Last Updated: May 25th, 2011

Back in March we reported on a proposed patch to CyanogenMod that would allow users to deny apps access to certain permissions while retaining the connection to others. This lets users install applications they are interested in, while remaining mindful of their privacy.

Update: Indeed, the "faking data" patches did not make it into CM and probably never will - thanks to all who posted the correction, including the patch author. See this commit for more info.

Denying permissions unfortunately has a nasty side effect - they will cause applications that don't handle the situation correctly to force close. If an application does start force closing and you've revoked some permissions, you will see a special dialog to easily reset those permissions back to "stock" and give the app a second chance.

The proposed patch went live (also here and here) yesterday, making the changes available to those who use the mod's nightly builds. It remains to be seen whether this new feature will result in a rash of unexpected force closes in applications that don't play nice with it as well as an uproar from developers who suddenly start getting flooded with crash reports.

In order to activate the functionality, you'll need to navigate to CyanogenMod Settings, then Permissions, and finally Enable Management.

After that, permissions can be enabled or disabled through the Settings -> Applications -> Manage Applications menu. Just pick the app you want, then scroll down to its permissions and tap them once to revoke (they will be crossed out) or tap again to re-enable.

Most permission changes will go live immediately, though re-enabling "Network Communications" will require a restart of the application.

Here are the main details of the new feature, as documented in this commit:

Adds support for revoking permissions.

- 2 new methods in PackageManager: set and getRevokedPermissions.
- new permission android.permission.REVOKE_PERMISSIONS that guards the new methods.
- new widget that can revoke permissions and is to be used in Settings app.
- setting to enable disable permission management.
- special message for force closed applications that have revoked permissions.
- "Reset permissions" on force close dialogue for applications with revoked permissions.

compile fix.
Change-Id: I19aace30b6e2bd2075231f8a8581c22b428e86e8

If you successfully flashed a nightly build with this feature enabled, feel free to leave a comment and let everyone know whether it's working correctly or causing problems.

Via: Reddit

Matt Demers
Matt Demers is a Toronto writer that deals primarily in the area of Android, comics and other nerdy pursuits. You can find his work on Twitter and sites across the Internet.

  • http://mindmirror007.blogspot.com alchemist007

    Ha! And this was written January of this year with the same ideas! http://goo.gl/D2rxL Glad to see at least someone somewhere making a difference!

  • Paul

    Perfect! I love the idea of sending fake data to the app but thus allowing me to use the app. No idea why some games need complete access to my address book and such. Or why a file manager program needs my GPS coordinates, etc. seems some apps just want too much info, and being able feed them false data like fake coordinates or tell the program there's no active internet connection, is perfect. Going to flash a nightly shortly.

  • William

    I understand the frustration with apps that ask for more permissions that they seem to need, but there is a simple solution. Don't install them.

    • http://twitter.com/Critofur Christopher

      Even simpler: just don't get a smart phone. I don't think you do understand the frustration, or maybe you're just trolling?

      Look, I want to use apps, but I want to keep one thing straight: it's MY phone and I don't want only the option of either accept the apps permissions or don't install. I don't want ANY app to run "in the background" unless I choose it to.

  • http://forum.xda-developers.com/showthread.php?p=12161601# Plamen


    First revoking INTERNET permission does not require reboot but just restart of the application from Settings -> Applications -> Manage Applications menu

    Second no faking of data is still possible.

    • http://www.AndroidPolice.com Artem Russakovskii

      First, revoking the INTERNET permission doesn't require a reboot, but re-enabling it does, which is exactly what the article says. I just tested it.

      Second, read the patch comments - they mention faking data for some permissions (phone state, id). Sure, it's not user selectable yet, but the beginning stages are there.

      • http://forum.xda-developers.com/showthread.php?p=12161601# Plamen

        Hehe I am the author of that patch and I know what's in it :)

      • http://forum.xda-developers.com/showthread.php?p=12161601# Plamen

        Which application have you tested INTERNET with? So I can investigate.

        • http://www.AndroidPolice.com Artem Russakovskii

          Hrm. I tested with BeyondPod, and it wasn't able to reconnect to the download sites, even after I re-enabled the permission and force stopped the app.

          As for the faking, quit leaving confusing commit comments that talk about faking :). It wasn't clear what made it in and what didn't but patch set 3 talked about faking and it was accepted by Steve.

        • http://forum.xda-developers.com/showthread.php?p=12161601# Plamen

          >As for the faking, quit leaving confusing commit comments that talk about faking

          Well in true faking spirit I need to continue :)

  • LAmDroid

    There was recently also an app called Privacy Blocker that would actually recode the app stripping certain permissions before installing it.

    dont kno how well it works tho as I've yet to try it. great to see something like this integrated into ROMs

    • Burned by Sony before

      It's good!

