App Manager
Руководство пользователя
v3.1.0
24 марта 2023
Copyright © 2020–2022 Muntashir Al-Islam
“Мудро и медленно; они спотыкаются, что бегают быстро.” — Брат Лоуренс, Ромео и Джульетта
App Manager это продвинутый менеджер приложений для Android. Оно
предоставляет несчётное количество возможностей, следовательно, требует
руководство потльзователя чтобы помочь пользователям. Этот документ
действует как ркуоводство пользователя для App Manager в том смысле, что
оно направлено на описание каждой возможности которую App Manager
предоставляет. Этот документ так же действует как “официальные”
методические рекомендации для App Manager, и представляет ожидаемое
поведение App Manager. Переводы могут неверно истолковывать этот
документ (который написан на английском языке). Поэтому каждый
понимающий андгийский язык пользователь должен прочитать версию на
андгийском языке для лучшего понимания App Manager. Здесь так же могут
быть другие неофициальные или сторонние ресурсы тикое как сообщения
блога, видео, чаты и т.п. Хотя эти ресурсы могут быть полезны для многих
людей, они могут быть устаревшими для текущей версии App Manager. Если
замечены какие-либо отличия между App Manager и этом документом, о них
следует сообщать в App Manager
issue tracker. AM — Краткое название App Manager. Block/Unblock — Используется для
блокировки/разблокировки компонентов. Способ блокировки компонентов
зависит от пользовательских настроек. IFW — Краткая форма Intent Firewall. Ops — Краткое название для операций, таких как
операции приложения, пакетные операции, операции в 1 клик SSAID — Краткая форма
Трекер — Обозначает компоненты трекера во всем
документе и в App Manager за исключением scanner page. Трекеры включают в себя
библиотеки для отправки краш-репортов, аналитики, профилирования,
идентификации, рекламы, местоположения и т.п.. Таким образом, они не
одинаковые по функциям. Здесь нет различия между библиотек с открытым и
закрытым исходным кодом, которые продвикают трекинг. Сейчас поддерживаемые версии это v3.0.0 – v3.0.3 (стабильные), v3.1.0
(альфа релизы). Предыдущие версии App Manager могут содержать уязвимости
безопасности и не должны быть использованы. App Manager распостранятся используя следующий источники.
Неофициальные источники могут распостранять модифицированную версию App
Manager, и никто, кроме вас, не несет ответственности за последствия
использования таких дистрибутивов. Офисиальный репозиторий F-Droid.1 GitHub репозиторий. Телеграм. Все, кроме GitHub, являются зеркальными ссылками. Теги всегда должны
быть актуальными, но не гарантируется, что master-ветка будет
актуальной. Если цель состоит в том, чтобы клонировать master-ветку,
используйте ссылку GitHub вместо других. App Manager не поддерживает переводы напрямую через pull/merge
запросы. Переводы управляются автоматически через Weblate. Чтобы
присоединиться к команде перевода, посетите https://hosted.weblate.org/engage/app-manager/. Есть несколько способов, которыми пользователь может внести свой
вклад, такие как создание полезных вопросов, посещение дискуссий,
улучшение документаций и переводов, добавление библиотек или трекеров,
просмотр исходного кода, а так же сообщение об уязвимостях
безопасности. Инструкции по сборке доступны в файле BUILDING, расположенном в корне
директории исходного кода. Репозитории, расположенные на сайтах, отличных от GitHub, в настоящее
время считаются зеркалами, и pull/merge запросы, отправленные на этих
сайтах не будут приняты.2 Вместо этого патчи
( Внимание. В случае отправки исправлений по электронной почте вся беседа может
стать общедоступной в будущем. Поэтому не надо включать любую личную
информацию, кроме вашего имени или адреса электронной почты. Подношения или покупки не требуются для использования App
Manager. В данный момент App Manager не поддерживает покупки,
подношения владельцам App Manager могут быть отправлены через Open
Source Collective. Open Source Collective это фискальный хост на платформе Open
Collective, который помогает проектам с открытым исходным кодом
управлять финансами. В данный момент он поддерживает оплату с помощью
банковских аккаунтов, PayPal, кредитных или дебетовых карт, а также
криптовалют. Link: https://opencollective.com/muntashir. Отправляя подношения, отправитель соглашается с тем, что подношение
не используется для приоритизации предложенных ими идей. Предложение
идей не требует никаких наград или подношений, и их приоритизация
осуществляется по усмотрению владельца. App Manager принимает любые предложения по финансированию или
гранты. Представители заинтересованной организации могут связаться
с владельцами напрямую, используя опции в §1.6. Muntashir Al-Islam31.1 Терминология
Settings.Secure.ANDROID_ID
. Это идентификатор устройства,
привязанный к каждому приложению (Android Oreo и выше). Он сгенерирован
из комбинации сертификата подписи приложения и SSAID установленного для
пакета android
. Как результат, он гарантированно будет
одинаковым пока пользователь не решит отформатировать устройство. Он
широко используется для слежки.1.2 Поддерживаемые версии
1.3 Официальные источники
1.3.1
Источники
распостранения
Ссылка: https://f-droid.org/packages/io.github.muntashirakon.AppManager
Стабильные релизы: https://github.com/MuntashirAkon/AppManager/releases
Бета релизы: https://github.com/MuntashirAkon/AppManager/actions
Стабильные релизы: https://t.me/AppManagerChannel
Бета релизы: https://t.me/AppManagerDebug1.3.2
Ссылки на исходный код
1.3.3
Переводы
1.4 Вклад
1.4.1
Инструкции по сборке
1.4.2
Отправка исправлений
.patch
файлы) могут быть отправлены через вложения
электронной почты. Требуется подпись. Прочитайте файл
CONTRIBUTING расположенный в корне директории с исходным кодом чтобы
получить больше информации.1.5 Пожертвование &
Финансирование
1.6 Связь
Email: muntashirakon [at]
riseup [dot] net
Key Fingerprint:
7bad37c2981e41f8f6abea7f58f0b4f26c346fce
GitHub: https://github.com/MuntashirAkon
Twitter: https://twitter.com/Muntashir
На главной странице перечислены все установленные, удаленные и
резервные копии приложений. Один клик по любому установленному элементу
приложения открывает Страницу сведений о
приложении. Для удаленных системных приложений отображается
диалоговое окно, которое можно использовать для переустановки
приложения. Используя сортировку из
списка настроек, приложения можно сортировать различными способами.
Также есть возможность фильтровать приложения используя фильтр. Возможна фильтрация также через
строку поиска с поддержкой регулярных выражений. На этой странице также доступны пакетные операции или операции с
несколькими приложениями. Режим множественного выбора может быть
активирован кликом на любое приложение или нажав и удерживая любой
элемент в списке. После активации одним нажатием на элемент списка
выбирает его вместо открытия страницы сведений о приложении. В этом
режиме пакетные операции расположены в меню множественного выбора внизу
страницы. Операции включают: Добавление выбранных приложений в профиль Резервное копирование,
восстановление или удаление приложений Блокировка трекеров в приложениях Очистка данных или кэша приложений Включение/отключение/принудительная остановка/удаление
приложений Экспорт правил блокировки, сохранённых в App Manager Предотвращение фоновой работы приложений (Android 7 и
выше) Сохранение файлов APK в Установка политик Доступность. После активации режима множественного выбора можно входить или
выходить из меню с помощью правой или левой клавиши клавиатуры. Светло-серовато-оранжевый (день) /
Тёмно-синий (ночь) – Приложение
выбрано для множественной обработки Светло-красный (день) / Тёмно-красный (ночь) – Приложение
отключено Жёлтый – Отлаживаемое
приложение Оранжевая дата –
Приложение имеет доступ к системным логам Оранжевый UID –
Идентификатор пользователя используется несколькими
приложениями Оранжевый SDK –
Возможно, приложение использует трафик в открытом виде (напр.
HTTP) Красное имя пакета –
Приложение не позволяет очистить свои данные Красный бекап –
Удаленное приложение с одной или несколькими резервными копиями,
присутствующими в App Manager Оранжевыйбекап –
Устаревшая резервная копия, т.е. резервная копия содержит более старую
версия установленного приложения Темно-голубой
бекап – Актуальная резервная копия, т.е. резервная копия
содержит такую же или более позднюю версию установленного
приложения Темно-голубое имя
пакета – Принудительно остановленное приложение Темно-голубая
версия – Неактивное приложение Пурпурный – Постоянное
приложение, т. е. оно остается запущенным все время. Приложение может быть либо пользовательским, либо
системным приложением вместе со следующими
суффиксами: После названия версии следуют следующие префиксы:2.1.1
Пакетные операции
AppManager/apks
2.1.2
Цветовые коды
2.1.3
Типы приложений
X
– Поддерживает несколько архитектур0
– В приложении нет файлов dex°
– Приложение приостановлено#
– Приложение запросило у системы выделение
большого количества оперативной памяти?
– Приложение запросило, чтобы виртуальная машина
находилась в безопасном режиме2.1.4
Информация о версии
_
– Нет аппаратного ускорения~
– Только тестовый режимdebug
– Отлаживаемое приложение
App Details page consists of 11 (eleven) tabs. It
describes almost every bit of information an application can have,
including all attributes from its manifest, application operations, signing information,
libraries, and so on. List of colours used in this page, and their meaning: Red (day) / dark red
(night) – Denotes any app ops or permissions having the
dangerous flag, or any components blocked within App Manager Light red (day) / very
dark red (night) – Denotes the components disabled outside
of App Manager Note. A component marked as disabled does not always mean that it is
disabled by the user: It could also be disabled by the system or marked
as disabled in its manifest. The components of a disabled application
are also considered disabled by the system (and App Manager). Vivid orange (day) / very dark orange (night) – Denotes
the tracker components Soft magenta (day) / very dark violet (night) – Denotes
the running services. App Info tab contains general information about an
application. It also lists many actions that can be performed within
this tab. The list below is in the same order as listed in the App Info
tab. Application Icon. The application icon. If the
application does not have an icon, the system default icon will be
displayed. It is also possible to verify the APK signature via SHA or
MD5 sums stored in the clipboard by simply clicking on it. Application Label. The application label or the
name of the application. Package Name. The name of the application
package. Clicking on the name stores it in the clipboard. Version. The application version is divided into
two parts. The first part is called version name. The format of
this part varies but often consists of multiple integers separated by
dots. The second part is called version code. It is enclosed by
the first brackets. The version code is an integer used to differentiate
between application versions (since a version name can be unreadable to
a machine). In general, a new version of an application has higher
version code than the old ones. For example, if Tags. (Also known as tag clouds) Tags include
the most basic, concise and useful information of an application. See
§2.2.2.2 for a complete list of tags
shown here. Horizontal Action Panel. An action panel
consisting of various actions that can be carried out for the
application. See §2.2.2.3 for a
complete list of actions available here. Additional actions are
available in the options
menu. Paths & Directories. Contains various
information regarding application paths including app directory
(where the APK files reside), data directories (internal,
device protected and externals), split APK directories (along
with the split names), and native JNI library (if present). JNI
libraries are used to invoke native codes usually written in C/C++. Use
of native library can make the application run faster or help an
application use third-party libraries written using languages other than
Java like in most games. The directories can be opened via third-party
file managers provided they support it and have the necessary
permissions by clicking on the launch button on the right-hand side of
each directory item. Data Usage. Amount of data used by the
application as reported by the operating system. Depending on Android
version, this may require a wide range of permissions including
Usage Access and Telephony permissions. Storage & Cache. Displays information
regarding the size of the application (APK files, optimised files), data
and cache. In older devices, size of external data, cache, media and OBB
folders are also displayed. This part remains hidden ifUsage
Access permission is not granted in newer devices. More Info. Displays other information such
as– SDK. Displays information related to the Android
SDK. There are two (one in old devices) values: Max denotes the
target SDK and Min denotes the minimum SDK (the latter is not
available in old devices). It is best practice to use applications with
maximum SDK that the platform currently supports in order to ensure that
the application is not running in the compatibility mode in order to use
privacy-evading features. SDK is also known as API
Level. Смотрите также: Android
Version History Flags. The application flags used at the time of
building the application. For a complete list of flags and what they do,
visit the official
documentation. Date Installed. The date when the application
was first installed. Date Updated. The date when the application was
last updated. This is the same as Date Installed if the
application hasn’t been updated. Installer App. The application that installed
this application. Not all application supply the information used by the
package manager to register the installer application. Therefore, this
value should not be taken for granted. User ID. The unique user ID set by the Android
system to the application. For shared applications, same user ID is
assigned to multiple applications that have the same Shared User
ID. Shared User ID. Applicable for applications that
are shared together. The shared application must have the same signatures. Primary ABI. Architecture supported by this
platform for this application. Zygote preload name. Responsible for preloading
application code and data shared across all the isolated services that
uses app zygote. Hidden API enforcement policy. Since Android 9,
many methods and classes in Android framework have been made
inaccessible to the third-party applications through hidden API
enforcement policy. It has the following options: Default. Based on the type of application. For system
applications, it should be disabled, and for others, it should be
enforced. None/disabled. The application has full access to the
hidden API as it used to be before Android 9. Warn. Same as above, except that warnings will be logged
each time the application accesses the hidden API. This is mostly
unused. Enforce. The application cannot access hidden API,
either dark-grey list or blacklist, or both of them. This is the default
option for the third-party applications in Android 9 and later unless
the application is whitelisted by the OEM or the vendor. Warning. Hidden API enforcement policy is not properly implemented in Android
and can be bypassed by the application. As a result, this value should
not be trusted. SELinux. Mandatory access control (MAC) policy
set by the operating system via SELinux. Main Activity. The main entry point to the
application. This is only visible if the application has activities and any of those are
openable from the Launcher. There’s also a launch button on the
right-hand side which can be used to launch this activity. Horizontal Action Panel, as described in the previous section,
consists of various application-related actions, such as– Launch. Launch the application provided it has a
launcher activity. Freeze. Freeze the application. This button is
not displayed if it is already frozen or the user does not have enough
privileges. After the application is frozen, it may be hidden from the
app drawer depending on how it was configured. Shortcuts configured by
the application may also be removed. The application may only be
unfrozen via App Manager, Uninstall. Uninstall the application with a
prompt. In the dialog prompt, it is possible to uninstall updates of a
system application, or if App Manager has enough privileges or the
operating system supports it, it is possible to uninstall the
application without clearing its data and signature. For the latter
case, the installed application must match the signature with the
previously installed application if it is installed again. Tips. A better way to reinstall an application with a different signature
would be to back up its data using App Manager and restore it again
after installing the application instead of opting to preserving data
and signature of the application during uninstallation as this option
may cause undefined behaviour in the future. Unfreeze. Unfreeze the application. This button
is not displayed if it is already enabled or the user does not have
enough privileges. Similar to the Freeze button, long clicking
on the button opens a dialog where a shortcut can be configured to
quickly freeze or unfreeze the application. Force Stop. Force-stop the application. Clear Data. Clear data from the application.
