App Manager

Muntashir Al-Islam

image

App Manager

用户手册

v3.1.0

24 三月 2023

Copyright © 2020–2022 Muntashir Al-Islam

“Wisely and slow. They stumble that run fast.” — Friar Laurence, Romeo and Juliet

1 简介

App Manager 是一个高级的 Android 包管理器。 它提供了不计其数的功能,因此需要用户手册来帮助用户。本文档作为 App Manager 的用户手册,旨在描述 App Manager 提供的每一个功能。 本文档也可以被认为是 App Manager 的“官方”指南, 并代表了 App Manager 的预期行为。翻译对文档理解可能有误(原文是用英语写的)。 因此,每个有能力的用户都应该阅读英文版本的文档,以充分发挥 App Manager 的作用。 可能还有其他非官方或第三方资源,如博客文章、视频、聊天、群组等。 虽然这些资源可能对很多人有用,但它们的内容可能跟不上最新的 App Manager 版本。 如果在 App Manager 中发现任何偏离本文档的情况,应在 App Manager 问题追踪进行报告。

1.1 术语

1.2 受支持的版本

当前,支持的版本是 v3.0.0 – v3.0.3(稳定版),v3.1.0(alpha 和 debug 版)。先前版本的 App Manager 可能包含安全漏洞,不应继续使用。

1.3 官方来源

1.3.1 二进制(可执行)分发来源

App Manager 通过以下渠道发布。 非官方来源可能分发 App Manager 的修改版本,后果自负。

  1. F-Droid 1
    Link: https://f-droid.org/packages/io.github.muntashirakon.AppManager

  2. GitHub repository.
    Normal releases: https://github.com/MuntashirAkon/AppManager/releases
    Debug releases: https://github.com/MuntashirAkon/AppManager/actions

  3. Telegram.
    Normal releases: https://t.me/AppManagerChannel
    Debug releases: https://t.me/AppManagerDebug

1.3.3 翻译

App Manager 不接受直接通过PR/MR进行的翻译。翻译仅通过 Weblate 进行自动化管理。 要加入翻译团队,请访问 https://hosted.weblate.org/engage/app-manager/

1.4 贡献

用户可有通过多种方式做出贡献,如创建有用 issues 、参加讨论、 改进文档和翻译,添加未被认可的库或跟踪器, 审查源代码以及报告安全漏洞。

1.4.1 构建说明

在位于源码根目录下的BUILDING文件中可以获得编译指导。

1.4.2 提交补丁

除GitHub之外的仓库目前被视为镜像,在这些网站提交的 PR/MR 将不被接受. 2 相反,patches (.patch 文件) 可以通过电子邮件附件提交。请务必对Commits签名(Signing-off) 更多信息请参见位于源码根目录下的CONTRIBUTING文件.

注意.

在通过电子邮件提交补丁是,整个邮件对话在将来可能会被公开访问. 所以,请不要除了您的姓名和电子邮件地址之外,不要包含任何个人身份信息(PII).

1.5 捐赠 & 资助

捐赠或购买并不是使用App Manager的必要条件. 虽然 App Manager 不支持任何任何内购, 但可以通过 Open Source Collective 向 App Manager 的所有者发送捐赠.

Open Source Collective 是 Open Collective 平台上的一个财政托管机构,以帮助开源项目管理他们的财务状况。 目前,它支持通过银行账户、PayPal、信用卡或借记卡 和加密货币发起捐赠.

Link: https://opencollective.com/muntashir.

通过发送捐款,发送者同意他们不应使用捐款作为筹码来使作者优先考虑其所请求的功能. 请求新功能不需要任何捐赠, 且它们的优先级是按作者倾向排序.

App Manager 接受任何资助的提议 有兴趣的组织的代表可以通过以下方式直接联系联系所有者: §1.6.

1.6 联系我们

Muntashir Al-Islam3
邮箱: muntashirakon [at] riseup [dot] net
Key Fingerprint: 7bad37c2981e41f8f6abea7f58f0b4f26c346fce
GitHub: https://github.com/MuntashirAkon
Twitter: https://twitter.com/Muntashir

2 页面

2.1 主页

主页面列出所有已安装、已卸载和已备份的应用。 单独点击任何已安装的应用项目可打开相应的 应用详情页。 对于未安装的系统应用,它会显示一个 对话框提示,可以用来重新安装该应用。 使用列表选项中的 排序 ,可以选择应用列表的排序方式,退出应用后仍会保留排序方式。 使用列表选项中的 过滤,可以过滤列表选项。 筛选也可以通过搜索栏进行过滤,并支持正则表达式。

Figure 1: 主页面中的一个应用程序列表项

2.1.1 批处理

批处理也可以在这个页面内进行。 多选模式可以由点击任何应用图标或长按列表中的任何一项进入。 进入后,仅需单击列表中的任何一项便可选中,而不是打开应用程序详情页。 该模式下,批处理操作位于位于页面底部的多选菜单,包括包括:

  • 将选中应用添加到 配置

  • 备份、恢复或删除应用程序

  • 阻止应用中的追踪器

  • 清除应用数据或缓存

  • 启用/停用/强制停止/卸载应用程序

  • 导出屏蔽规则

  • 阻止应用的后台操作 (Android 7 及更高版本)

  • 导出APK文件到 AppManager/apks

  • 设置联网规则

无障碍.

进入多选模式后,键盘或遥控器的左右键呼出多选菜单。

2.1.2 颜色代码含义

  • 浅灰橙(日间模式下) / 深蓝(夜间模式下) – 多选模式下被选中的应用

  • 浅红(日间模式下) / 深红 (夜间模式下) – 停用的应用

  • 黄色星标 – 可调试的应用

  • 橙色 日期 – 应用可读取日志

  • 橙色 UID – 用户 ID 在应用间被共享

  • 橙色 SDK – 使用明文网络通信(如 HTTP)

  • 红色 包名 – 应用禁止清除数据

  • 红色备份标识 – 已卸载的应用存在一个或多个备份

  • 橙色备份标识 – 备份过期, 如基本备份中包含已安装的应用的旧版本

  • 深蓝绿色 备份标识 – 备份在期, 如基本备份中包含已安装应用的相同或更高版本

  • 深蓝绿色 包名 – 已强行停止运行的应用

  • 深蓝绿色 版本 – 不活跃的应用

  • 紫红 – 常驻应用(一直运行的应用)

2.1.3 应用类型

一个应用程序可以是 用户系统 应用,同时存在以下后缀:

  • X – 支持多种架构

  • 0 – 不含dex文件

  • ° – 已暂停应用

  • # – 应用程序请求系统分配一个大堆,即 大运行时内存

  • ? – 应用程序请求虚拟机处于安全模式。

2.1.4 版本信息

版本名称有以下前缀:

  • _ – 没有硬件加速(减慢应用中的过渡动画)

  • ~ – 仅测试模式

  • debug – 可调试应用

2.1.5 选项菜单

选项菜单提供了几个选项,可用以对列出的应用程序进行排序和过滤, 以及转到 App Manager 内或外的不同页面。

2.1.5.1 列表选项

列表选项 包含了对主页面中的列表进行排序和过滤的选项。

2.1.5.1.1 排序

主页面中列出的应用程序可以按照以下方式进行排序:

  • 用户应用优先 用户应用将优先展示

  • 应用标签 根据应用标签(也称为 应用程序名称)升序排序。(默认选项)

  • 包名 根据包名升序排序

  • 最后更新 根据更新时间降序排序

  • 共享 user ID 根据共享 user ID升序排序

  • 目标 SDK 根据目标SDK升序排序

  • 签名 根据签名信息升序排序

  • 已停用优先 已停用将优先展示

  • 已阻止优先 根据已阻止的应用组件数目降序排序

  • 已备份优先 已备份将优先展示

  • 追踪器 根据追踪器数目降序排序S

  • 最后操作 根据被App Manager操作的应用时间降序排序

此外,还有 反转 选项,可以用来对列表进行反向排序。 无论怎样排序偏好,应用程序都是先按字母顺序排序,以防止产生任何随机排序结果.

2.1.5.1.2 筛选

主页面中列出的应用可以通过以下方式进行过滤:

  • 用户 仅用户应用

  • 系统 仅系统应用

  • 停用 仅停用应用

  • 被阻止 仅被阻止组件的应用

  • 可打开 仅至少有一个Aactivity的应用

  • 有备份 仅有备份的应用

  • 无备份 仅没有备份的应用

  • 运行中 仅正在运行的应用

  • 有分包 仅有分包(多Apk)应用

  • 已安装 仅已安装应用

  • 已卸载 仅已卸载应用

与排序不同,它可以同时应用多个过滤选项, 如,停用的用户应用可以通过选择 用户停用列出,这对批处理特别有用,在这种情况下过滤用户应用可能是必要的,以便安全地进行某些操作。 Unlike sorting, it is possible to apply more than one filtering options at the same time. For example, the disabled user applications can be listed by selecting both User apps and Disabled apps. This can be particularly useful for batch operations where filtering the user applications may be necessary to carry out certain operations safely.

2.1.5.1.3 配置文件名称

It is also possible to list the applications that are only present in a profile. This can be useful for carrying out certain operations on a profile (e.g., uninstalling all the applications in a profile) that cannot be done via the Profiles page.

2.1.5.2 说明

点击 指南 打开离线版的App Manager用户手册. 它也可能打开在线版本如果如果相应的功能拆分feat_docs未安装, 或系统 WebView不存在.

2.1.5.3 一键操作

1-Click Ops代表单击操作。 这将在新活动中打开相应页面

2.1.5.4 应用使用情况

App usage statistics such as screen time, data usage (both mobile and Wi-Fi), the number of times an app was opened can be accessed by clicking on the App Usage option in the menu. However, it requires the Usage Access permission. This menu item will not be listed if the usage access feature is disabled in settings.

2.1.5.5 系统配置

This menu item opens a new page where various system configurations, blacklists/whitelists included in Android by the OEM, the vendor, the AOSP or the Magisk modules are displayed. It requires root. Therefore, this menu item will not be listed if root permission is unavailable to App Manager.

2.1.5.6 正在运行的应用

This menu item opens a new page where a list of running applications or processes are displayed. It also displays the current memory and cache (if available) usage. If root or ADB is not available to App Manager, it only displays itself in the recent versions of Android. The running applications or processes can also be force-stopped or killed within the resultant page. Logs for each process ID (PID) can also be viewed in the log viewer. In addition, it is also possible to carry out batch operations either by clicking on the icon or by long-clicking on an item. Normal click on any items opens a dialog where a more detailed information is displayed.

2.1.5.7 配置文件

This menu item opens the profiles page. Profiles are a way to configure regularly used tasks. They can also be invoked via shortcuts.

2.1.5.8 日志查看器

此菜单项可打开日志查看器页面,其使用 logcat 命令显示并管理日志. 此页面默认只能显示 App Manager 自身进程的日志记录,但是, 若授予android.permission.READ_LOGS 权限后,则可显示来自所有进程的日志. 若当前运行模式 为 root 或 ADB,此权限将自动授予.

2.1.5.9 APK更新器

若系统中已安装APK Updater ,则可通过此菜单项直接打开. 若系统中不存在该应用,则该选项将被隐藏.

2.1.5.10 Termux 终端模拟器

如果系统中已安装Termux ,则可直接从此菜单项运行会话(或 新会话). 如果应用不存在,则此选项将被隐藏.

2.1.5.11 设置

此菜单项将打开本应用的 设置.

2.2 应用程序详情页

应用详情 页面由 11 个标签页组成。它描述了一个应用程序所能有的几乎所有信息, 包括其清单中的所有属性、应用操作、签名 信息、库等等。

2.2.1 颜色代码含义

本页中使用的颜色列表及它们的含义:

  • 正红 (日间) / 深红 (夜间) – 危险权限或, 被阻止的组件(使用App Manager操作)

  • 亮红 (日间) / 绯红 (夜间) – 被阻止的组件(其他应用操作)

    注意.

    表示在 App Manager 之外禁用(阻止)的组件, 标记为禁用(阻止)的组件并不意味着它被用户禁用,它也可能是被系统禁用的, 或者在其清单(Android-Manifest.xml)中被标记为禁用(阻止)。被停用的应用程序也会被系统(和App Manager)视为禁用(阻止)。

  • 鲜橙 (日间) / 深橙 (夜间) – 追踪器组件

  • 亮紫 (日间) / 深紫 (夜间) – 正在运行的组件

2.2.2 应用信息

应用信息 选项卡包含关于一个应用程序的基本信息, 许多操作可以在此标签中执行.

2.2.2.1 基本信息

以下的列表与“应用信息”选项卡中列出的顺序相同.

  • 应用图标: 应用图标,若应用没有图标,则显示系统默认图标. 可以点击图标,进行与剪贴板中的 SHA 或 MD5 进行 APK 签名验证.

  • 应用标签: 应用程序名.

  • 包名: 应用程序包名,点击复制.

  • 版本: 版本分为两部分: 第一部分称 版本名(Version Name). 格式各不相同,但常由多个以点分隔的整数组成. 第二部分称 版本号. 其被第一个括号括起来. 版本代码是一个整数,用于 区分应用程序版本 (因为机器无法读取版本名). 简言之, 新版本的应用程序具有比旧版本更高的版本代码. 如,如果 123125 是一个应用程序的两个版本代码,我们可以说后者比前者更新(后者的版本代码更高). 在不同平台(移动、平板、桌面等)或架构(32/64 位、ARM 或 Intel)上为同一版本提供不同 APK 文件的应用程序,版本号可能会产生误导,因为它们通常会为每个平台添加前缀 .

  • 标签: (也称标签云) 标签包括应用程序最基本、最简洁、有用的信息,如—

    • 追踪器信息 应用程序中跟踪器组件的数量 (如, 5 个追踪器). 如果跟踪器未被阻止,则标记颜色显示为橙色,如果跟踪器在App Manager中被阻止,则标记颜色显示为深青色. 单击标签会打开一个对话框,其包含跟踪器组件列表,如果 App Manager 具有足够的权限,可以阻止或取消阻止这些组件.

    • 应用类型 用户应用或系统应用。系统应用程序的更新版本和通过 Magisk 无系统安装的应用也被认为是系统应用.

    • Split APK 信息 APK 中的拆分包数量,不包括基本 APK (e.g., 5 分包). 单击标签会打开一个对话框,其中包含分包 APK 信息,例如类型和大小.

    • 可调试 应用可以通过 ADB调试.可调试应用可以享受常规应用无法使用的某些功能. 应用的数据可以通过 ADB 访问 (如使用run-as 命令无需任何额外权限).

