When you install an app on your phone, it often spreads its tentacles into other various parts of the device. Sometimes, it taps into the hardware that identifies your location. Others, it grabs data from your address book.
If you use an Android phone, the OS will tell you -- explicitly -- what the app is trying to access, and it will ask your permission to do so. But you can't provide permission for one data grab and then reject another. It's an all-or-nothing proposition. If you want the Twitter app but don't want it accessing your text messages, you're out of luck.
That's a problem for those of us who really want to protect our privacy, but still want to be participate in things like social media. And even if you trust everything the app developer is doing today, you never know if a new update may contain malware planted by someone else. That's why Marcel Bokhorst created XPrivacy, an open source tool that lets you closely control the permissions for each of your Android apps.
In short, the tool can override a particular permission setting by feeding it junk data. For example, it can feed your Linkedin app fake location information, or your Twitter app an empty address book. And you can do this on an app-by-app basis. So, even if you prevent LinkedIn from accessing you location, you can still offer access to your mapping app.
>If you want the Twitter app but don't want it accessing your text messages, you're out of luck.
Other Android tools let you do much the same thing, such as PDroid and OpenPDroid, but they're no longer supported by the developers who made them. The popular Android alternative CyanogenMOD includes a tool called Android Privacy Guard, and the latest version of the official Android OS offers app-by-app privacy settings. But Bokhorst says these tools don't provide the same fine-grained controls as XPrivacy, which can manage 250 different settings. Plus, the official Android privacy settings are hidden from the average user, probably because they're not ready for prime time.
Bokhorst started building XPrivacy last year while he was developing his own custom version of CyanogenMOD that included OpenPDroid. But after getting frustrated because no one was updating OpenPDroid, he decided to create his own privacy tool using an open source Android developer framework called XPosed. The result was XPrivacy.
The project took off quickly. Bokhorst says he has spent over 2,000 hours working on the project so far, and the open source community has contributed not only several ideas for the project, but translations into 37 different languages. According to the open-source-project-tracking site Ohloh, over seven years of effort have already gone into the project. "I guess I am an efficient worker," Bokhorst jokes.
The downside of the tool is that you can't use it without arranging "root" access to your phone. This generally means using some third-party software to hack into your phone so that you have control over the core software, and it can void your warranty -- or, worse, screw-up the phone's internal software so badly that's effectively rendered useless. Unfortunately, Bokhorst says, it's not possible to build a version of XPrivacy that doesn't require rooting. The application must integrate deeply with the Android OS. For the less adventorous, Android's own hidden settings are probably the best way to go.
According to Bokhorst, Google removed XPrivacy from the Android Play Store soon after it was made available. But the store still includes a tool that will at least walk you through the installation of the app. Not being in the Play store makes it harder for Bokhorst to sell the tool, but that doesn't bother him. He's not building the tool for money. "The goal of the XPrivacy project is to offer a free, decent Android privacy solution for as many as possible people," he says.
That said, he does offer a premium version of XPrivacy that adds tools such as a database of custom privacy restrictions created by the XPrivacy community, and a way of importing and exporting settings across devices. And he does accept donations. "I see donations as concrete positive feedback, but they are in no way a compensation for all the time I have spent on this project," he says. "XPrivacy is more an ideology and a technical challenge."