      The only problem I encountered was that with larger apps my X10 (384MB) ran out of memory and could not complete the recompile.

      Most apps were fine.

      The idea of stripping unnecessary, excessive, or intrusive permissions and substituting other data is brilliant.

      Who really needs my phone's serial #???

      Support this project!

  • Jon

    I just don't see the "faking" part...In the Manage Applications section, now you can cross (deny) the permissions that bother you, but I don't know how to give mock data :/

    • http://www.AndroidPolice.com Artem Russakovskii

      According to patch comments, faking is supported for phone state and id, but you can't edit what gets reported right now. I hope in the future, you will be, and most permissions will be supported.

  • secondavita

    finally I found a REAL reason to root... ;)

  • Mike

    How about the scenario, that you are on holidays outside your country and want to synchronize your emails? However because of huge roaming costs no other app should be able to connect to the internet. Currently when you switch on connectivity all apps try to synchronize: Gmail, Twitter, Facebook, Feedreaders...costing you a fortune if they start synchronzing.
    With this patch you can revoke internet permissions from all apps except the email app.

    • Shorty

      If you revoke the permissions the way you described, all that will happen are force closes. Better to just batch freeze and unfreeze apps in Titanium Backup in half the time it takes to check and uncheck all those permissions.

      • bk

        so you've tested this apps permissions thing in Cyanogen or just randomly stating what you think will happen?

        • Shorty

          It's been in fitsnugly's nightly CM7 builds on the N1 for some time now. Different apps react differently, but I experienced a lot of force closes when tweaking the network permissions.

      • Mike

        If an app crashes without internet connection, something is seriously wrong with an app. But maybe it's necessary fake an NoRouteToHost exception instead of an PermissionDenied exception...

        • http://forum.xda-developers.com/showthread.php?p=12161601# Plamen

          Actually revoking INTERNET causes UnknownHostException and SocketException

          both should be handled if the app is well developed.

          revoking network state permissions however will force close

    • masterson

      Then simply disable the internet connection for that APP using DroidWall. If U use CM then you've already rooted your phone and so there should be a firewall installed on your device ;)

  • vernon

    more and more i see myself rooting..im so afraid of bricking my precious desire though

    • some amish guy

      grow a pair....desire has been rooted for a long time. if u read, reread, and read the instructions again then actually go thru it, ull be fine (unless ur an idiot....then here's no hope)

      • vernon

        fuck you...if my first profanity is blocked heres another one :PHUK YOU and i sincerely thank you (dick!) for making me feel better about my fear of flashing..i will flash deepsheeeeet, im just not ready yet. and azzhole, im not the only one beer-tch

        • TheDude

          hey man the profanity just lowers you to his level. I'm a software engineer with a linux background and it took me 4 months to take the plunge on rooting (Evo4G) and a few months longer to flash a custom ROM(CM6) ... in the end it's your phone and your voided warranty and your aggravation/cost if you manage to brick it; do it when you're comfortable with the idea ... it's easy for mister "amish guy" to say grow a pair ... it's not his problem if you screw it up ... he needs to grow a brain and stop being a troll.

    • the-amish-guy

      grow a pair....desire has been rooted for a long time. if u read, reread, and read the how tos, ull be fine (unless ur an idiot....then here's no hope)

  • Scott

    works well on my G2. noticed only two FC's but that was with the amazon store app. It's nice to send crap data to pandora :)

  • optedoblivion

    Everyone please review this link. You will see that CM in fact did NOT include data spoofing capabilities.


    • http://www.AndroidPolice.com Artem Russakovskii

      Alright, I've got it all fixed up now. Thanks, guys.

  • cahaall

    This ravenous desire for apps to gratuitously grab data off my device is why I am avoiding Android altogether.

    I know arguments developers give, it helps troubleshoot issues, improve/develop better features, etc

    App developers should handle Revoking App Permissions gracefully eg don't crash your app if i don't let you have data.

  • http://slashdot.org Excellent

    This is the feature that I have been waiting for sooo long, thank you !!!
    When I red this, I got so excited I was jumping up and down.
    No READ_PHONE_STATE for any application that does not need it for a good reason, thank you very much.
    The same for ACCESS_FINE_LOCATION.
    Now I will be able to use my smartphone as a phone, without every idiot trying to steal my contact list & call log.

  • http://pureloveclub.com bob marley

    Cyanogenmod NEEDS to integrate ALL the USER control of PFFmod


    LBE privacy guard (before it used iptables as we have droidwall for that)

  • http://pureloveclub.com bob marley

    REvisit the votes log


    Malware capitulationists refused to include data spoofing PER permission when handed the capability on silver platter.. now being developed (as a path system) by PFFmod

  • http://pureloveclub.com bob marley

    Don't forget iptables and AdAway

  • http://pureloveclub.com bob marley

    FRAKKIN spell "correct"