App Manager

Muntashir Al-Islam

We’re running a funding campaign for App Manager for a limited period. learn more...

image

App Manager

使用者手冊

v3.0.0-alpha02

21 4月 2022

Copyright © 2020–2022 Muntashir Al-Islam

“Wisely and slow. They stumble that run fast.” — Friar Laurence, Romeo and Juliet

1 簡介

App Manager 是一個提供大量功能的高級的 Android 軟件包管理器,因此,需要使用者手冊來幫助使用者正確使用。本文作為 App Manager 的使用者手冊,旨在描述 App Manager 所提供的每一個功能。 本文也可以被認為是 App Manager 的 “官方指́́南,並指明 App Manager 的預期行為。翻譯可能有誤 (原文為英文)。因此,每個有能力的使用者應該閱讀該檔案的英文版本,以獲得最佳的體驗。 此外還可能有其他非官方的或第三方的資源,如博客文章、視頻、聊天群組等。雖然這些資源可能對許多人有用,但它們可能不是針對最新版本。 如果在App Manager中發現任何偏離本文件的情況,應在 App Manager 問題追蹤內反映。

1.1 術語

1.2 受支持的版本

目前,支援的版本有 v2.6.0(穩定版)、v3.0.0(alpha 版和調試版)。以前版本的 App Manager 可能包含安全漏洞,不應使用。

1.3 官方來源

1.3.1 二進制(可執行)分發來源

App Manager 透過以下渠道發布。 非官方來源可能分發 App Manager 的修改版本,後果自負。

  1. F-Droid 1
    Link: https://f-droid.org/packages/io.github.muntashirakon.AppManager

  2. GitHub repository.
    Normal releases: https://github.com/MuntashirAkon/AppManager/releases
    Debug releases: https://github.com/MuntashirAkon/AppManager/actions

  3. Telegram.
    Normal releases: https://t.me/AppManagerChannel
    Debug releases: https://t.me/AppManagerDebug

1.3.3 翻譯

App Manager 不接受直接透過PR/MR進行的翻譯。翻譯僅透過 Weblate 進行自動化管理。 要加入翻譯團隊,請造訪 https://hosted.weblate.org/engage/app-manager/

1.4 貢獻

使用者可以透過多種方式做出貢獻,例如創建有用的問題、參加討論、改進 檔案和翻譯,新增無法識別的庫或追蹤器,查看原始程式碼以及 報告安全漏洞。

1.4.1 構建說明

在位於原始碼根目錄下的BUILDING檔案中可以獲得編譯指導。

1.4.2 提交補丁

除GitHub之外的倉庫目前被視為鏡像,在這些網站提交的 PR/MR 將不被接受. 2 相反,patches (.patch 檔案) 可以透過電子郵件附件提交。 請務必對Commits簽名(Signing-off) 更多資訊請參見位於原始碼根目錄下的CONTRIBUTING檔案.

注意.

在透過電子郵件提交補丁是,整個郵件對話在將來可能會被公開造訪. 所以,請不要除了您的姓名和電子郵件地址之外,不要包含任何個人身份資訊(PII).

1.5 捐款&資金

捐贈或購買並不是使用App Manager的必要條件. 雖然 App Manager 不支持任何任何內購, 但可以透過 Open Source Collective 向 App Manager 的所有者發送捐贈.

Open Source Collective 是 Open Collective 平台上的一個財政託管機構,以幫助開源項目管理他們的財務狀況。 目前,它支持透過銀行賬戶、PayPal、信用卡或借記卡和加密貨幣發起捐贈.

Link: https://opencollective.com/muntashir.

透過發送捐款,發送者同意他們不應使用捐款作為籌碼來使作者優先考慮其所請求的功能. 請求新功能不需要任何捐贈,且它們的優先級是按作者傾向排序.

App Manager 接受任何資助的提議 有興趣的組織的代表可以透過以下方式直接聯繫聯繫所有者: §1.6.

1.6 聯繫我們

Muntashir Al-Islam3
Email: muntashirakon [at] riseup [dot] net
Key Fingerprint: 7bad37c2981e41f8f6abea7f58f0b4f26c346fce
GitHub: https://github.com/MuntashirAkon
Twitter: https://twitter.com/Muntashir

2 頁面

2.1 主畫面

主畫面列出所有已安裝、已解除安裝和已備份的應用程式。 單獨點擊任何已安裝的應用程式項目可開啟相應的 應用程式詳細資訊頁。 對於未安裝的系統應用程式,它會顯示一個 對話框提示,可以用來重新安裝該應用程式。 使用列表選項中的 排序 ,可以選擇應用程式列表的排序方式,離開應用程式後仍會保留排序方式。 使用列表選項中的 過濾,可以過濾列表選項。 篩選也可以透過搜尋欄進行過濾,並支持正則表達式。

2.1.1 批處理

批處理也可以在這個頁面內進行。 多選模式可以由點擊任何應用程式圖標或長按列表中的任何一項進入。 進入後,僅需單擊列表中的任何一項便可選中,而不是開啟應用程式詳細資訊頁。 該模式下,批處理操作位於位於頁面底部的多選功能表,包括包括:

  • 將選中應用程式新增到 配置

  • 備份、恢復或刪除應用程式

  • 封鎖應用程式中的追蹤器

  • 清除應用程式數據或緩存

  • 啟用/停用/強制停止/解除安裝應用程式

  • 導出屏蔽規則

  • 封鎖應用程式的後台操作 (Android 7 及更高版本)

  • 導出APK檔案到 AppManager/apks

  • 設置聯網規則

無障礙.

進入多選模式後,鍵盤或遙控器的左右鍵呼出多選功能表。

2.1.2 顏色代碼

  • 淺灰橙(日間模式下) / 深藍(夜間模式下) – 多選模式下被選中的應用程式

  • 淺紅(日間模式下) /深紅 (夜間模式下) – 停用的應用程式

  • 黃色星標 – 可調試的應用程式

  • 橙色 日期 – 應用程式可讀取日誌

  • 橙色 UID – 使用者 ID 在應用程式間被共享

  • 橙色 SDK – 使用明文網絡通信(如 HTTP)

  • 紅色 包名 – 應用程式禁止清除數據

  • 紅色備份標識 – 已解除安裝的應用程式存在一個或多個備份

  • 橙色備份標識 – 備份過期, 如基本備份中包含已安裝的應用程式的舊版本

  • 深藍綠色 備份標識 – 備份在期, 如基本備份中包含已安裝應用程式的相同或更高版本

  • 深藍綠色 包名 – 已強行停止執行的應用程式

  • 深藍綠色 版本 – 不活躍的應用程式

  • 紫紅 – 常駐應用程式(一直執行的應用程式)

2.1.3 應用程式類型

一個應用程式可以是 使用者系統 應用程式,同時存在以下後綴:

  • X – 支持多種架構(AArch32位/AArch64位)

  • 0 – 不含dex檔案(包含ART/Davilk虛擬機字節碼, 即可直接執行的代碼)

  • ° – 處於休眠狀態

  • # – The application requested the system to allocate a large heap i.e. large runtime memory

  • ? – The application requested the virtual machine to be in the safe mode.

2.1.4 版本資訊

版本名稱有以下前綴:

  • _ – 沒有硬件加速(減慢應用程式中的過渡動畫)

  • ~ – 僅測試模式

  • debug – 可調試應用程式

2.1.5 選項功能表

“選項”功能表提供了多個選項,可用於對列出的應用程式進行排序和篩選以及導航 新增到 App Manager 內外的不同頁面。

2.1.5.1 說明

點擊 指南 開啟離線版的App Manager使用者手冊. 它也可能開啟在線版本如果如果相應的功能拆分feat_docs未安裝, 或系統 WebView不存在.

