Shared publicly  - 
 
Per App Incognito mode
 
Easy privacy, coming soon.

I'm working on a new feature that will hopefully make it's way into CM. It's called "Run in Incognito Mode". It's a simple privacy feature designed to help you keep your personal data under control.

I've added a per-application flag which is exposed via a simple API. This flag can be used by content providers to decide if they should return a full or limited dataset. In the implementation I'm working on, I am using the flag to provide these privacy features in the base system:

 * Return empty lists for contacts, calendar, browser history,and messages.
 * GPS will appear to always be disabled to the running application.
 * When an app is running incognito, a quick panel item is displayed in order to turn it off easily.
 * No fine-grained permissions controls as you saw in CM7. It's a single option available under application details.

The API provides a simple isIncognito() call which will tell you if incognito is enabled for the process (or the calling process). Third party applications can honor the feature using this API, or they can choose to display pictures of cats instead of running normally.

We aren't providing ad-blocking or device info (IMEI) spoofing. This feature is designed explictly to help protect your personal data, and it will remain as such.
2754
477
Russ Webber's profile photoFirat Dündar's profile photoKalle Karlito's profile photoAndy Smith's profile photo
195 comments
Mike E
+
1
0
1
0
 
good chit
 
ooooh where's the CM donate button! you guys rock!!!
 
Jelly Bean wanted a stable rom for my galaxy fit, which was without bugs ... some indication +CyanogenMod ???
 
I love this, and the demonstration app is exactly why I want to see this feature.
 
This is a great choice. I like pdroid and my ROM uses it but I think this is a much more polite method than just sending fake data back or causing crashes/breakage. Thanks for this!
 
This would be great for testing applications downloaded from untrustworthy places.
 
This alone would be worth rooting my Galaxy S3...
 
Amazing feature. It's a great step forward into security. Today, I use LBE Security Master for security reasons. CM should have something like this also, like LBE Privacy Guard in MIUI. 
 
Of course the application will not access them, but NSA will :-P

#SCNR
 
awesome cant wait to root my phone
    question is cm compatible with an at&t samsung galaxy s2 skyrocket
 
I'd +100 this if I could. 
 
This is what I've been longing for!  I'd even be willingly to spend money for having such function!
 
great work! that's an awesome feature for our phones!
Translate
 
This looks awesome, but lets hope it works the way we think it should...
 
Nice addition. A full list of what exactly the application won't be able to access is very welcome ;-) 
 
The only thing I don't like about this... is that it's not out yet. Great work +Steve Kondik. I'm glad you took the time to think of a better solution than before. This is both simpler and safer than the previous implementation.
 
WOOHOO!!!  This is almost a substitute for the old removed feature of being able to deny permissions at the application level.
 
What a great idea, good luck.
 
Wow, it seems really cool! If it works, I can use several apps with good feature but poor privacy policy.
Translate
 
So this will simulate a blank address book to the app? I.E. you won't experience the same force-closes that you might if you deny the permissions?
 
Looks like a very nice feature to add!
 
I hope it blocks phone number as well. There's very few reasons any apps need that. 
 
Can't wait for this to be rolled out.
 
Something I miss in Android/Linux is the possibility to deny things from the list of privileges the application asks for before installing, like if a program asks for access for networking and you deny this, it will install but unable to connect anywhere.
 
Once released, bye-bye stock Jelly Bean!
 
I'd love the same thing to be able to deny apps internet access. There's lots of apps that I run on the phone that never need to send or receive data to do what I want them to do, but they do it for ads and other things.
 
Awesome!!! I never expect less from the CM team.
 
+Steve Kondik Any chance that it will disable WiFi/mobile network location as well as GPS? I've been wishing we could disable overall location access on a per-app basis for awhile now, and this sounds tantalizingly close. :)

I realize that apps with network access could still use a 3rd party service (or roll their own) to determine approximate location, but that's hardly unique to Android/mobile.
 
You can allow Mock locations and assign them for apps with the RAZR under dev options. Does that help?
 
Will it be available for all CM bases (7, 9, 10, 10.1) ???
 
Amazing, keep up the great work guys. It's much appreciated! 
Al T
+
2
3
2
 
Can you block the nsa from getting our data? Lol. 
 
+Kyle Gray It might. I'll have to look into the mock location option... didn't realize it was a possibility.
 
please allow more sessions of a single app! (i.e. running 2 "messenger" apps with 2 different profiles)
 
I'm currently running Google's original ROM on my Galaxy Nexus because I'm not missing anything, but this is definitely a great feature that would get me to install CM.
 
Totally awesome. This will make the Facebook app actually usable.
 
Very great feature! Hope to see that soon. Just one question: What theme is he using? :D
 
One additional check box for denying an app internet access seems like it would be a nice touch. There is no reason that lack of internet should cause an app to crash, as that is absolutely a legitimate case scenario.

I understand wanting to keep it simple, however. 
Jim P
 
Read what is still tracked in this mode it's NOT totally under the radar.
 
Needing an antiNSA ability too
 
Beautiful feature! My only concern is that some apps will force close without proper permissions to some of those resources. Would it be possible to have CM give those apps dummy information when running in incognito mode so they don't crash?
 
Yes!  This will be an AMAZING feature when it comes :)
 
+Jonathan Reyna Content providers decide what to return, as stated in the post. They may return all data as usual, no data, or fake data. It won't cause crashes.
Ed Dich
 
Gorgeous! Is this a CM-specific feature or base Android? 
 
