undefined | Better HN

0 pointsDenisM4y ago0 comments

Worst case Apple can feed those apps a random location, supplemented with a random film roll and address book.

0 comments

1 comments · 1 top-level

g_p4y ago

This approach sounds a lot like that used by XPrivacy, and its successor, XPrivacy Lua, both for rooted Android with the Xposed framework.

They allowed you to spoof responses to a huge range of API calls that revealed sensitive data, by hooking function calls in the underlying OS, and returning arbitrary or random values, which could be a subset of the full valid set of values.

That approach works pretty well if you test it robustly and ensure your dummy responses are valid according to the API spec.

Something I always feared was that apps would try to detect this and refuse to run if you didn't have any contacts or photos, or had folders on your SD card that they could not access, but I'm not aware of this ever really having materialised, beyond banking apps and some online games using Google's device attestation, which didn't really play nice with the Xposed framework.

j / k navigate · click thread line to collapse