This includes any information stored in the internal and, recently, the
external directories, including accounts (if set by the application),
cache, etc. Clearing data from App Manager, for example, removes all the
rules (the blocking is not removed though) saved within the application
(Which is why you should always take backups of your rules). This button
is not displayed if the user does not have enough privileges. Clear Cache. Clear the application cache. If the
application is running during the operation, the cache may not be
cleared as expected. Install. Action to install an application opened
via a third-party application. This button is only displayed if the
application hasn’t been already installed. What’s New. This button is displayed for an
external application if it’s already been installed. Clicking on this
button displays a dialog consisting of differences between the opened
version and the installed version in a version control manner. The
information it displays include version, trackers,
permissions, components, signatures (checksum
changes), features, shared libraries and
SDK. Update. Displayed if the application has a
higher version code than the installed application. Reinstall. Displayed if the application has the
same version code as the installed application. Downgrade. Displayed if the application has a
lower version code than the installed application. Manifest. Clicking on this button displays the
application’s manifest file in a separate page. The manifest file can be
wrapped or unwrapped using the corresponding toggle button (on the
top-right side) or can be exported using the save button. Scanner. Scan the application in order to list
potential trackers and libraries. It also scans the file using
VirusTotal if configured. Смотрите также: Scanner
page Shared Prefs. Clicking on this button displays a
list of shared preferences used by the application. Clicking on a
preference item in the list opens the Shared Preferences Editor
page. This option is only visible if the user has the required
privileges. Databases. Clicking on this button displays a
list of databases used by the application. Clicking on an item opens a
list of activities that can open the database. This option is only
visible if the user has the required privileges. F-Droid. Open the application in the selected
F-Droid client. Store. Open the application in Aurora
Store. The option is only visible if Aurora Store is
installed. By default, Termux does not allow running commands from third-party
applications. To use this option, Termux v0.96 or later is required and
Info. Enabling this option does not weaken Termux’ security. The
third-party applications still need to ask the user to allow running
arbitrary commands in Termux. Activities, Services,
Receivers (i.e. broadcast receivers) and
Providers (i.e. content providers) are collectively
known as the application components. This is because they share similar
features in many ways. For example, they all have a name, a
label, an icon and are executed via Intent.
Application components are the building blocks of an application and
must be declared in the application manifest. Application manifest is a
file where application specific metadata are stored. The Android
operating system learns what to do with the application by reading the
metadata. Colours used in these tabs are explained in §2.2.1. It is also
possible to sort the list of components to display blocked or tracker
components on top of the list via the Sort option
located in the overflow menu. Activities are the windows or pages that can be
uniquely identified by the Android operating system (e.g., Main
page and App Details page are two activities). Each
activity can have multiple UI components known as widgets or
fragments, and each component can be nested or placed on top of
each other. The developer can also choose to open external files, links,
etc. within an activity using a method called intent filters.
For example, when you open a file using your file manager, either your
file manager or operating system scans the intent filters via
PackageManager to find the activities capable of opening the file and
offers you to open the file with these activities. Activities which are exportable can usually be opened by any
third-party applications. Some activities require permissions, and if
that is the case, only an application having those permissions can open
them. In the Activities tab, activities can be launched via the
Launch button. If it is necessary to supply additional
information such as Intent extras, data or action, long clicking on the
Launch button opens the Activity Interceptor page which
provides such features. Notice. If you are unable to open any activity, chances are it has certain
dependencies which are not met, e.g. you cannot open App
Details page because it requires you to, at least, supply a package
name. Since these dependencies cannot be inferred programmatically,
these activities may not be opened via App Manager by default. It is also possible to create shortcuts of the activities via the
Create shortcut button. Caution. If you uninstall App Manager, all shortcuts created by App Manager
will be lost. Unlike activities that users can
see, Services handle background tasks. For example, if
you’re downloading a video from the internet using your phone’s Internet
browser, the Internet browser is using a foreground service to
download the content. When an activity is closed or removed from the Recents
section, it may be destroyed immediately depending on many factors such
as how much free memory the phone has. But services can be run
indefinitely if desired. If more services are run in background, the
phone may become slower due to the shortage of memory and/or processing
power, and the phone’s battery will be drained more quickly. Newer
Android versions have a battery optimisation feature enabled by default
for all applications. With this feature enabled, the system can randomly
terminate any service. However, foreground services (i.e. services that
run with a fixed notification such as music player) are not typically
terminated unless the system is low on resources (memory, battery,
etc.). Vendor-specific stock ROMs can offer more aggressive
optimisation. MIUI, for example, has a very aggressive optimisation
feature known as MIUI optimisation. Both activities and services are run in the same looper called the
main looper, which means the services are not really run in the
background. It is the task of the developer to ensure this. How do the
application communicate with the service? It uses broadcast receiver or
Binder. Receivers (also called broadcast receivers)
can be used to trigger execution of certain tasks when certain events
occur. These components are called broadcast receivers because they are
executed as soon as a broadcast message is received. These broadcast
messages are sent using a method called Intent. Intent is a
special feature in Android that can be used to open applications
(i.e. activities), run services and send broadcast messages. Therefore,
like activities, broadcast receivers
use intent filters to receive the desired broadcast messages.
Broadcast messages can be sent by the system or the application itself.
When a broadcast message is sent, the corresponding receivers are
activated by the system so that they can execute tasks. For example, if
your phone is low on resources, it may freeze or experience lags for a
moment after you enable mobile data or connect it to the Wi-Fi. This is
because broadcast receivers that can receive
Receivers can also be used for inter-process communication (IPC),
i.e. it can be used to communicate acrosss multiple applications or even
different components of a single application. Providers (also called content providers)
are used for data management. For example, when you save an APK file or
export rules in App Manager, it uses a content provider called
Unlike the no-root users who are mostly spectators in these tabs,
root users can perform various operations. On the right-most side of each component item, there is a switch
which can be used to toggle the blocking status of that particular
component. If Instant
Component Blocking is not enabled or blocking is never applied to
the application before, it is required to apply the changes using the
Apply rules option in three-dots menu. It is also
possible to remove the already-applied rules using the same option
(which would be read as Remove rules this time). It is also possible to block the component using one of the several
methods by long clicking on the button. Смотрите также: FAQ: App
Components It is possible to disable tracker components using the Block
tracker option in the three-dots menu. All tracker components
will be blocked regardless of the tab you’re currently in. Info. Tracker components are a subset of application components. Therefore,
they are blocked using the same method used for blocking any other
components. App Ops, Uses Permissions and
Permissions tabs are related to permissions. In Android
communication across applications or processes which do not have the
same identity (known as shared ID) often require permissions.
These permissions are managed by the permission controller. Some
permissions are considered normal permissions which are granted
automatically if they appear in the application manifest, but
dangerous and development permissions require
confirmation from the user. Colours used in these tabs are explained in
§2.2.1. App Ops stands for Application
Operations. Since Android 4.3, App Ops are used by
Android to control many system permissions. Each app op has a unique
number associated with it which is displayed along with the private name
of the operation in the App Ops tab. Some app ops also have a public
name. A large number of app ops are also associated with
permissions. In this tab, an app op is considered dangerous if
its associated permission is marked as dangerous. Other information such
as flags, permission name, permission
description, package name, group are also taken
from the associated permission.
Others may include the following: Mode. It describes the current authorisation
status which can be allow, deny (a rather misnomer, it
simply means error), ignore (it actually means deny),
default (inferred from a list of defaults set internally by the
vendor or the AOSP), foreground (in newer Android versions, it
means the app op can only be used when the application is running in
foreground), and some custom modes set by the vendors (MIUI uses
ask, for example). Duration. The amount of time this application op
has been used (there can be negative durations whose use cases are
currently unknown to me). Accept Time. Last time the app op was
accepted. Reject Time. Last time the app op was
rejected. Info. Contents of this tab are visible to no-root users if
There is a toggle button next to each app op item which can be used
to allow or deny (ignore) it. Other supported modes can also be set by
long clicking on the toggle button. If the desired app op is not listed
in the tab, Set custom app op option in the menu can be used
instead. It is also possible to reset the changes using the Reset to
default option, or deny all the dangerous app ops using the
corresponding option in the menu. Due to the nature how app ops work,
the system may take some time to apply them. Tip. Denying certain app ops may cause the application to misbehave. If
all attempts fail, reset to default option can be used as the
last resort. It is possible to sort the list in ascending order by app op names
and the associated unique numbers (or values), or list the denied app
ops first using the corresponding sorting options. Смотрите также: Appendix: App
Ops Uses Permissions are the permissions used by the
application. This is named so because they are specified in the manifest
using Privileged users can grant or revoke the dangerous and
development permissions via the toggle button on the right side
of each permission item. It is also possible revoke dangerous
permissions all at once using the corresponding option in the menu. Only
these two types of permissions can be revoked because Android does not
allow the modification of normal permissions (which most of
them are). It might still be possible to revoke them by editing
Info. Since dangerous permissions are revoked by default by the system,
revoking all dangerous permissions is the same as resetting all the
permissions. It is possible to sort the permissions by their name (in ascending
order) or choose to display denied or dangerous permissions at first
using the corresponding options in the menu. Permissions are usually custom permissions defined
by the application itself. These type of permissions are marked as
Internal permissions. It also contains permissions declared in
other applications which are marked as External permissions.
External permissions are specified in the application components as the
dependencies i.e. an application may invoke the component only if holds
the specified permission. Here’s a complete description of each item
that is displayed there: Name. Each permission has a unique name like
Icon. Each permission can have a custom icon.
The other permission tabs do not have any icon because they do not
contain any icon in the application manifest. Description. This optional field describes the
permission. If there isn’t any description associated with the
permission, the field is not displayed. Flags. (Uses the flag symbol or
Protection Level name) This describes various
permission flags such as normal, development,
dangerous, instant, granted,
revoked, signature, privileged, etc. Package Name. Denotes the package name
associated with the permission, i.e. the package that defined the
permission. Group. The group name associated with the
permission (if any). Several related permissions can often be grouped
together. Signatures are actually called signing information.
