This app was mentioned in 24 comments, with an average of 9.13 upvotes
X Privacy is great if you are able to root, but it does have downsides, like making OTA updates stop working.
Maybe one of them is that the Facebook app accesses the following permissions from your phone: Accounts, Calendar, Calling, Clipboard, Contacts, Identification, Internet, Location, Media, Messages, Network, Notifications, Overlay, Phone, Sensors, Shell, Storage, System and View. I use XPrivacy and Facebook has requested every single one of these permissions. I denied all of them except Internet. I took a photo the other day and then later opened Facebook and a message popped up saying: 'Hey you recently took this photo, do you want to upload it to Facebook?' And it had my whole camera roll there. Stuff that. Facebook is spying on the whole world and we just throw our personal info at it.
There's already an Xposed add-on which does app permissions by feeding incorrect data. If you disable contacts, then it tells the app that the app can access your contacts but you just don't have any contacts. It can access your location, but there's just no location data available currently.
There's always workarounds. Although to be honest, I can't in good conscience support and use an app that would disable itself if I didn't let it access things I know it doesn't need to do its core job.
Edit: Since I've gotten a few PM's:
http://repo.xposed.info/module/biz.bokhorst.xprivacy
https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer&hl=en
You need to already be rooted and have Xposed installed and working. Install this module, enable it, and reboot. Then go into it and configure your apps' permissions.
The post is unreadable due to missing formatting but I'm trying to be constructive here:
please reformat text so it is readable.
It's difficult to take this guide seriously if you don't mention Xprivacy as a must-have-tool for managing privacy for system and 3rdparty apps! I read the comment section of the tor page and the auther never got into Xprivacy because it was "to invasive". Böff!!
DroidWall is rather outdated and AFWall+ is the successor I believe.
Call Control doesn't seem to be open source which should label it a no-go.
What does CCleaner have to do with hardening Android or preventing from eavesdropping?
Otherwise good to raise awareness. (...but I wouldn't go that far, it really would render your device useless)
I used to think that apps like xprivacy were overkill but now I'm glad I can get a lot of control over what apps access. Too bad that for the average user installing it would be a huge hassle
https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer&hl=en
Root. Installed Xposed Framework. Install XPrivacy. Buy the pay version, download the app profiles and forget about it.
XPrivacy can prevent applications from leaking privacy sensitive data by restricting the categories of data an application can access. XPrivacy feeds applications fake data or no data at all. It can restrict several data categories, such as contacts or location. For example, if you restrict an application's access to contacts, that application will receive an empty contacts list. Similarly, restricting an application's access to your location will send a fake location to that application.
https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer&hl=en
If you have a rooted phone and a compatible Android version, you could install the XPosed Framework and its XPrivacy module which allows you to manage apps permissions regardless of what you granted during install.
If I had to guess, the access photos, media, and files are for after it downloads Vungle ads so it can display them without an internet connection for ad based bonuses. The Device ID & call information can't be separated permission wise, and they're probably just using the Device ID to authenticate to a save service or something. Using the Device ID in this way is lazy, but it happens.
I'm an avid user of XPrivacy to prevent apps gathering real data like this. Check it out: XPrivacy
/u/renegadeuk knows how good it is. :) I still use Es also just because it's what I know and I control the app with the autostarts app and xprivacy (root). I am transitioning to using mix all the time though.
F-droid : Autostarts
Xprivacy : https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer
Xprivacy can spoof/restrict ~~any~~things but it requires root/Xposed.
Read the description.
EDIT: Sorry, I was wrong, it doesnt let you spoof the time, at least not in android 4.1.2.
If your phone is rooted & you have xposed framework installed, you can try XPrivacy
For everyone concerned about this, I'll just leave this here. You'll need to do a little work to get things figured out, but it's a great way to keep privacy if you want it, and to get better battery life by blocking silent mic usage and other processes that happen with the screen off.
Be aware. The first use is a bit of an eye-opener (and you'll need root).
Seems like after doing some digging with other users experiencing the same issue.
