kaputnikGo / PilferShushJammer

Light Android AOSP application to test microphone jamming techniques to combat Cross-Device Tracking (XDT)
216 stars 25 forks source link

How to check if the app is working correctly? (Android 10 bug?) #17

Closed Konstantin555 closed 4 years ago

Konstantin555 commented 4 years ago

I've installed the latest version of the app via F-droid. Activated the Passive ("Passive jammer running" is present in notifications bar). Then I do a short record via standard dictaphone app and i can hear myself on the record. Is that how it is supposed to be? Xiaomi MI8, MIUI 11.

kaputnikGo commented 4 years ago

Can you provide the package name of the dictaphone app you are using? Also have you tried changing the Buffer Read Lock setting to "Enable"?

Konstantin555 commented 4 years ago

Can you provide the package name of the dictaphone app you are using? Also have you tried changing the Buffer Read Lock setting to "Enable"?

The dictaphone is a system app. Don't see any info about it. I can successfully record voice messages in Telegram (last version) as well, btw. Yes, I've tried the Buffer Read Lock.

kaputnikGo commented 4 years ago

System apps are not blocked by the jammer as they have an override ability derived from telephony which gives them priority over any user installed app that has the mic. If Telegram is given telephony replacement permissions then i would assume that the same behaviour would be observed with that app too. The jammer is only able to hold the mic from other user installed apps and especially to block those apps from using the mic as a background service. This capability and its limits are entirely determined by the Android OS.

Konstantin555 commented 4 years ago

Just installed the Direct Dictaphone from F-Droid. Same thing.

kaputnikGo commented 4 years ago

I just installed same app from fdroid on production device and PilferShush Jammer blocks access to the mic. Pressing record on the dictaphone causes it to try to start, says its recording and then stops immediately. The "notes" that it records each time on attempting to start are all 0. Also the stop on silence switch was set to off for this test. This makes me assume there is something going on with the MIUI 11 os. Its based on Android 10 which has changed some things in background audio recording including disallowing background services from utilising the microphone unless they use MediaRecorder as a foreground service. Currently the jammer doesnt use MediaRecorder, primarily as i don't have an Android 10 device. But i will push this update forward to the next release and hopefully the emulators work well enough for me to test.

Konstantin555 commented 4 years ago

@kaputnikGo Thanks for the clarification. Hope to see the update in the near future.

kaputnikGo commented 4 years ago

I have flashed the dev phone to Android 9.0 and have added a placebo function that calls the MediaRecorder from the passive jammer service so that it conforms to the (API 28+) restrictions on microphone use in backgrounded apps. This placebo function so far is coded up to and including the prepare() phase that checks the existence of a file for writing to and then waits for start() to be called. I won't ever be including the start() call as it will write audio data to a file and that nulls the whole point of this app. So while the MediaRecorder is in an idle state after prepare() is called, the jammer will continue to rely on audioRecord.startRecording() method to hold the microphone. It will also still never use the audioRecord.read() method that does the actual data recording part.

So far it works on the dev phone. I assume that Android 10 will still respect the same API as 9 but who knows. Also the MIUI flavour rom may have changed this behaviour from stock AOSP. Will do some more testing and then roll out a release in a day or two.

kaputnikGo commented 4 years ago

have tested on an Android 9 AOSP device for 20 hours and its running and blocking other user app mic use. New version now rolled out to googleplay and F-Droid should auto pick up soon, with its own build version to follow. I also tested the behaviour with the DictaPhone app (as above) and it fails to record any audio while jammer is on. Hopefully the updated app works for you. Thanks for the bug report! Its a vital part of FOSS dev for android.

Konstantin555 commented 4 years ago

@kaputnikGo unfortunately I have the same results with the new version with and without Buffer Read Lock. New version is not present on f-droid, btw,

kaputnikGo commented 4 years ago

yes, fdroid is slow to update and sometimes misses a release for some reason. I can only assume that MIUI is doing something, or even that Android 10 has changed something. There are more battery/power settings available in API28+ including controls over background use so maybe a setting is altering the sort of default behaviour i get in LineageOS. ie the Battery Manager and Battery Saver may restrict backgrounded apps from running. In the settings app view for the jammer i have the Background Restriction section set to "App can use battery in background". Unfortunately there isnt much more i can advise other than through guesswork, if you could get an adb debugger print then it should tell you what happens when the app goes to the background and ceases to hold the microphone.

kaputnikGo commented 4 years ago

ok this is appears to be a problem caused by Android 10 concurrent audio capture policy: https://source.android.com/compatibility/android-cdd#5_4_5_concurrent_capture

which means that apps can bump a previously running app off the microphone: [C-1-4] "the one that started capture the most recently receives audio". This results in a zeroed data stream (silence) for the first, and now bumped, running app. So if you start the dictaphone app and speak into it ensuring you have audio record, then while it is running, start the passive jammer, you should see that the jammer now has control of the microphone and the dictaphone app gets zeroed audio data (silence) but may still appear to be recording. then if you stopped the passive jammer, the dictaphone app would then get a proper audio signal from the microphone. This state change probably isnt clearly indicated in the UI.

The latest build 4.4.1 of PilferShush Jammer has a detection process added to it where a running passive jammer will detect a loss of microphone control and then automatically try to regain control by stopping and restarting the passive jammer service. This process is indicated by system pop messages that appear in the middle of the screen of an Android 10 device. see below an example of PilferShush passive jammer warning of another app taking over the microphone

Notify-transparent

and see below the pop up message saying that PilferShush passive jammer service has regained control of the microphone (note the orange bars mid-screen indicating the recorded waveform stop after 6 seconds even though the recording is 22 secs long)

Android10-PSJAM-fight-win

This technique is still being tested so any feedback is much appreciated.

kaputnikGo commented 4 years ago

Also updated to an Android 10 LineageOS build for my dev device (Samsung Galaxy S5) so now can test these things properly outside of the emulators.