An application is signed using one or more signing certificates by the
application developers before publishing it. The integrity of an
application i.e. whether the application is from the actual developer
and isn’t modified by other people can be checked using the signing
information; because when an application is modified by an unauthorised
entity, the application cannot be signed using the original certificates
again because the signing information are kept private by the actual
developer. Signing information can be verified using checksums.
Checksums are generated from the certificates themselves. If the
developer supplies the checksums for the signing certificates, they can
be matched against the checksums generated in the
Signatures tab to verify the application. For example,
if you have downloaded App Manager from GitHub or Telegram Channel, you
can verify whether the application is actually released by me by simply
matching the following SHA256 checksum with the one displayed
in this tab: Several hashing algorithms are used to generate checksums in this
tab. They include MD5, SHA1, SHA256 and
SHA512. Caution. Signing information should be verified using a reliable hashing
algorithm such as SHA256. DO NOT rely on MD5 or
SHA1 checksums as they are known to generate the same checksums
for multiple certificates. Other tabs list android manifest components such as features and
configurations. A complete description about these tabs may be available
in the future.2.2.1
Colour Codes
2.2.2
App Info Tab
2.2.2.1 General Information
123
and
125
are two version codes of an application, we can say
that the latter is more updated than the former because the version code
of the latter is higher. Applications that serve different APK files for
the same version on different platforms (mobile, tabs, desktops, etc.)
or architectures (32/64 bit, ARM or Intel), the version numbers can be
misleading as they often add prefixes for each platform.2.2.2.3 Horizontal Action Panel
pm
command or any other tools
that offer such a feature. Long clicking on the button opens a dialog
where a shortcut can be configured to quickly freeze or unfreeze the
application.2.2.2.5 Configuring Termux
allow-external-apps=true
must be added in
~/.termux/termux.properties
.2.2.3
Component Tabs
2.2.3.1 Activities
2.2.3.2 Services
2.2.3.3 Receivers
android.net.conn.CONNECTIVITY_CHANGE
are activated by the
system as soon as the data connection is enabled. Since many
applications typically use this intent filter, they are all activated
almost immediately by the system which causes the freezing or lags.2.2.3.4 Providers
.fm.FmProvider
to save the APK or export the rules. There
are many content providers, including the ones provided by the system,
to manage various content-related tasks such as database management,
tracking, searching, etc. Each content provider has a field called
Authority which is unique to the application in the entire
Android ecosystem just as the package name.2.2.3.5 Additional Features for
Rooted Phones
2.2.3.5.1 Blocking Components
2.2.3.5.2 Blocking Trackers
2.2.4
Permission Tabs
2.2.4.1 App Ops
android.permission.GET_APP_OPS_STATS
is granted via
ADB.2.2.4.2 Uses Permissions
uses-permission
tags. Information such as
flags, permission name, permission
description, package name, group are taken from
the associated permission.runtime-permissions.xml
itself, but whether this is a
possibility is still being investigated.2.2.4.3 Permissions
android.permission.INTERNET
but multiple applications can
request the same permission.2.2.5
Signatures Tab
320c0c0fe8cef873f2b554cb88c837f1512589dcced50c5b25c43c04596760ab
2.2.7
Other Tabs
This page is displayed on selecting the 1-Click Ops option in the main menu. This option can be used to block or unblock the ad/tracker components
from the installed applications. On selecting this option, App Manager
will ask if it should list trackers from all the applications or only
from the user applications. Novice users should avoid blocking trackers
from the system applications in order to avoid bad consequences. After
that, a multi-choice dialog box will appear where it is possible to
exclude one or more applications from this operation. The changes are
applied immediately on pressing the block or unblock
button. Notice. Certain applications may not function as expected after blocking
their trackers. If that is the case, remove the blocking rules all at
once or one by one in the component tabs of the App Details page for the corresponding
application. Смотрите также: App Details Page: Blocking
Trackers This option can be used to block certain application components as
specified by their signatures. A signature of a component is the full
name or partial name of the component. For safety, it is recommended to
add a Caution. If you are not aware of the consequences of blocking applcations
components by their signatures, you should avoid using this option as it
may result in bootloop or soft brick, and you may have to apply factory
reset as a result. This option can be used to configure certain applcation operations of all or selected
applications. There are two fields. The first field can be used to
insert more than one app op constants (either names or values) separated
by white spaces. It is not always possible to know in advance about all
the app op constants as they vary from device to device and from OS to
OS. Desired app op constant can be found in the App Ops tab
located in the App Details page. The
second field can be used to insert or select one of the modes that will be set against the
specified app ops. Caution. Unless you are well-informed about app ops and the consequences of
blocking them, you should avoid using this option. 1-Click options for back up. As a precaution, it lists the affected
backups before performing any operation. Back up all the installed applications. Back up all the installed applications that have a previous
backup. Back up all the installed applications without a previous backup. Verify the recently made backups of the installed applications and
redo backup if necessary. If an app has changed since the last backup, redo its backup. It
checks a number of indices including application version, last update
date, last launch date, integrity and file hashes. Directory hashes are
taken during the backup process and are stored in a database. On running
this operation, new hashes are taken and compared with the ones kept in
the database. 1-Click options for restore. As a precaution, it lists the affected
backups before performing any operation. Restore base backup of all the backed up applications. Restore base backup of all the backed up applications that
are not currently installed. Restore base backup of already installed applications whose
version codes are higher than the installed version code. Delete caches from all applications, including Android system. During
this operation, caches of all the running applications may not be
cleared as expected.2.3.1
Block/Unblock
Trackers
2.3.2
Block Components…
.
(dot) at the end of each partial signature, because
the underlying algorithm searches and matches the components in a greedy
manner. It is also possible to insert more than one signature in which
case all the signatures have to be separated by white spaces. Similar to
the option above, there is also an option to apply blocking to the
system applications.2.3.3
Set Mode for App
Ops…
2.3.4
Back up
2.3.4.0.1 Back up all apps.
2.3.4.0.2 Redo existing backups.
2.3.4.0.3 Back up apps without
backups.
2.3.4.0.4 Verify and redo
backups.
2.3.4.0.5 Back up apps with
changes.
2.3.5
Restore
2.3.5.0.1 Restore all apps.
2.3.5.0.2 Restore not installed
apps.
2.3.5.0.3 Restore latest backups.
2.3.6
Trim Caches in All
Apps
Profiles page can be accessed from the options-menu in the main page. It primarily displays a list of configured profiles along with the typical options to perform operations on them. New profiles can also be added using the plus button in the bottom-right corner as well as can be imported, duplicated, or created from one of the presets. Clicking on any profile item opens its profile page.
Profile page displays the configurations for a profile. It also
offers the options to edit them. Apps tab lists the packages configured in this profile. Packages can
be added or removed using the plus button located near the
bottom of the screen. Packages can also be removed by long clicking on
them (in which case, a popup will be displayed with the only option
delete). Configurations tab can be used to configure the selected
packages. This is the text that will be displayed in the profiles page. If not set, the current
configurations will be displayed instead. Denotes how certain configured options will behave by default. For
instance, if disable option is turned on, the applications will
be disabled if the state is on and will be enabled if the state
is off. Currently, it only supports on and
off values. Select users for which is the profile will be applied. All users are
selected by default. This behaves the same way as the Block Components… option does
in the 1-Click Ops page. However, the blocking here is only applied to
the selected packages. If the state is on, the components
will be blocked, and if the state is off, the components will
be unblocked. The option can be disabled (regardless of the inserted
values) by clicking on the disabled button on the input
dialog. Смотрите также: What are the app
components? This behaves the same way as the Set Mode for App Ops…
option does in the 1-Click Ops page. However, the operation here is only
applied to the selected packages. If the state is on, the app ops
will be denied (i.e. ignored), and if the state is off, the app
ops will be allowed. The option can be disabled (regardless of the
inserted values) by clicking on the disable button in the input
dialog. This option can be used to grant or revoke certain permissions from
the selected packages. Like others above, permissions must be separated
by white spaces. If the state is
on, the permissions will be revoked, and if the state is
off, the permissions will be allowed. The option can be
disabled (regardless of the inserted values) by clicking on the
disable button in the input dialog. This option can be used to take a backup of the selected applications
and its data or restore them. Two options are available here: Backup
options and backup name. Backup options. Same as the backup options of the
backup/restore feature. If not set, the default options will be
used. Backup name. Set a custom name for the backup.
If the backup name is set, each time a backup is made, it will be given
a unique name with backup-name as the suffix. This behaviour will be
fixed in a future release. Leave this field empty for regular “base”
backups (also, make sure not to enable backup multiple in the
backup options). If the state is on,
the packages will be backed up, and if the state is off, the
packages will be restored. The option can be disabled by clicking on the
disable button in the input dialog. Danger. This option is not yet implemented. Allow enabling or disabling the selected packages depending on the
value of the state. If the state
is on, the packages will be disabled, and if the state is
off, the packages will be enabled. Allow the selected packages to be force-stopped. Enable clearing cache for the selected packages. Enable clearing data for the selected packages. Enable blocking or unblocking of the tracker components from the
selected packages depending on the value of the state. If the state is on,
the trackers will be blocked, and if the state is off, the
trackers will be unblocked. Enable saving APK files at 2.5.2
Apps Tab
2.5.3
Configurations
Tab
2.5.3.1 Comment
2.5.3.2 State
2.5.3.3 Users
2.5.3.4 Components
2.5.3.5 App Ops
2.5.3.6 Permissions
2.5.3.7 Backup/Restore
2.5.3.8 Export Blocking Rules
2.5.3.9 Disable
2.5.3.10 Force-stop
2.5.3.11 Clear Cache
2.5.3.12 Clear Data
2.5.3.13 Block Trackers
2.5.3.14 Save APK
AppManager/apks
(or in the
directory selected in the settings page) of the selected packages.
Settings page can be used to customise the behaviour of App
Manager. Configure in-app language. App Manager currently supports 22
(twenty-two) languages. Configure in-app theme. Change layout direction, either left to right or right to left. This
is usually set using the selected language but not everybody prefers the
same direction. Enable or disable certain features in App Manager, such as Interceptor Manifest viewer Scanner Package installer Usage access. With this feature turned off, App
Manager will never ask for the Usage Access
permission. Log viewer App explorer. The “Explore” option will not be
available while trying to open an APK file. App info. The “App info” option displayed while
trying to open an APK file. Use the internet. All the Internet features are
disabled if this feature is turned off. Currently, the only Internet
feature is fetching scanning reports via VirusTotal. Lock App Manager using Android screen lock provided a screen lock is
configured. Warning. If screen lock is disabled in Android after enabling this setting,
App Manager will not open until it is enabled again. Mode of operation defines how App Manager works as a whole. It has
the following options: Auto. Let App Manager decide the suitable
option. Although this is the default option, non-rooted users should use
the no-root mode. Root. Operate App Manager in root mode. App
Manager will fall back to no-root mode if root is not detected,
or in rare cases when Binder communication through root is disabled
(e.g. in Phh
SuperUser). ADB over TCP. Operate App Manager in ADB mode
via ADB over TCP. App Manager will fall
back to no-root mode if ADB over TCP is not enabled. Wireless debugging. Enable ADB via Wireless
Debugging. It will try to connect to the configured port automatically
at first. On failure, it will ask the user to either pair or connect to
the ADB daemon manually. App Manager will fall back to no-root
mode if it fails to connect to the ADB daemon this way. Info. This option is only displayed in devices running Android 11 or later
as Wireless Debugging was introduced in Android 11. No-root. Operate App Manager in no-root mode.