2.1.5.2 清單選項

列表選項 包含了對主畫面中的列表進行排序和過濾的選項。

2.1.5.2.1 排序

主畫面中列出的應用程式可以按照以下方式進行排序:

  • 使用者應用程式優先 使用者應用程式將優先展示

  • 應用程式標籤 根據應用程式標籤(也稱為 應用程式名稱)升序排序。 (默認選項)

  • 包名 根據包名升序排序

  • 最後更新 根據更新時間降序排序

  • 共享 user ID 根據共享 user ID升序排序

  • 目標 SDK 根據目標SDK升序排序

  • 簽名 根據簽名資訊升序排序

  • 已停用優先 已停用將優先展示

  • 已封鎖優先 根據已封鎖的應用程式元件數目降序排序

  • 已備份優先 已備份將優先展示

  • 追蹤器 根據追蹤器數目降序排序S

  • 最後操作 根據被App Manager操作的應用程式時間降序排序

此外,還有 反轉 選項,可以用來對列表進行反向排序。 無論怎樣排序偏好,應用程式都是先按字母順序排序,以防止產生任何隨機排序結果.

2.1.5.2.2 篩選

主畫面中列出的應用程式可以透過以下方式進行過濾:

  • 使用者 僅使用者應用程式

  • 系統 僅系統應用程式

  • 停用 僅停用應用程式

  • 被封鎖 僅被封鎖元件的應用程式

  • 可開啟 僅至少有一個Aactivity的應用程式

  • 有備份 僅有備份的應用程式

  • 無備份 僅沒有備份的應用程式

  • 執行中 僅正在執行的應用程式

  • 有分包 僅有分包(多Apk)應用程式

  • 已安裝 僅已安裝應用程式

  • 已解除安裝 僅已解除安裝應用程式

與排序不同,它可以同時應用程式多個過濾選項, 如,停用的使用者應用程式可以透過選擇 使用者停用列出,這對批處理特別有用,在這種情況下過濾使用者應用程式可能是必要的,以便安全地進行某些操作。 Unlike sorting, it is possible to apply more than one filtering options at the same time. For example, the disabled user applications can be listed by selecting both User apps and Disabled apps. This can be particularly useful for batch operations where filtering the user applications may be necessary to carry out certain operations safely.

2.1.5.2.3 配置檔案名稱

It is also possible to list the applications that are only present in a profile. This can be useful for carrying out certain operations on a profile (e.g., uninstalling all the applications in a profile) that cannot be done via the Profiles page.

2.1.5.3 一鍵式操作

1-Click Ops stands for the single-click operations. It opens the corresponding page in a new activity.

2.1.5.4 應用程式使用情況

App usage statistics such as screen time, data usage (both mobile and Wi-Fi), the number of times an app was opened can be accessed by clicking on the App Usage option in the menu. However, it requires the Usage Access permission. This menu item will not be listed if the usage access feature is disabled in settings.

2.1.5.5 系統配置

This menu item opens a new page where various system configurations, blacklists/whitelists included in Android by the OEM, the vendor, the AOSP or the Magisk modules are displayed. It requires root. Therefore, this menu item will not be listed if root permission is unavailable to App Manager.

2.1.5.6 正在執行的應用程式

This menu item opens a new page where a list of running applications or processes are displayed. It also displays the current memory and cache (if available) usage. If root or ADB is not available to App Manager, it only displays itself in the recent versions of Android. The running applications or processes can also be force-stopped or killed within the resultant page. Logs for each process ID (PID) can also be viewed in the log viewer. In addition, it is also possible to carry out batch operations either by clicking on the icon or by long-clicking on an item. Normal click on any items opens a dialog where a more detailed information is displayed.

2.1.5.7 配置檔案

This menu item opens the profiles page. Profiles are a way to configure regularly used tasks. They can also be invoked via shortcuts.

2.1.5.8 日誌查看器

This menu item opens the log viewer page which can display and manage logs using the logcat command. By default, this page can only display the activities of App Manager. However, it can display logs from all the processes if android.permission.READ_LOGS is granted. This permission granted automatically if the current mode of operation is either root or ADB.

2.1.5.9 APK 更新程式

If the app APK Updater is installed in the system, it can be opened directly via this menu item. The option remains hidden if the app is not present in the system.

2.1.5.10 Termux

If the app Termux is installed in the system, the running session (or a new session) can be opened directly via this menu item. The option remains hidden if the app is not present in the system.

2.1.5.11 設定

此功能表項將開啟應用程式內 Settings page

2.2 應用程式詳細資訊頁

應用程式詳細資訊頁由11個標籤頁組成.幾乎描述了一個應用程式的所有資訊, 包括清單中的所有屬性, AppOps,簽名,原生庫等

2.2.1 顏色代碼

本頁中使用的背景顏色列表:

  • 正紅 (日間) /深紅 (夜間) – 危險權限或, 被封鎖的元件(使用App Manager操作)

  • 亮紅 (日間) /緋紅 (夜間) – 被封鎖的元件(其他應用程式操作)

    注意.

    表示在 App Manager 之外停用(封鎖)的元件, 標記為停用(封鎖)的元件並不意味著它被使用者停用,它也可能是被系統停用的, 或者在其清單(Android-Manifest.xml)中被標記為停用(封鎖)。被停用的應用程式也會被系統(和App Manager)視為停用(封鎖)。

  • 鮮橙 (日間) / 深橙 (夜間) – 追蹤器元件

  • 亮紫 (日間) / 深紫 (夜間) – 正在執行的元件

2.2.2 應用程式資訊

應用程式資訊 分頁包含關於一個應用程式的基本資訊, 許多操作可以在此標籤中執行.

2.2.2.1 基本資訊

The list below is in the same order as listed in the App Info tab.

  • App Icon. The application icon. If an app doesn’t have an icon, the system default icon is displayed.

  • App Label. The application label or application name.

  • Version. Application version is divided into two parts. The first part is called version name, the format of this part varies but it often consists of multiple integers separated by dots. The second part is called version code and it is closed under first brackets. Version code is an integer which is usually used to differentiate between app versions (as version name can often be unreadable by a machine). In general, new version of an app has higher version code than the old ones. For instance, if 123 and 125 are two version codes of an app, we can say that the latter is more updated than the former because the version code of the latter is higher. For applications that depend on platforms (mobile, tabs, desktops, etc.), these version numbers can be misleading as they use prefixes for each platform.

  • Tags. (Also known as tag clouds) Tags include the basic, concise and most useful info of an app. Tags contain tracker info (i.e. number of tracker components), app type (user app or system app and whether the app is an updated version of the system app or if the app is installed systemless-ly using Magisk), running (i.e. one or more services of the app is running in the background), split APK info (i.e.  number of splits), debuggable (the app is a debug version), test only (the app is a test only app), large heap (the app has requested a large heap size), stopped (the app is force stopped), disabled (the app is disabled), KeyStore (the app has items in the Android KeyStore), no code (the app doesn’t have any code associated with it), SSAID, netpolicy (network policy such as background data usage), and battery optimization. The importance of including test only and debuggable is that app with these properties can do additional tasks or these apps can be run-as without root which can cause potential security problems if these apps store any private information. Large heap denotes that the app will be allocated a higher amount of memory (RAM) if needed. While this may not be harmful for most cases, any suspicious apps requesting large heap should be taken seriously.

  • Horizontal Action Panel. This is an action panel containing various actions regarding the app. See §2.2.2.2 for a complete list of actions available here.

  • Paths & Directories. Contains various information regarding application paths including app directory (where the APK files are stored), data directories (internal, device protected and externals), split APK directories (along with the split names), and native JNI library (if present). JNI libraries are used to invoke native codes usually written in C/C++. Use of native library can make the app run faster or help an app use third-party libraries written using languages other than Java like in most games. You can also open these directories using your favourite file managers (provided they support it and have necessary permissions) by clicking on the launch icon on the right-hand side of each item.