    • 仅测试 应用是仅测试应用程序. 仅测试应用可以享受常规应用无法使用的某些功能. 应用的数据可以通过 ADB 访问 (如使用run-as 命令无需任何额外权限).

    • 大(堆/Heap)内存 应用将请求较大的堆内存, 即需要更多内存 (RAM) 空间用于动态分配. 是否为应用程序分配大空间仍由操作系统决定. 如,App Manager 请求较大的堆大小,因为它在 Android 8 之前需要在扫描的 APK 时将整个 APK 加载到内存中App.

    • 无代码 该应用不含任何与之相关代码,如不含Dex文件. 在某些系统应用中,实际代码可能位于其他位置.

    • 运行中 应用的一项或多项服务正在后台运行. 单击标签将打开一个对话框,其中包含正在运行的服务列表. 如果启用了日志查看器功能,单击任何服务会将在日志查看器中它.

    • 已停止 应用被强制停止. 这可能不会阻止它以后自动启动.

    • 已禁用 应用被禁用 (在启动器无图标).

    • 已挂起 表示应用程序已挂起 (在启动器中显示为灰色).

    • 被隐藏 示应用程序是隐藏的 (在启动器无图标).

    • MagiskHide MagiskHide 已启用. 单击该标签会打开一个对话框,其中包含应用程序中可以从 MagiskHide 添加或删除的进程列表.

    • MagiskDenyList 该应用程序存在于 MagiskDenyList 中. 单击标签会打开一个对话框,其中包含应用程序中可以从 MagiskDenyList 列表中添加或删除的进程列表.

    • 密匙库 应用在 Android KeyStore 中存有项目. 单击将打开一个对话框,其中包含属于该应用程序的所有 KeyStore 文件.

    • 备份 应用至少使用 App Manager 备份过一次. 单击标签会打开一个对话框,其包含所有可用的备份以及元数据.

    • 不进行电池优化 电池优化对应用不生效. 可以通过单击标签重新启用电池优化.

    • 联网策略 为应用配置联网策略(如,后台数据使用). 单击标签会显示一个对话框,其中包含系统支持的策略.

    • SSAID 点击打开一个对话框,其中包含分配给应用程序的当前 SSAID。若需要可以重置/重新生成 SSAID.

    • SAF 表示应用已被授权访问一个或多个存储位置或文件,即获得由存储访问框架 (SAF) 的 URI. 单击打开一个对话框,其中包含授予的 URI.

    • 被 Google Play 签名 表示应用程序可能由 Google 签名.

  • 水平滚动操作面板 一个操作面板,由可以对应用执行的各种操作组成, 有关可用操作的完整列表,请参阅§2.2.2.3.

  • 路径与目录: 应用有关路径的各种信息,包括 应用目录 (where the APK files reside), 数据目录 (internal, device protected and externals), 应用分包目录 (along with the split names), and 本机原生 JNI 库 (如果有). JNI 库用于调用通常用 C/C++ 编写的本机原生代码, 使用本机原生库可以使应用程序运行得更快或帮助应用程序使用使用非 Java 语言编写的第三方库,同大多数游戏中一样. 通过单击每个目录项右侧的启动图标, 可以通过第三方文件管理器打开目录,前提是它们支持并获得必要的权限.

  • 数据使用: 操作系统报告的应用程序使用的数据量. 根据 Android 版本,这可能需要广泛的权限,包括 访问应用使用情况电话 权限.

  • 存储与缓存: 显示有关应用程序大小(APK 文件、优化文件)、数据和缓存的信息。 在旧设备中,还会显示外部数据、缓存、媒体和 OBB 文件夹的大小. 如果在较新的设备中未授予 访问应用使用情况s 权限,此部分将隐藏.

  • 更多信息 例如–

    • SDK 显示与 Android SDK 相关的信息. 存在两个(旧设备只有一个)值: 最高 目标 SDK 与最低 最低SDK (后者不适用于旧设备). 最佳实践是使用平台当前支持的最大 SDK 的应用程序,以确保应用程序未在兼容模式下运行(以便使用隐私规避功能). SDK 已称为 等级(API Level).

    • 标志位(Flags): 构建应用程序时使用的应用标志, 有关标志的完整列表及其作用, 请见official documentation.

    • 安装日期: 首次安装应用的日期.

    • 更新日期: 上次更新应用程序的日期. 如果应用程序尚未更新,这与 安装日期 相同.

    • 安装器: 安装此应用的应用. 并非所有应用程序都提供包管理器用来注册安装程序应用程序的信息. 因此,这个值不应被视为理所当然。

    • User ID: Android系统给应用设置的唯一用户ID. 对于共享应用,相同的用户 ID 被分配给具有相同 Shared User ID 的多个应用程序.

    • Shared User ID: 适用于一起共享ID的应用. 共享应用必须具有相同的 签名.

    • 首选ABI: 此平台为此应用程序支持的架构。

    • Zygote preload name: 负责预加载应用程序代码和在所有使用应用程序 zygote 的隔离服务之间共享的数据.

    • 隐藏 API 使用策略: 从 Android 9 开始,Android Framework 中的许多方法和类第三方应用程序无法通过隐藏 API 强制访问. 存在以下选项:

      • 默认(Default: 基于应用的类型。 对于系统应用程序,它应该被禁用,而对于其他应用,它应该被强制执行.

      • 无或关闭(None/disabled): 该应用可以完全访问隐藏的 API,就像在 Android 9 之前一样.

      • 警告(Warn): 与上面相同,除了每次应用程序访问隐藏 API 时都会记录警告. 这一般未使用的.

      • 强制(Enforce): 应用无法访问隐藏的 API,无论是深灰名单还是黑名单,或者两者都无法访问. 这是 Android 9 及更高版本中第三方应用程序的默认选项,除非该应用程序被 OEM 或供应商列入白名单.

        Warning.

        隐藏 API 访问限制策略在 Android 中没有正确实现,应用程序可以绕过它. 因此,不应信任此值.

    • SELinux: 操作系统通过 SELinux 设置的强制访问控制 (MAC) 策略.

    • 主活动: 应用的主要入口点. 这仅在应用程序具有 活动 并且其中任何一个都可以从启动器中打开时显示. 右侧还有一个启动按钮,可用于启动此活动.

2.2.2.2 Tags

  • Tracker info. Number of tracker components in the application (e.g., 5 trackers) The colour of the tag appears orange if the trackers are unblocked and dark cyan if they are blocked in App Manager. Clicking on the tag opens a dialog containing the list of tracker components which can be blocked or unblocked if App Manager has sufficient privileges.

  • Application type. User application or system application. If it is a system application, whether the application is an updated version of the system application or if the application is installed systemless-ly via Magisk.

  • Split APK info. Number of splits in the APK excluding the base APK (e.g., 5 splits). Clicking on the tag opens a dialog containing the split APK information such as type and size.

  • Debuggable. The application can be debugged over ADB. Debuggable applications can enjoy certain functions unavailable to a regular application. The data of the application might be accessible via ADB (e.g. using run-as command) without any additional permissions.

  • Test only. The application is a test-only application. Test-only applications can enjoy certain functions unavailable to a regular application. The data of the application might be accessible via ADB (e.g. using run-as command) without any additional permissions.

  • Large heap. The application has requested large heap size i.e. more space in memory (RAM) is requested for dynamic allocation. It is still up to the operating system to decide whether to allocate large space for the application. App Manager, for example, requests large heap size because it needs to load an entire APK into memory while scanning an APK before Android 8.

  • No code. The application does not have any code associated with it i.e. DEX files aren’t present. In some system applications, the actual code might be located in another place.

  • Running. One or more services of the application is currently running in the background. Clicking on the tag opens a dialog containing the list of running services. Clicking on any services opens it in the log viewer provided the log viewer feature is enabled. There’s also an option to force-stop the application.

  • Stopped. The application is force stopped. This may not prevent it from running automatically later.

  • Disabled. Denotes that the application is disabled (hidden from the launcher).

  • Suspended. Denotes that the application is suspended (grayed out in the launcher).

  • Hidden. Denotes that the application is hidden (hidden from the launcher).

  • MagiskHide. MagiskHide is enabled. Clicking on the tag opens a dialog containing the list of processes within the application that can be added or removed from the MagiskHide list.

  • MagiskDenyList. The application is present in MagiskDenyList. Clicking on the tag opens a dialog containing the list of processes within the application that can be added or removed from MagiskDenyList.

  • WX. The app violates “W^X policy” and is capable of writing and executing in the same directory or in the same portion of memory. This allows the execution of arbitrary executables either by the modification of executables embedded within the app or by downloading them from the Internet.

    See also: W^X in Wikipedia

  • KeyStore. The application has items in the Android KeyStore. Clicking on the tag opens a dialog containing all the KeyStore files that belong to the application.

  • Backup. The application was backed up using App Manager at least once. Clicking on the tag opens a dialog containing all the available backups along with metadata.

  • No battery optimisation. Battery optimisation is disabled for the application. It is possible to re-enable battery optimisation by clicking on the tag.

  • Net policy. Network policy (e.g., background data usage) is configured for the application. Clicking on the tag displays a dialog containing the supported policies for the platform along with the options to configure them.

  • SSAID. Clicking on the tag opens a dialog containing the current SSAID assigned to the application. It is also possible to reset/regenerate the SSAID if needed.

  • SAF. Denotes that the application has been granted to access one or more storage locations or files i.e. URIs via Storage Access Framework (SAF). Clicking on the tag opens a dialog containing the list of granted URIs.

  • Play App Signing. Indicates that the application might be signed by Google.

2.2.2.3 水平操作面板

如上节所述,水平滚动操作面板由各种与应用相关的操作组成, 如 -

  • 启动: 启动应用. 前提是要有一个可启动活动.

  • 禁用: 停用应用. 若应用已被禁用或用户没有足够的权限,则不会显示该按钮. 禁用应用后,将从应用程序列表中隐藏,应用的快捷方式也可能被删除. 只能通过App Manager或任何其他支工具重新启用该应用. Android设置中没有任何选项可以启用禁用的用户应用.

  • 卸载: 卸载应用

  • 启用: 启用应用. 若应用已启用或用户没有足够的权限,则不会显示该按钮.

  • 强制停止: 强制停止应用.

  • 清除数据: 清除应用数据. 清除包括存储在应用内部和(仅Android 10 以上)外部目录中的任何应用数据,包括帐户(如果由应用设置)、缓存等. 例如,清除 App Manager 数据将会删除所有保存的规则(但不会清除已阻止组件),因此你应该检查备份你的规则文件。若用户没有足够的权限,则不会显示此按钮.

  • 清除缓存: 清除应用缓存. 没有任何原生方法可以清除特定应用程序的缓存,因此,需要root权限才能清除应用程序内部存储中的缓存.

  • 安装: 通过第三方应用安装应用. 此按钮仅在应用尚未安装时显示.

  • What’s New: 若外部应用已安装,则会显示此按钮. 单击此按钮将显示一个对话框,将以版本控制方式,显示打开的版本和安装的版本之间的差异. 包括: 版本, 追踪器, 权限, 组件, 签名 (校验值改变 ), 特性, 共享库SDK.

  • 更新: 若应用的版本号高于已安装的应用,则会显示.

  • 重装: 若应用与已安装的应用具有相同的版本号,则会显示.

  • 降级: 若应用的版本号低于已安装的应用,则会显示.

  • 应用清单(Manifest): 单击将在单独的页面中显示应用清单文件. 可以使用对应切换按钮(位于右上方)开启自动换行,也可以使用保存按钮保存到存储器.

  • 扫描器: 扫描应用以列出潜在的跟踪器和库. 若可用,它还会使用VirusTotal扫描文件.

    See also: 扫描器页面

  • 共享首选项: 显示应用程序使用的共享首选项(Shared-Preferences)列表. 单击列表中的首选项将打开共享首选项编辑器. 若用户没有足够的权限,则不会显示此按钮.

  • 数据库: 将显示应用程序使用的数据库列表. 若用户没有足够的权限,则不会显示此按钮.

  • F-Droid: 在你常用的F-Droid 客户端中打开该应用.

  • Store: 在 Aurora Store打开该应用. 仅在Aurora Store后显示.

2.2.2.4 选项菜单

选项菜单位于页面的右上角, 下面给出了对现有选项的完整描述:

  • 分享: 共享按钮可用于共享 APK 或(如果应用程序有多个拆分) APKS.

  • 刷新: 刷新应用信息选项卡.

  • 在设置中查看: 在 Android 设置中打开应用.

  • 备份/恢复: 打开备份/恢复对话框.

  • 导出屏蔽规则: 导出应用配置规则.

  • 在 Termux 中打开: 在 Termux 中打开应用. 实际以 su - user_id 命令运行且该 用户ID 为应用的(内核)用户 ID (参见 §§2.2.2.1 描述). 此选项仅适用于 Root 用户. 请参阅 §§2.2.2.5 以了解如何配置 Termux 以运行来自第三方应用的命令.

  • 在 Termux 中运行: 在Termux中通过 run-as package_name 打开应用. 此选项仅对可调式应用有效并适用于 Root 与 Adb 用户. 请参阅 §§2.2.2.5 以了解如何配置 Termux 以运行来自第三方应用的命令.

  • MagiskHide: 打开一个对话框,其中包含应用程序中可以从 MagiskHide 列表中添加或删除的进程列表.

  • MagiskDenyList: 打开一个对话框,其中包含应用程序中可以从 MagiskDenyList 添加或删除的进程列表.

  • 电池优化: 启用/禁用电池优化.

  • 联网策略: 配置应用的联网策略(如后台数据使用) .

  • 导出图标: 提取应用图标并将其保存至共享存储.

  • 添加配置: 应用程序添加到已配置的 配置文件.

2.2.2.5 配置 Termux

默认情况下,Termux 不允许运行来自第三方应用的命令。要使用此选项,请使用 Termux v0.96 以上版本,并且必须在 ~/.termux/termux.properties 中添加 allow-external-apps=true

Info.

启用此选项不会削弱Termux的安全性。第三方应用仍然需要取得用户允许才能在Termux中运行任意命令。

2.2.3 组件选项卡

活动(Activities)服务(Services)广播接收器(Receivers)内容提供者(Providers) 统称为应用程序组件. 它们共享在许多相似特征,如,它们都有一个 名称、一个 标签、一个 图标 并且通过 意图(Intent) 执行. 应用程序组件是应用的本构造,必须在应用程序清单中声明. 应用程序清单是存储应用程序特定元数据的文件,Android 通过读取元数据来处理应用。

这些选项卡中使用的颜色在 §2.2.1 中进行了解释。也可以在弹出菜单对列表进行排序.