While App Manager performs better in this mode, all the root- or
ADB-specific features will be disabled. It also displays the currently inferred mode of operation. The actual
mode of operations are root, ABD and
no-root. Configure the signature
schemes to be used when APK signing is enabled. v1 and v2 signature
schemes are enabled by default, but v3 should also be enabled to ensure
proper security in Android 9 or later. Configure the signing key for signing APK files. Keys from an
existing KeyStore can be imported to App Manager, or a new key can be
generated. Tip. If you need to use the key in the future, it is recommended that you
create a KeyStore yourself and import the key here. Keys generated
within App Manager is at the risk of being deleted without a proper
backup. When enabled, a list of users will be displayed before installing the
application. The application will be installed only for the specified
users. Whether to sign the APK files before installing the application. A
signing key has to be added or generated before this option can be
enabled. This can be done in the APK
signing page. Define APK installation location. This can be one of auto,
internal only and prefer external. In newer Android
versions, selecting the last option does not guarantee that the
application will be installed in the external storage. Select the installer application. This is useful for applications
that explicitly checks the installer as a way to verify if the
application is installed legitimately. This only works for root or ADB
users. Notice. While checking for the installer might seem a legitimate concern for
an application, the Android framework already deals with this during the
installation. Checking for the installer is simply the wrong way to
prove the legitimacy of the source of an application. Whether to block the tracking components immediately after installing
the application. Whether to display changes in version, trackers, components,
permissions, signatures, SDK, etc. in a version controlled style before
installing the application if the application has already been
installed. Whether to always install applications in the background. A
notification will be issued once the installation is finished. Settings related to back
up/restore. Set the compression method to be used during backups. App Manager
supports GZip and BZip2 compression methods, GZip being the default
compression method. It doesn’t affect the restoring of an existing
backup. Customise the back up/restore dialog displayed while taking
a backup. Смотрите также: Backup
options Allow backup of applications that has entries in the Android
KeyStore. This option is disabled by default because a few apps (such as
Signal) may crash if restored. Set an encryption method for the backups. App Manager currently
supports OpenPGP (via OpenKeyChain),
AES, RSA and ECC. Like APK signing,
The AES, RSA and ECC keys are stored in the KeyStore and can be imported
from other KeyStores. Danger. For your own safety, it is not recommended generating RSA and ECC
keys inside App Manager. Instead, they should be imported from a
KeyStore stored in a secure place. Select the storage where the backups will be stored. This is also
where logs and exported APK files are saved. Notice. The backup volume only specifies the storage, not the path. Backups
are traditionally stored in the Import backups from old and discontinued projects such as Titanium
Backup, OAndBackup, and Swift Backup (version 3.0 to 3.2). The backups
are not deleted after importing to prevent data loss in case the
imported backups cannot be restored properly. By default, blocking rules are not applied unless they are applied
explicitly in the App Details page
for any application. After enabling this option, all (old and new) rules
are applied immediately for all applications without explicitly enabling
blocking for an application. Смотрите также: FAQ: What is
instant component blocking? It is possible to import or export blocking rules within App Manager
for all applications. The types of rules (components, app ops or
permissions) that should be imported or exported can also be selected.
It is also possible to import blocking rules from Blocker and Watt. If it is necessary to
export blocking rules for a single application, the corresponding App Details page can be used to export
rules, or for multiple apps, batch
operations can be used. Смотрите также: Rules
Specification Export blocking rules for all applications configured within App
Manager. This may include app components, app ops
and permissions based on the options selected in the multi-choice
options. Import previously exported blocking rules from App Manager. Similar
to export, this may include app components, app ops
and permissions based on the options selected in the multi-choice
options. Add components disabled by other applications to App Manager. App
Manager only keeps track of the components disabled within App Manager.
If application components are blocked or disabled by other tools or
applications, this option can be utilised to import them. On clicking
this option, App Manager will find the components potentially disabled
by other applications or tools and list only the name of the
applications along with the number of matched components. For safety,
all the applications are unselected by default. They have to be selected
manually, and the blocking has to be re-applied via App Manager. Caution. Be careful when using this tool as there can be many false positives.
Choose only the applications that you are certain about. Import configuration files from Watt, each file containing
rules for a single package and file name being the name of the package
with Tip. Location of configuration files in Watt:
Import blocking rules from Blocker, each file
containing rules for a single package. These files have a
One-click option to remove all rules configured within App Manager.
This will enable all blocked components, app ops will be set to their
default values and permissions will be granted. This option lets you control the users App Manager should operate on.
App Manager operates on all users in root or ADB mode by default. Defines the format of the APK name to be used while saving it via
batch operations or through profiles. App Manager offers some special
keywords enclosed inside Import or export the KeyStore used by App Manager. This is a Bouncy
Castle KeyStore with Display Android version, security, CPU, GPU, battery, memory, screen,
languages, user info, etc.2.6.1
Language
2.6.2
Appearance
2.6.2.1 App Theme
2.6.2.2 Layout Direction
2.6.2.3 Enable/Disable Features
2.6.3
Privacy
2.6.3.1 Screen Lock
2.6.4
Mode of Operation
2.6.5
APK Signing
2.6.5.1 Signature Schemes
2.6.5.2 Signing Key
2.6.6
Installer
2.6.6.1 Show users in installer
2.6.6.2 Sign APK
2.6.6.3 Install Location
2.6.6.4 Installer App
2.6.6.5 Block Trackers
2.6.6.6 Display Changes
2.6.6.7 Install in the Background
2.6.7
Back up/Restore
2.6.7.1 Compression method
2.6.7.2 Backup Options
2.6.7.3 Backup apps with Android
KeyStore
2.6.7.4 Encryption
In case of AES, the generated key should be stored in a secure place,
such as using a password manager.2.6.7.5 Backup Volume
AppManager
folder inside
the storage path. But when the path is selected using Storage Access
Framework (SAF), the selected path or directory is used directly.2.6.7.6 Import Backups
2.6.8
Rules
2.6.8.1 Instant Component
Blocking
2.6.8.2 Import/Export Blocking
Rules
2.6.8.2.1 Export
2.6.8.2.2 Import
2.6.8.2.3 Import Existing Rules
2.6.8.2.4 Import from Watt
.xml
extension./sdcard/Android/data/com.tuyafeng.watt/files/ifw
2.6.8.2.5 Import from Blocker
.json
extension.2.6.8.3 Remove all rules
2.6.9
Advanced
2.6.9.1 Selected Users
2.6.9.2 Saved APK Name Format
%
(percentage) signs and available
below the input box. These keywords are:label
. Denotes the name or label of
the application. This can be localised to the configured language
depending on the app.package_name
. Denotes the name of
the package or application ID, the unique identifier that each
application has.version
. Denotes the current
version of the application extracted from its manifest.version_code
. Denotes the current
version code of the application that can be used to separate two
versions of the same application.min_sdk
. Denotes the minimum SDK
(i.e. Android framework version) that the application can operate on.
This data is only available since Android 7 (Nougat).target_sdk
. Denotes the SDK that
this application targets. The application can operate on higher SDK but
only in the compatibility mode.datetime
. Denotes the time and date
when the APK is exported.2.6.9.3 Import/Export Keystore
bks
extension. Therefore, other
KeyStore such as Java KeyStore (JKS) or PKCS #12 are not supported. If a
key is needed to be imported from such a KeyStore, the relevant options
should be should as specified above.2.6.10 About the device
Scanner page appears after clicking on the scanner button in the App Info tab. External APK files can also be opened for scanning from file managers, web browsers, etc.
It scans for trackers and libraries, and displays the number of trackers and libraries as a summary. It also displays checksums of the APK file as well as the signing certificates. If VirusTotal is configured in the settings, it also attempts to retrieve reports from VirusTotal, or uploads the APK file if it is not in the database.
Disclaimer.
App Manager only scans an application statically without prejudice. The application may provide the options for opting out, or in some cases, certain features of the tracker may not be used at all by the application (e.g. F-Droid), or some applications may simply use them as placeholders to prevent the breaking of certain features (e.g. Fennec F-Droid). The intention of the scanner is to give you an idea about what the APK might contain. It should be taken as an initial step for further investigations.
Clicking on the first item (i.e. number of classes) opens a new page containing a list of tracker classes for the application. All classes can also be viewed by clicking on the Toggle Class Listing menu. A sneak-peek of each class can be viewed by simply clicking on any class item. In Android 8 (Oreo) and later, this includes the whole SMALI version of the class, and can be converted into Java using the corresponding option.
Notice.
Due to various limitations, it is not possible to scan all the components of an APK file. This is especially true if an APK is highly obfuscated. The scanner also does not check strings (or website signatures).
The second item lists the number of trackers along with their names. Clicking on the item displays a dialog containing the name of trackers, matched signatures, and the number of classes against each signature. Some tracker names may have 2 prefix which indicates that the trackers are in the ETIP stand-by list i.e. whether they are actual trackers is still being investigated.
The third item lists the number of libraries along with their names. The information are mostly taken from IzzyOnDroid repo.
Смотрите также: FAQ: Tracker classes vs tracker components
At the bottom of the page, there is a special item denoting the number of missing signatures (i.e. missing classes). The missing signatures are the ones that AM has failed to match against any known libraries. The number itself has no particular meaning as many libraries contain hundreds of classes, but clicking on the item will bring up a dialog containing the signatures which is helpful in inspecting the missing signatures. This feature is only intended for people who know what a missing signature is and what to do with it, other users should ignore it.
Interceptor can be used to intercept communication between
applications using Intent
. It works as a man-in-the-middle
between the source and the destination applications. It offers a
feature-complete user interface for editing Intent
s.
Warning.
Interceptor only works for implicit intents where the app component isn’t specified.
Смотрите также:
Intent filters are used by the applications to specify the tasks they
are able to perform or the tasks they are going to perform using other
applications. For example, when you’re opening a PDF file using a file
manager, the file manager will try to find the applications to open the
PDF with. To find the right applications, the file manager will create
an Intent with filters such as the MIME type and ask the system to
retrieve the applications capable of opening this filter. The system
will search through the Manifest of the installed applications to match
the filter and list the application components that are able to open
this filter (in our case the PDF). At this, either the file manager will
open the desired application component all by itself or use a system
provided option to open it. If multiple application components are able
to open it and no default is set, you may get a prompt where you have to
choose the right application component. Action specifies the generic action to perform such as
Data is originally known as URI (Uniform Resource Identifier) defined
in RFC 2396. It can
be web links, file location, or a special feature called
content. Contents are an Android feature managed by the content providers. Data are often
associated with a MIME type. Examples: MIME type of the data. For example, if
the data field is set to This is similar to action in the
sense that it is also used by the system to filter application
components. This has no further benefits. Unlike action, there
can be more than one category. Clicking on the plus button next
to the title allows adding more categories. Flags are useful in determining how system should behave during the
launch or after the launch of an activity. This should not be touched as
it requires some technical background. The plus button next to
the title can be used to add one or more flags. Extras are the key-value pairs used for supplying additional
information to the destination component. More extras can be added using
the plus button next to the title. Represents the entire Intent as a URI (e.g. 2.8.1.1 Action
android.intent.action.VIEW
. Applications often declare the
relevant actions in the Manifest file to catch the desired Intents. The
action is particularly useful for broadcast Intent where it plays a
vital rule. In other cases, it works as an initial way to filter out the
relevant application components. Generic actions such as
android.intent.action.VIEW
and
android.intent.action.SEND
are widely used by applications.
Hence, setting this alone may match many application components.2.8.1.2 Data
http://search.disroot.org/?q=URI%20in%20Android%20scheme&categories=general&language=en-US
https://developer.android.com/reference/android/net/Uri
file:///sdcard/AppManager.apk
mailto:email@example.com
content://io.github.muntashirakon.AppManager.provider/23485af89b08d87e898a90c7e/AppManager.apk
2.8.1.3 MIME Type
file:///sdcard/AppManager.apk
, the
associated MIME type can be
application/vnd.android.package-archive
.2.8.1.4 Categories
2.8.1.5 Flags
2.8.1.6 Extras
2.8.1.7 URI
intent://…
).
Some data cannot be converted to string, and as a result, they might not
appear here.
List all the activity components that matches the Intent. This is internally determined by the system (rather than App Manager). The launch button next to each component can be used to launch them directly from App Manager.
Reset the Intent to its initial state.
Resend the edited Intent to the destination application. This may open a list of applications where the desired application is needed to be selected. The result received from the target application will be sent to the source application. As a result, the source application will not know if there was a man-in-the-middle.
Many root-only features can still be used by enabling ADB over TCP. To do that, a PC or Mac is required with Android platform-tools installed, and an Android phone with developer options & USB debugging enabled.
Root users.
If superuser permission has been granted to App Manager, it can already execute privileged code without any problem. Therefore, root users don’t need to enable ADB over TCP. If you still want to use ADB over TCP, you must revoke superuser permission for App Manager and restart your device. You may see working on ADB mode message without restarting but this isn’t entirely true. The server (used as an interface between system and App Manager) is still running in root mode. This is a known issue and will be fixed in a future version of App Manager.