  • Data Usage Since Last Boot. A rather self explanatory option. But beware that due to some issues, the results might often be misleading and simply wrong. This part remains hidden if Usage Access permission is not granted in newer devices.

  • Storage & Cache. Displays information regarding the size of the app (APK files), data and cache. In older devices, size of external data, cache, media and OBB folders are also displayed. This part remains hidden if Usage Access permission is not granted in newer devices.

  • More Info. Displays other information such as–

    • SDK. Displays information related to the Android SDK. There are two (one in old devices) values: Max denotes the target SDK and Min denotes the minimum SDK (the latter is not available in old devices). It is best practice to use apps with maximum SDK that the platform currently supports. SDK is also known as API Level.

    • Flags. The application flags used at the time of building the app. For a complete list of flags and what they do, visit the official documentation.

    • Date Installed. The date when the app was first installed.

    • Date Updated. The date when the app was last updated. This is the same as Date Installed if the app hasn’t been updated.

    • Installer App. The app that installed this app. Not all app supply the information used by the package manager to register the installer app. Therefore, this value should not be taken for granted.

    • User ID. The unique user ID set by the Android system to the app. For shared applications, same user ID is assigned to multiple applications that have the same Shared User ID.

    • Shared User ID. Applicable for applications that are shared together. Although it says ID, this is actually a string value. The shared application must have the same signatures.

    • Main Activity. The main entry point to the app. This is only visible if the app has activities and any of those are openable from the Launcher. There’s also a launch button on the right-hand side which can be used to launch this activity.

2.2.2.2 水平操作面板

Horizontal Action Panel, as described in the previous section, consists of various app-related actions, such as–

  • Launch. Application that has a launcher activities can be launched using this button.

  • Disable. Disable an app. This button is not displayed for already disabled apps or to users who do not have root or ADB. If you disable an app, the app will not be displayed in your Launcher app. Shortcuts for the app will also be removed. If you disable a user app, you can only enable them via App Manager or any other tool that supports it. There isn’t any option in Android Settings to enable a disabled user app.

  • Uninstall. Uninstall an app.

  • Enable. Enable an app. This button is not displayed for already enabled apps or to users who do not have root or ADB.

  • Force Stop. Force-stop an app. When you force stop an app, the app will not be able to run in background unless you explicitly open it first. However, this is not always true.

  • Clear Data. Clear data from an app. This includes any information stored in the internal and often the external directories, including accounts (if set by the app), cache, etc. Clearing data from App Manager, for example, removes all the rules (the blocking is not removed though) saved within the app. Which is why you should always take backups of your rules. This button is not displayed to users who do not have root or ADB.

  • Clear Cache. Clear app cache only. There is not any Android-way to clear app cache. Therefore, it needs root permission to clear cache from the app’s internal storage.

  • Install. Install an APK opened using any third-party app. This button is only displayed for an external APK that hasn’t been installed.

  • What’s New. This button is displayed for an APK that has higher version code than the installed one. Clicking on this button displays a dialog consisting of differences in a version control manner. The information it displays include version, trackers, permissions, components, signatures (checksum changes), features, shared libraries and SDK.

  • Update. Displayed for an app that has a higher version code than the installed app.

  • Reinstall. Displayed for an app that has the same version code as the installed app.

  • Downgrade. Displayed for an app that has a lower version code than the installed app.

  • Manifest. Clicking on this button displays the app’s manifest file in a separate page. The manifest file can be wrapped or unwrapped using the corresponding toggle button (on the top-right side) or can be saved to you shared storage using the save button.

  • Scanner. Clicking on this button displays the app’s tracker and library information. At first, it scans the app to extract a list of classes. Then the class list is matched with a number of signatures. After that, a scan summary is displayed.

    See also: Scanner page

  • Shared Prefs. Clicking on this button displays a list of shared preferences used by the app. Clicking on a preference item in the list opens the Shared Preferences Editor page. This option is only visible to the root users.

  • Databases. Clicking on this button displays a list of databases used by the app. This needs more improvements, and a database editor which might be added in the future. This option is only visible to the root users.

  • F-Droid. Opens the app in your favourite F-Droid client.

  • Store. Opens the app in Aurora Store. The option is only visible if Aurora Store is installed.

2.2.2.3 選項功能表

Options-menu is located in the top-right corner of the page. A complete description of the options present there are given below:

  • Share. Share button can be used to share the APK file or APKS file (if the app is has multiple splits) can be imported into SAI. You can share it with your favourite file manager to save the file in your shared storage.

  • Refresh. Refreshes the App Info tab.

  • View in Settings. Opens the app in Android Settings.

  • Backup/Restore. Opens the backup/restore dialog.

  • Export Blocking Rules. Export rules configured for this app within App Manager.

  • Open in Termux. Opens the app in Termux. This actually runs su - user_id where user_id denotes the app’s kernel user ID (described in the General Information section). This option is only visible to the root users. See §2.2.2.4 to learn how to configure Termux to run commands from third-party applications.

  • Run in Termux. Open the app using run-as package_name in Termux. This is only applicable for the debuggable apps and works for both root and ADB users. See §2.2.2.4 to learn how to configure Termux to run commands from third-party applications.

  • Extract Icon. Extract and save the app’s icon in your desired location.

2.2.2.4 Termux

By default, Termux does not allow running commands from third-party applications. To enable this option, you have to add allow-external-apps=true in ~/.termux/termux.properties, and make sure that you are running Termux v0.96 or later.

Info.

Enabling this option does not weaken your Termux’ security. The third-party apps still need to request the user to allow running arbitrary commands in Termux like any other dangerous permissions.

2.2.3 元件分頁

Activities, Services, Receivers (originally broadcast receivers) and Providers (originally Content Providers) are together called the application components. This is because they share similar features in many ways. For example, they all have a name and a label. Application components are the building blocks of any application, and most of these have to declared in the application manifest. Application manifest is a file where application specific metadata are stored. The Android operating system learns what to do with an app by reading the metadata. Colours used in these tabs are explained in §2.2.1. You also have the ability to sort the list of components to display blocked or tracker components on top of the list using the Sort option in the overflow menu.

2.2.3.1 活動 (Activity)

Activities are windows or pages that you can browse (for instance Main page and App Details page are two separate activities). In other words, an activity is a user interface (UI) component. Each activity can have multiple UI components known as widgets or fragments, and similarly, each of these latter components can have multiple of them nested or on top of each other. But an activity is the master component: There cannot be two nested activities. An application author can also choose to open external files within an activity using a method called intent filters. When you try to open a file using your file manager, either your file manager or system scans for intent filters to decide which activities can open that particular file and offers you to open the file with these activities (therefore, it is nothing to do with the application itself). There are other intent filters as well.

Activities which are exportable can be usually opened by any third-party apps (some activities require permissions, if that is the case, only an app having those permissions can open them). In the Activities tab, the name of the activity (on top of each list item) is actually a button. It is enabled for the exportable activities and disabled for others (root users can open any activities). You can click on the button to open the activity directly in App Manager. You can also open the Interceptor page by long clicking on an activity. Currently, it only works for exportable activities.

Notice.

If you are not able to open any activity, chances are it has certain dependencies which are not met, e.g. you cannot open App Details Activity because it requires that you at least supply a package name. These dependencies cannot always be inferred programmatically. Therefore, you cannot open them using App Manager.

You can also create shortcut for these exportable activities (using the dedicated button), and if you want, you can edit the shortcut as well using the Edit Shortcut button.

Caution.

If you uninstall App Manager, all shortcuts created by App Manager will be lost.