2.2.3.1 活动 (Activity)

Activity 是可以由 Android 唯一标识的窗口或页面(如主页应用详情页 是两个活动). 每个活动可以有多个 UI 组件,称为 部件(widgets)碎片(fragments),每个组件都可以嵌套或放置在彼此之上. 开发人员还可以选择使用名为意图过滤器(intent filters)选择打开外部文件、链接等. 如当使用文件管理器打开文件时,文件管理器或操作系统通过 PackageManager 扫描意图过滤器以查找能够打开文件的活动,并用其打开文件.

标记exportable 的活动通常可以由任何第三方应用程序打开. 有些活动需要权限,如果是这种情况,只有具有这些权限的应用程序才能打开. 在 活动 选项卡中,可以通过 启动 按钮启动, 若有必要可提供额外信息,如意图(Intent)的 extras、data或Action. 长按 启动 按钮会打开提供此类功能的 Activity Interceptor 页面.

Notice.

如果您无法打开任何活动,则很可能它具有某些未满足的依赖项目,例如应用详情页 ,由于其至少需要提供一包名. 由于无法机械式推断这些依赖关系,因此默认情况下可能无法通过 App Manager 打开这些活动.

也可以通过 创建快捷方式 按钮来创建活动的快捷方式

Caution.

如果您卸载App Manager,应用管理器创建的所有快捷方式都将丢失.

2.2.3.2 服务 (Services)

Unlike activities that users can see, Services handle background tasks. For example, if you’re downloading a video from the internet using your phone’s Internet browser, the Internet browser is using a foreground service to download the content.

When an activity is closed or removed from the Recents section, it may be destroyed immediately depending on many factors such as how much free memory the phone has. But services can be run indefinitely if desired. If more services are run in background, the phone may become slower due to the shortage of memory and/or processing power, and the phone’s battery will be drained more quickly. Newer Android versions have a battery optimisation feature enabled by default for all applications. With this feature enabled, the system can randomly terminate any service. However, foreground services (i.e. services that run with a fixed notification such as music player) are not typically terminated unless the system is low on resources (memory, battery, etc.). Vendor-specific stock ROMs can offer more aggressive optimisation. MIUI, for example, has a very aggressive optimisation feature known as MIUI optimisation.

Both activities and services are run in the same looper called the main looper, which means the services are not really run in the background. It is the task of the developer to ensure this. How do the application communicate with the service? It uses broadcast receiver or Binder.

2.2.3.3 (广播)接收器 ((Broadcast)Receiver)

Receivers (also called broadcast receivers) can be used to trigger execution of certain tasks when certain events occur. These components are called broadcast receivers because they are executed as soon as a broadcast message is received. These broadcast messages are sent using a method called Intent. Intent is a special feature in Android that can be used to open applications (i.e. activities), run services and send broadcast messages. Therefore, like activities, broadcast receivers use intent filters to receive the desired broadcast messages. Broadcast messages can be sent by the system or the application itself. When a broadcast message is sent, the corresponding receivers are activated by the system so that they can execute tasks. For example, if your phone is low on resources, it may freeze or experience lags for a moment after you enable mobile data or connect it to the Wi-Fi. This is because broadcast receivers that can receive android.net.conn.CONNECTIVITY_CHANGE are activated by the system as soon as the data connection is enabled. Since many applications typically use this intent filter, they are all activated almost immediately by the system which causes the freezing or lags.

Receivers can also be used for inter-process communication (IPC), i.e. it can be used to communicate acrosss multiple applications or even different components of a single application.

2.2.3.4 (内容)提供者 ((Content)Providers)

Providers (also called content providers) are used for data management. For example, when you save an APK file or export rules in App Manager, it uses a content provider called .fm.FmProvider to save the APK or export the rules. There are many content providers, including the ones provided by the system, to manage various content-related tasks such as database management, tracking, searching, etc. Each content provider has a field called Authority which is unique to the application in the entire Android ecosystem just as the package name.

2.2.3.5 针对已root的手机的额外功能

Unlike the no-root users who are mostly spectators in these tabs, root users can perform various operations.

2.2.3.5.1 阻止组件

On the right-most side of each component item, there is a switch which can be used to toggle the blocking status of that particular component. If Instant Component Blocking is not enabled or blocking is never applied to the application before, it is required to apply the changes using the Apply rules option in three-dots menu. It is also possible to remove the already-applied rules using the same option (which would be read as Remove rules this time).

It is also possible to block the component using one of the several methods by long clicking on the button.

2.2.3.5.2 阻止跟踪器

It is possible to disable tracker components using the Block tracker option in the three-dots menu. All tracker components will be blocked regardless of the tab you’re currently in.

Info.

Tracker components are a subset of application components. Therefore, they are blocked using the same method used for blocking any other components.

2.2.4 权限选项卡

App Ops, 使用权限 and 权限 选项卡与权限相关。 安卓中,在不具有相同身份(称为 shared ID)的应用或进程之间进行通信常常需要权限,其由权限控制器管理。 一些被视为普通 的权限,若它们出现在应用程序清单中,则会自动授予,但危险权限 和 开发 权限需要用户确认。 选项卡中使用的颜色在 §[subsec:app-details-color-codes] 中有解释。

2.2.4.1 App Ops

App Ops 代表"应用操作 (Application Operations) ". 自 Android 4.3 开始,Android 使用 App Ops 控制大多系统权限,每个 App Op 都有一个与之关联的唯一编号,该编号与其私有名称将一同显示在“App Ops”选项卡中,一些 App Ops 也有一个公共名称。 大量的应用操作是也与权限相关,在此选项卡中,若 App Ops 相关的权限被视为危险则被标记为危险。其他信息如 标志位(flags), 权限名称 (permission name), 权限描述(permission description),包名 (package name),群组 ( group) 也取自相关的 权限

其他可能包括以下内容:

  • 模式(Mode): 描述了当前授权状态,可以是"允许 (allow)"、"拒绝(deny)"(实际为错误)、"忽略(ignore)"(实际为拒绝)、"默认(default)"(从手机供应商或 AOSP 内部设置的默认列表推断)、"前台(foreground)" (在新的Android版本中,应用只能在前台运行时获取该权限),以及一些供应商自定义的模式,如MIUI使用询问(ask)。

  • 时长(Duration): 此 App Ops 现已使用的时间(可能为负原因未知)。

  • 允许时刻(Accept Time): 上一次 App Op 被许可。

  • 拒绝时刻(Reject Time): 上一次 App Op 被拒绝。

提示.

android.permission.GET_APP_OPS_STATS 由 ADB 授予,则此选项卡的内容对非 root 用户可见.

每个 App Op 项都有切换按钮,可用于允许或拒绝(忽略)它,其他受支持的模式也可以通过长按来设置。 如果选项卡中未列出所需的 App Op,可使用菜单中的设置自定义 App Op 。 菜单中的重置为默认 可重置App Ops, 或使用拒绝危险权限的相关操作。 受 App Ops 本身工作方式所限,系统可能需要不少时间来更改它们。

Tip.

拒绝某些 App Ops 可能会导致应用行为异常,若所有修复手段都失败,可尝试使用 重置为默认 选项。

可以以升序方式按 App Ops 名称和其编号对列表排序,也可以优先显示拒绝的 App Ops。

See also: 附录: App Ops

2.2.4.2 使用权限

系统预定义权限(Uses Permissions) 是应用(申请)所使用的权限,其在应用程序清单中使用 uses-permission 标签声明。 其 "标志位 (flags)"、"权限名 (permission name)"、"权限描述 (permission description)"、"包名 ( package name)"、"群组 (group)" 取自相关权限

特权用户可通过切换按钮授予或撤销 危险 (dangerous) 和 开发 (development) 权限,也可以使用菜单中的相应选项。 只能撤销以上两种权限,因为Android不允许修改 普通 (normal) 权限(其中大多数是)。但仍有可能撤销它们通过编辑 runtime-permissions.xml 本身,但是否可能仍不明确。

提示.

由于系统默认会撤销危险权限,因此撤销所有危险权限与重置所有权限是一样的。

可以以升序方式按权限名称对列表排序,也可以优先显示拒绝的权限。

2.2.4.3 权限

(自定义)权限 通常是应用自身定义的自定义权限,包括该应用声明的、标记为"内部( Internal)" 权限,其他应用声明、标记为"外部( External)"的权限。外部权限在应用程序组件中指定为依赖项,即应用只有在拥有指定的权限时才能调用该组件:

  • 名称 每个权限都有的唯一的名称,如 android.permission.INTERNET ,但多个应用可以请求同一个权限。

  • 图标 每个权限都可以有一个自定义图标,其他权限选项卡没有任何图标,因为它们在应用程序清单中不包含任何图标。

  • 描述 描述权限的可选字段,若没有与权限关联的任何描述,则不会显示该字段。

  • 标志位(Flags) 使用标志符号或 保护名称(Protection Level) 名称描述权限, 诸如 普通 normal、开发 development、危险 dangerous,、即时 instant, 已授权 granted、已撤销 revoked、签名 signature、特权 privileged 等。

  • 包名 表示与权限关联的包名,即定义权限的包名。

  • 群组(Group) 与权限关联的群组(如果有),几个相关的权限通常可以组合在一起。

2.2.5 签名选项卡

Signatures are actually called signing information. An application is signed using one or more signing certificates by the application developers before publishing it. The integrity of an application i.e. whether the application is from the actual developer and isn’t modified by other people can be checked using the signing information; because when an application is modified by an unauthorised entity, the application cannot be signed using the original certificates again because the signing information are kept private by the actual developer. Signing information can be verified using checksums. Checksums are generated from the certificates themselves. If the developer supplies the checksums for the signing certificates, they can be matched against the checksums generated in the Signatures tab to verify the application. For example, if you have downloaded App Manager from GitHub or Telegram Channel, you can verify whether the application is actually released by me by simply matching the following SHA256 checksum with the one displayed in this tab:

320c0c0fe8cef873f2b554cb88c837f1512589dcced50c5b25c43c04596760ab

Several hashing algorithms are used to generate checksums in this tab. They include MD5, SHA1, SHA256 and SHA512.

Caution.

Signing information should be verified using a reliable hashing algorithm such as SHA256. DO NOT rely on MD5 or SHA1 checksums as they are known to generate the same checksums for multiple certificates.

2.2.6 共享库选项卡

Shared libraries tab lists all the legacy JAR dependencies as well as JNI (Java native interface) libraries. For JNI libraries, it specifies platform (x86/x86_64/ARM/AArch64), architecture (32/64 bit), object type (shared object or executable), etc.

2.2.7 其他选项卡

Other tabs list android manifest components such as features and configurations. A complete description about these tabs may be available in the future.

2.3 一键操作页

This page is displayed on selecting the 1-Click Ops option in the main menu.

2.3.1 Block/Unblock Trackers

This option can be used to block or unblock the ad/tracker components from the installed applications. On selecting this option, App Manager will ask if it should list trackers from all the applications or only from the user applications. Novice users should avoid blocking trackers from the system applications in order to avoid bad consequences. After that, a multi-choice dialog box will appear where it is possible to exclude one or more applications from this operation. The changes are applied immediately on pressing the block or unblock button.

Notice.

Certain applications may not function as expected after blocking their trackers. If that is the case, remove the blocking rules all at once or one by one in the component tabs of the App Details page for the corresponding application.

2.3.2 Block Components…

This option can be used to block certain application components as specified by their signatures. A signature of a component is the full name or partial name of the component. For safety, it is recommended to add a . (dot) at the end of each partial signature, because the underlying algorithm searches and matches the components in a greedy manner. It is also possible to insert more than one signature in which case all the signatures have to be separated by white spaces. Similar to the option above, there is also an option to apply blocking to the system applications.

Caution.

If you are not aware of the consequences of blocking applcations components by their signatures, you should avoid using this option as it may result in bootloop or soft brick, and you may have to apply factory reset as a result.

2.3.3 Set Mode for App Ops…

This option can be used to configure certain applcation operations of all or selected applications. There are two fields. The first field can be used to insert more than one app op constants (either names or values) separated by white spaces. It is not always possible to know in advance about all the app op constants as they vary from device to device and from OS to OS. Desired app op constant can be found in the App Ops tab located in the App Details page. The second field can be used to insert or select one of the modes that will be set against the specified app ops.

Caution.

Unless you are well-informed about app ops and the consequences of blocking them, you should avoid using this option.

2.3.4 备份

1-Click options for back up. As a precaution, it lists the affected backups before performing any operation.

2.3.4.0.1 Back up all apps.

Back up all the installed applications.

2.3.4.0.2 Redo existing backups.

Back up all the installed applications that have a previous backup.

2.3.4.0.3 Back up apps without backups.

Back up all the installed applications without a previous backup.

2.3.4.0.4 Verify and redo backups.

Verify the recently made backups of the installed applications and redo backup if necessary.

2.3.4.0.5 Back up apps with changes.

If an app has changed since the last backup, redo its backup. It checks a number of indices including application version, last update date, last launch date, integrity and file hashes. Directory hashes are taken during the backup process and are stored in a database. On running this operation, new hashes are taken and compared with the ones kept in the database.

2.3.5 恢复

1-Click options for restore. As a precaution, it lists the affected backups before performing any operation.

2.3.5.0.1 Restore all apps.

Restore base backup of all the backed up applications.

2.3.5.0.2 Restore not installed apps.

Restore base backup of all the backed up applications that are not currently installed.

2.3.5.0.3 Restore latest backups.

Restore base backup of already installed applications whose version codes are higher than the installed version code.

2.3.6 Trim Caches in All Apps

Delete caches from all applications, including Android system. During this operation, caches of all the running applications may not be cleared as expected.

2.4 配置文件页面

Profiles page can be accessed from the options-menu in the main page. It primarily displays a list of configured profiles along with the typical options to perform operations on them. New profiles can also be added using the plus button in the bottom-right corner as well as can be imported, duplicated, or created from one of the presets. Clicking on any profile item opens its profile page.

2.4.1 选项菜单

There are two options menu in this page. The three dots menu in the top-right corner offers two options: presets and import.

Long clicking on any profile item brings up another options-menu. It offers the following options:

  • Apply now…. This option can be used to apply the profile directly. When clicked, a dialog will be displayed where it is possible to select a profile state. On selecting one of the options, the profile will be applied immediately.

  • Delete. Clicking on delete will remove the profile immediately without any warning.

  • Duplicate. This option can be used to duplicate the profile. When clicked, a dialog will be displayed where it is possible to set a name for the new profile. On clicking “OK”, profile page will be loaded by duplicating all the configurations that this profile have. However, the profile will not be saved until it is saved manually.