Смотрите также: FAQ: ADB over TCP
Developer options is located in Android Settings, either directly near the bottom of the page (in most ROMs) or under some other settings such as System (Lineage OS, Asus Zenfone 8.0+), System > Advanced (Google Pixel), Additional Settings (Xiaomi MIUI, Oppo ColorOS), More Settings (Vivo FuntouchOS), More (ZTE Nubia). Unlike other options, it is not visible until explicitly enabled by the user. If developer options is enabled, you can use the search box in Android Settings to locate it as well.
This option is available within Android Settings as well but like the location of the developer options, it also differs from device to device. But in general, you have to find Build number (or MIUI version for MIUI ROMs and Software version for Vivo FuntouchOS, Version for Oppo ColorOS) and tap it at least 7 (seven) times until you finally get a message saying You are now a developer (you may be prompted to insert pin/password/pattern or solve captchas at this point). In most devices, it is located at the bottom of the settings page, inside About Phone. But the best way to find it is to use the search box.
After locating the
developer options, enable Developer option (if not
already). After that, scroll down a bit until you will find the option
USB debugging. Use the toggle button on the right-hand
side to enable it. At this point, you may get an alert prompt where you
may have to click OK to actually enable it. You may also have
to enable some other options depending on device vendor and ROM. Here
are some examples: Enable USB debugging (Security settings) as
well. Enable Allow ADB debugging in charge only mode as
well. When connecting to your PC or Mac, you may get a prompt saying
Allow access to device data? in which case click
YES, ALLOW ACCESS. Notice. Often the USB debugging mode could be disabled
automatically by the system. If that’s the case, repeat the above
procedure. Depending on the device and the version of operating system, you have
to enable Disable Permission Monitoring, or USB
debugging (Security settings) along with Install via
USB. Make sure you have USB tethering enabled. In case USB Debugging is greyed out, you can do the
following: Make sure you enabled USB debugging before connecting your phone
to the PC or Mac via USB cable Enable USB tethering after connecting to PC or Mac via USB
cable (For Samsung) If your device is running KNOX, you may have to
follow some additional steps. See official documentations or consult
support for further assistant3.1.2.1 Xiaomi (MIUI)
3.1.2.2 Huawei (EMUI)
3.1.2.3 Realme
3.1.2.4 LG
3.1.2.5 Troubleshooting
In order to enable ADB over TCP, you have to set up ADB in your PC or
Mac. Lineage OS users can skip to §3.1.4.1. Download the latest version of Android
SDK Platform-Tools for Windows Extract the contents of the zip file into any directory (such as
Open Command Prompt or
PowerShell from this directory. You can do it manually
from the start menu or by holding Download the latest version of Android
SDK Platform-Tools for macOS Extract the contents of the zip file into a directory by clicking
on it. After that, navigate to that directory using Finder and
locate Open Terminal using Launchpad or
Spotlight and drag-and-drop Tip. If you are not afraid to use command line, here’s a one liner: After that, you can simply type Open your favourite terminal emulator. In most GUI-distros, you
can open it by holding Run the following command: If it is successful, you can simply type 3.1.3.1 Windows
C:\
adb
) and navigate to that
directory using ExplorerShift
and Right clicking
within the directory in File Explorer and then clicking either
on Open command window here or on Open PowerShell window
here (depending on what you have installed). You can now access ADB
by typing adb
(Command Prompt) or ./adb
(PowerShell). Do not close this window yet3.1.3.2 macOS
adb
adb
from the
Finder window into the Terminal window. Do not close
the Terminal window yetcd ~/Downloads && curl -o platform-tools.zip -L \
&& \
https://dl.google.com/android/repository/platform-tools-latest-darwin.zip unzip platform-tools.zip && rm platform-tools.zip && cd platform-tools
./adb
in the in same
Terminal window to access ADB.3.1.3.3 Linux
Control
, Alter
and
T
at the same timecd ~/Downloads && curl -o platform-tools.zip -L \
&& \
https://dl.google.com/android/repository/platform-tools-latest-linux.zip unzip platform-tools.zip && rm platform-tools.zip && cd platform-tools
./adb
in
the in same terminal emulator window or type
~/Downloads/platform-tools/adb
in any terminal emulator to
access ADB.
Lineage OS (or its derivatives) users can directly enable ADB over TCP using the developer options. To enable that, go to the Developer options, scroll down until you find ADB over Network. Now, use the toggle button on the right-hand side to enable it and skip to §3.1.4.3.
For other ROMs, you can do this using the command
prompt/PowerShell/terminal emulator that you’ve opened in the step 3 of
the previous section. In this section, I will use adb
to
denote ./adb
, adb
or any other command that
you needed to use based on your platform and software in the previous
section.
Connect your device to your PC or Mac using a USB cable. For some devices, it is necessary to turn on File transfer mode (MTP) as well
To confirm that everything is working as expected, type
adb devices
in your terminal. If your device is connected
successfully, you will see something like this:
List of devices attached
xxxxxxxx device
Notice.
In some Android phones, an alert prompt will be appeared with a message Allow USB Debugging in which case, check Always allow from this computer and click Allow.
Finally, run the following command to enable ADB over TCP:
adb tcpip 5555
Danger.
You cannot disable developer options or USB debugging after enabling ADB over TCP.
After enabling ADB over TCP, relaunch App Manager. App Manager should detect ADB mode automatically. If it cannot, you can change the mode of operation to ADB over TCP in the settings page. There, you can also verify whether App Manager has correctly detected ADB as indicated by the inferred mode.
Notice.
In some Android devices, the USB cable is needed to be disconnected from the PC before connecting to App Manager.
Warning.
ADB over TCP will be disabled after a reboot. In that case, you have to follow §3.1.4.2 again.
Lineage OS users.
You can turn off ADB over Network in developer options, but turning off this option will also stop App Manager’s remote server. So, turn it off only when you’re not going to use App Manager in ADB over TCP mode.
If you are running Android 11 or later and capable of connecting to a Wi-Fi network for, at least, a few moments, Wireless Debugging is the recommended approach as it offers more protection than ADB over TCP. It requires two steps:
ADB pairing. The initial and a bit complex step for a novice user. Fortunately, this step is not required all the time.
Connecting to ADB. The final step which needs to be carried out every time you reboot your phone.
In the Developer options page, find Wireless debugging and click to open it. In the new page, turn on Use wireless debugging. Depending on your configuration, you might see a dialog prompt asking you to verify your decision. If that is the case, click Allow.
Tip.
For an easy access, you might want to add Wireless debugging in the notification tiles section. To do this, find Quick settings developer tiles in the Developer options page and click to open it. In the new window, enable Wireless debugging. However, this option is unavailable in most operating systems.
Keeping the Wireless debugging page open, go to the Recents page either by swiping up or by using the dedicated navigation button, and click on the Settings logo to enable Split screen. It will wait for you to select or launch another application: Launch or select App Manager.
Now, in App Manager and navigate to Settings and then enable Wireless debugging in Mode of operation. After a few moments, App Manager will ask you to either connect or pair ADB. Select pair.
In the Wireless debugging page (now should be on top among the splits), select Pair device with pairing code. At this, a dialog prompt will be displayed. Note down the pairing code but DO NOT close the dialog prompt or the window.
Finally, in App Manager, insert the pairing code and click pair. The port number should be detected automatically. If it cannot, you have to insert the port number as well.
If the pairing is successful, it will display a successful message at the bottom, and the dialog prompt in the Wireless debugging page will be dismissed automatically, and you will be able to see App Manager listed as an ADB client.
Notice.
If you do not use App Manager in ADB mode for a while (depending on devices), App Manager might be removed from the list. In that case, you have to repeat the above procedure.
App Manager should be able to connect to ADB automatically if the mode of operation is set to auto, ADB over TCP or Wireless debugging. If that is not the case, select Wireless debugging in the settings page. If App Manager fails to detect or connect to ADB, it will display a dialog prompt to connect or pair ADB. Select connect.
Now, navigate to the Wireless debugging page in Android settings, and note down the port number displayed in the page. In App Manager’s dialog prompt, replace the port number with the one that you have noted earlier, and click connect.
Once a connection has been established, you can safely disable Wireless debugging in Android settings.
Caution.
Never disable USB Debugging or any other additional options described in §3.2.1. If you do this, the remote server used by App Manager will be stopped, and you may have to start all over again.
App Manager has a modern, advanced and easy-to-use backup/restore system implemented from the scratch. This is probably the only app that has the ability to restore not only the app or its data but also permissions and rules that you’ve configured within App Manager. You can also choose to back up an app multiple times (with custom names) or for all users.
Смотрите также:
Back up/restore is a part of batch
operations. It is also located inside the options menu in the App Info tab. Clicking on
Backup/Restore opens the Backup
Options. Backups are located at
/storage/emulated/0/AppManager
by default. You can
configure custom backup location in the settings page in which case the
backups will be located at the AppManager
folder in the
selected volume.
Note.
If one or more selected apps do not have any backup, the Restore and Delete Backup options will not be displayed.
Backup options (internally known as backup flags) let you customise the backups on the fly. However, the customisations will not be remembered for the future backups. If you want to customise this dialog, use Backup Options in the Settings page.
A complete description of the backup options is given below:
APK files. Whether to back up the APK files.
This includes the base APK file along with the
split APK
files if they exist.
Internal data. Whether to back up the internal
data directories. These directories are located at
/data/user/<user_id>
and (for Android N or later)
/data/user_de/<user_id>
.
External data. Whether to back up data directories located in the internal memory as well as SD Card (if exists). External data directories often contain non-essential app data or media files (instead of using the dedicated media folder) and may increase the backup size. However, it might be essential for some apps. Although it isn’t checked by default (as it might dramatically increase the size of the backups), you may have to check it in order to ensure a smooth restore of your backups.
Caution.
Internal data folders should always be backed up if you are going to back up the external data folders. However, it could be useful to back up only the external folders if the app in question downloads a lot of assets from the Internet.
OBB and media. Whether to back up or restore the OBB and the media directories located in the external storage or the SD Card. This is useful for games and the graphical software which actually use these folders.
Cache. Android apps have multiple cache directories located at every data directories (both internal and external). There are two types of cache: cache and code cache. Enabling this option excludes both cache directories from all the data directories. It is generally advised to exclude cache directories since most apps do not clear the cache regularly (for some reason, the only way an app can clear its cache is by deleting the entire cache directory) and usually handled by the OS itself. Apps such as Telegram may use a very large cache (depending on the storage space) which may dramatically increase the backup size. When it is disabled, AM also ignores the no_backup directories.
Extras. Backup/restore app permissions, net policy, battery optimization, SSAID, etc., enabled by default. Note that, blocking rules are applied after applying the extras. So, if an item is present in both places, it will be overwritten (i.e., the one from the blocking rules will be used).
Rules. This option lets you back up blocking rules configured within App Manager. This might come in handy if you have customised permissions or block some components using App Manager as they will also be backed up or restored when you enable this option.
Backup Multiple. Whether this is a multiple backup. By default, backups are saved using their user ID. Enabling this option allows you to create additional backups. These backups use the current date-time as the default backup name, but you can also specify custom backup name using the input field displayed when you click on the Backup button.
Custom users. Backup or restore for the selected users instead of only the current user. This option is only displayed if the system has more than one user.
Skip signature checks. When taking a backup,
checksum of every file (as well as the signing certificate(s) of the
base APK file) is generated and stored in the checksums.txt
file. When you restore the backup, the checksums are generated again and
are matched with the checksums stored in the said file. Enabling this
option will disable the signature checks. This option is applied only
when you restore a backup. During backup, the checksums are generated
regardless of this option.
Caution.
You should always disable this option to ensure that your backups are not modified by any third-party applications. However, this would only work if you enabled encryption.
Смотрите также: Settings: Encryption
Backup respects all the backup options except Skip signature checks. If base backups (i.e., backups that don’t have the Backup Multiple option) already exist, you will get a warning as the backups will be overwritten. If Backup Multiple is set, you have an option to input the backup name, or you can leave it blank to use the current date-time.
Restore respects all the backup options and will fail if APK files option is set, but the backup doesn’t contain such backups or in other cases, if the app isn’t installed. When restoring backups for multiple packages, you can only restore the base backups (see backup section for an explanation). However, when restoring backups for a single package, you have the option to select which backup to restore. If All users option is set, AM will restore the selected backup for all users in the latter case but in the former case, it will restore base backups for the respective users.
Notice.
Apps that use storage access framework (SAF), SSAID or Android KeyStore works properly only after an immediate restart.
