It would be nice to be informed about the current state of XPrivacyLua integration. Even Gael himself seems to be intrested in XPrivacy , but for some reason I don’t find any other mention of it here.
3 Likes
In the post you cite, it is said: “maybe integrate XPrivacy”
You are right, that since that time it was not mentioned again, so currently it is not worked on.
The devs work at the moment on issues related to the V1 release and the appstore.
I’m wondering why. In my opinion, any Android ROM created with privacy in mind should pay maximum attention to control of applications activity. Things like XPrivacyLua and NetGuard are even recommended by the privacytools.io. It would be great if we finally could get ROM that contains such tools by default.
3 Likes
Hi! thanks for raising this topic.
The issue so far is that had to focus on the core project, but we can definitely have this in mind for the next months.
Did some of you experiment with XPrivacy yet? Would be curious to have some feedback.
One constraint though, is the dependency of this project to Xposed.
3 Likes
Right. The Xposed Framework, although working fine on all of my devices and ROMs (KtKat thru Oreo - multiboot so quite a few), others might not be so lucky. Depending on device. For XprivacyLua to be included then Xposed would have to be integrated. I suppose it’s doable. IIRC the LOS-based MoKee ROM has/had it integrated.
So making sure an included Xposed for Nougat and Oreo will work across all supported devices would have to be dealt with before XPrivacyLua consideration. I think. 
I have a doubt because I haven’t used xprivacylua a lot but is there anything doable with this app which can’t be done through the ROM confidentiality parameters ?
I don’t think there’s anything built into ROMs that do what XPL does, providing fake or no data to apps. We generally have just permission based stuff.
If you run an app like Paranoid for Android you may find some apps that have access to certain permissions outside of what we can toggle on/off via AppInfo/PrivacyGuard/AppOps. This is where XPrivacy come into play. An app might have access to your contacts even though there’s no permissions setting for it. One either removes the app or keep it but feed it false/fake/no data. Stuff like that.
3 Likes
Waw ok. I thought it was a simple permission manager. The fake/false data is a very interesting functionnality.
Thank you for the explanation 
May be a dumb question, but isn’t there a way to integrate XPrivacy into ROM at a lower level to eliminate the need for Xposed?
For example, I’ve heard about IMEI, SIM info and WiFi network name.
1 Like
By the way, LOS developers directly express their disgust for the Xposed. I think that makes sense and such haсks have no place in any official build. Perhaps we should talk not about the integration of the XPrivacyLua as it is, but about the adoption its basic functions. And it’s tough…
And it is worth mentioning that since Android Q we will be asked for permissions to use non-resettable device identifiers. That’s a lot better than it is now.
You are right, this is a good improvement. But only for custom roms that also don’t generate an Android ID.
On regular Android all apps are allowed to use the “Android ID” instead, even in Q. Therfore there is no improvement in privacy for any user on Google Android phones.
The question is, where is the Android ID created? -> In AOSP Android or Google Play Services?
Is there an Android ID on /e/ phones at the moment?
At the moment it is like this:
A user installs an app that contains Google and Facebook trackers from the /e/ appstore. Then the user makes the login with his existing account. The next step is that Google and Facebook recieve the used accounts (listed in Settings), IMEI, IMSI, Serial Number, Phone Number, a list of all installed apps and the name of the used wifi.
2 Likes
I realize those is an old post, but I just started testing /e on my Essential, and getting XPosed/XPrivacy is one of my first steps setting up a phone.
I’ve used XPrivacy for years now, across multiple phones (ever since it was released and XPrivacy, then XPLua).
It’s a brilliant solution, and works fantastically. I typically have around 300 apps installed (I know, crazy), and I hammer on my phone. My default settings for XP is “deny all”. When I install a new app, I firewall as needed, then launch the app and see if it fails. Then I look in XPL to see what perms it was trying to use, and only grant ones I’m comfortable with.
Pretty much all apps request perms they really don’t need. Very few apps outright fail from my restrictions. Pandora is one of the more tricky apps, but I like being able to fully deny location information for it.
While I understand the hesitancy around XPosed, finding a way to duplicate XPrivacy functionality is critical, for me.
Years ago (before XPrivacy, around 2011), I used a similar app that didn’t require XPosed, just root. I don’t recall the name.
Edit: Previous app was LBE Privacy Guard (I still have an old apk of it).
The main obstacle to using XPrivacyLua remains Xposed framework, which is certainly not an “setup and forget” solution, even despite the availability of systemless module for Magisk.
There is a safer and less invasive tool AppOpsX, but I am not sure about its future.
Yea, as I recall, AppOps was far less extensive, though it’s been a while.
Hi @e.follower , could I know more ? Because I have Xposed framework install (not with Magisk Module since I just learned yesterday it was possible) and there is nothing particular I noticed.
In a few posts above, there is a link to the LineageOS’s Reddit where some arguments are expressed against Xposed.
As for my personal experience, a few days ago I was experimenting with Magisk modules of Xposed, did something a little wrong and got bootloop easily. It’s a very invasive thing that needs to be careful with.
For me, Xposed has pretty much been a set and forget thing. It’s installed on most, if not all, of my ROMs (KitKat thru Oreo - I don’t do Pie+ 
) on all devices. Multiboot on a few so that’s quite a few ROMs. I don’t do Magisk either so SuperSU or Lineage addonsu in use but that’s neither here nor there.
I use Xposed with GravityBox on /e/ for added functionality, especially with the navbar (be nice if we had DUI SmartBar on /e/).
There have always been reservations about Xposed, among ROM devs mostly. They don’t entertain ROM bug reports if Xposed is installed. Rightfully so of course as hacks like that change the behavior of the OS. And some devices are problematic with it.
Sometimes the installer may (big MAY) make a difference. For Oreo and below I recommend the UNITY all-in-one installer. Supports Lollipop thru Oreo, SU, addonsu, Magisk, and seems to do the right thing. If one does have problems, the installer also acts as an uninstaller if flashed a second time.
Xposed Framework [UNITY] - https://forum.xda-developers.com/xposed/10-31-2017-xposed-framework-v88-2-t3697756
In my opinion a working solution that provides those features is critical. There will always be apps that don’t respect privacy but people will like (or have to) to use, so it is up to the OS of the phone to provide the means to control them.
With control i mean: provide stock fake data for permissions the app requires, but the user does not want to grant. The normal way of handling this in android is fundamentally broken, as apps can simply refuse to work if not granted those invasive permissions.
Take the classic example of whatsapp (an app nobody likes but everbody needs to use because everybody else is using it): I would like not to expose my full address book, but only selected contacts (just the ones I speak with via whatsapp). And of course also not show real device data etc.
This needs to be provided in a simple and per default privacy-friendly way so normal users (i.e. not devs or tech savy guys that root their phones) can use this.
1 Like
Since today I’m a new /e/OS user and I’m ongoing to test my apps. The first experience was for example, that /e/App-Store an EMail doesn’t work, if NetGurard is aktivated. I’m using NetGurard and XPrivacy/XPrivacyLua since I use smartphoes, therefore also XPosed framework. Fore example with NetGard I’m blocking web activities from any apps whicht trackts private data for facebook, google, flury etc. It’s cumbersome, when I’ve to deaktivate NetGuard for the app store and activate it for ohter commerial apps like Lufthansa or taxi.eu.
The usefull functions of XPrivacyLua (I use the pro-Verion) are explaint in posts above. I’m missing the savety that both apps are delifering. I’m a great fan of both an I would like to use it further on.