  • Export. Export the profile to an external storage. Profile exported this way can be imported via the import option as mentioned above.

  • Create shortcut. This option can be used to create a shortcut for the profile. When clicked, there will be two options: Simple and Advanced. When configured with the latter option, it prompts the user to select a profile state when the shortcut is invoked. The former option, on the other hand, always uses the default state that was configured when the profile was last saved.

2.5 配置页

Profile page displays the configurations for a profile. It also offers the options to edit them.

2.5.1 选项菜单

The three dots menu in the top-right corner opens the options-menu. It contains several options such as–

  • Apply. This option can be used to apply the profile. When clicked, a dialog will be displayed where you can select a profile state. On selecting one of the options, the profile will be applied immediately.

    Notice.

    When you apply a profile, if some packages do not match the criteria, they will simply be ignored.

  • Save. Save changes to the profile.

    Notice.

    Changes are never saved automatically. You have to save them manually from here.

  • Discard. Discard any modifications made since the last save operation.

  • Delete. Clicking on delete will remove the profile immediately without any warning.

  • Duplicate. This option can be used to duplicate the profile. When clicked, a dialog will be displayed where it is possible to set a name for the new profile. On clicking “OK”, this page will be reloaded by duplicating all the configurations that this profile have. However, the profile will not be saved until it is saved manually.

  • Create shortcut. This option can be used to create a shortcut for the profile. When clicked, there will be two options: Simple and Advanced. When configured with the latter option, it prompts the user to select a profile state when the shortcut is invoked. The former option, on the other hand, always uses the default state that was configured when the profile was last saved.

2.5.2 应用程序选项卡

Apps tab lists the packages configured in this profile. Packages can be added or removed using the plus button located near the bottom of the screen. Packages can also be removed by long clicking on them (in which case, a popup will be displayed with the only option delete).

2.5.3 配置选项卡

Configurations tab can be used to configure the selected packages.

2.5.3.1 备注

This is the text that will be displayed in the profiles page. If not set, the current configurations will be displayed instead.

2.5.3.2 状态

Denotes how certain configured options will behave by default. For instance, if disable option is turned on, the applications will be disabled if the state is on and will be enabled if the state is off. Currently, it only supports on and off values.

2.5.3.3 用户

Select users for which is the profile will be applied. All users are selected by default.

2.5.3.4 组件

This behaves the same way as the Block Components… option does in the 1-Click Ops page. However, the blocking here is only applied to the selected packages. If the state is on, the components will be blocked, and if the state is off, the components will be unblocked. The option can be disabled (regardless of the inserted values) by clicking on the disabled button on the input dialog.

2.5.3.5 AppOps 权限

This behaves the same way as the Set Mode for App Ops… option does in the 1-Click Ops page. However, the operation here is only applied to the selected packages. If the state is on, the app ops will be denied (i.e. ignored), and if the state is off, the app ops will be allowed. The option can be disabled (regardless of the inserted values) by clicking on the disable button in the input dialog.

2.5.3.6 权限

This option can be used to grant or revoke certain permissions from the selected packages. Like others above, permissions must be separated by white spaces. If the state is on, the permissions will be revoked, and if the state is off, the permissions will be allowed. The option can be disabled (regardless of the inserted values) by clicking on the disable button in the input dialog.

2.5.3.7 备份/恢复

This option can be used to take a backup of the selected applications and its data or restore them. Two options are available here: Backup options and backup name.

  • Backup options. Same as the backup options of the backup/restore feature. If not set, the default options will be used.

  • Backup name. Set a custom name for the backup. If the backup name is set, each time a backup is made, it will be given a unique name with backup-name as the suffix. This behaviour will be fixed in a future release. Leave this field empty for regular “base” backups (also, make sure not to enable backup multiple in the backup options).

If the state is on, the packages will be backed up, and if the state is off, the packages will be restored. The option can be disabled by clicking on the disable button in the input dialog.

2.5.3.8 导出屏蔽规则

Danger.

This option is not yet implemented.

2.5.3.9 禁用

Allow enabling or disabling the selected packages depending on the value of the state. If the state is on, the packages will be disabled, and if the state is off, the packages will be enabled.

2.5.3.10 强制停止

Allow the selected packages to be force-stopped.

2.5.3.11 清除缓存

Enable clearing cache for the selected packages.

2.5.3.12 清除数据

Enable clearing data for the selected packages.

2.5.3.13 Block Trackers

Enable blocking or unblocking of the tracker components from the selected packages depending on the value of the state. If the state is on, the trackers will be blocked, and if the state is off, the trackers will be unblocked.

2.5.3.14 保存APK

Enable saving APK files at AppManager/apks (or in the directory selected in the settings page) of the selected packages.

2.6 设置页面

Settings page can be used to customise the behaviour of App Manager.

2.6.1 界面语言

配置应用内语言。App Manager 目前支持 21 种语言。

2.6.2 Appearance

2.6.2.1 应用主题

配置应用内主题。

2.6.2.2 Layout Direction

Change layout direction, either left to right or right to left. This is usually set using the selected language but not everybody prefers the same direction.

2.6.2.3 启用/禁用功能

启用或禁用应用 App Manager 中的某些功能,如

  • 拦截器

  • Manifest 查看器

  • 扫描器

  • 包安装器

  • 使用情况. 如关闭此功能,App Manager 永远不会请求 使用情况 权限.

  • 日志查看器 “探索” 选择在尝试打开 APK 文件时不可用。

  • 使用互联网.如果关闭此功能,则所有互联网功能都将被禁用。 目前,唯一的互联网功能是通过 VirusTotal 获取扫描报告。

2.6.3 Privacy

2.6.3.1 屏幕锁定

Lock App Manager using Android screen lock provided a screen lock is configured.

Warning.

If screen lock is disabled in Android after enabling this setting, App Manager will not open until it is enabled again.

2.6.4 操作模式

Mode of operation defines how App Manager works as a whole. It has the following options:

  • Auto. Let App Manager decide the suitable option. Although this is the default option, non-rooted users should use the no-root mode.

  • Root. Operate App Manager in root mode. App Manager will fall back to no-root mode if root is not detected, or in rare cases when Binder communication through root is disabled (e.g. in Phh SuperUser).

  • ADB over TCP. Operate App Manager in ADB mode via ADB over TCP. App Manager will fall back to no-root mode if ADB over TCP is not enabled.

  • Wireless debugging. Enable ADB via Wireless Debugging. It will try to connect to the configured port automatically at first. On failure, it will ask the user to either pair or connect to the ADB daemon manually. App Manager will fall back to no-root mode if it fails to connect to the ADB daemon this way.

    Info.

    This option is only displayed in devices running Android 11 or later as Wireless Debugging was introduced in Android 11.

  • No-root. Operate App Manager in no-root mode. While App Manager performs better in this mode, all the root- or ADB-specific features will be disabled.

It also displays the currently inferred mode of operation. The actual mode of operations are root, ABD and no-root.

2.6.5 APK 签名

2.6.5.1 签名方案

Configure the signature schemes to be used when APK signing is enabled. v1 and v2 signature schemes are enabled by default, but v3 should also be enabled to ensure proper security in Android 9 or later.

2.6.5.2 签名密钥

Configure the signing key for signing APK files. Keys from an existing KeyStore can be imported to App Manager, or a new key can be generated.

Tip.

If you need to use the key in the future, it is recommended that you create a KeyStore yourself and import the key here. Keys generated within App Manager is at the risk of being deleted without a proper backup.

2.6.6 安装器

2.6.6.1 在安装器中显示用户

启用后,将在安装应用前显示用户列表。将只为特定用户 安装应用。

2.6.6.2 签名 APK

安装应用前是否对 APK 文件进行签名。可用 APK 签名 页面 来配置签名。

2.6.6.3 安装位置

定义 APK 安装位置,可以是 自动仅内部存储偏好外部存储。 在较新的 Android 版本中,选择最后一个选项并不保证应用将被安装在外部存储中。

2.6.6.4 安装来源

选择安装程序,这对于明确检查安装程序以验证应用程序是否合法安装的应用程序很有用。 这只适用于 root 或 ADB 用户。

Notice.

对于应用来说,检查安装包似乎并无不妥,但 Android 框架已经在安装过程中处理了这个问题。 通过检查安装包是证明应用来源合法性是错误的。

2.6.6.5 Block Trackers

Whether to block the tracking components immediately after installing the application.

2.6.6.6 Display Changes

Whether to display changes in version, trackers, components, permissions, signatures, SDK, etc. in a version controlled style before installing the application if the application has already been installed.

2.6.6.7 Install in the Background

Whether to always install applications in the background. A notification will be issued once the installation is finished.

2.6.7 备份/恢复

备份恢复 相关的设置.

2.6.7.1 压缩方法

Set the compression method to be used during backups. App Manager supports GZip and BZip2 compression methods, GZip being the default compression method. It doesn’t affect the restoring of an existing backup.

2.6.7.2 备份选项

Customise the back up/restore dialog displayed while taking a backup.

See also: Backup options

2.6.7.3 备份带 Android 密钥库的应用程序

Allow backup of applications that has entries in the Android KeyStore. This option is disabled by default because a few apps (such as Signal) may crash if restored.

2.6.7.4 加密

Set an encryption method for the backups. App Manager currently supports OpenPGP (via OpenKeyChain), AES, RSA and ECC. Like APK signing, The AES, RSA and ECC keys are stored in the KeyStore and can be imported from other KeyStores.

Danger.

For your own safety, it is not recommended generating RSA and ECC keys inside App Manager. Instead, they should be imported from a KeyStore stored in a secure place.
In case of AES, the generated key should be stored in a secure place, such as using a password manager.

2.6.7.5 备份位置

Select the storage where the backups will be stored. This is also where logs and exported APK files are saved.

Notice.

The backup volume only specifies the storage, not the path. Backups are traditionally stored in the AppManager folder inside the storage path. But when the path is selected using Storage Access Framework (SAF), the selected path or directory is used directly.

2.6.7.6 Import Backups

Import backups from old and discontinued projects such as Titanium Backup, OAndBackup, and Swift Backup (version 3.0 to 3.2). The backups are not deleted after importing to prevent data loss in case the imported backups cannot be restored properly.

2.6.8 规则

2.6.8.1 即时组件拦截

By default, blocking rules are not applied unless they are applied explicitly in the App Details page for any application. After enabling this option, all (old and new) rules are applied immediately for all applications without explicitly enabling blocking for an application.

2.6.8.2 导入/导出阻止规则

It is possible to import or export blocking rules within App Manager for all applications. The types of rules (components, app ops or permissions) that should be imported or exported can also be selected. It is also possible to import blocking rules from Blocker and Watt. If it is necessary to export blocking rules for a single application, the corresponding App Details page can be used to export rules, or for multiple apps, batch operations can be used.

2.6.8.2.1 Export

Export blocking rules for all applications configured within App Manager. This may include app components, app ops and permissions based on the options selected in the multi-choice options.

2.6.8.2.2 Import

Import previously exported blocking rules from App Manager. Similar to export, this may include app components, app ops and permissions based on the options selected in the multi-choice options.

2.6.8.2.3 Import Existing Rules

Add components disabled by other applications to App Manager. App Manager only keeps track of the components disabled within App Manager. If application components are blocked or disabled by other tools or applications, this option can be utilised to import them. On clicking this option, App Manager will find the components potentially disabled by other applications or tools and list only the name of the applications along with the number of matched components. For safety, all the applications are unselected by default. They have to be selected manually, and the blocking has to be re-applied via App Manager.

Caution.

Be careful when using this tool as there can be many false positives. Choose only the applications that you are certain about.

2.6.8.2.4 Import from Watt

Import configuration files from Watt, each file containing rules for a single package and file name being the name of the package with .xml extension.

Tip.

Location of configuration files in Watt: /sdcard/Android/data/com.tuyafeng.watt/files/ifw

2.6.8.2.5 Import from Blocker

Import blocking rules from Blocker, each file containing rules for a single package. These files have a .json extension.

2.6.8.3 删除所有规则

One-click option to remove all rules configured within App Manager. This will enable all blocked components, app ops will be set to their default values and permissions will be granted.

2.6.9 Advanced

2.6.9.1 Selected Users

This option lets you control the users App Manager should operate on. App Manager operates on all users in root or ADB mode by default.

2.6.9.2 Saved APK Name Format

Defines the format of the APK name to be used while saving it via batch operations or through profiles. App Manager offers some special keywords enclosed inside % (percentage) signs and available below the input box. These keywords are:

  • label. Denotes the name or label of the application. This can be localised to the configured language depending on the app.

  • package_name. Denotes the name of the package or application ID, the unique identifier that each application has.

  • version. Denotes the current version of the application extracted from its manifest.

  • version_code. Denotes the current version code of the application that can be used to separate two versions of the same application.

  • min_sdk. Denotes the minimum SDK (i.e. Android framework version) that the application can operate on. This data is only available since Android 7 (Nougat).

  • target_sdk. Denotes the SDK that this application targets. The application can operate on higher SDK but only in the compatibility mode.

  • datetime. Denotes the time and date when the APK is exported.

2.6.9.3 导入/导出密钥库

Import or export the KeyStore used by App Manager. This is a Bouncy Castle KeyStore with bks extension. Therefore, other KeyStore such as Java KeyStore (JKS) or PKCS #12 are not supported. If a key is needed to be imported from such a KeyStore, the relevant options should be should as specified above.

2.6.10 关于设备

Display Android version, security, CPU, GPU, battery, memory, screen, languages, user info, etc.

2.7 扫描器页面

Scanner page appears after clicking on the scanner button in the App Info tab. External APK files can also be opened for scanning from file managers, web browsers, etc.

It scans for trackers and libraries, and displays the number of trackers and libraries as a summary. It also displays checksums of the APK file as well as the signing certificates. If VirusTotal is configured in the settings, it also attempts to retrieve reports from VirusTotal, or uploads the APK file if it is not in the database.

Disclaimer.

App Manager only scans an application statically without prejudice. The application may provide the options for opting out, or in some cases, certain features of the tracker may not be used at all by the application (e.g. F-Droid), or some applications may simply use them as placeholders to prevent the breaking of certain features (e.g. Fennec F-Droid). The intention of the scanner is to give you an idea about what the APK might contain. It should be taken as an initial step for further investigations.

Clicking on the first item (i.e. number of classes) opens a new page containing a list of tracker classes for the application. All classes can also be viewed by clicking on the Toggle Class Listing menu. A sneak-peek of each class can be viewed by simply clicking on any class item. In Android 8 (Oreo) and later, this includes the whole SMALI version of the class, and can be converted into Java using the corresponding option.