2.2.3.2 服務 (Services)

Unlike activities which users can see, Services handle background tasks. If you’re, for example, downloading a video from the internet using your phone’s Internet browser, the Internet browser is using a foreground service to download the content.

When you close an activity, it usually gets destroyed immediately (depending on many factors such as how much free memory your phone has). But services can be run for indefinite periods if desired. If more services are running in background, your phone will get slower due to shortage of memory and/or processing power, and your phone’s battery can be drained more quickly. Newer Android versions have a battery optimisation feature enabled by default for all apps. With this feature enabled, the system can randomly terminate any service.

By the way, both activities and services are run in the same looper called the main looper, which means the services are not really run in the background. It’s the application authors job to ensure that. How do application communicate with services? They use broadcast receivers.

2.2.3.3 接收器

Receivers (also called broadcast receivers) can be used to trigger execution of certain tasks for certain events. These components are called broadcast receivers because they are executed as soon as a broadcast message is received. These broadcast messages are sent using a method called intent. Intent is a special feature for Android which can be used to open applications, activities, services and send broadcast messages. Therefore, like activities, broadcast receivers use intent filters to receive only the desired broadcast message(s). Broadcast messages can be sent by either system or the app itself. When a broadcast message is sent, the corresponding receivers are awakened by the system so that they can execute tasks. For example, if you have low memory, your phone may freeze or experience lags for a moment after you enable mobile data or connect to the Wifi. Ever wondered why? This is because broadcast receivers that can receive ‘android.net.conn.CONNECTIVITY_CHANGE‘ are awakened by the system as soon as you enable data connection. Since many apps use this intent filter, all of these apps are awakened almost immediately by the system which causes the freeze or lags. That being said, receivers can be used for inter-process communication (IPC), i.e., it helps you communicate between different apps (provided you have the necessary permissions) or even different components of a single app.

2.2.3.4 提供者

Providers (also called content providers) are used for data management. For example, when you save an apk file or export rules in App Manager, it uses a content provider called ‘androidx.core.content.FileProvider‘ to save the APK or export the rules. There are other content providers or even custom ones to manage various content-related tasks such as database management, tracking, searching, etc. Each content provider has a field called Authority which is unique to that particular app in the entire Android eco-system just like the package name.

2.2.3.5 針對已 Root 的手機的額外功能

Unlike non-root users who are mostly spectators in these tabs, root users can perform various operations.

2.2.3.5.1 封鎖元件

On the right-most side of each component item, there is a “block” icon (which becomes a “unblock/restore” icon when the component is being blocked). This icon (actually, a button) can be used to toggle the blocking status of that particular component. If you do not have Instant Component Blocking enabled or haven’t applied blocking for the app before, you have to apply the changes using the Apply rules option in three-dots menu. You can also remove already applied rules using the same option (which would be read as Remove rules this time).

2.2.3.5.2 封鎖跟踪器

You can disable tracker components using the Block tracker option in the three-dots menu. All tracker components will be blocked regardless of the tab you’re currently in.

Info.

Tracker components are a subset of app components. Therefore, they are blocked using the same method used for blocking any other components.

2.2.4 權限分頁

App Ops, Uses Permissions and Permissions tabs are related to permissions. In Android communication between apps or processes which do not have the same identity (known as shared id) often require permission(s). These permissions are managed by the permission controller. Some permissions are considered normal permissions which are granted automatically if they appear in the application manifest, but dangerous and development permissions require confirmation from the user. Colours used in these tabs are explained in §2.2.1.

2.2.4.1

App Ops stands for Application Operations. Since Android 4.3, App Ops are used by Android system to control most of the application permissions. Each app op has a unique number associated with them which are closed inside first brackets in the App Ops tab. They also have a private and optionally, a public name. Some app ops are also associated with permissions. The dangerousness of an app op is decided based on the associated permission, and other information such as flags, permission name, permission description, package name, group are taken from the associated permission. Other information may include the following:

  • Mode. It describes the current authorisation status which can be allow, deny (a rather misnomer, it simply means error), ignore (it actually means deny), default (inferred from a list of defaults set internally by the vendor), foreground (in newer Androids, it means the app op can only be used when the app is running in foreground), and some custom modes set by the vendors (MIUI uses ask, for instance).

  • Duration. The amount of time this app op has been used (there can be negative durations whose use cases are currently unknown to me).

  • Accept Time. Last time the app op was accepted.

  • Reject Time. Last time the app op was rejected.

Info.

Contents of this tab are visible to no-root users if android.permission.GET_APP_OPS_STATS is granted via ADB.

There is a toggle button next to each app op item which can be used to allow or deny (ignore) the app op. If you need to set other modes available to your device, simply long click on an item. If you need to set additional app ops that are not listed in the tab, use the Set custom app op option in the menu. You can also reset your changes using the Reset to default option or deny all dangerous app ops using the corresponding option in the menu. You can also sort them in ascending order by app op names and the associated unique numbers (or values). You can also list the denied app ops first using the corresponding sorting option.

Warning.

Denying an app op may cause the app to misbehave. Use the reset to default option if that is the case. Due to the nature how app ops work, the system may take some time to apply them.

2.2.4.2 使用權限

Uses Permissions are the permissions used by the application. This is named so because they are declared in the manifest using uses-permission tags. Information such as flags, permission name, permission description, package name, group are taken from the associated permission.

Root and ADB users can grant or revoke the dangerous and development permissions using the toggle button on the right side of each permission item. They can also revoke dangerous permissions all at once using the corresponding option in the menu. Only these two types of permissions can be revoked because Android doesn’t allow modifying normal permissions (which most of them are). The only alternative is to edit the app manifest and remove these permissions from there.

Info.

Since dangerous permissions are revoked by default by the system, revoking all dangerous permissions is the same as resetting all permissions.

Notice.

Permissions cannot be changed for apps targeting API 23 or earlier. Therefore, permission toggles are disabled for such apps.

Users can sort the permissions by permission name (in ascending order) or choose to display denied or dangerous permissions at first using the corresponding options in the menu.

2.2.4.3 權限

Permissions are usually custom permissions defined by the app itself. It could contain regular permissions as well, mostly in old applications. Here’s a complete description of each item that is displayed there:

  • Name. Each permission has a unique name like android.permission.INTERNET but multiple app can request the permission.

  • Icon. Each permission can have a custom icon. The other permission tabs do not have any icon because they do not contain any icon in the app manifest.

  • Description. This optional field describes the permission. If there isn’t any description associated with the permission, the field is not displayed.

  • Flags. (Uses the flag symbol or Protection Level name) This describes various permission flags such as normal, development, dangerous, instant, granted, revoked, signature, privileged, etc.

  • Package Name. Denotes the package name associated with the permission, i.e. the package that defined the permission.

  • Group. The group name associated with the permission (if any). Newer Androids do not seem to use group names which is why you’ll usually see android.permission-group.UNDEFINED or no group name at all.

2.2.5 簽名分頁

Signatures are actually called signing info. An application is signed by one or more signing certificates by the application developers before publishing it. The integrity of an application (whether the app is from the actual developer and isn’t modified by other people) can be checked using the signing info; because when an app is modified by a third-party unauthorised person, the app cannot be signed using the original certificate(s) again because the signing info are kept private by the actual developer. How do you verify these signatures? Using checksums. Checksums are generated from the certificates themselves. If the developer supplies the checksums, you can match the checksums using the different checksums generated in the Signatures tab. For example, if you have downloaded App Manager from Github, Telegram Channel or IzzyOnDroid’s repo, you can verify whether the app is actually released by me by simply matching the following SHA256 checksum with the one displayed in this tab:

320c0c0fe8cef873f2b554cb88c837f1512589dcced50c5b25c43c04596760ab

There are three types of checksums displayed there: MD5, SHA1 and SHA256.

Caution.

