I've got an android phone with root and su access. I'd like to intercept all intents fired by any app and their extras bundles in my android app. Is there a way of doing that without writing a custom aosp ROM? Is it possible to change how Zygote or ActivityManager work?
I know using "adb shell dumpsys" will provide a historical view on past intents but it's missing the intent payload.
I've got a list of all the intents' action names that can be fired and added those to my androidmanfiest.xml. But some are routed to specific packages or limited behind security permissions.
Is there a one-size-fits-all approach that'll intercept all intents in Android?
Have you tried using Xposed framework? It basically allows you to intercept any method (such as Context.startService(), or any of ActivityManager's) and add your own code.
Related
Everyone knows Tasker.
The optimal way to use Tasker would be to create a Plugin. But then you can't use other automation Apps like Llama (except you also build a plugin for them of course).
I saw a clever workaround for this. since nearly all automatisation Apps are able to start Intends, some Apps like the one for Franco.Kernel or ElementalX have classes which can be startet from such Apps to do Stuff. For ElementalX it looks like this: flar2.elementalxkernel.powersaver.DISABLE_POWERSAVE.
I like this idea and want to implement this to!
but I have some questions...
Are these just normal classes like every other Activity and Class in my Project?
How do I get my Context in those Classes?
Can those classes access all other functions and SharedPrefs in my App?
Is it possible to hand over parameters like Ints or Strings?
What else do I need to keep in mind?
The example you gave is an intent from the application ElementalX Kernel (now replaced by EX Kernel Manager)
The intent is made public by adding android:exported=“true” to the app's manifest. This means other apps like Tasker can use it.
Within the ElementalX Kernel app, there is a broadcast receiver that listens for this intent. When the intent is used, it triggers further actions. In your example, when the intent flar2.elementalxkernel.powersaver.DISABLE_POWERSAVE is broadcast, the app will receive the broadcast and call the methods that disable powersave mode.
I'm developping two apps (on Android 4.2.2), app A that contains a "private" area and app B that can open the private area with an Intent.
I have used a custom Permission with protectionLevel="signature" to be sure the broadcast will be receive only if A and B are built with the same keystore, and it works well.
After this, I have made some tests, and finally find a way to "bypass" the Permission by using:
su -c am broadcast ... from an app that did not define the custom permission
So it means that if someone install the application A on a rooted device, he could send a broadcast message to my app and access the "private" area...
From my point of view, I'm not sure if it's a security breach or the expected behaviour.
I have found no documentation about this...
Do I really need to add a password in extras or something like that to be sure this access is protected?
Thanks
I have a SMS Blocking Android App. It worked fine until Google introduced SMS feature in Hangouts and so did Samsung in its ChatOn messenger. Both of them have the highest priority for SMS receiver ie 2147483647. I verified this from their manifest.
So is there anyway to decrease their SMS receiver priority using what so ever method including root?
I plan to implement a "click to fix" option after a user opens the app.
The only way I could think of doing this was to edit the manifest file of these applications.But again I am not sure how android processes the Broadcast receiver. Does it use its own internal memory to know which app will process the sms received broadcast, or does it read the manifest file of all the installed applications every time?
If there is a separate memory how can I access it(using root, if required) and if manifest file is read every time, is it possible to edit that file even with root, as I read there are signature related issues.
P.S In root programming i have just experimented with calling standard sudo commands inside an app. Also my main focus is on pre Kit Kat devices.
I am developing an android service at OS level. ( not from SDK, its from android source code. It will be part of my custom ROM. I can tun myself as root)
I am going to give an interface to apps to do something using my custom intent. At the end I want to know who all are listening for this intent.
Is there any way to get list of all BroadcastReceiver(s) registered for a specific intent?
Thanks for help!
From a program you can use PackageManager and queryBroadcastReceivers().
From the 'adb shell', try the command:
dumpsys activity
the Activity Resolver Table lists all the things that broadcast receivers are looking for.
I want to implement a service which should be running like standard system service on boot up, this service should not be kill-able and should be able to perform action on receiving notification from another process.
Can anyone help me which is the best methodology (AIDL) to create such service,if any example for reference ?
You can't do this unless you are creating your own system ROM.
If creating your own ROM, you can start by modifying the AndroidManifest of the apk containing your service. You need to add an attribute to your manifest node: android:sharedUserId="android.uid.system". That will cause your APK to hold the system ID (which requires the APK to be signed with your platform signing key -- this is why you need to be creating your own system ROM.
That will allow your application to be considered special by the system, and (at least on 4.x, I haven't tested on older Android versions) your application will be auto-started. The application being auto-started doesn't mean much on its own though; either you need to implement a BOOT_COMPLETED receiver as #febinkk suggests, or you can provide a custom Application override (by adding the attribute android:name="your.package.ApplicationSuperClass" to your application node in your AndroidManifest.xml). In your application super class, you can overload onCreate() and have it start your service or whatever else is required.
Additionally, as a system application, I believe (though have not fully tested) you will not be able to be killed through normal means.
You are not able to create non-killable, immune service without creating your own ROM
You could register a BroadcastReciever with filter for android.intent.action.BOOT_COMPLETED for your service and after starting call startForeground(). This may not be what exactly you were looking, but this is probably the only thing that comes near, if you don't want to create ROM.