Notice.

Due to various limitations, it is not possible to scan all the components of an APK file. This is especially true if an APK is highly obfuscated. The scanner also does not check strings (or website signatures).

The second item lists the number of trackers along with their names. Clicking on the item displays a dialog containing the name of trackers, matched signatures, and the number of classes against each signature. Some tracker names may have 2 prefix which indicates that the trackers are in the ETIP stand-by list i.e. whether they are actual trackers is still being investigated.

The third item lists the number of libraries along with their names. The information are mostly taken from IzzyOnDroid repo.

2.7.1 缺少签名

At the bottom of the page, there is a special item denoting the number of missing signatures (i.e. missing classes). The missing signatures are the ones that AM has failed to match against any known libraries. The number itself has no particular meaning as many libraries contain hundreds of classes, but clicking on the item will bring up a dialog containing the signatures which is helpful in inspecting the missing signatures. This feature is only intended for people who know what a missing signature is and what to do with it, other users should ignore it.

2.8 拦截器页面

Interceptor can be used to intercept communication between applications using Intent. It works as a man-in-the-middle between the source and the destination applications. It offers a feature-complete user interface for editing Intents.

Warning.

Interceptor only works for implicit intents where the app component isn’t specified.

2.8.1 意图(Intent)过滤器

Intent filters are used by the applications to specify the tasks they are able to perform or the tasks they are going to perform using other applications. For example, when you’re opening a PDF file using a file manager, the file manager will try to find the applications to open the PDF with. To find the right applications, the file manager will create an Intent with filters such as the MIME type and ask the system to retrieve the applications capable of opening this filter. The system will search through the Manifest of the installed applications to match the filter and list the application components that are able to open this filter (in our case the PDF). At this, either the file manager will open the desired application component all by itself or use a system provided option to open it. If multiple application components are able to open it and no default is set, you may get a prompt where you have to choose the right application component.

2.8.1.1 动作(Action)

Action specifies the generic action to perform such as android.intent.action.VIEW. Applications often declare the relevant actions in the Manifest file to catch the desired Intents. The action is particularly useful for broadcast Intent where it plays a vital rule. In other cases, it works as an initial way to filter out the relevant application components. Generic actions such as android.intent.action.VIEW and android.intent.action.SEND are widely used by applications. Hence, setting this alone may match many application components.

2.8.1.2 数据(Data)

Data is originally known as URI (Uniform Resource Identifier) defined in RFC 2396. It can be web links, file location, or a special feature called content. Contents are an Android feature managed by the content providers. Data are often associated with a MIME type.

Examples:

http://search.disroot.org/?q=URI%20in%20Android%20scheme&categories=general&language=en-US
https://developer.android.com/reference/android/net/Uri
file:///sdcard/AppManager.apk
mailto:email@example.com
content://io.github.muntashirakon.AppManager.provider/23485af89b08d87e898a90c7e/AppManager.apk

2.8.1.3 MIME 类型

MIME type of the data. For example, if the data field is set to file:///sdcard/AppManager.apk, the associated MIME type can be application/vnd.android.package-archive.

2.8.1.4 类别(Categories)

This is similar to action in the sense that it is also used by the system to filter application components. This has no further benefits. Unlike action, there can be more than one category. Clicking on the plus button next to the title allows adding more categories.

2.8.1.5 标志位(Flags)

Flags are useful in determining how system should behave during the launch or after the launch of an activity. This should not be touched as it requires some technical background. The plus button next to the title can be used to add one or more flags.

2.8.1.6 附加数据(Extras)

Extras are the key-value pairs used for supplying additional information to the destination component. More extras can be added using the plus button next to the title.

2.8.1.7 URI

Represents the entire Intent as a URI (e.g. intent://…). Some data cannot be converted to string, and as a result, they might not appear here.

2.8.2 匹配的活动(Activity)

List all the activity components that matches the Intent. This is internally determined by the system (rather than App Manager). The launch button next to each component can be used to launch them directly from App Manager.

2.8.3 重置为默认

Reset the Intent to its initial state.

2.8.4 发送编辑过的意图(Intent)

Resend the edited Intent to the destination application. This may open a list of applications where the desired application is needed to be selected. The result received from the target application will be sent to the source application. As a result, the source application will not know if there was a man-in-the-middle.

2.9 共享首选项(Shared Preferences)编辑页

Shared preferences can be edited in this page. Clicking any item on the list opens the edit dialog where the item can be edited. The floating action button in the bottom-right corner can be used to add a new item. To save or delete the file, or to discard current changes, the respective options in the menu can be used.

3 指南

3.1 经由 TCP 的 ADB

Many root-only features can still be used by enabling ADB over TCP. To do that, a PC or Mac is required with Android platform-tools installed, and an Android phone with developer options & USB debugging enabled.

Root users.

If superuser permission has been granted to App Manager, it can already execute privileged code without any problem. Therefore, root users don’t need to enable ADB over TCP. If you still want to use ADB over TCP, you must revoke superuser permission for App Manager and restart your device. You may see working on ADB mode message without restarting but this isn’t entirely true. The server (used as an interface between system and App Manager) is still running in root mode. This is a known issue and will be fixed in a future version of App Manager.

3.1.1 启用开发者选项

3.1.1.1 开发人员选项的位置

Developer options is located in Android Settings, either directly near the bottom of the page (in most ROMs) or under some other settings such as System (Lineage OS, Asus Zenfone 8.0+), System > Advanced (Google Pixel), Additional Settings (Xiaomi MIUI, Oppo ColorOS), More Settings (Vivo FuntouchOS), More (ZTE Nubia). Unlike other options, it is not visible until explicitly enabled by the user. If developer options is enabled, you can use the search box in Android Settings to locate it as well.

3.1.1.2 如何启用开发者选项

This option is available within Android Settings as well but like the location of the developer options, it also differs from device to device. But in general, you have to find Build number (or MIUI version for MIUI ROMs and Software version for Vivo FuntouchOS, Version for Oppo ColorOS) and tap it at least 7 (seven) times until you finally get a message saying You are now a developer (you may be prompted to insert pin/password/pattern or solve captchas at this point). In most devices, it is located at the bottom of the settings page, inside About Phone. But the best way to find it is to use the search box.

3.1.2 启用USB调试

After locating the developer options, enable Developer option (if not already). After that, scroll down a bit until you will find the option USB debugging. Use the toggle button on the right-hand side to enable it. At this point, you may get an alert prompt where you may have to click OK to actually enable it. You may also have to enable some other options depending on device vendor and ROM. Here are some examples:

3.1.2.1 小米 (MIUI)

Enable USB debugging (Security settings) as well.

3.1.2.2 华为 (EMUI)

Enable Allow ADB debugging in charge only mode as well. When connecting to your PC or Mac, you may get a prompt saying Allow access to device data? in which case click YES, ALLOW ACCESS.

Notice.

Often the USB debugging mode could be disabled automatically by the system. If that’s the case, repeat the above procedure.

3.1.2.3 Realme

Depending on the device and the version of operating system, you have to enable Disable Permission Monitoring, or USB debugging (Security settings) along with Install via USB.

3.1.2.4 LG

Make sure you have USB tethering enabled.

3.1.2.5 故障排除

In case USB Debugging is greyed out, you can do the following:

  1. Make sure you enabled USB debugging before connecting your phone to the PC or Mac via USB cable

  2. Enable USB tethering after connecting to PC or Mac via USB cable

  3. (For Samsung) If your device is running KNOX, you may have to follow some additional steps. See official documentations or consult support for further assistant

3.1.3 在PC或Mac上配置ADB

In order to enable ADB over TCP, you have to set up ADB in your PC or Mac. Lineage OS users can skip to §3.1.4.1.

3.1.3.1 Windows

  1. Download the latest version of Android SDK Platform-Tools for Windows

  2. Extract the contents of the zip file into any directory (such as C:\adb) and navigate to that directory using Explorer

  3. Open Command Prompt or PowerShell from this directory. You can do it manually from the start menu or by holding Shift and Right clicking within the directory in File Explorer and then clicking either on Open command window here or on Open PowerShell window here (depending on what you have installed). You can now access ADB by typing adb (Command Prompt) or ./adb (PowerShell). Do not close this window yet

3.1.3.2 macOS

  1. Download the latest version of Android SDK Platform-Tools for macOS

  2. Extract the contents of the zip file into a directory by clicking on it. After that, navigate to that directory using Finder and locate adb

  3. Open Terminal using Launchpad or Spotlight and drag-and-drop adb from the Finder window into the Terminal window. Do not close the Terminal window yet

Tip.

If you are not afraid to use command line, here’s a one liner:

cd ~/Downloads && curl -o platform-tools.zip -L \
https://dl.google.com/android/repository/platform-tools-latest-darwin.zip && \
unzip platform-tools.zip && rm platform-tools.zip && cd platform-tools

After that, you can simply type ./adb in the in same Terminal window to access ADB.

3.1.3.3 Linux

  1. Open your favourite terminal emulator. In most GUI-distros, you can open it by holding Control, Alter and T at the same time

  2. Run the following command:

    cd ~/Downloads && curl -o platform-tools.zip -L \
    https://dl.google.com/android/repository/platform-tools-latest-linux.zip && \
    unzip platform-tools.zip && rm platform-tools.zip && cd platform-tools
  3. If it is successful, you can simply type ./adb in the in same terminal emulator window or type ~/Downloads/platform-tools/adb in any terminal emulator to access ADB.

3.1.4 配置经由TCP的ADB

3.1.4.1 Lineage OS 17.1 及更早版本

Lineage OS (or its derivatives) users can directly enable ADB over TCP using the developer options. To enable that, go to the Developer options, scroll down until you find ADB over Network. Now, use the toggle button on the right-hand side to enable it and skip to §3.1.4.3.

3.1.4.2 在 PC 或 Mac 上启用 经由TCP的ADB

For other ROMs, you can do this using the command prompt/PowerShell/terminal emulator that you’ve opened in the step 3 of the previous section. In this section, I will use adb to denote ./adb, adb or any other command that you needed to use based on your platform and software in the previous section.

  1. Connect your device to your PC or Mac using a USB cable. For some devices, it is necessary to turn on File transfer mode (MTP) as well

  2. To confirm that everything is working as expected, type adb devices in your terminal. If your device is connected successfully, you will see something like this:

    List of devices attached
    xxxxxxxx  device

    Notice.

    In some Android phones, an alert prompt will be appeared with a message Allow USB Debugging in which case, check Always allow from this computer and click Allow.

  3. Finally, run the following command to enable ADB over TCP:

    adb tcpip 5555

Danger.

You cannot disable developer options or USB debugging after enabling ADB over TCP.

3.1.4.3 在 App Manager 中启用 ADB 模式

After enabling ADB over TCP, relaunch App Manager. App Manager should detect ADB mode automatically. If it cannot, you can change the mode of operation to ADB over TCP in the settings page. There, you can also verify whether App Manager has correctly detected ADB as indicated by the inferred mode.

Notice.

In some Android devices, the USB cable is needed to be disconnected from the PC before connecting to App Manager.

Warning.

ADB over TCP will be disabled after a reboot. In that case, you have to follow §3.1.4.2 again.

Lineage OS users.

You can turn off ADB over Network in developer options, but turning off this option will also stop App Manager’s remote server. So, turn it off only when you’re not going to use App Manager in ADB over TCP mode.

3.1.5 参考

  1. How to Install ADB on Windows, macOS, and Linux

  2. Android Debug Bridge (adb)

  3. How to fix USB debugging greyed out?

3.2 Wireless Debugging

If you are running Android 11 or later and capable of connecting to a Wi-Fi network for, at least, a few moments, Wireless Debugging is the recommended approach as it offers more protection than ADB over TCP. It requires two steps:

  1. ADB pairing. The initial and a bit complex step for a novice user. Fortunately, this step is not required all the time.

  2. Connecting to ADB. The final step which needs to be carried out every time you reboot your phone.

3.2.1 Enable developer options and USB Debugging

See §3.1.1 and §3.1.2.

3.2.2 Enable Wireless Debugging

In the Developer options page, find Wireless debugging and click to open it. In the new page, turn on Use wireless debugging. Depending on your configuration, you might see a dialog prompt asking you to verify your decision. If that is the case, click Allow.

Tip.

For an easy access, you might want to add Wireless debugging in the notification tiles section. To do this, find Quick settings developer tiles in the Developer options page and click to open it. In the new window, enable Wireless debugging. However, this option is unavailable in most operating systems.

3.2.3 Pair ADB with App Manager

Keeping the Wireless debugging page open, go to the Recents page either by swiping up or by using the dedicated navigation button, and click on the Settings logo to enable Split screen. It will wait for you to select or launch another application: Launch or select App Manager.

Now, in App Manager and navigate to Settings and then enable Wireless debugging in Mode of operation. After a few moments, App Manager will ask you to either connect or pair ADB. Select pair.

In the Wireless debugging page (now should be on top among the splits), select Pair device with pairing code. At this, a dialog prompt will be displayed. Note down the pairing code but DO NOT close the dialog prompt or the window.

Finally, in App Manager, insert the pairing code and click pair. The port number should be detected automatically. If it cannot, you have to insert the port number as well.

If the pairing is successful, it will display a successful message at the bottom, and the dialog prompt in the Wireless debugging page will be dismissed automatically, and you will be able to see App Manager listed as an ADB client.

Notice.

If you do not use App Manager in ADB mode for a while (depending on devices), App Manager might be removed from the list. In that case, you have to repeat the above procedure.

3.2.4 Connect App Manager to ADB

App Manager should be able to connect to ADB automatically if the mode of operation is set to auto, ADB over TCP or Wireless debugging. If that is not the case, select Wireless debugging in the settings page. If App Manager fails to detect or connect to ADB, it will display a dialog prompt to connect or pair ADB. Select connect.

Now, navigate to the Wireless debugging page in Android settings, and note down the port number displayed in the page. In App Manager’s dialog prompt, replace the port number with the one that you have noted earlier, and click connect.

Once a connection has been established, you can safely disable Wireless debugging in Android settings.

Caution.

Never disable USB Debugging or any other additional options described in §3.2.1. If you do this, the remote server used by App Manager will be stopped, and you may have to start all over again.

3.3 备份/恢复

App Manager has a modern, advanced and easy-to-use backup/restore system implemented from the scratch. This is probably the only app that has the ability to restore not only the app or its data but also permissions and rules that you’ve configured within App Manager. You can also choose to back up an app multiple times (with custom names) or for all users.

