🆕 Software Suggestion | Vigilante

[FunkyMuse]

Basic Information

Name: Vigilante Category: Android security URL: https://github.com/FunkyMuse/Vigilante

Description

An app that focuses on your privacy and alerts you when a third-party application uses your device camera or microphone, plus few other goodies.

Why I am making the suggestion

It notifies you when an app uses your mic, camera in the background without you being aware. It's open source app built on top of security oriented open source libraries.

My connection with the software

I am the author

• [x] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

[lrq3000]

Licensed under GPL-v3.

Interesting app. What Android versions are compatible? All? What are the plans to support future versions?

[FunkyMuse]

Licensed under GPL-v3.

Interesting app. What Android versions are compatible? All? What are the plans to support future versions?

Android +7.0

There's no problem of supporting new versions, the app doesn't rely on something version specific from API +24

[ph00lt0]

Can recommend, very nice app, UI is a bit odd, but likable.

[ph00lt0]

I just learned about this: https://blog.g3rt.nl/android-lollipop-encryption-user-interface-flaw.html

Do you guys know anything about this @FunkyMuse?

At least we should add a warning for devices that are effected.

More on the topic:

• https://teddit.net/r/Android/comments/gt3ib8/why_was_fulldisk_encryption_removeddisallowed_in/
• https://teddit.net/r/Android/comments/3vry8k/users_running_lollipop_or_newer_may_be_using_a/

This is quite scary considering that by default android phones have the Talkback service. From my understanding the phone will use file-based encryption since android 10 as alternative, but that isn't nearly as secure (obviously).

[FunkyMuse]

I just learned about this: https://blog.g3rt.nl/android-lollipop-encryption-user-interface-flaw.html

Do you guys know anything about this @FunkyMuse?

At least we should add a warning for devices that are effected.

More on the topic:

* https://teddit.net/r/Android/comments/gt3ib8/why_was_fulldisk_encryption_removeddisallowed_in/

* https://teddit.net/r/Android/comments/3vry8k/users_running_lollipop_or_newer_may_be_using_a/

This is quite scary considering that by default android phones have the Talkback service. From my understanding the phone will use file-based encryption since android 10 as alternative, but that isn't nearly as secure (obviously).

The app is available on API +24

The app encrypta the database it uses

The app uses encrypted shared preferences

The app most IMPORTANTLY doesn't connect to internet

The app has an option to enable biometrics in order to proceed

Do more through research before you throw a shade.

[ph00lt0]

@FunkyMuse why are you so irritated? I am just asking a question. This isn't about the way your app stores data. This is about android seemingly disabling disk encryption when activating an accessibility service. This is not at all 'a shade' towards your app.

[FunkyMuse]

@FunkyMuse why are you so irritated? I am just asking a question. This isn't about the way your app stores data. This is about android seemingly disabling disk encryption when activating an accessibility service. This is not at all 'a shade' towards your app.

Because this is from 6y ago

[ph00lt0]

I tried a few devices, some do show warnings about encryption others do not. But isn't super obvious. Once again, this is not a rant on this app, but we should inform users of this security issue.

Edit: I do not see how this would not be relevant due to the article being from 6 years ago, but let me know why you disagree @FunkyMuse

[FunkyMuse]

I tried a few devices, some do show warnings about encryption others do not. But isn't super obvious. Once again, this is not a rant on this app, but we should inform users of this security issue.

Edit: I do not see how this would not be relevant due to the article being from 6 years ago, but let me know why you disagree @FunkyMuse

I'm now seeing the comment for some reason.

The app doesn't connect to the internet, you're safe, whatever happens.

That's how accessibility services work on Android, it is a system's shortcoming, my app is however now baked in Android 12 but without options to customize position/color.

[ph00lt0]

I got to know somethings about this encryption problem. This will only appear on devices that where originally released on Android Oreo or lower. However it is important to know that even if you upgrade the device to a newer version of android (like i had done on the device in the screenshot) it does not solve the problem.

I think the app can be recommended for people having a phone that was originally released with a version higher then Oreo and cannot be upgraded to android 12. Besides this PrivacyTools currently recommends the usage of Lineage-OS and GrapheneOS who also have similar features integrated.

[FunkyMuse]

1. Guide the user to go to Settings > Security > Screen lock.

2. After entering the PIN or password, now tap on PIN or password. I'm using PIN for this example.

3. A screen appears saying "You can further protect this device by requiring your PIN before it starts up...".

4. Select the option "Require PIN to start device". Tap "Continue".

5. A prompt appears saying "Require PIN? When you enter your PIN to start this device, accessibility services like won't yet be available." Tap "OK". Then tap "Continue".

6. Choose and confirm your PIN.

7. Done.

@ph00lt0

[ghost]

Great App though, But Vigilante seems to be a alternative to Android 12's Privacy Dashboard for Older Android Version. But there was already named as Privacy Dasboard & Works Great though and it was also Open-Source. I think the PrivacyTools might recommend that in the Site. Just a Opinion.