-
Notifications
You must be signed in to change notification settings - Fork 948
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Counter Measure: Disable GTalkService #151
Comments
@E3V3A, thanks for adding this. Since I run a CustomROM, I guess I don't have GTalkService since I did not flash a GAPPS-package. How can I verify that no services like GTalkService are running? |
So how do you install apps on that? If you can use Google Play, then it's probably running... |
Use this to disable services: |
@andr3jx I don't see how that has anything to do with this issue? (You're suggesting to download an outdated service app from GP to disable gtalkservice?) We can obviously do this much easier from command line. |
I don't see how this issue is related to detecting IMSI-Catchers. I'm against implementing it. If someone wants to disable some google services he can use the mentioned app. |
@andr3jx and @E3V3A, would you please stop fighting like two little kids here? In my eyes, disabling GTalkService is not on our current priority list, yet I do consider proposed feature important to be added at some point. Why? If Google can obviously boldly ignore Issue 5353 since 2009, then I have to suppose they are working together with agencies that do not want people to be warned about such things like unencrypted communication channels, Silent SMS or other possible attacks. And that leads me to the assumption that our App could get uninstalled through them without the user of our App knowing. Maybe @mar-v-in from the NOGAPPS Project can help us conveniently disabling this service? |
Ok, let me clarify how this is related to this AIMSICD. The Google INSTALL_ASSET or REMOVE_ASSET can be used to install or remove anything (by anyone), including our app and replacing it with spyware, if someone wanted to. Now I'm not saying this is trivial to do, which it isn't, but the fact that it can be done, is bad enough, especially when your name is Google. So this is an extremely dangerous function, that we really think the user should be in charge of. Thus, the proposal is to implement this as a detection mechanism in settings, and let the user decide whether or not this can be disabled. So there is nothing really to argue about here. In addition, this is one of the very few easy to implement detections of when your device is being remotely manipulated. That is the skull icon. "Hit emergency wipe, drop and run!" |
XPrivacy might be another choice to look into... |
Maybe @M66B can give us a hint on an easy solution? |
Kill switch is made by Google.
|
Sounds like custom ROMs are "safe" from this "feature". Or is it hidden in there as well? |
Instead of asking new questions to an already complicated topic, try to find some of the answers yourself. Not everyone care about custom ROMs, and they're all different. |
Just tossing this into the discussion: Did you know that Google exercised the remote application removal feature on the Apps of Jon which he used to demonstrate on SummerCon security conference how easy it would be to bootstrap a Rootkit onto Android phones via the Android Market? I will continue to research for implementable methods. |
We should not use google apps at all. After installing pure CM11 without gaaps I feel a free person, at last :-) |
@menschenfresser Well, sorry, but we're trying to promote a wider support for our App. Please don't bother posting in the issue threads unless you have something more constructive and relevant to tell us. I have removed some of your other posts as they were completely irrelevant. |
censorship :-( then fuck this project. |
we are trying not kick out all Google Services anyway, no need to delete anything. |
@menschenfresser, first of all: Cool to see you're running pure CM without any GAPPS installed! Have you ever tried out AOKP? It is based upon CM, but yet enables much more tweaking - I just love it! Thing is, I hate Google stuff, too. But since our App shall run on as many devices as possible (which likely most of the time run stock ROMs), our project is not meant to remove all Google crapware, because this would require ROOT and is beyond the scope of developing our App. Here comes the good news: Since I am one of those privacy fanatics having rooted my phone and love phones free of Google (welcome in my club), I have been working on our project with AOSP ROMs and alternatives in mind from the very start. Maybe you can elaborate a little on why you're so angry about our project? Feel free to get in touch with me via E-Mail, I am sure I can clear things up for you. Help us with pull requests! |
@E3V3A, I'm pushing this Issue to get a better idea of it. What do you think about my suggestion here?
|
Sound good to me, but I don't know how to do that in practice. I know Titanium Backup and App Quarantine can do this, but not how it's actually done. |
Check if service is running - I have -not- found a way to list all components of a package (like DisableService app does). dumpsys activity services | grep -i "GTalk"
dumpsys| grep -i "gtalkservice" Disable service: pm disable com.google.android.gsf/.gtalkservice.service.GTalkService another thing to disable pm disable com.google.android.gsf/.gtalkservice.service.GTalkServiceProxy
pm disable com.google.android.gms/.gcm.ProxyGTalkService others I found:
|
Excellent! Now we need to test this on various stock devices. (I assume ROMs are not using this, unless Google "add-ons" have been added.) |
I've just received an answer from @wangqi, the creator of the App Disable Service.