3.3.1 位置

Back up/restore is a part of batch operations. It is also located inside the options menu in the App Info tab. Clicking on Backup/Restore opens the Backup Options. Backups are located at /storage/emulated/0/AppManager by default. You can configure custom backup location in the settings page in which case the backups will be located at the AppManager folder in the selected volume.

Note.

If one or more selected apps do not have any backup, the Restore and Delete Backup options will not be displayed.

3.3.2 备份选项

Backup options (internally known as backup flags) let you customise the backups on the fly. However, the customisations will not be remembered for the future backups. If you want to customise this dialog, use Backup Options in the Settings page.

A complete description of the backup options is given below:

  • APK files. Whether to back up the APK files. This includes the base APK file along with the split APK files if they exist.

  • Internal data. Whether to back up the internal data directories. These directories are located at /data/user/<user_id> and (for Android N or later) /data/user_de/<user_id>.

  • External data. Whether to back up data directories located in the internal memory as well as SD Card (if exists). External data directories often contain non-essential app data or media files (instead of using the dedicated media folder) and may increase the backup size. However, it might be essential for some apps. Although it isn’t checked by default (as it might dramatically increase the size of the backups), you may have to check it in order to ensure a smooth restore of your backups.

    Caution.

    Internal data folders should always be backed up if you are going to back up the external data folders. However, it could be useful to back up only the external folders if the app in question downloads a lot of assets from the Internet.

  • OBB and media. Whether to back up or restore the OBB and the media directories located in the external storage or the SD Card. This is useful for games and the graphical software which actually use these folders.

  • Cache. Android apps have multiple cache directories located at every data directories (both internal and external). There are two types of cache: cache and code cache. Enabling this option excludes both cache directories from all the data directories. It is generally advised to exclude cache directories since most apps do not clear the cache regularly (for some reason, the only way an app can clear its cache is by deleting the entire cache directory) and usually handled by the OS itself. Apps such as Telegram may use a very large cache (depending on the storage space) which may dramatically increase the backup size. When it is disabled, AM also ignores the no_backup directories.

  • Extras. Backup/restore app permissions, net policy, battery optimization, SSAID, etc., enabled by default. Note that, blocking rules are applied after applying the extras. So, if an item is present in both places, it will be overwritten (i.e., the one from the blocking rules will be used).

  • Rules. This option lets you back up blocking rules configured within App Manager. This might come in handy if you have customised permissions or block some components using App Manager as they will also be backed up or restored when you enable this option.

  • Backup Multiple. Whether this is a multiple backup. By default, backups are saved using their user ID. Enabling this option allows you to create additional backups. These backups use the current date-time as the default backup name, but you can also specify custom backup name using the input field displayed when you click on the Backup button.

  • Custom users. Backup or restore for the selected users instead of only the current user. This option is only displayed if the system has more than one user.

  • Skip signature checks. When taking a backup, checksum of every file (as well as the signing certificate(s) of the base APK file) is generated and stored in the checksums.txt file. When you restore the backup, the checksums are generated again and are matched with the checksums stored in the said file. Enabling this option will disable the signature checks. This option is applied only when you restore a backup. During backup, the checksums are generated regardless of this option.

    Caution.

    You should always disable this option to ensure that your backups are not modified by any third-party applications. However, this would only work if you enabled encryption.

3.3.3 备份

Backup respects all the backup options except Skip signature checks. If base backups (i.e., backups that don’t have the Backup Multiple option) already exist, you will get a warning as the backups will be overwritten. If Backup Multiple is set, you have an option to input the backup name, or you can leave it blank to use the current date-time.

3.3.4 恢复

Restore respects all the backup options and will fail if APK files option is set, but the backup doesn’t contain such backups or in other cases, if the app isn’t installed. When restoring backups for multiple packages, you can only restore the base backups (see backup section for an explanation). However, when restoring backups for a single package, you have the option to select which backup to restore. If All users option is set, AM will restore the selected backup for all users in the latter case but in the former case, it will restore base backups for the respective users.

Notice.

Apps that use storage access framework (SAF), SSAID or Android KeyStore works properly only after an immediate restart.

3.3.5 删除备份

Delete backup only respects All users option and when it is selected, only the base backups for all users will be deleted with a prompt. When deleting backups for a single package, another dialog will be displayed where you can select the backups to delete.

3.4 Automating Tasks

It is possible to trigger profiles configured inside App Manager via third-party applications such as Automation or Tasker. Traditionally, Intents are used to trigger such operations.

3.4.1 Generating authorization key

In order to ensure proper security, an authorization key is required. To generate a authorization key, go to Settings page and then click Authorization Manager at the bottom. If an authorization key has not been generated, it will be generated automatically. The key can be regenerated as required.

Caution.

Regenerating the authorization key can have some side effects such as invalidation of all the previously configured Intents.

3.4.2 Configuring tasks

The activity io.github.muntashirakon.AppManager.crypto.auth.AuthFeatureDemultiplexer is responsible for handling all the automations. Sending an intent to the activity lets App Manager perform the designated operation by redirecting the Intent to the designated activity or service.

3.4.2.1 Required extras

It has two primary extras required in all conditions. The key names, data types are all follows:

  1. auth. (String value) The authorization key as described in the earlier section.

  2. feature. (String value) Name of the feature. Supported features are described in the next section.

3.4.3 Features

App Manager current support a single feature, namely profile.

3.4.4 Triggering a profile

In order to trigger a profile, feature must have the value profile. In addition, the following extras can be included:

  1. prof. (String value – required) The name of the profile as displayed in the Profiles page.

  2. state. (String value – optional) State of the profile – currently on or off – as specified in the documentation. If this extra is not set, App Manager will display a prompt where a state must be selected. Therefore, for complete automation, this option should be set.

3.5 连网策略

Short for Network policy or network policies. It is usually located in the Android settings under Mobile data & Wifi section in the app info page of an app. Not all policies are guaranteed to be included in this page (e.g. Samsung), and not all settings are well-understood due to lack of documentation. App Manager can display all the net policies declared in the NetworkPolicyManager. Policies unknown to App Manager will have a Unknown prefix along with the policy constant name and number in the hexadecimal format. Unknown policies should be reported to App Manager for inclusion.

Net policy allows a user to configure certain networking behaviour of an app without modifying the ip tables directly and/or running a firewall app. However, the features it offers largely depend on Android version and ROM. A list of known net policies are listed below:

  1. None or POLICY_NONE: (AOSP) No specific network policy is set. System can still assign rules depending on the nature of the app.

  2. Reject background data or POLICY_REJECT_METERED_BACKGROUND: (AOSP) Reject network usage on metered networks when the application is in background.

  3. Allow background data when Data Saver is on or POLICY_ALLOW_METERED_BACKGROUND: (AOSP) Allow metered network use in the background even when data saving mode is enabled.

  4. Reject cellular data or POLICY_REJECT_CELLULAR (Android 11+) or POLICY_REJECT_ON_DATA (up to Android 10): (Lineage OS) Reject mobile/cellular data. Signals network unavailable to the configured app as if the mobile data is inactive.

  5. Reject VPN data or POLICY_REJECT_VPN (Android 11+) or POLICY_REJECT_ON_VPN (up to Android 10): (Lineage OS) Reject VPN data. Signals network unavailable to the configured app as if the VPN is inactive.

  6. Reject Wi-Fi data or POLICY_REJECT_WIFI (Android 11+) or POLICY_REJECT_ON_WLAN (up to Android 10): (Lineage OS) Reject Wi-Fi data. Signals network unavailable to the configured app as if the device is not connected to a Wi-Fi network.

  7. Disable network access or POLICY_REJECT_ALL (Android 11+) or POLICY_NETWORK_ISOLATED (up to Android 10): (Lineage OS) Reject network access in all circumstances. This is not the same as enforcing the other three policies above, and is the recommended policy for dodgy apps. If this policy is enforced, there is no need to enforce the other policies.

  8. POLICY_ALLOW_METERED_IN_ROAMING: (Samsung) Possibly allow metered network use during roaming. Exact meaning is currently unknown.

  9. POLICY_ALLOW_WHITELIST_IN_ROAMING: (Samsung) Possibly allow network use during roaming. Exact meaning is currently unknown.

4 常见问题

4.1 应用组件

4.1.1 什么是应用组件?

Activities, services, broadcast receivers (or only receivers) and content providers (or only providers) are jointly called application components. More technically, they all inherit the ComponentInfo class and can be launched via Intent.

4.1.2 追踪器和其他组件在App Manager中是如何被禁用的?其局限性是什么?

App Manager typically blocks application components (or tracker components) using a method called Intent Firewall (IFW), it is superior to other methods such as pm (PackageManager), Shizuku or any other method that uses the package manager to enable or disable the components. If a component is disabled by the latter methods, the application itself can detect that the component is being blocked and can re-enable it as it has full access to its own components. (Many deceptive applications actually do this in order to keep the tracker components unblocked.) On the other hand, IFW is a true firewall and the application cannot detect if its components are being blocked. App Manager uses the term block rather than disable for this reason.

Even IFW has some limitations which are primarily applicable for the system applications:

  • The application in question is whitelisted by the system i.e. the system cannot function properly without these applications and may cause random crashes. These applications include but not limited to Android System, System UI, Phone Services. They will continue to work even if they are disabled or blocked.

  • Another system application or system process has activated a specific component of the application in question via interprocess communication (IPC). In this case, the component will be activated regardless of blocking status or even if the entire application is disabled. If there is such a system application that is not needed, the only way to prevent it from running is by getting rid of it.

4.1.3 被其他工具禁用的应用程序组件是否保留在App Manager中?

No. But the application components blocked by the system or any other tools are displayed in the component tabs. These rules can be imported from Settings. However, it is not possible for App Manager to distinguish the components blocked by the third-party tools and components blocked by the system. Therefore, the applications listed in the import page should be selected with care.

4.1.4 现在被 App Manager 拦截但先前被其他工具禁用的组件会发生什么?

App Manager blocks the components again if requested. In case of unblocking, they will be reverted to the default state as specified in the manifest of the application. But if the components were blocked by MyAndroidTools (MAT) with IFW method, they will not be unblocked by App Manager as it uses a different format. To fix this issue, the rules have to be imported from Settings at first, in which case MAT’s configurations will be permanently removed.

4.1.5 什么是即时组件禁用?

When you block a component in the App Details page, the blocking is not applied by default. It is only applied when you apply blocking using the Apply rules option in the top-right menu. If you enable instant component blocking, blocking will be applied as soon as you block a component. If you choose to block tracker components, however, blocking is applied automatically regardless of this setting. You can also remove blocking for an application by simply clicking on Remove rules in the same menu in the App Details page. Since the default behaviour gives you more control over applications, it is better to keep instant component blocking option disabled.

4.1.6 跟踪器类与跟踪器组件

All application components are classes but not all classes are components. In fact, only a few of the classes are components. That being said, scanner page displays a list of trackers along with the number of classes, not just the components. In all other pages, trackers and tracker components are used synonymously to denote tracker components, i.e. blocking tracker means blocking tracker components, not tracker classes.

Info.

Tracker classes that are not components cannot be blocked. They can only be removed by editing the application itself.

4.2 ADB over TCP (经由TCP的ADB)

4.2.1 我必须在每次重启后启用ADB over TCP吗?

Unfortunately, yes. This is because the ADB daemon, the process responsible for ADB connection, is also restarted after a reboot, and it does not re-enable ADB over TCP.

4.2.2 无法启用 USB 调试,怎么办?

See §3.1.2 in Chapter 3.

4.2.3 我可以使用 ADB over TCP 来禁用跟踪器或任何其他应用程序组件吗?

ADB has limited number of permissions and controlling application components is not one of them. However, the components of a test-only app can be controlled via ADB. If App Manager detects such an application, it enables the blocking options automatically.

4.2.4 哪些功能可以在ADB模式下使用?

Supported features are enabled automatically in the ADB mode. Supported features include disabling, force-stopping, clearing application data, granting or revoking app ops and permissions, and so on. It is also possible to install or uninstall applications without any prompt from the system.

4.3 杂项

4.3.1 我不使用root/ADB,是否完全安全?

Yes. AM cannot modify any system settings without root or ADB.

4.3.2 跟踪器和库是如何更新的?

Trackers and libraries are updated manually before making a new release.

4.3.3 Are APKs deleted after installed?

No, APKs aren’t deleted by App Manager after they are installed.

4.3.4 对于 Shizuku 有何计划?

App Manager’s use of hidden API and privileged code execution is now much more complex and cannot be integrated with other third party apps such as Shizuku. Here are some reasons for not considering Shizuku (which now has Apache 2.0 license) for App Manager:

  1. Shizuku was initially non-free which led me to use a similar approach for App Manager to support both root and ADB

  2. App Manager already supports both ADB and root which in some cases is more capable than Shizuku

  3. Relying on a third-party app for the major functionalities is not a good design choice

  4. Integration of Shizuku will increase the complexity of App Manager.

4.3.5 什么是预装(bloatware)软件以及如何删除?

Bloatware are the unnecessary apps supplied by the vendor or OEM and are usually system apps. These apps are often used to track users and collect user data which they might sell for profits. System apps do not need to request any permission in order to access device info, contacts and messaging data, and other usage info such as your phone usage habits and everything you store on your shared storage(s).

The bloatware may also include Google apps (such as Google Play Services, Google Play Store, Gmail, Google, Messages, Dialer, Contacts), Facebook apps (the Facebook app consists of four or five apps), Facebook Messenger, Instagram, Twitter and many other apps which can also track users and/or collect user data without consent given that they all are system apps. You can disable a few permissions from the Android settings but be aware that Android settings hides almost every permission any security specialist would call potentially dangerous.

If the bloatware were user apps, you could easily uninstall them either from Android settings or AM. Uninstalling system apps is not possible without root permission. You can also uninstall system apps using ADB, but it may not work for all apps. AM can uninstall system apps with root or ADB (the latter with certain limitations, of course), but these methods cannot remove the system apps completely as they are located in the system partition which is a read-only partition. If you have root, you can remount this partition to manually purge these apps but this will break Over the Air (OTA) updates since data in the system partition has been modified. There are two kind of updates, delta (small-size, consisting of only the changes between two versions) and full updates. You can still apply full updates, but the bloatware will be installed again, and consequently, you have to delete them all over again. Besides, not all vendors provide full updates.

Another solution is to disable these apps either from Android settings (no-root) or AM, but certain services can still run in the background as they can be started by other system apps using Inter-process Communication (IPC). One possible solution is to disable all bloatware until the service has finally stopped (after a restart). However, due to heavy modifications of the Android frameworks by the vendors, removing or disabling certain bloatware may cause the System UI to crash or even cause bootloop, thus, (soft) bricking your device. You may search the web or consult the fellow users to find out more about how to debloat your device.

