Shared publicly  - 
 
Privacy Guard Manager

In addition to bug fixes, one of the comments to come out of the nightlies that have included Privacy Guard was that while the per-app method worked, going app by app through the settings window was tedious. 

Thanks to Lars Greiss of SlimRoms, working with our User Experience (UX) team, this morning we merged in a central screen for you to manage your apps. 

The Manager allows for easier toggling of the 'default-on' behavior. Further, the list of apps it shows upon opening is a list  that shows only user apps which have critical permissions privacy guard can protect. (You can still have it list all apps on your device). 

There is also an initial dialog to explain Privacy Guard to new users (one-time), and long pressing an app will take you to the standard application detail screen. 

This new UI will be in the next set of nightlies, give it a try and let us know what you think!

http://review.cyanogenmod.org/#/c/45021/
658
83
Ammar Nik Aznan's profile photoDan Rhodes's profile photoJivago Rodrigues's profile photoJurgen De Ketelaere's profile photo
83 comments
 
You guys are absolutely being awesome.
 
It's great and I love it, but even after re-reading the original thread about not restoring the permissions editor, I still don't see how this is really all that different, except now I have less control over what my apps can do.  Still better than any other smartphone privacy management though...
 
Maybe little offtopic but I have to say that CyanogenMod is so damn good I want to go back to CM from stock Android!
 
Great, hope it get open and pa adopt it ^__^
 
Smart how you guys use the privacy 'hype' in your advantage. You've released these privacy features on the right time. Keep it up.
 
+Stefan van Manen Pretty sure they were working on this before all the privacy hype.  You don't just come up with an idea like this and execute something workable in that short of time.  Its great timing to be at this stage though :)
 
+Alex Willis That was in regards to 10.1.0; Privacy Guard is planned to be in every future stable/general release moving forward (10.1.1/10.2). The timing of the 10.1 release and the 'new-ness' of this feature is what prevented its inclusion into 10.1.
 
That makes me ask... will there some day be the possibility to deny app permissions with cm, without the need of LBE Privacy Master. Or am I completely off-topic ?
Anyway, I am happy to have cm on my phone.
 
Those SlimRom people are good folk.
 
Now if only i could use cm on my note 2 i would be happy but camera compared to stock is just nowhere near
 
Spend a couple of bucks and buy a camera app on the Play Store, it's not like we pay for the CM firmware...
 
amazing what cm developers are doing, this is the authentic android experience 
 
+Antonio Giovinazzo i think i have bought most if the most popular ones but they arent that good, slow to use and all in all not very nifty at all. 
Ry Jo
 
Can I use it on my Gnex right now or am I waiting for a couple of few? 
 
+Ry Jo This new manager will be available in tomorrow's nightly for your device
 
Could you do the same with "show notifications"?
 
This sounds awesome. I can't wait to give this new manager a try.
 
+CyanogenMod could you please add a option to disable the notification, that the current app is enabled with privacy guard? Thanks !!!
 
It almost makes sense since you're giving Privacy Guard a management UI to think about providing an Advanced option which would open up more granularity for those of us who are more advanced users. Simple users keep it in simple mode, advanced users have a choice of a more advanced mode with more configuration options. That would be ideal, and wouldn't make anything any less simple for anyone who doesn't want it, which was the goal in the first place, I think.
 
It would be an interesting toogle the Quick Settings to turn off notifications ...
 
Just wow, these are things that should have been present in stock android from day one, but it needs CM to do it. Thanks alot.
 
It's great that you guys are providing this and baking it in to the core  build....

it's tragic to think that such a thing is even necessary and that we cant trust application developers to just leave us alone wen we ask nicely.
Sud J
+
4
5
4
 
Can we have GPS permission also included in this? 
Alex L
+
1
2
1
 
Great job, although I think adding a check box during the install process would be the most useful. At this point, you cant click "open" after installing unless you are going with the default and have to navigate through settings first.
 
Will Facebook app in the future fc explicitly when cm is detected? Hm....
 
+Sud J It already is included. GPS will be reported as off if privacy guard is enabled.
+Alex L We can't change the Play Store apk, so that's not possible.
Sud J
 
+Danny Baumann I'm on 27 Jun CM10.1, Samsung note, N7000. GPS is active even on privacy guard when tested on google maps
 
GPS is on, but what would the app get from GPS service? a null GPS coordinate?
 
Can you guys comment on the bluebox related Trojan? Is it even possible to fix through custom firmware? 
 
Exactly it returns 0 coordinates. Check eg with gpstest app from play store you will see it shows 0 0
Sud J
 
+Lars Greiss thanks for the info, but if it returns null value then shutting the GPS module down along with the null value would be good for battery also. 
 
Well... Well... Well now nigthlies seems interesting...
 