|
This is great, but unfortunately this seem to be just the top of the iceberg. A recent review of my Samsung device Android permissions, was really jaw dropping as well. While providing useful insight into why certain other things doesn't work. Which means that for Samsung phones we have a whole new set of these dangerous remote tools. |
@E3V3A, I vote for adding detection and protection against this one and on adding the core features of our App as a priority. We can (and should) open separate Issues for the other attack vectors and then see how we can possibly add countermeasures for these relevant to IMSI-Catchers and remote attacks. |
Also re-opening this Issue for @smarek to have a last look at it if this can be implemented at all. Thanks! |
"Do one thing and do it well". Why don't you implement this feature in another app? I would not expect this functionality from an IMSI-Catcher detector... |
@vanitasvitae, if you would have read the whole Issue, we were trying to find out if there is a way of detecting whether And while I'm at it: I recently found DisableManager by @75py on F-Droid. Maybe he'll be able to join in. |
@SecUpwN: I do have read the whole thread. But I still think AIMSICD should prevent you from getting spied on by IMSI Catchers, not from getting apps installed on/removed from your phone. You could still put that functionality into another app and even promote that app from within AIMSICD. After all that's just my opinion, but I think AIMSICD should let the task of hardening android up to the user. |
Thanks, but we decided this to be a countermeasure to be made available from within our app. So please do not question our decision here, but rather provide some useful thoughts on how to accomplish this. |
Question everything! :) I currently do not have the time/knowledge to contribute code, but this is open source so I thought I'd contribute by adding to this discussion. In the end its your choice though. |
@jensstein, since you develop my favourite backup manager oandbackup, do you see a way we could detect @f3ndot, could you please have a look at the following answer of @jensstein? Which way to go?
|
HI all, first my compliments for your work. I have been playing with your app for a couple of days. It is my understanding that the feature discussed in this thread it is a nice to have but not yet implemented, I may be wrong since your main website lists this feature among the other things the app actually does but, it wasn't able to detect it on a couple of phones I have been testing it with. That being said, in case you are still looking for a working way to detect if the GTalkservices are installed and how to disable it, I tested DisableServices, as above recommended. Unfortunately that app was not able neither to find all the occurrences of the mentioned service nor to disable any of them. (I am running a rooted 4.4.2) Then I tested Autostarts (https://github.com/miracle2k/android-autostarts) with the binaries available on F-Droid and this app actually made the work. Its search function browse across all the services available on your Android, so it was enough to search for GTalk and all about a dozen of services were found. Furthermore I was able to disable for good the service. This configuration was working also through reboots and it was permanent. I may also point out that the option mentioned above (typing ##8255## ) may or may not find out if the GTalkservices is active or not, as it relates only to one of the several subservices and, as matter of fact, while the Samsing S5 I used for test had this "shortcut" not available, in truth the GTalkservice was up and running, so to speak. Last but not least, disabling this feature seems not to have affected my ability to install apps from the Google store. Hope all this helps. Again my compliments for your work. |
Thanks for your wonderful contribution, @rdarioc! Now we only need a pull request to implement the detection of that in our own app here, while at the same time prompting the users that it has been detected and if it shall be disabled. Maybe @miracle2k can help us with that? |
Isn't Are we talking about the same app? I thought GTalk is Google Talk/Hangouts? What happens if you just simply Debloat out all of Google/Gapps and run microG instead, isn't problem solved? On a Stock Rom I debloat all of these and run microG. Android Setup I had assumed now, with all of these gone, it would be safe to just leave the Play Store installed going through microG... Hmm |
It's been known for a long time that Google has the power to pull or push any app to/from your phone, using the GTalkService: INSTALL_ASSET or REMOVE_ASSET. Thus we would like to disable this dangerous functionality, or at least detect it, when app is in a non-green detection/status mode. In addition, turning off GTalkService will also improve your battery life somewhat. Fortunately (!) this will also block the use of Google Play and updates. We need to:
References:
https://jon.oberheide.org/blog/2010/06/28/a-peek-inside-the-gtalkservice-connection/
http://forum.xda-developers.com/showthread.php?t=2357417&page=119
http://forum.xda-developers.com/xperia-u/issues/app-disable-service-t2455525
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: