This is probably completely off-topic, but could this be used to create the ability to deny permissions to applications? As a privacy-sensitive person, I would like to prevent some applications from receiving certain permissions, while still using them (for example, why should a game have access to my contacts?), but Android doesn't provide that functionality.
Would this be possible/viable with this framework? I might give it a shot, if so.
Not answering your question, but applications for Android are generally written with the assumption that they have whatever permissions they requested at install time, and may behave unpredictably if calls to things that are supposed to have already been authorized raise exceptions. I would expect that if you managed to do this, lots of applications would crash.
Yes, you could hook the permission checking methods and deny them. I think there are packages that do this already (or don't throw the Permission exception but instead return an empty contact list, etc).
Xposed has allowed me to iterate much more rapidly on framework tweaks, and also keep them much cleaner (since now I just have the "hooks" instead of directly changing Android framework). Also, I can run on more devices because I don't have to replace some framework JAR which the vendor tweaked substantially.
> That said, at some level the libraries are fairly similar: the core mechanism by which a method is hooked in Xposed (swapping it out for a JNI implementation) is actually the same one that I described in the talk I gave on Substrate at a conference called Android Open in 2011. The result is that there are some similarities in the functionality offered by the two frameworks.
> Thankfully, Substrate's injection mechanism does not conflict with the one used by Xposed: therefore, if users or developers would like to have both frameworks installed, that is actually possible. There are some places where the two libraries "disagree" (such as Xposed totally removing the Java security model that Substrate preserves), but the resulting behavior is harmless.
Upon further reading, I noticed the true purpose of this seemingly allows apps to extend outside their sandbox and violate the intent model in terms of how they interact.
Not sure why this is a GOOD idea though...
----- original:
As someone with a rooted galaxy nexus on cm10.1, why is this of interest to me?
I understood that cydia was an app store alternative that only could exist on rooted/jailbroken iOS. Android has no such restrictions about app stores; what value does this actually add?
This is based on reading every word of the linked to page...
> WinterBoard is a "theme engine" that allows you to use the numerous themes you may find in the Google Play Store on your device without having to install custom ROMs or use custom launchers. It allows you to use almost any launcher icon theme with your stock launcher and supports "Theme Chooser" themes without CyanogenMod.
Winterboard is for customizing graphics with more flexibility; it's not messing with how apps work.
You could also imagine people developing a collection of Substrate extensions that each implement a specific launcher customization, so that you can build up your desired set of customizations one-by-one instead of trying to choose between several launchers that each have parts of what you want.
There's nothing wrong with hacks. There's nothing wrong with runtime patching. If you know what you're doing, then you know why you shouldn't do it, and thus you're well equipped to do it anyway.
There IS something wrong with bundling up hacks and runtime patches into a simple user-friendly installer that leads users to believe that they will work and are safe. When the hacks fail (and they will), it happens in ways that leave users confused, frustrated, and blaming us -- the developers of the applications that your hacks crash.
Bug reports from people who use Mobile Substrate are a massive waste of time and user goodwill. They pollute our crash reporting system, they make users think our software is broken, and they result in bad reviews in the app store.
You've just made life more ugly for every ISV that supports Android -- and our users -- after doing the same to us on iOS for years.
StavrosK|12 years ago
Would this be possible/viable with this framework? I might give it a shot, if so.
apendleton|12 years ago
randallu|12 years ago
gcb0|12 years ago
I have it currently on my nexus one with CyanogemMod7. standard feature.
Use it to prevent my closed source keyboard from talking to the web.
randallu|12 years ago
https://github.com/rovo89/XposedBridge/wiki/Development-tuto...
Xposed has allowed me to iterate much more rapidly on framework tweaks, and also keep them much cleaner (since now I just have the "hooks" instead of directly changing Android framework). Also, I can run on more devices because I don't have to replace some framework JAR which the vendor tweaked substantially.
britta|12 years ago
> That said, at some level the libraries are fairly similar: the core mechanism by which a method is hooked in Xposed (swapping it out for a JNI implementation) is actually the same one that I described in the talk I gave on Substrate at a conference called Android Open in 2011. The result is that there are some similarities in the functionality offered by the two frameworks.
> Thankfully, Substrate's injection mechanism does not conflict with the one used by Xposed: therefore, if users or developers would like to have both frameworks installed, that is actually possible. There are some places where the two libraries "disagree" (such as Xposed totally removing the Java security model that Substrate preserves), but the resulting behavior is harmless.
hayksaakian|12 years ago
Not sure why this is a GOOD idea though...
----- original:
As someone with a rooted galaxy nexus on cm10.1, why is this of interest to me?
I understood that cydia was an app store alternative that only could exist on rooted/jailbroken iOS. Android has no such restrictions about app stores; what value does this actually add?
This is based on reading every word of the linked to page...
britta|12 years ago
> WinterBoard is a "theme engine" that allows you to use the numerous themes you may find in the Google Play Store on your device without having to install custom ROMs or use custom launchers. It allows you to use almost any launcher icon theme with your stock launcher and supports "Theme Chooser" themes without CyanogenMod.
Winterboard is for customizing graphics with more flexibility; it's not messing with how apps work.
You could also imagine people developing a collection of Substrate extensions that each implement a specific launcher customization, so that you can build up your desired set of customizations one-by-one instead of trying to choose between several launchers that each have parts of what you want.
unknown|12 years ago
[deleted]
anonyfuss|12 years ago
There's nothing wrong with hacks. There's nothing wrong with runtime patching. If you know what you're doing, then you know why you shouldn't do it, and thus you're well equipped to do it anyway.
There IS something wrong with bundling up hacks and runtime patches into a simple user-friendly installer that leads users to believe that they will work and are safe. When the hacks fail (and they will), it happens in ways that leave users confused, frustrated, and blaming us -- the developers of the applications that your hacks crash.
Bug reports from people who use Mobile Substrate are a massive waste of time and user goodwill. They pollute our crash reporting system, they make users think our software is broken, and they result in bad reviews in the app store.
You've just made life more ugly for every ISV that supports Android -- and our users -- after doing the same to us on iOS for years.
wvenable|12 years ago
bangsta|12 years ago
[deleted]
bangsta|12 years ago
[deleted]