+Sud J the point on privacy guard is exactly to do not block permissions or turn service off which can break apps which cannot handle that right (not all apps are well programmed and catch this cases) ....privacy guard simulates the app that all is fine and normal and just return 0 values. The short explanation of this lol easy and absolutely safe 
 
+Sud J +Lars Greiss it should be possible to suppress the low-level GPS startup though; the app just won't get location callbacks in that case. I'll look into it.
 
Another hint: in this list, give a subtle hint as to which applications actually have persmissions for access toe GPS/contacts/call history/...

I would put this under the name of the app, with either text or icons.
Sud J
 
+Danny Baumann thanks for considering. I know privacy guard primary function is to give privacy controls, but surely if GPS module is avoided from starting then that would help battery. 
 
+Bouke Timbermont I think that would get messy (and crowded) very fast, especially given the information isn't that far away anyway: Long-pressing on an item brings you to the app details screen, which lists all permissions.
 
+Danny Baumann +Bouke Timbermont I feel the same like Danny. It would be crowded beside this the permission filter already shows clearly that only the apps in the list are critical. And as danny said long press and you see them in detail if you want.
 
This is great! I have a small suggestion for you +CyanogenMod guys. It would be awesome to have the ability to backup profile settings. Setting all of those up after a clean flash can be a pain in the rear. Even an app from the market similar to what +Android Open Kang Project did with their rom control backup app. I'd GLADLY pay for it. By the way, this ROM is the ultimate android experience. You guys really are doing great work. Really enjoyed the +Geek.com interview!
 
I have enabled Privacy Guard  for Truecaller app and this still read SMS(verification SMS) automatically. :(
 
thanks for this...

I am getting frequent hangs, then userland restarts, when enabling for apps, via the PG manager.

Two recent examples would be Google Drive, Google+. When touching to enable for both of those, each time everything hung up for a few mins, then a userland restart.

After the restart, the app has been successfully enabled in PGM.

Have had it for some other apps too, but didn't note which.

This on Galaxy Note N7000, 20130704.


Edit: http://review.cyanogenmod.org/#/c/45123/
 
I must say...after a few days using this, I'm finding it very useful as a big hammer for really bad apps like Facebook, but as a tool for power users, it just doesn't compare to individual permission management.  I have several apps that require GPS, such as real estate and white pages apps...but these apps also try to mine personal data.  It stinks, but they are mildly useful...Unfortunately the "all or nothing" model of Privacy Guard means I either use the apps as installed, or not at all...just as if there was no Privacy Guard at all.
 
:'(so expected for my device of htc butterfly x920e
 
+Dan Rhodes I am currently working on an advanced mode exactly with exactly this functionality. Not every single permission but permission groups like location/browser/SMS/comtacts/calendar. Normal mode is like it is now advanced you can set it more specifically. But not sure if it will be merged for cm then we will see. Currently doing it for slim. But at the moment we prepare stable release.....so it will take some days till I am completely finished ;-) so no eta lol
 
+Lars Greiss Sounds good. How are you going to do it API-wise? An int with flags instead of the boolean?
 
+Lars Greiss That sounds awesome, but I wonder if it isn't too close to the old permissions management that was abandoned?  Maybe the new Manager interface with is enough to get this into CM!
 
This does sound very nice, but why not work from PDroid? PDroid's features far outperform the permission managements of other apps, enabling fake locations, fake network states, fake phone number, fake IDs, and may other fake things. In all seriousness, if these emulated states aren't in CM's permissions management, I'll probably just continue to use autopatcher for PDroid. 
 
+Danny Baumann yes using an int with masking over it.

+Rahul Manne the goal and the way like Steve did is just another then pdroid

+Dan Rhodes let us see where it goes to get a good balance. Clear is i do not want it that way it was in the past or other approaches which currently exist
 
+Lars Greiss it is about the same except the ability to fake data and the granularity. And without the granularity this feature as great as it may be is practically useless. The main problem with the android permission scheme  is mainly the all or nothing way. this feature adds the ability to disable access the sensitive data in the same way.
For instance I'd like to use my navigation software but I don;t think it needs the access to my contact list, my phone number  or my call log. Privacy guard under those conditions serves absolutely no purpose.
But thanks for the efforts :)
hopefully the changes will get merged
 
This is excellent, and really a step forward in protecting the privacy of CM users.  I hope to see more work in this direction forthcoming, and more granularity of settings available in the future.
 
Just flashed the latest nightly for n7000, but I cannot find it anywhere, is this a device specific feature?
 
Guarded app can still get my installed app list and my google account name
 
Not in 10.1.2 Stable? 
 
You should provide it on cm10.1 stable version also. There's a lot of people use stable version and want this fearure
 
call logs are still visable, please fix. as well as phone number visability
 
Is it normal that the privacy guard function does not work with gmail? I still get suggestions from my contacts when I send a email. Its exactly google whom I want to protect my address book from :/ But, could be a problem with my ROM (PA 3.67 on Nexus 7)
 
gmail probably runs through Google play services. the same is true of hangouts 
 
Can I install this "Privacy Guard" feature on my stock android 4.3?
Add a comment...