I'm a really big fan of this. Too bad cmod10 on my phone has horribo3 wifi reception otherwise I would run this ROM.
 
What do u do 4 a oncore out standing keep up da good work dev
 
Should be in stock Android. Sandboxes it ain't just for sand castles.
 
Can someone tell me please how to update cm for evo 4g lte last update was March 12 .thanks
 
Nice new feature you got there. Still, I have yet to see legacy devices with this as most older handsets don't even have the CM10.1 RC3/4/5 builds yet. It would be most effective to implement this to older CyanogenMod versions, as long as it doesn't affect the ROM negatively. It's already obvious that this will be slated for CM10.1, why not give the older versions a little more life?
 
I so want this! I've quit upgrading facebook due to the new permissions. And not happy with the permissions of other apps. This would be a Godsend!
 
Excellent. I miss the revoking permissions from CM 7
 
Oh yeah. Cyanogenmod, the mod where people running nightlies (latest code) can't report bugs. I wonder how they stabilize it but care not anymore as it ceased to be fun to crackflash and be ignored.
edgar q
+
1
2
1
 
Amazing. I love you guys.
 
+waleed shorees that was the last update I received as well. Thought I would check to see if there is an unofficial or a version of PACMAN ROM I could try
 
This will be handy :)
Feels somewhat like an app firewall.
 
Hey if you are an active user please add me, I'm bored with g+ if appreciate new faces (:
 
This is dumb, why not just enable multi-user and use a guest login. Oh that's right because you'd rather break farther from aosp!
 
Hi Ivan is here so you know...
 
Hey give me something to talk about and will take it from there,iam nuw on this google so lets breake the ice people!!!!
 
With apologies if this is already asked (I flicked through and did not see it): Do you have to be rooted to run this?
 
Incognito and Facebook at the same time?
 
Sorry Facebook, now you cannot access my location even if i say I don't want to enable location services. no more mock locations :P
 
run in incognito window is a google chrome feature that will realy help on phones ,good thinking bro
 
nice combination
brilliant use of science with mathematics ..
I like it
 
Shut up and take my money!
 
is there any possibility of the per app permission management we saw in CM7 coming over to CM10.1+?
 
I already use Luckypatcher to deny individual apps individual permissions. This should be a default feature in android. An app should not be able to tell you what it is allowed to do.
 
i agree but lately google has supposedly given info freely to the NSA.and thjey own facebok
 
Thank you so much for working on this, I can't wait to use it for... well... you know ;)
 
CyanogenMod tackling NSA, I like! 
陈崇
 
when does cm have halo?
 
Blocking material hardware like microphone could be useful too. Facebook app has this permission. And we don't Know what it can do with... It's just an idea to maybe improve your really good initiative ;-)
 
Awesome...... Kudos to you chaps
Translate
 
That's an awesome feature... Good work guys.. You rock!! 
Ray G
 
Can't wait to try it.
Ray G
 
Good Luck. We can surely use it.
 
I'm curious how IMEI doesn't qualify as "personal data", since it can pretty obviously be used for tracking/identification purposes.

Which is not to say that I don't understand how spoofing that opens up a whole can o' worms. Just saying that there's more than one way to deanonymize a cat...
 
+Hari Raj I understand the fine line there, and totally understand how Steve's work is plugging some of the largest holes when it comes to privacy on Android. I support this 100%.

That said, from a privacy/control/safety perspective, leaking IMEI is a big deal. Definitely not as bad as leaking your whole address book, but over time any uniquely identifying information we consistently leak can be used to build a frighteningly detailed picture of our lives.

But devs gotta eat too. The choice to exclude IMEI makes sense at a pragmatic level, and it's not like I have any better ideas for resolving the conundruum.

Still... IMEI is functionally a unique device identifier, and thus works very much as a unique personal identifier. It's definitely "personal data" in every way that matters. 
 
+J.O. Aho that's not a limitation of Linux. It's merely not implemented that way in Android.
 
WoW, I'll feel like James Bond in Incognito Mode.
+1 Steve
 
So where will this be available to download when ready?
 
How would this affect nsa from listening to my two-way transmissions of data?
 
+Jonathan Batres It will go a long way towards minimizing data leaks, but it doesn't actually address NSA snooping, etc. directly. That's not what this technology is designed for - rather, this is about allowing you more control over what applications/corporations you share your data with.

To begin addressing larger-scale data collection you'll need to also install something like Orbot, and then use that to create a new pseudonymous account on Facebook, etc. Depending on how paranoid you are, you may also want to use Tor on another machine to first create a pseudonymous Google account as well, and then wipe and re-flash Android...

Really, guarding yourself against Internet surveillance is a pretty deep topic. I'm hardly an expert, but can share some resources off-thread. Incognito Mode will be a great tool here, but as I mentioned above it really addresses a different problem.
 
+Adric Norris Not just any 3rd party service could circumvent privacy mechanisms for location, but new Google Play Services lib with its location features already does! Similar to Maps, any app using the play services lib seems not using location from core Android services until high accuracy GPS locations are used. This very bad concerning location privacy implementations -- including our location obfuscation framework we just published.
Damon Z
 
waiting for it ~~~!!!!
 
Very good work, and usefull feature ! Can't wait to have that in nightlies...
 
I wonder how is this affected by the new app ops in 4.3? Is the implementation similar? Could it be the case that Privacy Guard becomes just a frontend to App Ops?
 
Is it already available in CM 10.1.2 ? I can't find it ...
Add a comment...