of applications that have root access.
There is no support for anything other than privacy, so not for game cheating, root cloaking, etc.
Please check the limitations before reporting a bug, requesting a feature or asking a question.
First ask if more people encountered the same bug! (see questions below)
If you encounter a bug, please create an issue.
Please describe the exact steps to reproduce the issue, including the wrong and expected result, and include information about your device type, Android and XPrivacy version.
To increase the chance I can find and fix the bug, please read this.
Include a logcat when relevant (use gist or a similar service). Try to keep the logcat as brief as possible, include just the crash/problem and a few dozen lines around it. I have looked into a lot of long logcats in the past, too often without any result. Therefore I will not look into long logcats anymore.
One bug report per issue please!
Do not forget to enable XPrivacy logging using the settings menu!
Before submitting any issue please make sure you are running the latest version of XPrivacy.
Before submitting any issue please make sure XPrivacy is causing the problem by disabling XPrivacy.
If you have a feature request, please create an issue.
New features are only considered for implementation when requested on GitHub with a detailed description of the feature and only if there are ten +1's within two weeks. You can promote your feature request on XDA, but for a maximum of two times only. Feature requests promoted more than two times will be closed and not be considered for implementation anymore. See here for some more information.
Please read this before voting.
Implementation of new features is depending on contributions to the XPrivacy project. Please read here for more information.
One feature request per issue please!
If you have any question, please leave a message in the XDA XPrivacy forum thread. More people are following the support forum than the GitHub issue tracker, which increases your chance to get a helpful answer. Moreover, the answers given might be beneficial to more people than you alone.
For question about Xposed you should use this XDA forum.
Please do not ask questions on GitHub!
GitHub issues are for bug reports and feature requests.
Answering questions is left to the community.
You can read here why.
The changelog has been moved here.
- PDroid
- PDroid 2.0
- OpenPDroid
- LBE Privacy Guard (now LBE Security Master)
- CyanogenMod Incognito Mode (now Paranoid Android Privacy Guard)
- Per App Settings Module
- Android 4.3+ Permission Manager
- SRT AppGuard
- DonkeyGuard
The PDroid family provides fake or no data, more or less in the same way as XPrivacy does. A difference is that you need to patch Android and that there is (therefore) only limited stock ROM support. The PDroid family is open source. The PDroid family is not supported anymore.
LBE Privacy Guard revokes permissions, which will make some applications unusable. LBE Privacy Guard also features malware protecting and data traffic control. Some consider the closed source code of Chinese origin as a problem.
The members of the PDroid family and XPrivacy hardly use memory, but LBE Privacy Guard does.
The CyanogenMod Incognito Mode seems not to be fine grained and provides only privacy for personal data, like contacts, if the associated content provider chooses to do so.
The Per App Settings Module revokes permissions like LBE Privacy Guard does. This modules offers a lot of other, interesting features.
The Android 4.3+ Permission Manager is like CyanogenMod Incognito Mode.
SRT AppGuard does not require root and therefore revokes permissions by uninstalling the app to be monitored and reinstalling a modified version. Without a backup, application data will be lost in this process. Compared to XPrivacy, permission control is not as fine grained and comprehensive. System applications cannot be restricted.
After over a year of sudden silence the author of PDroid 2.0 released DonkeyGuard. DonkeyGuard is not open source.
XPrivacy can restrict more data than any of the above solutions, also for closed source applications and libraries, like Google Play services. Unlike any other solution, XPrivacy has crowd sourced restrictions.
I do not recommend using XPrivacy in combination with any of the similar solutions, because this could result in conflicts and potential data leaks.
I need all my time developing XPrivacy, so I will not test XPrivacy along side any of the similar solutions. If you test XPrivacy along side any of the similar solutions, you can probably help others by reporting your test results.