From v2.5.19, AM has a new feature called profiles. The profiles page has an option to create new profiles from one of the presets. The presets consist of debloating profiles which can be used as a starting point to monitor, disable, and remove the bloatware from a proprietary Android operating system.

Note.

In most cases, you cannot completely debloat your device. Therefore, it is recommended that you use a custom ROM free from bloatware such as Graphene OS, Lineage OS or their derivatives.

5 语法

5.1 规则语法

5.1.1 背景介绍

AM currently supports blocking activities, broadcast receivers, content providers, services, app ops and permissions, and in future I may add more blocking options. In order to add more portability, it is necessary to import/export all these data.

Maintaining a database should be the best choice when it comes to storing data. For now, several tsv files with each file having the name of the package and a .tsv extension. The file/database will be queried/processed by the RulesStorageManager class. Due to this abstraction, it should be easier to switch to database or encrypted database systems in future without changing the design of the entire project. Currently, All configuration files are stored at /data/data/io.github.muntashirakon.AppManager/Files/conf.

5.1.2 规则文件格式

5.1.2.1 内部

The format below is used internally within App Manager and is not compatible with the external format.

    <name> <type> <mode>|<component_status>|<is_granted>

Here:

  • <name> – Component/permission/app op name (in case of app op, it could be string or integer)

  • <type> – One of the ACTIVITY, RECEIVER, PROVIDER, SERVICE, APP_OP, PERMISSION

  • <mode> – (For app ops) The associated mode constant

  • <component_status> – (For components) Component status

    • true – Component has been applied (true value is kept for compatibility)

    • false – Component hasn’t been applied yet, but will be applied in future (false value is kept for compatibility)

    • unblocked – Component is scheduled to be unblocked

  • <is_granted> – (For permissions) Whether the permission is granted or revoked

5.1.2.2 外部

External format is used for importing or exporting rules in App Manager.

    <package_name> <component_name> <type> <mode>|<component_status>|<is_granted>

This the format is essentially the same as above except for the first item which is the name of the package.

Caution.

The exported rules have a different format than the internal one and should not be copied directly to the conf folder.

6 更新日志

6.1 v3.1.0 (423)

App Manager v3.1.0 comes with a few new features and a lot of improvements. Visit Settings > About > Version/Changelog for details.

6.1.1 Android 13 support

App Manager now targets Android 13 which means most issues in Android 12 and 13 has been addressed, including SSAID and SAF issues as well as monochrome icons and other theming issues.

6.1.1.0.1 Known issue

KeyStore backup/restore not working in Android 12 and later.

6.1.2 Introducing freeze/unfreeze

Enable/disable is replaced with freeze/unfreeze to allow greater control on the behaviours of an app. It supports suspend, disable and hide functionalities which can be controlled at Settings > Rules > Default freezing method. In order to make it easy to freeze or unfreeze an app, shortcuts can also be created from the App Info tab by long clicking on the freeze or unfreeze button.

6.1.3 Export app list

In the Main page, it is now possible to export the list of apps in either XML or Markdown format using batch operations. In the future, the XML file may also be imported to App Manager.

6.1.4 Elliptic Curve Crypography (ECC)

App Manager now fully supports encrypting backups using ECC in addition to offering AES, RSA and OpenPGP.

6.1.5 New languages

Two new languages are added: Korean and Romanian.

6.1.6 More list options

In the main page, more sorting and filtering options are added. Sorting options include sorting the apps by total size, total data usage, launch count, screen time and last usage time. Filtering options include filtering the apps having at least one item in the Android KeyStore, filtering apps with URIs granted via SAF, and filtering apps with SSAID.

6.1.7 Improved handling of mode of operation

Fixed various issues with ADB pairing, handled incomplete USB debugging. Some rooting methods cannot allow interprocess communication via Binder. In those cases, ADB mode is used as a fallback method by enabling it automatically if possible.

6.1.8 Handling multiple users

When possible, App Manager will be able to display apps from work profile in no-root mode in addition to allowing basic operations such as launching the app or navigating to the system settings. For backups, it is now possible to restore backups for other users, but for work profile, some apps may only work properly after re-enabling the work profile. In the installer page, selecting All users will now install the app for all users instead of only the current user. Finally, in the app info tab, current app can be installed in another profile using the Install for… option available in the three-dots menu. This is analogous to the pm install-existing command, thereby, making the installation process a lot faster.

6.1.9 Explorer enhancements

Explorer can now open DEX and JAR files in addition to APK files. Several sorting options as well as folder options are also added as the list options.

6.1.10 New tag: WX

In app info tab, a new tag called WX is added. It is displayed in Android 10 and later if the application targets Android 9 or earlier. It indicates W^X violation which allows the app to execute arbitrary executable files either by the modification of executables embedded within the app or by downloading them from the Internet.

6.1.11 App ops management

App ops are now managed automatically to avoid various app ops related crashes in various platforms. This will also lessen the amount of crashes in an unsupported operating system.

6.1.12 Batch uninstallation

In the Main page, enabled batch uninstallation in no-root mode.

6.1.13 Running apps

Enabled advanced searching. Searching now matches not only app labels but also package names.

6.1.14 Interceptor

Copy the intercepted Intent as am command which can be run from either an ADB shell or a terminal using root with the same effectiveness.

6.1.15 Device-specific changes

6.1.15.0.1 Graphene OS

Explicitly handle the Internet permission which is a runtime permission in the OS.

6.1.15.0.2 MIUI

Fixed permission denied issues in the installer due to a framework issue introduced in MIUI 12.5.

6.1.15.0.3 Motorola

Fixed crashes in the Interceptor page due to a framework issue introduced in Android 11.

6.1.16 Others

  • Improved Java-Smali conversion by including all the subclasses during conversion

  • Improved scanning performance in the Scanner page

  • Improved updating the list of apps in the Main page

  • Scan all the available paths to detect systemless-ly installed system apps

  • vacuum SQLite database before opening it for viewing or editing.

6.2 v3.0.0 (410)

App Manager v3.0.0 comes with a lot of features and improvements. See Settings > Changelog to see a more detailed changelog.

6.2.1 Material 3 and More

Material 3, somewhat similar to Material You, is a significant improvement over Material Design 2 with support for dynamic colours in Android 12 and later. In addition, many design changes have been made in App Manager without any significant changes in the overall user experience.

6.2.1.0.1 Known issue

Switches are still based on Material Design 2 which will be fixed in a future release.

6.2.2 Wireless Debugging

Wireless debugging support has been fully implemented. Head over to §3.2 for instructions on how to configure wireless debugging.

No-root users.

Due to auto-detection feature, startup time might be large for no-root users when the mode of operation is set to auto. Instead, no-root users should select no-root instead of auto.

6.2.3 Languages

App Manager is fully translated into Indonesian and Italian languages and can be enabled in settings. Bengali is removed due to lack of translators.

6.2.4 Introducing App Explorer

App Explorer can be used to browse the contents of an application. This includes binary XML files, DEX contents or any other media files. DEX contents can only be explored in Android Oreo (Android 8) and later. It’s also possible to convert an .smali file into .java for a better understanding of the reversed code. This feature, if not needed, can be disabled in Settings > Enable/disable features.

6.2.5 Import Backups from Other Applications

It is possible to import backups from discontinued or obsolete applications such as Titanium Backup, OAndBackup and Swift Backup (version 3.0 to 3.2). Go to Setting > Backup/restore to find this option.

6.2.6 VirusTotal

VirusTotal is a widely used tool to scan files and URLs for viruses. In the scanner page and in the running apps page, an option to scan files with VirusTotal has been added. But the option is hidden by default. To enable the option, it is necessary to obtain an API key from VirusTotal. Go to Settings > VirusTotal API Key for more information.

Internet feature.

This is currently the only feature which require an Internet connection. If you wish to use any Internet feature that might also be added in the future, enable Use the Internet in Settings > Enable/disable features.

6.2.7 Trigger Profiles from the Automation Software

As the implementation of routine operations is being delayed, an option to trigger profiles from the external automation software is added. See §3.4 for instructions on how to configure profile automation.

6.2.8 Improved Application Installer

Application installer includes several improvements including the ability to downgrade applications in no-root mode, installing multiple applications at once and blocking trackers after installation. In Android 12 and later, no-root users can update applications without any user interactions.

6.2.9 Component Blocking

It is now possible to configure how App Manager should block a component. Visit Settings > Rules > Default blocking method for more information. In the components tab, long clicking the block/unblock button opens a context menu which allows per-component blocking in a similar manner. ADB users can also block the components of a Test only app.

6.2.10 Advanced Searching

In some pages, the search bar supports additional searching which includes searching via prefix, suffix or even regular expressions. In the main page, it is also possible to search for applications using the first letters of each word, e.g. App Manager can be listed by searching for am.

6.2.11 Shared Libraries

Shared libraries tab has received a significant improvements. It can display three types of libraries, such as native, jar and APK files.

6.2.12 Make the Best Use of Interceptor

Activity interceptor can be opened directly from the activities tab by long clicking on the launch button, and similarly, activities can be launched from the activity interceptor page with or without root, for any users.

Notice.

Currently, activities opened via root cannot send the results back to the original applications.

6.2.13 Widget: Screen Time

Screen time widget is quite similar to Digital Wellbeing’s widget by the same name. It displays the total screen time for the day along with the top three apps from all users.

6.2.14 Widget: Clear Cache

Clear cache widget can be to clear cache from all the applications directly from the home screen.

6.3 v2.6.0 (385)

6.3.1 Introducing Backups

Back up/restore feature is now finally out of beta! Read the corresponding guide to understand how it works.

6.3.2 Introducing Log Viewer

Log viewer is essentially a front-end for logcat. It can be used to filter logs by tag or pid (process ID), or even by custom filters. Log levels AKA verbosity can also be configured. You can also save, share and manage logs.

6.3.3 Lock App Manager

Lock App Manager with the screen lock configured for your device.

6.3.4 Extended Modes for App Ops

You can set any mode for any app ops that your device supports, either from the 1-click ops page or from the app ops tab.

6.3.5 New Batch Ops: Add to Profile

You can now easily add selected apps to an existing profile using the batch operations.

6.3.6 App Info: Improved

App info tab now has many options, including the ability to change SSAID, network policy (i.e. background network usage), battery optimization, etc. Most of the tags used in this tab are also clickable, and if you click on them, you will be able to look at the current state or configure them right away.

6.3.7 Advanced Sort and Filtering Options in the Main Page

Sort and filter options are now replaced by List Options which is highly configurable, including the ability to filter using profiles.

6.3.8 About This Device

Interested in knowing about your device in just one page? Go to the bottom of the settings page.

6.3.9 Enable/disable Features

Not interested in all the features that AM offers? You can disable some features in settings.

6.3.10 New Languages

AM now has more than 19 languages! New languages include Farsi, Japanese and Traditional Chinese.

6.3.11 Signing the APK Files

You can now import external signing keys in AM! For security, App Manager has its own encrypted KeyStore which can also be imported or exported.

6.3.12 New Extension: UnAPKM

Since APKMirror has removed encryption from their APKM files, it’s no longer necessary to decrypt them. As a result, the option to decrypt APKM files has been removed. Instead, this option is now provided by the UnAPKM extension which you can grab from F-Droid. So, if you have an encrypted APKM file and have this extension installed, you can open the file directly in AM.

6.4 v2.5.20 (375)

6.4.1 Introducing Profiles

Profiles finally closes the related issue. Profiles can be used to execute certain tasks repeatedly without doing everything manually. A profile can be applied (or invoked) either from the Profiles page or from the home screen by creating shortcuts. There are also some presets which consist of debloating profiles taken from Universal Android Debloater.

6.4.1.0.1 Known limitations
  • Exporting rules and applying permissions are not currently working.

  • Profiles are applied for all users.

6.4.2 The Interceptor

Intent Intercept works as a man-in-the-middle between source and destination, that is, when you open a file or URL with another app, you can see what is being shared by opening it with Interceptor first. You can also add or modify the intents before sending them to the destination. Additionally, you can double-click on any exportable activities in the Activities tab in the App Details page to open them in the Interceptor to add more configurations.

6.4.2.0.1 Known limitation

Editing extras is not currently possible.

6.4.3 UnAPKM: DeDRM the APKM files

When I released a small tool called UnAPKM, I promised that similar feature will be available in App Manager. I am proud to announce that you can open APKM files directly in the App Info page or convert them to APKS or install them directly.

6.4.4 Multiple user

App manager now supports multiple users! For now, this requires root or ADB. But no-root support is also being considered. If you have multiple users enabled and click on an app installed in multiple profiles, an alert prompt will be displayed where you can select the user.

6.4.5 Vive la France!

Thanks to the contributors, we have one more addition to the language club: French. You can add more languages or improve existing translations at Weblate.

6.4.6 Report crashes

If App Manager crashes, you can now easily report the crash from the notifications which opens the share options. Crashes are not reported by App Manager, it only redirects you to your favourite Email client.

6.4.7 Android 11

Added support for Android 11. Not everything may work as expected though.

6.4.8 App Installer Improvements

6.4.8.1 Set installation locations

In settings page, you can set install locations such as auto (default), internal only and prefer external.

6.4.8.2 Set APK installer

In settings page, you can also set default APK installer (root/ADB only) instead of App Manager.

6.4.8.3 Multiple users

In settings page, you can allow App Manager to display multiple users during APK installation.

6.4.8.4 Signing APK files

In settings page, you can choose to sign APK files before installing them. You can also select which signature scheme to use in the APK signing option in settings.

6.4.8.4.1 Known limitation

Currently, only a generic key is used to sign APK files

6.5 v2.5.17 (368)

6.5.1 App Installer

As promised, it is now possible to select splits. AM also provides recommendations based on device configurations. If the app is already installed, recommendations are provided based on the installed app. It is also possible to downgrade to a lower version without data loss if the device has root or ADB. But it should be noted that not all app can be downgraded. Installer is also improved to speed up the installation process, especially, for root users. If the app has already been installed and the new (x)apk(s) is newer or older or the same version with a different signature, AM will display a list of changes similar to What’s New before prompting the user to install the app. This is useful if the app has introduced tracker components, new permissions, etc.

6.5.1.0.1 Known Limitations
  • Large app can take a long time to fetch app info, and therefore, it may take a long time display the installation prompt.

  • If the apk is not located in the internal storage, the app has to be cached first which might also take a long time depending on the size of the apk.