Delete backup only respects All users option and when it is selected, only the base backups for all users will be deleted with a prompt. When deleting backups for a single package, another dialog will be displayed where you can select the backups to delete.
It is possible to trigger profiles configured inside App Manager via
third-party applications such as Automation or
Tasker. Traditionally, The activity
It has two primary extras required in all conditions. The key names,
data types are all follows: App Manager current support a single feature, namely
In order to trigger a profile, Intent
s are used to
trigger such operations.3.4.2
Configuring tasks
io.github.muntashirakon.AppManager.crypto.auth.AuthFeatureDemultiplexer
is responsible for handling all the automations. Sending an intent to
the activity lets App Manager perform the designated operation by
redirecting the Intent
to the designated activity or
service.3.4.2.1 Required extras
auth
. (String value) The
authorization key as described in the earlier section.feature
. (String value) Name of the
feature. Supported features are described in the next section.3.4.3
Features
profile
.3.4.4
Triggering a profile
feature
must have the
value profile
. In addition, the following extras can be
included:prof
. (String value – required) The
name of the profile as displayed in the Profiles page.state
. (String value – optional)
State of the profile – currently on
or off
–
as specified in the documentation. If this extra is not set, App Manager
will display a prompt where a state must be selected. Therefore, for
complete automation, this option should be set.
Short for Network policy or network policies. It is usually located in the Android settings under Mobile data & Wifi section in the app info page of an app. Not all policies are guaranteed to be included in this page (e.g. Samsung), and not all settings are well-understood due to lack of documentation. App Manager can display all the net policies declared in the NetworkPolicyManager. Policies unknown to App Manager will have a Unknown prefix along with the policy constant name and number in the hexadecimal format. Unknown policies should be reported to App Manager for inclusion.
Net policy allows a user to configure certain networking behaviour of an app without modifying the ip tables directly and/or running a firewall app. However, the features it offers largely depend on Android version and ROM. A list of known net policies are listed below:
None or
POLICY_NONE
: (AOSP) No specific network
policy is set. System can still assign rules depending on the nature of
the app.
Reject background data or
POLICY_REJECT_METERED_BACKGROUND
: (AOSP)
Reject network usage on metered networks when the application is in
background.
Allow background data when Data Saver is on or
POLICY_ALLOW_METERED_BACKGROUND
: (AOSP)
Allow metered network use in the background even when data saving mode
is enabled.
Reject cellular data or
POLICY_REJECT_CELLULAR
(Android 11+) or
POLICY_REJECT_ON_DATA
(up to Android 10):
(Lineage OS) Reject mobile/cellular data. Signals network unavailable to
the configured app as if the mobile data is inactive.
Reject VPN data or
POLICY_REJECT_VPN
(Android 11+) or
POLICY_REJECT_ON_VPN
(up to Android 10):
(Lineage OS) Reject VPN data. Signals network unavailable to the
configured app as if the VPN is inactive.
Reject Wi-Fi data or
POLICY_REJECT_WIFI
(Android 11+) or
POLICY_REJECT_ON_WLAN
(up to Android 10):
(Lineage OS) Reject Wi-Fi data. Signals network unavailable to the
configured app as if the device is not connected to a Wi-Fi
network.
Disable network access or
POLICY_REJECT_ALL
(Android 11+) or
POLICY_NETWORK_ISOLATED
(up to Android
10): (Lineage OS) Reject network access in all circumstances. This is
not the same as enforcing the other three policies above, and is the
recommended policy for dodgy apps. If this policy is enforced, there is
no need to enforce the other policies.
POLICY_ALLOW_METERED_IN_ROAMING
:
(Samsung) Possibly allow metered network use during roaming. Exact
meaning is currently unknown.
POLICY_ALLOW_WHITELIST_IN_ROAMING
:
(Samsung) Possibly allow network use during roaming. Exact meaning is
currently unknown.
Note.
Corresponding Lineage OS patches are as follows:
Activities, services, broadcast receivers (or only receivers) and content providers (or only providers) are jointly called application components. More technically, they all inherit the ComponentInfo class and can be launched via Intent.
App Manager typically blocks application components (or tracker components) using a method called Intent Firewall (IFW), it is superior to other methods such as pm (PackageManager), Shizuku or any other method that uses the package manager to enable or disable the components. If a component is disabled by the latter methods, the application itself can detect that the component is being blocked and can re-enable it as it has full access to its own components. (Many deceptive applications actually do this in order to keep the tracker components unblocked.) On the other hand, IFW is a true firewall and the application cannot detect if its components are being blocked. App Manager uses the term block rather than disable for this reason.
Even IFW has some limitations which are primarily applicable for the system applications:
The application in question is whitelisted by the system i.e. the system cannot function properly without these applications and may cause random crashes. These applications include but not limited to Android System, System UI, Phone Services. They will continue to work even if they are disabled or blocked.
Another system application or system process has activated a specific component of the application in question via interprocess communication (IPC). In this case, the component will be activated regardless of blocking status or even if the entire application is disabled. If there is such a system application that is not needed, the only way to prevent it from running is by getting rid of it.
No. But the application components blocked by the system or any other tools are displayed in the component tabs. These rules can be imported from Settings. However, it is not possible for App Manager to distinguish the components blocked by the third-party tools and components blocked by the system. Therefore, the applications listed in the import page should be selected with care.
App Manager blocks the components again if requested. In case of unblocking, they will be reverted to the default state as specified in the manifest of the application. But if the components were blocked by MyAndroidTools (MAT) with IFW method, they will not be unblocked by App Manager as it uses a different format. To fix this issue, the rules have to be imported from Settings at first, in which case MAT’s configurations will be permanently removed.
When you block a component in the App Details page, the blocking is not applied by default. It is only applied when you apply blocking using the Apply rules option in the top-right menu. If you enable instant component blocking, blocking will be applied as soon as you block a component. If you choose to block tracker components, however, blocking is applied automatically regardless of this setting. You can also remove blocking for an application by simply clicking on Remove rules in the same menu in the App Details page. Since the default behaviour gives you more control over applications, it is better to keep instant component blocking option disabled.
All application components are classes but not all classes are components. In fact, only a few of the classes are components. That being said, scanner page displays a list of trackers along with the number of classes, not just the components. In all other pages, trackers and tracker components are used synonymously to denote tracker components, i.e. blocking tracker means blocking tracker components, not tracker classes.
Info.
Tracker classes that are not components cannot be blocked. They can only be removed by editing the application itself.
Unfortunately, yes. This is because the ADB daemon, the process responsible for ADB connection, is also restarted after a reboot, and it does not re-enable ADB over TCP.
ADB has limited number of permissions and controlling application components is not one of them. However, the components of a test-only app can be controlled via ADB. If App Manager detects such an application, it enables the blocking options automatically.
Supported features are enabled automatically in the ADB mode. Supported features include disabling, force-stopping, clearing application data, granting or revoking app ops and permissions, and so on. It is also possible to install or uninstall applications without any prompt from the system.
Yes. AM cannot modify any system settings without root or ADB.
Trackers and libraries are updated manually before making a new release.
No, APKs aren’t deleted by App Manager after they are installed.
App Manager’s use of hidden API and privileged code execution is now much more complex and cannot be integrated with other third party apps such as Shizuku. Here are some reasons for not considering Shizuku (which now has Apache 2.0 license) for App Manager:
Shizuku was initially non-free which led me to use a similar approach for App Manager to support both root and ADB
App Manager already supports both ADB and root which in some cases is more capable than Shizuku
Relying on a third-party app for the major functionalities is not a good design choice
Integration of Shizuku will increase the complexity of App Manager.
Bloatware are the unnecessary apps supplied by the vendor or OEM and are usually system apps. These apps are often used to track users and collect user data which they might sell for profits. System apps do not need to request any permission in order to access device info, contacts and messaging data, and other usage info such as your phone usage habits and everything you store on your shared storage(s).
The bloatware may also include Google apps (such as Google Play Services, Google Play Store, Gmail, Google, Messages, Dialer, Contacts), Facebook apps (the Facebook app consists of four or five apps), Facebook Messenger, Instagram, Twitter and many other apps which can also track users and/or collect user data without consent given that they all are system apps. You can disable a few permissions from the Android settings but be aware that Android settings hides almost every permission any security specialist would call potentially dangerous.
If the bloatware were user apps, you could easily uninstall them either from Android settings or AM. Uninstalling system apps is not possible without root permission. You can also uninstall system apps using ADB, but it may not work for all apps. AM can uninstall system apps with root or ADB (the latter with certain limitations, of course), but these methods cannot remove the system apps completely as they are located in the system partition which is a read-only partition. If you have root, you can remount this partition to manually purge these apps but this will break Over the Air (OTA) updates since data in the system partition has been modified. There are two kind of updates, delta (small-size, consisting of only the changes between two versions) and full updates. You can still apply full updates, but the bloatware will be installed again, and consequently, you have to delete them all over again. Besides, not all vendors provide full updates.
Another solution is to disable these apps either from Android settings (no-root) or AM, but certain services can still run in the background as they can be started by other system apps using Inter-process Communication (IPC). One possible solution is to disable all bloatware until the service has finally stopped (after a restart). However, due to heavy modifications of the Android frameworks by the vendors, removing or disabling certain bloatware may cause the System UI to crash or even cause bootloop, thus, (soft) bricking your device. You may search the web or consult the fellow users to find out more about how to debloat your device.
From v2.5.19, AM has a new feature called profiles. The profiles page has an option to create new profiles from one of the presets. The presets consist of debloating profiles which can be used as a starting point to monitor, disable, and remove the bloatware from a proprietary Android operating system.
Note.
In most cases, you cannot completely debloat your device. Therefore, it is recommended that you use a custom ROM free from bloatware such as Graphene OS, Lineage OS or their derivatives.
AM currently supports blocking activities, broadcast receivers, content providers, services, app ops and permissions, and in future I may add more blocking options. In order to add more portability, it is necessary to import/export all these data.
Maintaining a database should be the best choice when it comes to
storing data. For now, several tsv
files with each file
having the name of the package and a .tsv
extension. The
file/database will be queried/processed by the
RulesStorageManager
class. Due to this abstraction, it
should be easier to switch to database or encrypted database systems in
future without changing the design of the entire project. Currently, All
configuration files are stored at
/data/data/io.github.muntashirakon.AppManager/Files/conf
.
The format below is used internally within App Manager and is not compatible with the external format.
<name> <type> <mode>|<component_status>|<is_granted>
Here:
<name>
– Component/permission/app op name (in
case of app op, it could be string or integer)
<type>
– One of the ACTIVITY
,
RECEIVER
, PROVIDER
, SERVICE
,
APP_OP
, PERMISSION
<mode>
– (For app ops) The associated mode constant
<component_status>
– (For components)
Component status
true
– Component has been applied (true
value is kept for compatibility)
false
– Component hasn’t been applied yet, but will
be applied in future (false
value is kept for
compatibility)
unblocked
– Component is scheduled to be
unblocked
<is_granted>
– (For permissions) Whether the
permission is granted or revoked
External format is used for importing or exporting rules in App Manager.
<package_name> <component_name> <type> <mode>|<component_status>|<is_granted>
This the format is essentially the same as above except for the first item which is the name of the package.
Caution.
The exported rules have a different format than the internal one and should not be copied directly to the conf folder.
App Manager v3.1.0 comes with a few new features and a lot of
improvements. Visit Settings
> About > Version/Changelog for details. App Manager now targets Android 13 which means most issues in Android
12 and 13 has been addressed, including SSAID and SAF issues as well as
monochrome icons and other theming issues. KeyStore backup/restore not working in Android 12 and later. Enable/disable is replaced with freeze/unfreeze to allow greater
control on the behaviours of an app. It supports suspend, disable and
hide functionalities which can be controlled at Settings
> Rules > Default freezing method. In order to make it easy to
freeze or unfreeze an app, shortcuts can also be created from the App
Info tab by long clicking on the freeze or unfreeze button. In the Main page, it is now possible to export the list of apps in
either XML or Markdown format using batch operations. In the future, the
XML file may also be imported to App Manager. App Manager now fully supports encrypting backups using ECC in
addition to offering AES, RSA and OpenPGP. Two new languages are added: Korean and Romanian. In the main page, more sorting and filtering options are added.
