Advanced permissions management

I (like many others here) have to install a few proprietary apps on our phone. Those apps could be watching me, scanning user data, sending ADs, so I don’t want to grant them the permissions, but many of them just won’t work without those permissions.
So I came up with this: /e/ only gives a specific app with specific permissions when the user launches it, and the permissions are denied when the app is killed or hibernated.
I think this can be more useful if combined with the app Shelter.

Looks like what you are discribing is just what you can do with Privacy Guard. You can set a permission for an app to “Always ask”.
(Settings > Security & Privacy > Trust > Privacy Guard)

Oh, there is? I’m using the nougat version, and there isn’t such a “Trust” stuff so I can’t check on it for now. That “Trust” app is for higher Android versions, I think.

PS: I saw that “Trust” in my essential phone weeks ago, but due to that SIM card issue I returned it and all the (liberated) device I have is a Nexus5.

Then it’s under Settings > Privacy protection > Privacy Guard. (something like that)

Oh, I’ve found it! It’s a little shield icon. How could I have forgotten it? :joy:
I’ll dig into it, then.

1 Like

shelter makes only sense when using only one or two apps in the work profile. As more apps are in it, as more data is collected.

There is no better solution than XPlivacyLua today (or at least I haven’t heard of it). In addition to it I’m installing AFWall+ and AdAway or TrackerControl. This complex on top of the righ ROM helps to get rid of almost any internal tracking.

All apps which needs root are ‘out of the race’ because most banking apps won’t work on rooted devices. And rooting is nothing for mums and dads and grannys.

If someone else is setting it up for them, it’ll be okay. Magisk now days is quite easy to maintain (just update it when it asks you to) and it is quite good at masking its own presence.

I have a user in german group which has no knowlege about root and her phone was rooted by a friend. And now, after an OS update, eOS is broken because of Magisk and she isn’t able to use it, til her friend could help her after the pandamie. So, a setup by an other person is no good idea

And by the way, the problem, that baking apps won’t work on rooted devices is.still available, equal who is installing magisk

I’m interested to know how banking apps (or other apps) can know that Magisk framework is installed ? Because I don’t think it can.

Don’t know how, but I can confirm my banking app is aware of Magisk (app is CIC’s, a french bank).
Had to install “MagiskHide Props Config” & “Busybox for Android NDK” Magisk modules to hide Magisk from this app …
I decided to hide Magisk from all apps, except those explicitly needing root (Titanium Backup in example).

I don’t know, the only thing for sure I know is, that there are bankig apps which aren’t working on rooted devices. And you can find them here in forum

And before downloading the thing you have downloaded, in Magisk Manager settings did you activate “Magisk Hide” (and added your banking app in the list), and activate the option “Hide Magisk Manager” ?

Yes I tried, but it didn’t work.
I found on web (sadly, don’t remember where) that these modules would be mandatory/useful, and they are for me.

All right then, thank you :slight_smile:

Search “lineage” in

Interesting reading :

1 Like

In some cases it won’t work, or better, the banking app ist still not working after the hide

1 Like

This may be a terrible idea: I once saw a project called “MultiROM”, it allows you to install multiple ROMs on your phone, you can install those banking apps in the second ROM which is not rooted.

MultiROM is essentially a relic of the old days. There are only a few devices where it may still be in use and still work with Pie or even Oreo. Definitely not an option nowadays.
I use and really like MultiROM on a few devices, Dual Boot Patcher on another. None with recent Android of course.

Earlier, folks wondered if banking apps detected root. It’s not that they detect root but the fact that ctsProfile/SafetyNet generally doesn’t work on rooted ROMs. Magisk, and SuperSU before it, would come up with ways to get around it (hiding root). Various Xposed modules, too. Then Goggle would make changes and once again root is detected and SafetyNet fails. That’s on a GApps system. Now imagine the trouble with both root and a not 100% compatible Play Services alternative (microG).
The Magisk people have to keep playing catch-up while the microG people have to get DroidGuard working again.
Cat and mouse game for sure.

For those who do use root, maybe take a look at this. I don’t use Magisk on my ROMs, except one, so can’t speak for any of this.
NEW METHOD -Fix Magisk CTS Profile False Error - Bypass Safetynet

EDIT: An alternative if harvey186’s how-to doesn’t work.

On a related note, last year I kept wondering why I couldn’t make Play Store purchases on some ROMs using carrier billing. Finally found out that if root is detected then carrier billing cannot be used. According to Google’s own help pages. Not across the board though. All of my ROMs are rooted yet some don’t have a problem. Anyway…