- Manage Individual App Permissions with XPrivacy (June 20, 2013)
- XPrivacy Gives You Massive Control Over What Your Installed Apps Are Allowed To Do (June 23, 2013)
- Protect Your Privacy with XPrivacy - XDA Developer TV (July 17, 2013)
- Black Duck Announces Open Source Rookies of the Year Winners (January 28, 2014)
- The Open Source Rookies of the Year Awards (January 28, 2014)
- XPrivacy تطبيق (January 31, 2014)
- Android privacy tool feeds fake data to prying apps (April 1, 2014)
- Internet Vandaag (April 7, 2014)
- Protecting Your Privacy: App Ops, Privacy Guard, and XPrivacy (June 11, 2014)
- XPrivacy – Android ohne Google?! Teil6 (September 23, 2014)
Translations:
- Check if the language is supported by Android and find its locale
- Copy this file to the correct locale folder
- Translate the texts in the copied file and omit all lines with translatable="false"
- Create a pull request for the new/updated translation
- If you really don't know how to create a pull request, you can send the translated file via XDA PM
Current translations:
- Bulgarian (bg)
- Catalan (ca)
- Czech (cs)
- Croatian (hr)
- Danish (da)
- Dutch/Flemish (nl)
- English
- Estonian (ee)
- Farsi (Persian) (fa)
- Finnish (fi)
- French (fr)
- German (de)
- Greek (el)
- Hebrew (he/iw)
- Hindi (hi)
- Hungarian (hu)
- Indonesian (in)
- Irish (ga)
- Italian (it)
- Japanese (ja)
- Korean (ko)
- Kurdish (ku-rIR, ku-rIQ)
- Lithuanian (lt)
- Malay (ms)
- Norwegian (nb-rNO, nn-rNO, no-rNO)
- Polish (pl)
- Portuguese (pt)
- Romanian (ro)
- Russian (ru)
- Serbian (sr)
- Simplified Chinese (zh-rCN)
- Slovak (sk)
- Slovenian (sl)
- Spanish (es)
- Swedish (sv)
- Tagalog (tl-PH)
- Traditional Chinese (zh-rTW)
- Turkish (tr)
- Ukrainian (ua)
- Vietnamese (vi)
- Welsh (cy-rGB)
Restrict new data:
- Find the package/class/method that exposes the data (look into the Android documentation/sources)
- Create a class that extends XHook
- Hook the methods in XPrivacy
- Write a before and/or after method to restrict the data
- Do a pull request if you want to contribute
Using Eclipse:
- Download and install the ADT Bundle
- Clone the GitHub project to a temporary location
- Import the GitHub project into Eclipse, copy the files
- Close Eclipse and copy the project from the temporary location over the imported project
- Make sure you copy all hidden files and folders (especially the .git folders)
- This step might not be necessary anymore for recent Eclipse releases
Testing:
- XPrivacy Tester (developers only)
- Elixir 2
- Network Info II
The goal of the project is to provide a decent, free and open source privacy solution for Android to as many as possible people.
To keep XPrivacy maintainable hooking into private/internal classes and methods is undesirable, since these vary considerably in different Android versions and are often customized/modified by manufacturers and custom ROM builders.
To prevent applications from crashing fake data should be returned whenever possible. Empty values (null) should not be replaced by fake values to prevent misuse. The same applies to creating new fake data, like for example an account. There is no need to apply restrictions in situations where the user is presented a dialog first (for example to pick an account). Setting data (in contrary to getting data) should never be restricted, this is outside the goal of XPrivacy.
Application specific code is undesirable, because it could result in maintenance and support problems.
XPrivacy is intended to restrict applications, but is not intended to restrict Android (although this is often possible as a side effect).
See here for XPrivacy code metrics.
Please note that you agree to the license below by contributing, including the copyright.
GNU General Public License version 3
Copyright (c) 2013-2015 Marcel Bokhorst (M66B) All rights reserved
This file is part of XPrivacy.
XPrivacy is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your discretion) any later version.
XPrivacy is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with XPrivacy. If not, see http://www.gnu.org/licenses/.