6.5.2 Scanner: Replacement for Exodus Page

Exodus page is now replaced with scanner page. Scanner page contains not only a list of trackers but also a list of used libraries. This is just a start. In the future, this page will contain more in depth analysis of the app.

6.5.3 Introducing System Config

System Config lists various system configurations and whitelists/blacklists included in Android by either OEM/vendor, AOSP or even some Magisk modules. Root users can access this option from the overflow menu in the main page. There isn’t any official documentation for these options therefore it’s difficult to write a complete documentation for this page. I will gradually add documentations using my own knowledge. However, some functions should be understandable by their name.

6.5.4 More Languages

Thanks to the contributors, AM now has more than 12 languages. New languages include Bengali, Hindi, Norwegian, Polish, Russian, Simplified Chinese, Turkish and Ukrainian.

6.5.5 App Info Tab

More tags are added in the app info tab such as KeyStore (apps with KeyStore items), Systemless app (apps installed via Magisk), Running (apps that are running). For external apk, two more options are added namely Reinstall and Downgrade. Now it is possible to share an apk via Bluetooth. For system apps, it is possible to uninstall updates for root/ADB users. But like the similar option in the system settings, this operation will clear all app data. As stated above, exodus has been replaced with scanner.

6.5.7 Running Apps Page

It is now possible to sort and filter processes in this tab. Also, the three big buttons are replaced with an easy-to-use three dot menu. Previously the memory usage was wrong which is fixed in this version.

6.5.8 Built-in Toybox

Toybox (an alternative to busybox) is bundled with AM. Although Android has this utility built-in from API 23, toybox is bundled in order to prevent buggy implementations and to support API < 23.

6.5.9 Component Blocker Improvements

Component blocker seemed to be problematic in the previous version, especially when global component blocking is enabled. The issues are mostly fixed now.

Caution.

The component blocking mechanism is no longer compatible with v2.5.6 due to various security issues. If you have this version, upgrade to v2.5.13 or earlier versions first. After that, enable global component blocking and disable it again.

6.5.10 Improvements in the App Details Page

Value of various app ops depend on their parent app ops. Therefore, when you allow/deny an app op, the parent of the app op gets modified. This fixes the issues some users have been complaining regarding some app ops that couldn’t be changed.

If an app has the target API 23 or less, its permissions cannot be modified using the pm grant … command. Therefore, for such apps, option to toggle permission has been disabled.

The signature tab is improved to support localization. It also displays multiple checksums for a signature.

6.5.11 App Manifest

Manifest no longer crashes if the size of the manifest is too long. Generated manifest are now more accurate than before.

6.6 v2.5.13 (348)

6.6.1 Bundled App (Split APK)

Bundled app formats such as apks and xapk are now supported. You can install these apps using the regular installation buttons. For root and adb users, apps are installed using shell, and for non-root users, the platform default method is used.

6.6.1.0.1 Known Limitations
  • Currently all splits apks are installed. But this behaviour is going to change in the next release. If you only need a few splits instead of all, extract the APKS or XAPK file, and then, create a new zip file with your desired split apks and replace the ZIP extension with APKS. Now, open it with AM.

  • There is no progress dialog to display the installation progress.

6.6.2 Direct Install Support

You can now install APK, APKS or XAPK directly from your favourite browser or file manager. For apps that need updates, a What’s New dialog is displayed showing the changes in the new version.

6.6.2.0.1 Known Limitations
  • Downgrade is not yet possible.

  • There is no progress dialog to display the installation progress. If you cannot interact with the current page, wait until the installation is finished.

6.6.3 Remove All Blocking Rules

In the Settings page, a new option is added which can be used to remove all blocking rules configured within App Manager.

6.6.4 App Ops

  • App Ops are now generated using a technique similar to AppOpsX. This should decrease the loading time significantly in the App Ops tab.

  • In the App Ops tab, a menu item is added which can be used to list only active app ops without including the default app ops. The preference is saved in the shared preferences.

6.6.4.0.1 Known Limitation

Often the App Ops tab may not be responsive. If that’s the case, restart App Manager.

6.6.5 Enhanced ADB Support

ADB shell commands are now executed using a technique similar to AppOpsX (This is the free alternative of AppOps by Rikka.). This should dramatically increase the execution time.

6.6.5.0.1 Known Limitation

AM can often crash or become not responsive. If that’s the case, restart App Manager.

6.6.6 Filtering in Main Page

Add an option to filter apps that has at least one activity.

6.6.7 Apk Backup/Sharing

Apk files are now saved as app name_version.extension instead of package.name.extension.

6.6.8 Batch Ops

  • Added a foreground service to run batch operations. The result of the operation is displayed in a notification. If an operation has failed for some packages, clicking on the notification will open a dialog box listing the failed packages. There is also a Try Again button on the bottom which can be used to perform the operation again for the failed packages.

  • Replaced Linux kill with force-stop.

6.6.9 Translations

Added German and Portuguese (Brazilian) translations.

6.6.9.0.1 Known Limitation

Not all translations are verified yet.

6.6.10 App Data Backup

Install app only for the current user at the time of restoring backups. Support for split apks is also added.

Data backup feature is now considered unstable. If you encounter any problem, please report to me without hesitation.

7 App Ops

7.1 Background

App Ops (short hand for Application Operations) are used by Android system (since Android 4.3) to control application permissions. The user can control some permissions, but only the permissions that are considered dangerous (and Google thinks knowing your phone number isn’t a dangerous thing). So, app ops seems to be the one we need if we want to install apps like Facebook and it’s Messenger (the latter literary records everything if you live outside the EU) and still want some privacy and/or security. Although certain features of app ops were available in Settings and later in hidden settings in older version of Android, it’s completely hidden in newer versions of Android and is continued to be kept hidden. Now, any app with android.Manifest.permission.GET_APP_OPS_STATS permission can get the app ops information for other applications but this permission is hidden from users and can only be enabled using ADB or root. Still, the app with this permission cannot grant or revoke permissions (actually mode of operation) for apps other than itself (with limited capacity, of course). To modify the ops of other app, the app needs android.Manifest.permission.UPDATE_APP_OPS_STATS permissions which isn’t accessible via pm command. So, you cannot grant it via root or ADB, the permission is only granted to the system apps. There are very few apps who support disabling permissions via app ops. The best one to my knowledge is AppOpsX. The main (visible) difference between my app (AppManager) and this app is that the latter also provides you the ability to revoke internet permissions (by writing ip tables). One crucial problem that I faced during the development of the app ops API is the lack of documentation in English language.

7.2 Introduction to App Ops

Figure 2: How app ops work

Figure 1 describes the process of changing and processing permission. AppOpsManager can be used to manage permissions in Settings app. AppOpsManager is also useful in determining if a certain permission (or operation) is granted to the application. Most of the methods of AppOpsManager are accessible to the user app but unlike a system app, it can only be used to check permissions for any app or for the app itself and start or terminating certain operations. Moreover, not all operations are actually accessible from this Java class. AppOpsManager holds all the necessary constants such as OP_*, OPSTR_*, MODE_* which describes operation code, operation string and mode of operations respectively. It also holds necessary data structures such as PackageOps and OpEntry. PackageOps holds OpEntry for a package, and OpEntry, as the name suggests, describes each operation.

AppOpService is completely hidden from a user application but accessible to the system applications. As it can be seen in Figure 1, this is the class that does the actual management stuff. It contains data structures such as Ops to store basic package info and Op which is similar to OpEntry of AppOpsManager. It also has Shell which is actually the source code of the appops command line tool. It writes configurations to or read configurations from /data/system/appops.xml. System services calls AppOpsService to find out what an application is allowed and what is not allowed to perform, and AppOpsService determines these permissions by parsing /data/system/appops.xml. If no custom values are present in appops.xml, it returns the default mode available in AppOpsManager.

7.3 AppOpsManager

AppOpsManager stands for application operations manager. It consists of various constants and classes to modify app operations.

7.3.1 OP_* Constants

OP_* are the integer constants starting from 0. OP_NONE implies that no operations are specified whereas _NUM_OP denotes the number of operations defined in OP_* prefix. While they denote each operation, the operations are not necessarily unique. In fact, there are many operations that are actually a single operation denoted by multiple OP_* constant (possibly for future use). Vendors may define their own op based on their requirements. MIUI is one of the vendors who are known to do that.

public static final int OP_NONE = -1;
public static final int OP_COARSE_LOCATION = 0;
public static final int OP_FINE_LOCATION = 1;
public static final int OP_GPS = 2;
public static final int OP_VIBRATE = 3;
...
public static final int OP_READ_DEVICE_IDENTIFIERS = 89;
public static final int OP_ACCESS_MEDIA_LOCATION = 90;
public static final int OP_ACTIVATE_PLATFORM_VPN = 91;
public static final int _NUM_OP = 92;

Whether an operation is unique is defined by sOpToSwitch. It maps each operation to another operation or to itself (if it’s a unique operation). For instance, OP_FINE_LOCATION and OP_GPS are mapped to OP_COARSE_LOCATION.

Each operation has a private name which are described by sOpNames. These names are usually the same names as the constants without the OP_ prefix. Some operations have public names as well which are described by sOpToString. For instance, OP_COARSE_LOCATION has the public name android:coarse_location.

As a gradual process of moving permissions to app ops, there are already many permissions that are defined under some operations. These permissions are mapped in sOpPerms. For example, the permission android.Manifest.permission.ACCESS_COARSE_LOCATION is mapped to OP_COARSE_LOCATION. Some operations may not have any associated permissions which have null values.

As described in the previous section, operations that are configured for an app are stored at /data/system/appops.xml. If an operation is not configured, then whether system will allow that operation is determined from sOpDefaultMode. It lists the default mode for each operation.

7.3.2 MODE_* Constants

MODE_* constants also integer constants starting from 0. These constants are assigned to each operation describing whether an app is authorised to perform that operation. These modes usually have associated names such as allow for MODE_ALLOWED, ignore for MODE_IGNORED, deny for MODE_ERRORED (a rather misnomer), default for MODE_DEFAULT and foreground for MODE_FOREGROUND.

  1. MODE_ALLOWED. The app is allowed to perform the given operation

  2. MODE_IGNORED. The app is not allowed to perform the given operation, and any attempt to perform the operation should silently fail, i.e. it should not cause the app to crash

  3. MODE_ERRORED. The app is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException

  4. MODE_DEFAULT. The app should use its default security check, specified in AppOpsManager

  5. MODE_FOREGROUND. Special mode that means “allow only when app is in foreground.” This mode was added in Android 10

  6. MODE_ASK. This is a custom mode used by MIUI whose uses are unknown.

7.3.3 PackageOps

AppOpsManager.PackageOps is a data structure to store all the OpEntry for a package. In simple terms, it stores all the customised operations for a package.

public static class PackageOps implements Parcelable {
    private final String mPackageName;
    private final int mUid;
    private final List<OpEntry> mEntries;
    ...
}

As can be seen in Listing 2, it stores all OpEntry for a package as well as the corresponding package name and its kernel user ID.

7.3.4 OpEntry

AppOpsManager.OpEntry is a data structure that stores a single operation for any package.

public static final class OpEntry implements Parcelable {
    private final int mOp;
    private final boolean mRunning;
    private final @Mode int mMode;
    private final @Nullable LongSparseLongArray mAccessTimes;
    private final @Nullable LongSparseLongArray mRejectTimes;
    private final @Nullable LongSparseLongArray mDurations;
    private final @Nullable LongSparseLongArray mProxyUids;
    private final @Nullable LongSparseArray<String> mProxyPackageNames;
    ...
}

Here:

  • mOp: Denotes one of the OP_* constants

  • mRunning: Whether the operation is in progress (i.e. the operation has started but not finished yet). Not all operations can be started or finished this way

  • mMOde: One of the MODE_* constants

  • mAccessTimes: Stores all the available access times

  • mRejectTimes: Stores all the available reject times

  • mDurations: All available access durations, checking this with mRunning will tell you for how long the app is performing a certain app operation

  • mProxyUids: No documentation found

  • mProxyPackageNames: No documentation found

7.3.5 Usage

TODO

7.4 AppOpsService

TODO

7.5 appops.xml

Latest appops.xml has the following format: (This DTD is made by me and by no means perfect, has compatibility issues.)

<!DOCTYPE app-ops [

<!ELEMENT app-ops (uid|pkg)*>
<!ATTLIST app-ops v CDATA #IMPLIED>

<!ELEMENT uid (op)*>
<!ATTLIST uid n CDATA #REQUIRED>

<!ELEMENT pkg (uid)*>
<!ATTLIST pkg n CDATA #REQUIRED>

<!ELEMENT uid (op)*>
<!ATTLIST uid
n CDATA #REQUIRED
p CDATA #IMPLIED>

<!ELEMENT op (st)*>
<!ATTLIST op
n CDATA #REQUIRED
m CDATA #REQUIRED>

<!ELEMENT st EMPTY>
<!ATTLIST st
n CDATA #REQUIRED
t CDATA #IMPLIED
r CDATA #IMPLIED
d CDATA #IMPLIED
pp CDATA #IMPLIED
pu CDATA #IMPLIED>

]>

The instruction below follows the exact order given above:

This definition can be found at AppOpsService.

7.6 Command Line Interface

appops or cmd appops (on latest versions) can be accessible via ADB or root. This is an easier method to get or update any operation for a package (provided the package name is known). The help page of this command is self-explanatory:

AppOps service (appops) commands:
help
Print this help text.
start [--user <USER_ID>] <PACKAGE | UID> <OP>
Starts a given operation for a particular application.
stop [--user <USER_ID>] <PACKAGE | UID> <OP>
Stops a given operation for a particular application.
set [--user <USER_ID>] <[--uid] PACKAGE | UID> <OP> <MODE>
Set the mode for a particular application and operation.
get [--user <USER_ID>] <PACKAGE | UID> [<OP>]
Return the mode for a particular application and optional operation.
query-op [--user <USER_ID>] <OP> [<MODE>]
Print all packages that currently have the given op in the given mode.
reset [--user <USER_ID>] [<PACKAGE>]
Reset the given application or all applications to default modes.
write-settings
Immediately write pending changes to storage.
read-settings
Read the last written settings, replacing current state in RAM.
options:
<PACKAGE> an Android package name or its UID if prefixed by --uid
<OP>      an AppOps operation.
<MODE>    one of allow, ignore, deny, or default
<USER_ID> the user id under which the package is installed. If --user is not
specified, the current user is assumed.

  1. For distributing normal releases only↩︎

  2. GitHub 的 PR 将使用 git patch 进行手动合并, 因此, GitHub 可能会错误地将它们标记为closed而不是merged.↩︎

  3. 可称“Muntashir Akon”↩︎