It is recommended that you verify signing info using only SHA256 checksums or all three of them. DO NOT rely on MD5 or SHA1 checksums only as they are known to generate the same results for multiple certificates.

2.2.6 其他分頁

Other tabs list android manifest components such as features, configurations, shared libraries, and signatures. A complete description about these tabs will be available soon.

2.3 一鍵式操作頁面

This page appears after clicking on the 1-Click Ops option in the main menu.

2.3.1 Block/Unblock Trackers

This option can be used to block or unblock the ad/tracker components from the installed apps. After you click on this option, you will be asked to select if AM will list trackers from all apps or only from the user apps. Novice users should avoid blocking trackers from the system apps in order to avoid consequences. After that, a multi-choice dialog box will appear where you can deselect the apps you want to exclude from this operation. Clicking block or unblock applies the changes immediately.

Notice.

Certain apps may not function as expected after applying the blocking. If that is the case, remove blocking rules all at once or one by one in the component tabs of the corresponding App Details page.

2.3.2 Block Components…

This option can be used to block certain app components denoted by the signatures. App signature is the full name or partial name of the components. For safety, it is recommended that you should add a . (dot) at the end of each partial signature name as the algorithm used here chooses all matched components in a greedy manner. You can insert more than one signature in which case all signatures have to be separated by spaces. Similar to the option above, there is an option to apply blocking to system apps as well.

Caution.

If you are not aware of the consequences of blocking app components by signature(s), you should avoid using this setting as it may result in boot loop or soft brick, and you may have to apply factory reset in order to use your OS.

2.3.3 Set Mode for App Ops…

This option can be used to configure certain app operations of all or selected apps. You can insert more than one app op constants separated by spaces. It is not always possible to know in advance about all the app op constants as they vary from device to device and from OS to OS. To find the desired app op constant, browse the App Ops tab in the App Details page. The constants are integers closed inside brackets next to each app op name. You can also use the app op names. You also have to select one of the modes that will be applied against the app ops.

Caution.

Unless you are well-informed about app ops and the consequences of blocking them, you should avoid using this feature as it may result in boot loop or soft brick, and you may have to apply factory reset in order to use your OS.

2.3.4 Back up

1-Click options for back up. As a precaution, it lists the affected backups before performing any operation.

2.3.4.0.1 Back up all apps.

Back up all the installed apps.

2.3.4.0.2 Redo existing backups.

Back up all the installed apps that have a previous backup.

2.3.4.0.3 Back up apps without backups.

Back up all the installed apps without a previous backup.

2.3.4.0.4 Verify and redo backups.

Verify the recently made backups of the installed apps and redo backup if necessary.

2.3.4.0.5 Back up apps with changes.

If an app has changed since the last backup, redo backup for it. It checks a number of indices including app version, last update date, last launch date, integrity and file hashes. Directory hashes are taken during the back up and stored in a database. On running this operation, new hashes are taken and compared with the ones kept in the database.

2.3.5 Restore

1-Click options for restore. As a precaution, it lists the affected backups before performing any operation.

2.3.5.0.1 Restore all apps.

Restore base backup of all the backed up apps.

2.3.5.0.2 Restore not installed apps.

Restore base backup of all the backed up apps that are not currently installed.

2.3.5.0.3 Restore latest backups.

Restore base backup of already installed apps whose version codes are higher than the installed version code.

2.4 Profiles Page

Profiles page can be accessed from the options-menu in the main page. It displays a list of configured profiles. Profiles can be added using the plus button at the bottom-right corner, imported from the import option, created from one of the presets or even duplicated from an already existing profile. Clicking on any profile opens the profile page.

2.4.1 Options Menu

There are two options menu in this page. The three dots menu at the top-right offers two options such as presets and import.

Another options menu appears when you long click on any profile. They have options such as–

  • Apply now…. This option can be used to apply the profile directly. When clicked, a dialog will be displayed where you can select a profile state. On selecting one of the options, the profile will be applied immediately.

  • Delete. Clicking on delete will remove the profile immediately without any warning.

  • Duplicate. This option can be used to duplicate the profile. When clicked, an input box will be displayed where you can set the profile name. If you click “OK”, a new profile will be created and the profile page will be loaded. The profile will not be saved until you save it manually.

  • Export. Export the profile to an external storage. Profile exported this way can be imported using the import option in the three dots menu.

  • Create shortcut. This option can be used to create a shortcut for the profile. When clicked, there will be two options: Simple and Advanced. The latter option allows you to set the profile state before applying it while the former option use the default state that was configured when the profile was last saved.

2.5 Profile Page

Profile page displays the configurations for a profile. It also offers editing them.

Notice.

When you apply a profile, if some packages do not match the criteria, they will simply be ignored.

2.5.1 Options Menu

The three dots menu on the top-right corner opens the options-menu. It contains several options such as–

  • Apply. This option can be used to apply the profile. When clicked, a dialog will be displayed where you can select a profile state. On selecting one of the options, the profile will be applied immediately.

  • Save. Allows you to save the profile.

    Notice.

    Changes are never saved automatically. You have to save them manually from here.

  • Discard. Discard any modifications made since the last save.

  • Delete. Clicking on delete will remove the profile immediately without any warning.

  • Duplicate. This option can be used to duplicate the profile. When clicked, an input box will be displayed where you can set the profile name. If you click “OK”, a new profile will be created, and the page will be reloaded. The profile will not be saved until you save it manually.

  • Create shortcut. This option can be used to create a shortcut for the profile. When clicked, there will be two options: Simple and Advanced. The latter option allows you to set the profile state before applying it while the former option uses the default state that was configured when the profile was last saved.

2.5.2 Apps Tab

Apps tab lists the packages configured under this profile. Packages can be added or removed using the plus button located near the bottom of the screen. Packages can also be removed by long clicking on them (in which case, a popup will be displayed with the only option delete).

2.5.3 Configurations Tab

Configurations tab can be used to configure the selected packages. Description of each item is given below:

2.5.3.1 Comment

This is the text that will be displayed in the profiles page. If not set, the current configurations will be displayed instead.

2.5.3.2 State

Denotes how certain configured options will behave. For instance, if disable option is turned on, the apps will be disabled if the state is on and will be enabled if the state is off. Currently state only support on and off values.

2.5.3.3 Users

Select users for which is the profile will be applied. All users are selected by default.

2.5.3.4 Components

This behaves the same way as the Block Components… option does in the 1-Click Ops page. However, this only applies for the selected packages. If the state is on, the components will be blocked, and if the state is off, the components will be unblocked. The option can be disabled (regardless of the inserted values) by clicking on the disabled button on the input dialog.

2.5.3.5 App Ops

This behaves the same way as the Set Mode for App Ops… option does in the 1-Click Ops page. However, this only applies for the selected packages. If the state is on, the app ops will be denied (ie. ignored), and if the state is off, the app ops will be allowed. The option can be disabled (regardless of the inserted values) by clicking on the disabled button on the input dialog.

2.5.3.6 Permissions

This option can be used to grant or revoke certain permissions from the selected packages. Like others above, permissions must be separated by spaces. If the state is on, the permissions will be revoked, and if the state is off, the permissions will be allowed. The option can be disabled (regardless of the inserted values) by clicking on the disabled button on the input dialog.

2.5.3.7 Backup/Restore

This option can be used to take a backup of the selected apps and its data or restore them. There two options available there: Backup options and backup name.

  • Backup options. Same as the backup options of the backup/restore feature. If not set, the default options will be used.

  • Backup name. Set a custom name for the backup. If the backup name is set, each time a backup is made, it will be given a unique name with backup-name as the suffix. This behaviour will be fixed in a future release. Leave this field empty for regular or “base” backup (also, make sure not to enable backup multiple in the backup options).