Sorting options include sorting the apps by total size, total data
usage, launch count, screen time and last usage time. Filtering options
include filtering the apps having at least one item in the Android
KeyStore, filtering apps with URIs granted via SAF, and filtering apps
with SSAID. Fixed various issues with ADB pairing, handled incomplete USB
debugging. Some rooting methods cannot allow interprocess communication
via Binder. In those cases, ADB mode is used as a fallback method by
enabling it automatically if possible. When possible, App Manager will be able to display apps from work
profile in no-root mode in addition to allowing basic operations such as
launching the app or navigating to the system settings. For backups, it
is now possible to restore backups for other users, but for work
profile, some apps may only work properly after re-enabling the work
profile. In the installer page, selecting All users will now
install the app for all users instead of only the current user. Finally,
in the app info tab, current app can be installed in another profile
using the Install for… option available in the three-dots menu.
This is analogous to the Explorer can now open DEX and JAR files in addition to APK files.
Several sorting options as well as folder options are also added as the
list options. In app info tab, a new tag called WX is added. It is displayed in
Android 10 and later if the application targets Android 9 or earlier. It
indicates W^X
violation which allows the app to execute arbitrary executable files
either by the modification of executables embedded within the app or by
downloading them from the Internet. App ops are now managed automatically to avoid various app ops
related crashes in various platforms. This will also lessen the amount
of crashes in an unsupported operating system. In the Main page, enabled batch uninstallation in no-root mode. Enabled advanced searching. Searching now matches not only app labels
but also package names. Copy the intercepted Intent as am command which can be run from
either an ADB shell or a terminal using root with the same
effectiveness. Explicitly handle the Internet permission which is a runtime
permission in the OS. Fixed permission denied issues in the installer due to a framework
issue introduced in MIUI 12.5. Fixed crashes in the Interceptor page due to a framework issue
introduced in Android 11. Improved Java-Smali conversion by including all the subclasses
during conversion Improved scanning performance in the Scanner page Improved updating the list of apps in the Main page Scan all the available paths to detect systemless-ly installed
system apps6.1.1
Android 13 support
6.1.1.0.1 Known issue
6.1.2
Introducing
freeze/unfreeze
6.1.3
Export app list
6.1.4
Elliptic Curve Crypography
(ECC)
6.1.5
New languages
6.1.6
More list options
6.1.7
Improved handling
of mode of operation
6.1.8
Handling multiple users
pm install-existing
command,
thereby, making the installation process a lot faster.6.1.9
Explorer enhancements
6.1.10 New tag: WX
6.1.11 App ops management
6.1.12 Batch uninstallation
6.1.13 Running apps
6.1.14 Interceptor
6.1.15 Device-specific changes
6.1.15.0.1 Graphene OS
6.1.15.0.2 MIUI
6.1.15.0.3 Motorola
6.1.16 Others
vacuum
SQLite database before opening it for viewing
or editing.
App Manager v3.0.0 comes with a lot of features and improvements. See
Settings
> Changelog to see a more detailed changelog. Material 3, somewhat similar to Material You, is a
significant improvement over Material Design 2 with support for dynamic
colours in Android 12 and later. In addition, many design changes have
been made in App Manager without any significant changes in the overall
user experience. Switches are still based on Material Design 2 which will be fixed in
a future release. Wireless debugging support has been fully implemented. Head over to
§3.2 for instructions on how
to configure wireless debugging. No-root users. Due to auto-detection feature, startup time might be large for
no-root users when the mode of operation is set to auto.
Instead, no-root users should select no-root instead of
auto. App Manager is fully translated into Indonesian and Italian languages
and can be enabled in settings. Bengali is removed due to lack of
translators. App Explorer can be used to browse the contents of an application.
This includes binary XML files, DEX contents or any other media files.
DEX contents can only be explored in Android Oreo (Android 8) and later.
It’s also possible to convert an It is possible to import backups from discontinued or obsolete
applications such as Titanium Backup, OAndBackup and Swift Backup
(version 3.0 to 3.2). Go to Setting > Backup/restore to find this
option. VirusTotal is a widely used tool to scan files and URLs for viruses.
In the scanner page and in the running apps page, an option to scan
files with VirusTotal has been added. But the option is hidden by
default. To enable the option, it is necessary to obtain an API key from
VirusTotal. Go to Settings > VirusTotal API Key for more
information. Internet feature. This is currently the only feature which require an Internet
connection. If you wish to use any Internet feature that might also be
added in the future, enable Use the Internet in Settings >
Enable/disable features. As the implementation of routine operations is being delayed, an
option to trigger profiles from the external automation software is
added. See §3.4 for instructions on how to
configure profile automation. Application installer includes several improvements including the
ability to downgrade applications in no-root mode, installing multiple
applications at once and blocking trackers after installation. In
Android 12 and later, no-root users can update applications without any
user interactions. It is now possible to configure how App Manager should block a
component. Visit Settings > Rules > Default blocking method for
more information. In the components tab, long clicking the block/unblock
button opens a context menu which allows per-component blocking in a
similar manner. ADB users can also block the components of a Test
only app. In some pages, the search bar supports additional searching which
includes searching via prefix, suffix or even regular expressions. In
the main page, it is also possible to search for applications using the
first letters of each word, e.g. App Manager can be listed by
searching for am. Activity interceptor can be opened directly from the activities tab
by long clicking on the launch button, and similarly, activities can be
launched from the activity interceptor page with or without root, for
any users. Notice. Currently, activities opened via root cannot send the results back to
the original applications. Screen time widget is quite similar to Digital Wellbeing’s widget by
the same name. It displays the total screen time for the day along with
the top three apps from all users. Clear cache widget can be to clear cache from all the applications
directly from the home screen.6.2.1
Material 3 and More
6.2.1.0.1 Known issue
6.2.2
Wireless Debugging
6.2.3
Languages
6.2.4
Introducing App Explorer
.smali
file into
.java
for a better understanding of the reversed code. This
feature, if not needed, can be disabled in Settings > Enable/disable
features.6.2.5
Import Backups
from Other Applications
6.2.6
VirusTotal
6.2.7
Trigger
Profiles from the Automation Software
6.2.8
Improved Application
Installer
6.2.9
Component Blocking
6.2.10 Advanced Searching
6.2.12 Make the Best Use of
Interceptor
6.2.13 Widget: Screen Time
6.2.14 Widget: Clear Cache
Back up/restore feature is now finally out of beta! Read the corresponding guide to understand how it works.
Log viewer is essentially a
front-end for logcat
. It can be used to filter logs by
tag or pid (process ID), or even by custom filters.
Log levels AKA verbosity can also be configured. You can also save,
share and manage logs.
Lock App Manager with the screen lock configured for your device.
You can set any mode for any app ops that your device supports, either from the 1-click ops page or from the app ops tab.
You can now easily add selected apps to an existing profile using the batch operations.
App info tab now has many options, including the ability to change SSAID, network policy (i.e. background network usage), battery optimization, etc. Most of the tags used in this tab are also clickable, and if you click on them, you will be able to look at the current state or configure them right away.
Sort and filter options are now replaced by List Options which is highly configurable, including the ability to filter using profiles.
Interested in knowing about your device in just one page? Go to the bottom of the settings page.
Not interested in all the features that AM offers? You can disable some features in settings.
AM now has more than 19 languages! New languages include Farsi, Japanese and Traditional Chinese.
You can now import external signing keys in AM! For security, App Manager has its own encrypted KeyStore which can also be imported or exported.
Since APKMirror has removed encryption from their APKM files, it’s no longer necessary to decrypt them. As a result, the option to decrypt APKM files has been removed. Instead, this option is now provided by the UnAPKM extension which you can grab from F-Droid. So, if you have an encrypted APKM file and have this extension installed, you can open the file directly in AM.
Profiles finally closes the related
issue. Profiles can be used to execute certain tasks repeatedly
without doing everything manually. A profile can be applied (or invoked)
either from the Profiles page or from
the home screen by creating shortcuts. There are also some presets which
consist of debloating profiles taken from Universal
Android Debloater. Exporting rules and applying permissions are not currently
working. Profiles are applied for all users.6.4.1.0.1 Known limitations
Intent
Intercept works as a man-in-the-middle between source and
destination, that is, when you open a file or URL with another app, you
can see what is being shared by opening it with Interceptor first. You
can also add or modify the intents before sending them to the
destination. Additionally, you can double-click on any exportable
activities in the Activities tab in the App Details page to open them in
the Interceptor to add more configurations. Editing extras is not currently possible.6.4.2.0.1 Known limitation
When I released a small tool called UnAPKM, I promised that similar feature will be available in App Manager. I am proud to announce that you can open APKM files directly in the App Info page or convert them to APKS or install them directly.
App manager now supports multiple users! For now, this requires root or ADB. But no-root support is also being considered. If you have multiple users enabled and click on an app installed in multiple profiles, an alert prompt will be displayed where you can select the user.
Thanks to the contributors, we have one more addition to the language club: French. You can add more languages or improve existing translations at Weblate.
If App Manager crashes, you can now easily report the crash from the notifications which opens the share options. Crashes are not reported by App Manager, it only redirects you to your favourite Email client.
Added support for Android 11. Not everything may work as expected though.
In settings page, you can set install locations such as auto (default), internal only and prefer external.
In settings page, you can also set default APK installer (root/ADB only) instead of App Manager.
In settings page, you can allow App Manager to display multiple users during APK installation.
In settings page, you can choose to sign APK files before installing
them. You can also select which signature scheme to use in the APK
signing option in settings. Currently, only a generic key is used to sign APK files6.4.8.4.1 Known limitation
As promised, it is now possible to select splits. AM also provides
recommendations based on device configurations. If the app is already
installed, recommendations are provided based on the installed app. It
is also possible to downgrade to a lower version without data loss if
the device has root or ADB. But it should be noted that not all app can
be downgraded. Installer is also improved to speed up the installation
process, especially, for root users. If the app has already been
installed and the new (x)apk(s) is newer or older or the same version
with a different signature, AM will display a list of changes similar to
What’s New before prompting the user to install the
app. This is useful if the app has introduced tracker components, new
permissions, etc. Large app can take a long time to fetch app info, and therefore,
it may take a long time display the installation prompt. If the apk is not located in the internal storage, the app has to
be cached first which might also take a long time depending on the size
of the apk.6.5.1.0.1 Known Limitations
Exodus page is now replaced with scanner page. Scanner page contains not only a list of trackers but also a list of used libraries. This is just a start. In the future, this page will contain more in depth analysis of the app.
System Config lists various system configurations and whitelists/blacklists included in Android by either OEM/vendor, AOSP or even some Magisk modules. Root users can access this option from the overflow menu in the main page. There isn’t any official documentation for these options therefore it’s difficult to write a complete documentation for this page. I will gradually add documentations using my own knowledge. However, some functions should be understandable by their name.
Thanks to the contributors, AM now has more than 12 languages. New languages include Bengali, Hindi, Norwegian, Polish, Russian, Simplified Chinese, Turkish and Ukrainian.
More tags are added in the app info tab such as KeyStore (apps with KeyStore items), Systemless app (apps installed via Magisk), Running (apps that are running). For external apk, two more options are added namely Reinstall and Downgrade. Now it is possible to share an apk via Bluetooth. For system apps, it is possible to uninstall updates for root/ADB users. But like the similar option in the system settings, this operation will clear all app data. As stated above, exodus has been replaced with scanner.
It is now possible to sort and filter processes in this tab. Also, the three big buttons are replaced with an easy-to-use three dot menu. Previously the memory usage was wrong which is fixed in this version.
Toybox (an alternative to busybox) is bundled with AM. Although Android has this utility built-in from API 23, toybox is bundled in order to prevent buggy implementations and to support API < 23.
Component blocker seemed to be problematic in the previous version, especially when global component blocking is enabled. The issues are mostly fixed now.
Caution.
The component blocking mechanism is no longer compatible with v2.5.6 due to various security issues. If you have this version, upgrade to v2.5.13 or earlier versions first. After that, enable global component blocking and disable it again.
Value of various app ops depend on their parent app ops. Therefore, when you allow/deny an app op, the parent of the app op gets modified. This fixes the issues some users have been complaining regarding some app ops that couldn’t be changed.
If an app has the target API 23 or less, its permissions cannot be
modified using the pm grant …
command. Therefore, for such
apps, option to toggle permission has been disabled.
The signature tab is improved to support localization. It also displays multiple checksums for a signature.
Manifest no longer crashes if the size of the manifest is too long. Generated manifest are now more accurate than before.
Bundled app formats such as apks and
xapk are now supported. You can install these apps
using the regular installation buttons. For root and adb users, apps are
installed using shell, and for non-root users, the platform default
method is used. Currently all splits apks are installed. But this
behaviour is going to change in the next release. If you only need a few
splits instead of all, extract the APKS or
XAPK file, and then, create a new zip file with your
desired split apks and replace the ZIP extension with
APKS. Now, open it with AM. There is no progress dialog to display the installation
progress.6.6.1.0.1 Known Limitations
You can now install APK, APKS or
XAPK directly from your favourite browser or file
manager. For apps that need updates, a What’s New
dialog is displayed showing the changes in the new version. Downgrade is not yet possible. There is no progress dialog to display the installation progress.
If you cannot interact with the current page, wait until the
installation is finished.6.6.2.0.1 Known Limitations
In the Settings page, a new option is added which can be used to remove all blocking rules configured within App Manager.
App Ops are now generated using a technique similar to AppOpsX. This should decrease the loading time significantly in the App Ops tab.
In the App Ops tab, a menu item is added which can be used to list only active app ops without including the default app ops. The preference is saved in the shared preferences.
Often the App Ops tab may not be responsive. If that’s the case, restart App Manager.
ADB shell commands are now executed using a technique similar to
AppOpsX (This is the free alternative of AppOps by Rikka.).
This should dramatically increase the execution time. AM can often crash or become not responsive. If that’s the case,
restart App Manager.6.6.5.0.1 Known Limitation
Add an option to filter apps that has at least one activity.
Apk files are now saved as app name_version.extension
instead of package.name.extension
.
Added a foreground service to run batch operations. The result of the operation is displayed in a notification. If an operation has failed for some packages, clicking on the notification will open a dialog box listing the failed packages. There is also a Try Again button on the bottom which can be used to perform the operation again for the failed packages.
Replaced Linux kill with force-stop.
Added German and Portuguese (Brazilian) translations. Not all translations are verified yet.6.6.9.0.1 Known Limitation
Install app only for the current user at the time of restoring backups. Support for split apks is also added.
Data backup feature is now considered unstable. If you encounter any problem, please report to me without hesitation.
App Ops (short hand for Application
Operations) are used by Android system (since Android 4.3) to
control application permissions. The user can control some
permissions, but only the permissions that are considered dangerous (and
Google thinks knowing your phone number isn’t a dangerous thing). So,
app ops seems to be the one we need if we want to install apps like
Facebook and it’s Messenger (the latter literary records everything if
you live outside the EU) and still want some privacy and/or
security. Although certain features of app ops were available in
Settings and later in hidden settings in older version of Android, it’s
completely hidden in newer versions of Android and is continued to be
kept hidden. Now, any app with
android.Manifest.permission.GET_APP_OPS_STATS
permission can get the app ops information for other applications but
this permission is hidden from users and can only be enabled using ADB
or root. Still, the app with this permission cannot grant or revoke
permissions (actually mode of operation) for apps other than itself
(with limited capacity, of course). To modify the ops of other app, the
app needs
android.Manifest.permission.UPDATE_APP_OPS_STATS
permissions which isn’t accessible via pm
command. So, you
cannot grant it via root or ADB, the permission is only granted to the
system apps. There are very few apps who support disabling permissions
via app ops. The best one to my knowledge is AppOpsX. The main (visible)
difference between my app (AppManager) and this app is that the latter
also provides you the ability to revoke internet permissions (by writing
ip tables). One crucial problem that I faced during the development of
the app ops API is the lack of documentation in English language.
Figure 1 describes the process of changing
and processing permission. AppOpsManager can be used to manage
permissions in Settings app. AppOpsManager is also
useful in determining if a certain permission (or operation) is granted
to the application. Most of the methods of
AppOpsManager are accessible to the user app but unlike
a system app, it can only be used to check permissions for any app or
for the app itself and start or terminating certain operations.
Moreover, not all operations are actually accessible from this Java
class. AppOpsManager holds all the necessary constants
such as OP_*
,
OPSTR_*
, MODE_*
which describes
operation code, operation string and mode of operations respectively. It
also holds necessary data structures such as PackageOps and OpEntry.
PackageOps holds OpEntry for a
package, and OpEntry, as the name suggests, describes
each operation.
AppOpService
is completely hidden from a user
application but accessible to the system applications. As it can be seen
in Figure 1, this is the class that does the
actual management stuff. It contains data structures such as
Ops to store basic package info and Op
which is similar to OpEntry of
AppOpsManager. It also has Shell which
is actually the source code of the appops command line tool. It writes
configurations to or read configurations from /data/system/appops.xml
. System
services calls AppOpsService to find out what an
application is allowed and what is not allowed to perform, and
AppOpsService determines these permissions by parsing
/data/system/appops.xml
. If no custom values are present in
appops.xml, it returns the default mode available in
AppOpsManager.
AppOpsManager stands for application operations manager. It consists of various constants and classes to modify app operations.
Смотрите также: AppOpsManager documentation
OP_*
ConstantsOP_*
are the integer constants starting from
0
. OP_NONE
implies that no operations are
specified whereas _NUM_OP
denotes the number of operations
defined in OP_*
prefix. While they denote each operation,
the operations are not necessarily unique. In fact, there are many
operations that are actually a single operation denoted by multiple
OP_*
constant (possibly for future use). Vendors may define
their own op based on their requirements. MIUI is one of the vendors who
are known to do that.
public static final int OP_NONE = -1;
public static final int OP_COARSE_LOCATION = 0;
public static final int OP_FINE_LOCATION = 1;
public static final int OP_GPS = 2;
public static final int OP_VIBRATE = 3;
...
public static final int OP_READ_DEVICE_IDENTIFIERS = 89;
public static final int OP_ACCESS_MEDIA_LOCATION = 90;
public static final int OP_ACTIVATE_PLATFORM_VPN = 91;
public static final int _NUM_OP = 92;
Whether an operation is unique is defined by
sOpToSwitch
. It maps each operation to another operation or
to itself (if it’s a unique operation). For instance,
OP_FINE_LOCATION
and OP_GPS
are mapped to
OP_COARSE_LOCATION
.
Each operation has a private name which are described by
sOpNames
. These names are usually the same names as the
constants without the OP_
prefix. Some operations have
public names as well which are described by sOpToString
.
For instance, OP_COARSE_LOCATION
has the public name
android:coarse_location.
As a gradual process of moving permissions to app ops, there are
already many permissions that are defined under some operations. These
permissions are mapped in sOpPerms
. For example, the
permission
android.Manifest.permission.ACCESS_COARSE_LOCATION is
mapped to OP_COARSE_LOCATION
. Some operations may not have
any associated permissions which have null
values.
As described in the previous section, operations that are configured
for an app are stored at /data/system/appops.xml
. If an
operation is not configured, then whether system will allow that
operation is determined from sOpDefaultMode
. It lists the
default mode for each operation.
MODE_*
ConstantsMODE_*
constants also integer constants starting from
0
. These constants are assigned to each operation
describing whether an app is authorised to perform that operation. These
modes usually have associated names such as allow for
MODE_ALLOWED
, ignore for
MODE_IGNORED
, deny for
MODE_ERRORED
(a rather misnomer), default
for MODE_DEFAULT
and foreground for
MODE_FOREGROUND
.
MODE_ALLOWED
. The app is allowed to
perform the given operation
MODE_IGNORED
. The app is not
allowed to perform the given operation, and any attempt to perform the
operation should silently fail, i.e. it should not cause the
app to crash
MODE_ERRORED
. The app is not
allowed to perform the given operation, and this attempt should cause it
to have a fatal error, typically a
SecurityException
MODE_DEFAULT
. The app should use
its default security check, specified in
AppOpsManager
MODE_FOREGROUND
. Special mode that
means “allow only when app is in foreground.” This mode was added in
Android 10
MODE_ASK
. This is a custom mode
used by MIUI whose uses are unknown.
AppOpsManager.PackageOps is a data structure to store all the OpEntry for a package. In simple terms, it stores all the customised operations for a package.
public static class PackageOps implements Parcelable {
private final String mPackageName;
private final int mUid;
private final List<OpEntry> mEntries;
...
}
As can be seen in Listing 2, it stores all OpEntry for a package as well as the corresponding package name and its kernel user ID.
AppOpsManager.OpEntry is a data structure that stores a single operation for any package.
public static final class OpEntry implements Parcelable {
private final int mOp;
private final boolean mRunning;
private final @Mode int mMode;
private final @Nullable LongSparseLongArray mAccessTimes;
private final @Nullable LongSparseLongArray mRejectTimes;
private final @Nullable LongSparseLongArray mDurations;
private final @Nullable LongSparseLongArray mProxyUids;
private final @Nullable LongSparseArray<String> mProxyPackageNames;
...
}
Here:
mOp
: Denotes one of the OP_*
constants
mRunning
: Whether the operation is in progress
(i.e. the operation has started but not finished yet). Not all
operations can be started or finished this way
mMOde
: One of the MODE_*
constants
mAccessTimes
: Stores all the available access
times
mRejectTimes
: Stores all the available reject
times
mDurations
: All available access durations, checking
this with mRunning
will tell you for how long the app is
performing a certain app operation
mProxyUids
: No documentation found
mProxyPackageNames:
No documentation found
TODO
TODO
Latest appops.xml
has the following format: (This DTD is
made by me and by no means perfect, has compatibility issues.)
<!DOCTYPE app-ops [
<!ELEMENT app-ops (uid|pkg)*>
<!ATTLIST app-ops v CDATA #IMPLIED>
<!ELEMENT uid (op)*>
<!ATTLIST uid n CDATA #REQUIRED>
<!ELEMENT pkg (uid)*>
<!ATTLIST pkg n CDATA #REQUIRED>
<!ELEMENT uid (op)*>
<!ATTLIST uid
n CDATA #REQUIRED
p CDATA #IMPLIED>
<!ELEMENT op (st)*>
<!ATTLIST op
n CDATA #REQUIRED
m CDATA #REQUIRED>
<!ELEMENT st EMPTY>
<!ATTLIST st
n CDATA #REQUIRED
t CDATA #IMPLIED
r CDATA #IMPLIED
d CDATA #IMPLIED
pp CDATA #IMPLIED
pu CDATA #IMPLIED>
]>
The instruction below follows the exact order given above:
app-ops
: The root element. It can contain any number
of pkg
or package uid
v
: (optional, integer) The version number (default:
NO_VERSION
or -1
)
pkg
: Stores package info. It can contain any number
of uid
n
: (required, string) Name of the package
Package uid
: Stores package or packages info
n
: (required, integer) The user ID
uid
: The package user ID. It can contain any number
of op
n
: (required, integer) The user ID
p
: (optional, boolean) Is the app is a
private/system app
op
: The operation, can contain st
or
nothing at all
n
: (required, integer) The op name in integer,
i.e. AppOpsManager.OP_*
m
: (required, integer) The op mode,
i.e. AppOpsManager.MODE_*
st
: State of operation: whether the operation is
accessed, rejected or running (not available on old versions)
n
: (required, long) Key containing flags and
uid
t
: (optional, long) Access time (default:
0
)
r
: (optional, long) Reject time (default:
0
)
d
: (optional, long) Access duration (default:
0
)
pp
: (optional, string) Proxy package name
pu
: (optional, integer) Proxy package uid
This definition can be found at AppOpsService.
appops
or cmd appops
(on latest versions)
can be accessible via ADB or root. This is an easier method to get or
update any operation for a package (provided the package name is known).
The help page of this command is self-explanatory:
AppOps service (appops) commands:
help
Print this help text.
start [--user <USER_ID>] <PACKAGE | UID> <OP>
Starts a given operation for a particular application.
stop [--user <USER_ID>] <PACKAGE | UID> <OP>
Stops a given operation for a particular application.
set [--user <USER_ID>] <[--uid] PACKAGE | UID> <OP> <MODE>
Set the mode for a particular application and operation.
get [--user <USER_ID>] <PACKAGE | UID> [<OP>]
Return the mode for a particular application and optional operation.
query-op [--user <USER_ID>] <OP> [<MODE>]
Print all packages that currently have the given op in the given mode.
reset [--user <USER_ID>] [<PACKAGE>]
Reset the given application or all applications to default modes.
write-settings
Immediately write pending changes to storage.
read-settings
Read the last written settings, replacing current state in RAM.
options:
<PACKAGE> an Android package name or its UID if prefixed by --uid
<OP> an AppOps operation.
<MODE> one of allow, ignore, deny, or default
<USER_ID> the user id under which the package is installed. If --user is not
specified, the current user is assumed.