You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,8 @@ My app is designed to address these shortcomings. It allows you to wipe all data
18
18
19
19
Unfortunately, there are limits to the stealthiness of deleting data, although deleting data is still much more stealthy than resetting the device to factory defaults. After deleting data in various places in the system (logs, cache, statistics, etc.) remains a lot of evidence that this data existed. It is almost impossible to erase all these traces, and an advanced adversary with full access to the device will be able to detect them. Fortunately, some of these traces are harmless - you can make up whatever you want about a deleted Android profile. However, some traces allow to find out that you have recently deleted data using this application, that will make the adversary much more interested in extracting the truth from you. I try to fight with such traces. The app includes some additional options that will allow you to hide its existence on the device and its role in erasing data from your device. However, the study of traces of deleted data is still far from complete.
20
20
21
+
Another disadvantage of the app is that the most advanced features of the app, including the app self-destruction, require root permissions. Granting root privileges is usually accompanied by unlocking the bootloader, although some devices can [use root privileges with a locked bootloader](https://github.com/chenxiaolong/avbroot). Both root permissions and an unlocked bootloader [make](https://madaidans-insecurities.github.io/android.html) the device more vulnerable to some other types of attacks. Instead of root permissions, you can use app owner rights via Dhizuku, but in that case the Android system will show a notification if the app attempts to self-destruct, making the self-destruct option virtually useless when used without root permissions. Without root permissions, you can hide the app from the launcher and erase its data, plus the app masquerades as other apps, but it will still be possible to reveal the presence of the app on the device. Depending on your threat model, you will have to choose what you value more: stealthy data erasure or minimizing the privileges available to apps on your device.
22
+
21
23
## Installation
22
24
In the "Releases" section, you can download 5 versions of the app. 2 of them can be installed as regular APKs, and 3 need to be installed via ADB. The ADB installation process will be described below. Versions that can be installed as regular APKs have the drawback that the self-destruct option is not compatible with administrator privileges, and administrator privileges are required to protect against passwords brute-force. Therefore, they are called "NOT_RECOMMENDED" and their installation is not recommended.
23
25
@@ -54,7 +56,7 @@ Coming soon...
54
56
55
57
When you launch the app, you'll need to enter your password. This password will be used to unlock the app, the same password will be used as a duress password, when you enter it, your data will be deleted. Try to make it strong and similar to the real password from your device so that you can tell that you entered the wrong password because of a typo.
56
58
### Permissions
57
-
After setting a password, you will open the settings. Here you will need to give the application certain permissions. For the triggers to work, you will need to enable the Accessibility service and grant device administrator rights. Other actions require either dhizuku privileges (device owner privileges that can be obtained via Dhizuku) or root privileges. Some actions can only be performed with root privileges, so **it is recommended that you grant root rights to the application**.
59
+
After setting a password, you will open the settings. Here you will need to give the application certain permissions. For the triggers to work, you will need to enable the Accessibility service and grant device administrator rights. Other actions require either dhizuku privileges (device owner privileges that can be obtained via Dhizuku) or root privileges. Some actions can only be performed with root privileges.
58
60
### Using with Dhizuku
59
61
If you are unable to grant root rights to the application, you can grant device ownership rights via [Dhizuku](https://github.com/iamr0s/Dhizuku). For now, Dhizuku from the original repository [doesn't work](https://github.com/iamr0s/Dhizuku/issues/85) until the device is unlocked for the first time. In addition, if you install the apk files posted there and give Dhizuku the rights of the owner of the device, then you will not be able to delete the application. You can download the Dhizuku apk files from my [fork](https://github.com/bakad3v/Dhizuku), where all the bugs are fixes and you can find a removable version of the app. There are also instructions for installing the application and granting it the rights of the device owner.
0 commit comments