If the state is on, the packages will be backed up, and if the state is off, the packages will be restored. The option can be disabled by clicking on the disabled button on the input dialog.

2.5.3.8 Export Blocking Rules

This option allows you to export blocking rules.

Danger.

This option is not yet implemented.

2.5.3.9 Disable

Enables/disables the selected packages depending on the state. If the state is on, the packages will be disabled, and if the state is off, the packages will be enabled.

2.5.3.10 Force-stop

Allows the selected packages to be force-stopped.

2.5.3.11 Clear Cache

Enables clearing cache for the selected packages.

2.5.3.12 Clear Data

Enables clearing data for the selected packages.

2.5.3.13 Block Trackers

Enables blocking/unblocking of the tracker components from the selected packages depending on the state. If the state is on, the trackers will be blocked, and if the state is off, the trackers will be unblocked.

2.5.3.14 Save APK

Enables saving APK files at AppManager/apks for the selected packages.

2.6 Settings Page

Settings can be used to customise the behaviour of the app.

2.6.1 Language

Configure in-app language. App Manager currently supports 19 (nineteen) languages.

2.6.2 App Theme

Configure in-app theme.

2.6.3 Screen Lock

Lock App Manager using Android screen lock provided a screen lock is configured.

2.6.4 Mode of Operation

You can select one of the four options:

  • Auto. Let AM decide the suitable option for you. Although this is the default option, it may cause problems in some devices.

  • Root. Select root mode. By default, AM requests root permission if root is detected but hasn’t been granted. If this option is selected, AM will run in root mode even if root is unavailable or denied. This may cause crashes or freezing issues, therefore, shouldn’t be enabled if root is unavailable.

  • ADB over TCP. Enable ADB over TCP mode. AM may hang indefinitely if ADB over TCP is not enabled.

  • No-root. AM runs in no-root mode. AM performs better if this is enabled but all the root/ADB features will be disabled.

2.6.5 Enable/Disable Features

Enable or disable certain features in App Manager, such as

  • Interceptor

  • Manifest viewer

  • Scanner

  • Package installer

  • Usage access: With this option turned off, App Manager will never ask for the Usage Access permission.

  • Log viewer

2.6.6 APK Signing

2.6.6.1 Signature Schemes

Select the signature schemes to use. It is recommended that you use at least v1 and v2 signature schemes. Use the Reset to Default button in case you’re confused.

2.6.6.2 Signing Key

Configure custom signing key for signing APK files. Keys from an existing KeyStore can be imported to App Manager, or a new key can be generated.

Notice.

App Manager maintains a KeyStore where the keys used within the app are stored. The password for the keystore will be asked when necessary. Be sure to store the password in a safe place, otherwise the KeyStore cannot be recovered when necessary.

2.6.7 Installer

2.6.7.1 Show users in installer

For root/ADB users, a list of users will be displayed before installing the app. The app will be installed only for the specified user (or all users if selected).

2.6.7.2 Sign APK

Whether to sign the APK files before installing the app. Visit APK signing section to configure signing.

2.6.7.3 Install location

Choose APK install location. This can be one of auto, internal only and prefer external. In newer Android versions, the last option may not always install the app in the external storage.

2.6.7.4 Installer App

Select the installer app, useful for some apps which explicitly checks for their installer. This only works for root/ADB users.

2.6.8 Back up/Restore

Settings related to back up/restore.

2.6.8.1 Compression method

Set which compression method to be used during backups. App Manager supports GZip and BZip2 compression methods, GZip being the default compression method. It doesn’t affect the restore of an existing backup.

2.6.8.2 Backup Options

Customise the back up/restore dialog.

2.6.8.3 Backup apps with Android KeyStore

Allow backup of apps that has entries in the Android KeyStore (disabled by default). Some apps (such as Signal) may crash if restored. KeyStore backup also doesn’t work from Android 9 but still kept as many apps having KeyStore can be restored without problem.

2.6.8.4 Encryption

Set an encryption method for the backups. App Manager currently supports OpenPGP (via OpenKeyChain), AES and RSA (hybrid encryption with AES). Like APK signing, The AES and RSA keys are stored in the KeyStore and can be imported from other KeyStores.

2.6.8.5 Backup Volume

Lets you select the storage where the backups will be stored.

Notice.

The backup volume only specifies the storage, not the path. Backups are stored in AppManager folder inside the storage path. This is also where logs and exported APK files are saved.

2.6.9 Rules

2.6.9.1 Instant Component Blocking

By default, blocking rules are not applied unless they are applied explicitly in the App Details page for any package. Upon enabling this option, all (old and new) rules are applied immediately for all apps without explicitly enabling blocking for an app.

Notice.

Enabling this setting may have some unintended consequences. For instance, the rules that are not completely removed will be applied again. So, proceed with caution. This option should be kept disabled if not required for some reasons.

2.6.9.2 Import/Export Blocking Rules

It is possible to import or export blocking rules within App Manager for all apps. There is a choice to export or import only certain rules (components, app ops or permissions) instead of all of them. It is also possible to import blocking rules from Blocker and Watt. If it is necessary to export blocking rules for a single app, use the corresponding App Details page to export rules, or for multiple apps, use batch operations.

2.6.9.2.1 Export

Export blocking rules for all apps configured within App Manager. This may include app components, app ops and permissions based on the options selected in the multi-choice options.

2.6.9.2.2 Import

Import previously exported blocking rules from App Manager. Similar to export, this may include app components, app ops and permissions based on the options selected in the multi-choice options.

2.6.9.2.3 Import Existing Rules

Add components disabled by other apps to App Manager. App Manager only keeps track of component disabled within App Manager. If you use other tools to block app components, you can use this tools to import these disabled components. Clicking on this option triggers a search for disabled components and will list apps with components disabled by user. For safety, all the apps are unselected by default. You can manually select the apps in the list and re-apply the blocking through App Manager.

Caution.

Be careful when using this tool as there can be many false positives. Choose only the apps that you are certain about.

2.6.9.2.4 Import from Watt

Import configuration files from Watt, each file containing rules for a single package and file name being the name of the package with .xml extension.

Tip.

Location of configuration files in Watt: /sdcard/Android/data/com.tuyafeng.watt/files/ifw

2.6.9.2.5 Import from Blocker

Import blocking rules from Blocker, each file containing rules for a single package. These files have a .json extension.

2.6.9.3 Remove all rules

One-click option to remove all rules configured within App Manager. This will enable all blocked components, app ops will be set to their default values and permissions will be granted.

2.6.10 Import/Export Keystore

Import or export the KeyStore used by App Manager. This is a Bouncy Castle KeyStore with bks extension. Therefore, other KeyStore such as Java KeyStore (JKS) or PKCS #12 are not supported. If you need to import a key from these KeyStores, use the relevant options outlined above.

2.6.11 About the device

Display Android version, security, CPU, GPU, battery, memory, screen, languages, user info, etc.

2.7 Scanner Page

Scanner page appears after clicking on the scanner button in the App Info tab. External APK files can also be opened for scanning from file managers, web browsers, etc.

It scans for trackers and libraries, and displays the number of trackers and libraries as a summary. It also displays checksums of the APK file as well as the signing certificate(s).

Disclaimer.

AM only scans an app statically without prejudice. The app may provide the options for opting out, or in some cases, certain features of the tracker may not be used at all by the app (e.g. F-Droid), or some apps may simply use them as placeholders to prevent the breaking of certain features (e.g. Fennec F-Droid). The intention of the scanner is to give you an idea about what the APK might contain. It should be taken as an initial step for further investigations.

Clicking on the first item (i.e. number of classes) opens a new page containing a list of tracker classes for the app. All classes can also be viewed by clicking on the Toggle Class Listing menu. A sneak-peek of each class can be viewed by simply clicking on any class item.

Notice.

Due to various limitations, it is not possible to scan all the components of an APK file. This is especially true if an APK is highly obfuscated. The scanner also does not check strings (or website signatures).

The second item lists the number of trackers along with their names. Clicking on the item displays a dialog containing the name of trackers, matched signatures, and the number of classes against each signature. Some tracker names may have 2 prefix which indicates that the trackers are in the ETIP stand-by list i.e. whether they are actual trackers is still being investigated.

The third item lists the number of libraries along with their names. The information are mostly taken from IzzyOnDroid repo.

2.7.1 Missing Signatures

At the bottom of the page, there is a special item denoting the number of missing signatures (i.e. missing classes). The missing signatures are the ones that AM has failed to match against any known libraries. The number itself has no particular meaning as many libraries contain hundreds of classes, but clicking on the item will bring up a dialog containing the signatures which is helpful in inspecting the missing signatures. This feature is only intended for people who know what a missing signature is and what to do with it, average users should just ignore it.

2.8 Interceptor Page

Interceptor can be used to intercept communication between apps using Intent. It works as a man-in-the-middle between the source and the destination apps. It offers a feature-complete user interface for editing Intents.

Info.

Development of interceptor is still in progress. It can only intercept activities for now.

Warning.

Interceptor only works for implicit intents where the app component isn’t specified.

2.8.1 Intent Filters

Intent filters are used by the apps to specify which tasks they are able to perform or which tasks they are going to perform using other apps. For example, when you’re opening a PDF file using a file manager, the file manager will try to find which apps to open the PDF with. To find the right applications, the file manager will create an Intent with filters such as MIME type and ask the system to retrieve the matched applications that is able to open this filter. The system will search through the Manifest of the installed applications to match the filter and list the app components that are able to open this filter (in our case the PDF). At this, either the file manager will open the desired app component itself or use a system provided option to open it. If multiple app components are able to open it and no default is set, you may get a prompt where you have to choose the right app component.

2.8.1.1 Action

Action specifies the generic action to perform such as android.intent.action.VIEW. Applications often declare the relevant actions in the Manifest file to catch the desired Intents. The action is particularly useful for broadcast Intent where it plays a vital rule. In other cases, it works as an initial way to filter out relevant app components. Generic actions such as android.intent.action.VIEW and android.intent.action.SEND are widely used by apps. So, setting this alone may match many app components.

2.8.1.2 Data

Data is originally known as URI (Uniform Resource Identifier) defined in RFC 2396. It can be web links, file location, or a special feature called content. Contents are an Android feature managed by the content providers. Data are often associated with a MIME type.

Examples:

http://search.disroot.org/?q=URI%20in%20Android%20scheme&categories=general&language=en-US
https://developer.android.com/reference/android/net/Uri
file:///sdcard/AppManager.apk
mailto:email@example.com
content://io.github.muntashirakon.AppManager.provider/23485af89b08d87e898a90c7e/AppManager.apk

2.8.1.3 MIME Type

MIME type of the data. For example, if the data field is set to file:///sdcard/AppManager.apk, the associated MIME type can be application/vnd.android.package-archive.

2.8.1.4 Categories

This is similar to action in the sense that it is also used by the system to filter app components. This has no further benefits. Unlike action, there can be more than one category. Clicking on the plus button next to the title allows adding more categories.

2.8.1.5 Flags

Flags are useful in determining how system should behave during the launch or after the launch of an activity. An average user should avoid this as it requires some technical background. The plus button next to the title can be used to add one or more flags.

2.8.1.6 Extras

Extras are the key-value pairs used for supplying additional information to the destination component. You can add extras using the plus button next to the title.

2.8.1.7 URI

Represents the entire Intent as a URI (e.g. intent://…). Some data cannot be converted to string, and as a result, they might not appear here.

2.8.2 Matching Activities

List all the activity components that matches the Intent. This is internally determined by the system (rather than AM). The launch button next to each component can be used to launch them directly from AM.

2.8.3 Reset to Default

Reset the Intent to its initial state. This may not always work as expected.

2.8.4 Send Edited Intent

Resend the edited Intent to the destination app. This may open a list of apps where you have to select the desired app. The result received from the target app will be sent to the source app. As a result the source app will not know if there was a man-in-the-middle.

2.9 Shared Preferences Editor Page

Shared preferences can be edited in this page. Clicking any item on the list opens the edit dialog where the item can be edited. The floating action button on the bottom-right corner can be used to add a new item. To save or delete the file, or to discard current changes, the respective options in the menu can be used.

3 Guides

3.1 ADB over TCP

Many root-only features can still be used by enabling ADB over TCP. To do that, a PC or Mac is required with Android platform-tools installed, and an Android phone with developer options & USB debugging enabled.

Root users.

If superuser permission has been granted to App Manager, it can already execute privileged code without any problem. Therefore, root users don’t need to enable ADB over TCP. If you still want to use ADB over TCP, you must revoke superuser permission for App Manager and restart your device. You may see working on ADB mode message without restarting but this isn’t entirely true. The server (used as an interface between system and App Manager) is still running in root mode. This is a known issue and will be fixed in a future version of App Manager.

3.1.1 Enable developer options

3.1.1.1 Location of developer options

Developer options is located in Android Settings, either directly near the bottom of the page (in most ROMs) or under some other settings such as System (Lineage OS, Asus Zenfone 8.0+), System > Advanced (Google Pixel), Additional Settings (Xiaomi MIUI, Oppo ColorOS), More Settings (Vivo FuntouchOS), More (ZTE Nubia). Unlike other options, it is not visible until explicitly enabled by the user. If developer options is enabled, you can use the search box in Android Settings to locate it as well.

3.1.1.2 How to enable developer options

This option is available within Android Settings as well but like the location of the developer options, it also differs from device to device. But in general, you have to find Build number (or MIUI version for MIUI ROMs and Software version for Vivo FuntouchOS, Version for Oppo ColorOS) and tap it at least 7 (seven) times until you finally get a message saying You are now a developer (you may be prompted to insert pin/password/pattern or solve captchas at this point). In most devices, it is located at the bottom of the settings page, inside About Phone. But the best way to find it is to use the search box.

3.1.2 Enable USB debugging

After locating the developer options, enable Developer option (if not already). After that, scroll down a bit until you will find the option USB debugging. Use the toggle button on the right hand side to enable it. At this point, you may get an alert prompt where you may have to click OK to actually enable it. You may also have to enable some other options depending on device vendor and ROM. Here are some examples:

3.1.2.1 Xiaomi (MIUI)

Enable USB debugging (security settings) as well.

3.1.2.2 Huawei (EMUI)

Enable Allow ADB debugging in charge only mode as well. When connecting to your PC or Mac, you may get a prompt saying Allow access to device data? in which case click YES, ALLOW ACCESS.

Notice.

Often the USB debugging mode could be disabled automatically by the system. If that’s the case, repeat the above procedure.

3.1.2.3 LG

Make sure you have USB tethering enabled.

3.1.2.4 Troubleshooting

In case USB Debugging is greyed out, you can do the following:

  1. Make sure you enabled USB debugging before connecting your phone to the PC or Mac via USB cable

  2. Enable USB tethering after connecting to PC or Mac via USB cable

  3. (For Samsung) If your device is running KNOX, you may have to follow some additional steps. See official documentations or consult support for further assistant

3.1.3 Setup ADB on PC or Mac

In order to enable ADB over TCP, you have to set up ADB in your PC or Mac. Lineage OS users can skip to §3.1.4.1.

