search

0bbedCode / XPL-EX

Really simple to use privacy manager for Android 6.0 Marshmallow and later
https://lua.xprivacy.eu/
GNU General Public License v3.0
324 stars 29 forks source link

[Proposal] Allow permissionless location querying #14

Open Umukiranutsi opened 6 months ago

Umukiranutsi commented 6 months ago

Several Xposed apps including XPL Pro and j2rong's made it possible on deprecated Android APIs to circumvent location services activation and location permissions when feeding applications spoofed location data. This is almost certainly still possible.

In the event of app failure, I do not want my real location data queried.

0bbedCode commented 5 months ago

Are you saying it will still feed it fake location data despite it being block via permissions ?

Umukiranutsi commented 5 months ago

Are you saying it will still feed it fake location data despite it being block via permissions ?

For XPL, permissions may have been enabled with location services or GPS still disabled. j2rong's app, which I used on Android 9, did the same, and the changelogs say the developer incorporated this feature.

0bbedCode commented 5 months ago

Im not sure what you are trying to say XPLEX will Block / Spoof GPS Location or CELL Location either or it will spoof / block. XPLEX Is not and WILL not be a Permission / Apps Ops Manager. Permission manager is something else for another time as that brings in its own issues.

Umukiranutsi commented 5 months ago

The app does not register the spoofed location data if location services are disabled and/or permissions are disabled. When I do so on Google Maps, I am asked to enable GPS. A functioning GPS should be unnecessary because the location data is spoofed. This was not the case with the old XPL, which fed apps location data without needing permissions and/or GLS enabled, I cannot remember which but I suspect GLS. This may be due to Android API changes. Other location spoofing (emphasis: not permissions managers) perform this.

A fix would be to spoof the enabling of Google Location Services, or to allow location data to be queried without Google Location Services, or any permissions at all. It shouldn't be necessary for a user feeding false location data to an app to have to enable GLS as this compromises user privacy.

App Ops and App Manager do not help as these only have the ability to allow, deny or ignore permissions. Denying location permissions will stop the app from querying location at all; allowing has the same issue. My GPS still has to be enabled, and if XPL fails, there is no safeguard. The concern is spoofed data unnecessarily requiring an active GPS.

0bbedCode commented 5 months ago

Ah ok I see , Yes I can SEE what I can do ! No promises as always but I will add this a list for my todo things! First sentence is all I needed to read understand! Thank you