Saturday, March 1, 2014

Blocking Apps from reading your SMS on Android

A variety of Apps are starting to request to read your SMS history on Android.  Facebook was first (actually a while ago, but rescinded under pressure... but its back), and I noticed this past week LinkedIn and Twitter.

I'm not comfortable with that.  Not because I'm doing anything nefarious, but because of how a single sentence or phrase can be positioned in the form of a "sound bite" to sound like something it wasn't. I don't need a single off handed remark about a salacious celebrity from a friend in a text to become something a future employer sees as one of my "interests"

Facebook started to worry me a few releases ago when it started suggesting I post photos I'd taken when I launched the app.  I don't want Facebook scrounging around in my photos... what's to stop them from uploading them automatically?  The combination of that and SMS mad me nervous enough I just uninstalled it.

But then Twitter and LinkedIn did it.  And I actually use LinkedIn, so it was time to find a way to have my cake and eat it too.

iOS users... Apple doesn't permit that, so you're safe.  But on the Android world, its a little harder.

ASOP briefly had the ability natively to manage this through the Ops Center, but Google removed it as "a mistake".

If you're rooted, CyanogenMod (and presumably others - I can't recommend CM since they took money and went commercial, their intentions are now on shareholders not on users) aftermarket roms have these abilities - to manage app permissions on a app by app permission by permission basis.

But, if you're like me and LIKE what the manufacturer added (I happen to like TouchWiz on my S3 - and before you flame me, I have a N7 2013 with 4.4.2 on it too, and previously owned an HTC with Sense) - then you're not going to throw a new ROM on there.

What I found is the Xposed Framework.  Its like what Cydia is to the iOS world.  Any easy way to manage side loading apps that aren't in Google Play (because they wouldn't get approved, or its too much hassle).  You do still have to be rooted, which voids your warranty and can block you from future updates, so its not to be taken lightly.  I'm not advocating you root your phone.  But if you've rooted already for other reasons, or understand it and want to take the risk, Xposed is something you should add to your tool chest.

Xposed lets you add XPrivacy, which lets you manage all permissions for all apps.

Here's a good how-to on installing.

Discussions about apps are on Reddit and XDA

What Xposed does is feed the app fake data for contacts and SMS, so it doesn't hang/crash due to an access violation - it just doesn't get any data.  You can either select apps to setup or just setup apps when they install/update.  It does an elegant job of prompting you.

So far, all I've seen is Facebook fail on 2 factor SMS security... which is ok with me, I'll take that as a trade for not letting it read my SMS.

Another Xposed plugin I'd suggest is BootManager.  Its like MSCONFIG for your Android - letting you choose what runs at startup.  I shook my head at some of the things running at startup - now, there are valid reasons for them.  Badges, notifications, etc.  But often they're for apps you don't care about, or you might be like me - I don't care for most push notifications.  A few I like - news, sports - but I don't need Flappy Bird reminding me to play or iHeart Radio telling me a new podcast is on.

Boot Manager doubled the performance of my phone - both in speed and battery life, at no real expense to me.

I'm not being paid by either... I just really enjoy their features/benefits and wanted to spread the word.

No comments: