Using Xposed Framework

@bobby - you might need to go to the settings in the app and change ‘versions to be shown’ to ‘Stable (low risk of bugs)’ and it shouldn’t try to update to the experimental version anymore

@Chris_R :
Exactly this did I after instilling 2.6.and updating to 2.6.1.
And now 2.6.1 is running stable… :slight_smile:

BTW: Should it be useful to open a thread, which modules from the Xposed Framework are recommendable?

Best regards from Switzerland

2 Likes

Glad that sorted things. May be interesting to see which modules others use and to tell people what they might find useful :smile:

Exactly that is what I am thinking too.
For people with short expierience: The modules are downloaded with the Xposed Framework,
A description of the modules is on http://repo.xposed.info/module-overview.

A fine tool is GravityBox [JB] http://repo.xposed.info/module/com.ceco.gm2.gravitybox.
It works great on the Fairphone and has a lot of features.

Another great tool is LBE Security Master - Translation International http://repo.xposed.info/module/com.xda_drm.lbe51_translation_ww.
One of the best security tools for rooted android devices.
You can allow or restrict all rights from apps, veri useful.

Very useful too is Advanced Power Menu+ (APM+) http://repo.xposed.info/module/hk.kennethso168.xposed.apmplus.
Pressing on the power button you activate / deactivate things like WiFi, Flashlight,Screenshot and more.

Also helpful is Theftie - Find my Phone http://repo.xposed.info/module/net.theftie.

What are your recommendations?

Best regards
Bobby

1 Like

I like XPrivacy.

http://repo.xposed.info/module/biz.bokhorst.xprivacy

It allows you to change permissions of apps.

2 Likes

LBE can now also be used without XPosed Framework.
There is an English translation here: https://www.dropbox.com/s/67uu2hktgx2spa0/LBE_Security_5.4.8254_BETA_EN.apk?dl=0

:smiley:

(just using it since today, but I already did remove Xprivacy).

Wonder though if there are any other modifications possible to Xposed Framework except those in Gravity Box.

1 Like

Hi everyone,
I opened a thread dedicated to XPrivacy over here. It would be quite great if all of you could somehow contribute to that. @Stefan already wikified the topic, so everybody can edit my OP.

I would be delighted if someone would contribute some easy-to-understand screenshots to the post. I my case, the UI with all it’s different options and things to try out was quite overwhelming at first. But think we should really promote XPrivacy by explaining what it does, and how it can be set up. It’s a really cool thing. :sunglasses:

1 Like

A German translation of LBE is avaible here
It is amazing that the newest version is translated after a few days.

For me is LBE the main security tool, and Xposed modules are used to complete the system (p. A. Notification or Shutdown Menu).

I’ve been using the Xposed framwork since day one and haven’t had any problems whatsoever. Meaning I would recommend it to everyone thinking about a way to extend functionality of their phones. Regarding security I think for the most time the human is the weak link in the security chain. Both GravityBox and XPrivacy are very useful, although already mentioned.

2 Likes

This is probably not the best thread to ask this, but did anyone recently check the SSL cert of https://repo.xposed.info/ ? Or am I the only one seeing a certificate for webserver.ispgateway.de here?
o_O

What what? What?

1 Like

It’s fishy, indeed…

1 Like

I’ve noticed the same.

This is a self generated cert of the hoster.

repo.xposed.info has address 185.21.102.147

185.21.102.147 -> Domain Factory -> ispagateway.de

1 Like

Thanks Ralf, I was stupid not to check the IP.

This is quite OT, but do you have any background info why they are using this selfsigned cert with the wrong address? I did not check for this hoster, but shouldn’t a proper cert be part of the hosting?
It makes me nervous when I get a cert warning. Every time. :slight_smile:

This is not strictly related but i used domain factory for some years and they use the same address for their SSL protected access to imap and stmp services, eg. imap.ispgateway.de.
I suppose it is a matter of cost? Eg. a ssl certificate for the domain costs 2€ a month, while the self-signed is probably free.

Sources in German

1 Like

More often than not, certificate warnings are caused by sites whose intent is good, but their certificate is just incorrect for whatever reason. It’s kind of problematic that repeatedly having that experience makes you insensitive towards the warning, and if that moment comes where the warning is actually right in pointing out something truly fishy, you’ll accept the certificate and continue anyway. What’s worse is that sites without any form of encryption don’t get a waring at all. Enter your login credentials, or worse, your CC number on a site that doesn’t go through https and you never get a warning about anything yet you’re at a higher risk than doing encrypted communication using an invalid SSL certificate.

1 Like

Yes, the security warnings about SSL certs are misleading. They always mix insecure, badly encrypted and untrusted. Self-signed certs are untrusted, but usually better encrypted.

http://forum.xda-developers.com/showthread.php?t=3034811 says: “Please install it only if you’re willing to take the risk of boot loops.”

Is there a risk of boot loops when using xposed on the FP1? If so, how can I break them? I was told backup and recover. How would I do that?

Will the DKB-Card-Secure app work with xposed + root cloak?

I’ve never had problems with the Xposed Framework. However, this xda-post gives some indications what to do in case you suffer from a boot loop:

###In case you get into a boot loop:

First, try using the safemode by pressing any hardware key repeatedly. You can find a short explanation how it works here.

If that doesn’t work, you can flash the attached Xposed-Disabler-Recovery.zip by Tungstwenty. It will be copied to your (external) SD card when you install Xposed as well. The only thing it does is copying /system/bin/app_process.orig back to /system/bin/app_process, which you can also do yourself (e.g. with adb shell in recovery mode).

I don’t know, but you can simply try it out. When Xposed is up and running, enabling and disabling modules (like root cloak) is pretty straightforward. Only a reboot is needed.