Follow

I'm currently working on a new version of the F-Droid Privileged Extension which will work on unrooted phones using Androids Device Owner mode. Requires adb though.

There'll probably also be a seperate version which uses a root install mode instead of requiring install as a system app.

Setting an app as device owner is usually intended to be done through a factory reset. The adb method is intended mostly as a testing tool. Android requiring no accounts being present is a weird half-way security feature it seems?

It's definitely not for your average user. But It works really well once set up. That it doesn't require root enables this on basically infinitely more devices than before. This is pretty huge! 🎉

Show thread

@Bubu I have a tablet that has almost no hope of twrp, and big updates are a pain without the privileged extension. This would make my life so much better. Thanks for working on it!

@Bubu Is there a way to connect the app itself as an adb client and execute the command automaticly?

@clerie @Bubu Considering you can do adb over IP, theoretically, the device could connect to itself o.o

@clerie @Bubu Or if you have a terminal, you could type `dpm set-device-owner […]` into it directly

@utf8equalsX @clerie (terminal) nope, doesn't work unless you have root permissions. The app process running the terminal doesn't have the permission to trigger dpm (selinux soemthing?)

@Bubu @clerie It might be different for this terminal because it is the one that shipped with Lineage

@utf8equalsX @clerie It still won't work, if you actually try setting a valid DeviceAdminComponent as device owner. I tried :).

@utf8equalsX @clerie (IP connection)That *miiiight* work? Would be an interesting thing to try for sure.

@utf8equalsX @clerie it works, using this: github.com/MasterDevX/Termux-A
But this is way more fiddly and complicated than using a PC. Automating that is quite complex, you'd need to ship the whole termux environment and the user would still need to understand how to enable adb via network.(and that that is really insecure.)

@Bubu @clerie Surely the traffic that adb does is a lot less complicated than what you would need the termux stack for. The featureset you would need is rather limited, i.e. adb connect and adb shell, it could be reimplemented natively or one could compile the adb binary into the app.

@Bubu
I found this application which does it exactly this way: f-droid.org/packages/com.tanan

It uses this library which implements adb in native java. github.com/tananaev/adblib

It prompts you to type `adb tcpip 5555` but this is equivalent to enabling adb over IP in the settings.

@Bubu If you could point me to the repository you're developing at I could see whether I could automate this in your application in a user-friendly way

@Bubu

I believe if the UI is improved (I don't know how you imagine this to look like when it's done), this can be made very user-friendly because it doesn't require one to install adb on a computer.

gitlab.com/fynngodau/privilege

Now, I didn't quite test what happens when setup is successful because I didn't want to remove my accounts, but it should work exactly as manually, ideally.

@utf8equalsX this looks good. It should not be part of the privileged extension though I think (and it doesn't need to be.)
Let me see if I can fit it into fdroid client instead.

It shouldn't be part of the extension because that is deliberately kept super small and simple (because it has basically full control over the device as device owner). Requiring an external library and internet permission for a setup task doesn't make much sense there.

@Bubu Makes sense, the setup can of course work from any other app as well. Then the privileged extension wouldn't need any graphical user interface and as such no launcher icon at all (which I would think is preferable) if you were to add a setup screen to F-droid.

@Bubu Are you going to create one privileged extension for each installation method? Do you have an fdroid issue for this?

@utf8equalsX That's the current plan, yes.
If you want to join the discussion, you can join -dev:f-droid.org on matrix/irc. There's currently no issues for this

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community