It could be caused by the app xPrivacy, it could be causing false reading on perks end.
https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer&hl=en
Worried about your privacy? You fucking should be, even though in this particular case it's probably mostly benign. Spotify seems like a trademark that's worth a little too much to be pissed away on hoovering up your dick pics (and even assuming they did, it's not like they have a CSI computer that can enhance it enough to actually see your private bits. BURN!). Pretty sure they'll sell your (anonymized) GPS data though, as everyone else already does that (looking at you, Twatbook).
Anyways, here are some tips for keeping your data safe*.
iOS
You can manage the permissions for apps through the settings menu. Just toggle the ones you don't like off, and you can rest assured that your dick pics are once again safe*.
Android
Google is the sligthly more evil zaibatsu in this case, having sided with app makers' right to snoop on you over your right to manage permissions as you see fit. You only get two choices; accept all permissions forever, or don't install. Luckily, this can be fixed by installing a third party app such as XPrivacy. XPrivacy can also spoof your data so apps don't crash and burn when they're not allowed to read your contact list or whatever.
One small catch; changing permissions requires your device to be rooted. Sounds scary? It isn't. If you can google and are capable of following simple instructions, rooting is easy.
* "Safe" as in "safe unless the app is published by criminals not above exploiting one of the many vulnerabilites of your swiss cheese phone".
Try the app xprivacy, then you can definitely deny specific things. Any game I have cannot use my GPS AFAIK, because I deny that shit.
Xprivacy on Google play MUST HAVE ROOT
Please remember to make backups and read all instructions carefully.
I don't know which device you have, but if it is an android, you should look into XPrivacy (Play Store). It lets you select (with pretty great detail) which things an individual app is allowed access to.
Maybe try installing and using this helper app:
https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer&hl=en
It helps with installation and checks to make sure everything is in order...XPosed framework properly installed, Xprivacy module enabled, etc. If something's not right, it will prompt you with whatever step you need to fix it.
>no other app can see what any app is doing
let me introduce u to the almighty xprivacy
Everything you jest about is a requirement now! Here's what you can do:
>turn off your gps, phone microphone
Remove all permissions from apps that don't require access to gps or microphone Disable gps while not in use
>stop using google
Use Duckduckgo, Startpage or SearchEncrypt
Also if using Android try to alternatives to Google apps. Disable or freeze as many Google services as possible. For example on my rooted device, the only Google app running is Google Voice Assistant (which is heavily locked down by Xprivacy.
Xprivacy can also feed fake info to apps that request it. For example, gps coordinates, phone number, IMEI etc.
> dont use social media
If you have Facebook, you should really consider deleting it
If you need a messenger type app to keep in touch consider using Signal or Telegram
> always vpn when online.
Solid advice if you can afford it.
If you use Android you can use a free VPN based firewall app, NoRoot Firewall which lets you control all network access for each app along with global filtering rules.
Fire it up and goto the access log, you'd be amazed to see how chatty your phone is when it's sitting idle!
Unfortunately it cannot block WebRTC but you can use browser addons to disable in Chrome, Firefox or Opera
I also noticed disabling Google Carrier Services stopped WebRTC pings every few seconds (thousands of requests a day!) but what does it do?. Answer: probably nothing as your ISP has thier own solution.
Other things to consider:
Get a RaspberryPi
Set up a Pi-Hole for blocking ads and tracking on your home network.
Set up DNSCrypt to encrypt all your DNS traffic on your PiHole
Hell, you can even setup your own VPN using piVPN
sorry to my Apple friends but iOS system is heavily locked down unless rooted; I haven't used since 10. Maybe some Apple expert can add iOS options?
I must say the Android permission system has been terrible for a long time. During the 4.x period they for example changed it so that you were only notified of permission expansions beyond already claimed categories, which immediately caused a flood of apps to expand their permissions to the max in categories they had already seeded. When people need to start using applications like X Privacy, you know the permission system has gotten out of control. Meanwhile this of course also highlights why all of a sudden, now that they can access all kinds of private data through the new Windows 10 permission system, all these companies are making apps for that platform where before they ignored it and just pointed you to their website. It's all just one big privacy disaster and the OS developers are nicely playing along for their cut.
Root and install XPrivacy.