3.1.3.1 Windows

  1. Download the latest version of Android SDK Platform-Tools for Windows

  2. Extract the contents of the zip file into any directory (such as C:\adb) and navigate to that directory using Explorer

  3. Open Command Prompt or PowerShell from this directory. You can do it manually from the start menu or by holding Shift and Right clicking within the directory in File Explorer and then clicking either on Open command window here or on Open PowerShell window here (depending on what you have installed). You can now access ADB by typing adb (Command Prompt) or ./adb (PowerShell). Do not close this window yet

3.1.3.2 macOS

  1. Download the latest version of Android SDK Platform-Tools for macOS

  2. Extract the contents of the zip file into a directory by clicking on it. After that, navigate to that directory using Finder and locate adb

  3. Open Terminal using Launchpad or Spotlight and drag-and-drop adb from the Finder window into the Terminal window. Do not close the Terminal window yet

Tip.

If you are not afraid to use command line, here’s a one liner:

cd ~/Downloads && curl -o platform-tools.zip -L \
https://dl.google.com/android/repository/platform-tools-latest-darwin.zip && \
unzip platform-tools.zip && rm platform-tools.zip && cd platform-tools

After that, you can simply type ./adb in the in same Terminal window to access ADB.

3.1.3.3 Linux

  1. Open your favourite terminal emulator. In most GUI-distros, you can open it by holding Control, Alter and T at the same time

  2. Run the following command:

    cd ~/Downloads && curl -o platform-tools.zip -L \
    https://dl.google.com/android/repository/platform-tools-latest-linux.zip && \
    unzip platform-tools.zip && rm platform-tools.zip && cd platform-tools
  3. If it is successful, you can simply type ./adb in the in same terminal emulator window or type ~/Downloads/platform-tools/adb in any terminal emulator to access ADB.

3.1.4 Configure ADB over TCP

3.1.4.1 Lineage OS

Lineage OS (or its derivatives) users can directly enable ADB over TCP using the developer options. To enable that, go to the Developer options, scroll down until you find ADB over Network. Now, use the toggle button on the right-hand side to enable it and skip to §3.1.4.3.

3.1.4.2 Enable ADB over TCP via PC or Mac

For other ROMs, you can do this using the command prompt/PowerShell/terminal emulator that you’ve opened in the step 3 of the previous section. In this section, I will use adb to denote ./adb, adb or any other command that you needed to use based on your platform and software in the previous section.

  1. Connect your device to your PC or Mac using a USB cable. For some devices, it is necessary to turn on File transfer mode (MTP) as well

  2. To confirm that everything is working as expected, type adb devices in your terminal. If your device is connected successfully, you will see something like this:

    List of devices attached
    xxxxxxxx  device

    Notice.

    In some Android phones, an alert prompt will be appeared with a message Allow USB Debugging in which case, check Always allow from this computer and click Allow.

  3. Finally, run the following command to enable ADB over TCP:

    adb tcpip 5555

Danger.

You cannot disable developer options or USB debugging after enabling ADB over TCP.

3.1.4.3 Enable ADB mode on App Manager

After enabling ADB over TCP (in the previous subsections), open App Manager (AM). You should see working on ADB mode toast message at the bottom. If not, remove AM from the recents and open AM again from the launcher.

Notice.

In some Android phones, the USB cable is needed to be disconnected from the PC in order for it to work.

Warning.

ADB over TCP will be disabled after a restart. In that case, you have to follow §3.1.4.2 again.

Lineage OS users.

You can turn off ADB over Network in developer options, but turning off this option will also stop App Manager’s remote server. So, turn it off only when you’re not going to use App Manager in ADB over TCP mode.

3.1.5 References

  1. How to Install ADB on Windows, macOS, and Linux

  2. Android Debug Bridge (adb)

  3. How to fix USB debugging greyed out?

3.2 Back up/Restore

App Manager has a modern, advanced and easy-to-use backup/restore system implemented from the scratch. This is probably the only app that has the ability to restore not only the app or its data but also permissions and rules that you’ve configured within App Manager. You can also choose to back up an app multiple times (with custom names) or for all users.

3.2.1 Location

Back up/restore is a part of batch operations. It is also located inside the options menu in the App Info tab. Clicking on Backup/Restore opens the Backup Options. Backups are located at /storage/emulated/0/AppManager by default. You can configure custom backup location in the settings page in which case the backups will be located at the AppManager folder in the selected volume.

Note.

If one or more selected apps do not have any backup, the Restore and Delete Backup options will not be displayed.

3.2.2 Backup Options

Backup options (internally known as backup flags) let you customise the backups on the fly. However, the customisations will not be remembered for the future backups. If you want to customise this dialog, use Backup Options in the Settings page.

A complete description of the backup options is given below:

  • APK files. Whether to back up the APK files. This includes the base APK file along with the split APK files if they exist.

  • Internal data. Whether to back up the internal data directories. These directories are located at /data/user/<user_id> and (for Android N or later) /data/user_de/<user_id>.

  • External data. Whether to back up data directories located in the internal memory as well as SD Card (if exists). External data directories often contain non-essential app data or media files (instead of using the dedicated media folder) and may increase the backup size. However, it might be essential for some apps. Although it isn’t checked by default (as it might dramatically increase the size of the backups), you may have to check it in order to ensure a smooth restore of your backups.

    Caution.

    Internal data folders should always be backed up if you are going to back up the external data folders. However, it could be useful to back up only the external folders if the app in question downloads a lot of assets from the Internet.

  • OBB and media. Whether to back up or restore the OBB and the media directories located in the external storage or the SD Card. This is useful for games and the graphical software which actually use these folders.

  • Cache. Android apps have multiple cache directories located at every data directories (both internal and external). There are two types of cache: cache and code cache. Enabling this option excludes both cache directories from all the data directories. It is generally advised to exclude cache directories since most apps do not clear the cache regularly (for some reason, the only way an app can clear its cache is by deleting the entire cache directory) and usually handled by the OS itself. Apps such as Telegram may use a very large cache (depending on the storage space) which may dramatically increase the backup size. When it is disabled, AM also ignores the no_backup directories.

  • Extras. Backup/restore app permissions, net policy, battery optimization, SSAID, etc., enabled by default. Note that, blocking rules are applied after applying the extras. So, if an item is present in both places, it will be overwritten (i.e., the one from the blocking rules will be used).

  • Rules. This option lets you back up blocking rules configured within App Manager. This might come in handy if you have customised permissions or block some components using App Manager as they will also be backed up or restored when you enable this option.

  • Backup Multiple. Whether this is a multiple backup. By default, backups are saved using their user ID. Enabling this option allows you to create additional backups. These backups use the current date-time as the default backup name, but you can also specify custom backup name using the input field displayed when you click on the Backup button.

  • Custom users. Backup or restore for the selected users instead of only the current user. This option is only displayed if the system has more than one user.

  • Skip signature checks. When taking a backup, checksum of every file (as well as the signing certificate(s) of the base APK file) is generated and stored in the checksums.txt file. When you restore the backup, the checksums are generated again and are matched with the checksums stored in the said file. Enabling this option will disable the signature checks. This option is applied only when you restore a backup. During backup, the checksums are generated regardless of this option.

    Caution.

    You should always disable this option to ensure that your backups are not modified by any third-party applications. However, this would only work if you enabled encryption.

3.2.3 Backup

Backup respects all the backup options except Skip signature checks. If base backups (i.e., backups that don’t have the Backup Multiple option) already exist, you will get a warning as the backups will be overwritten. If Backup Multiple is set, you have an option to input the backup name, or you can leave it blank to use the current date-time.

3.2.4 Restore

Restore respects all the backup options and will fail if APK files option is set, but the backup doesn’t contain such backups or in other cases, if the app isn’t installed. When restoring backups for multiple packages, you can only restore the base backups (see backup section for an explanation). However, when restoring backups for a single package, you have the option to select which backup to restore. If All users option is set, AM will restore the selected backup for all users in the latter case but in the former case, it will restore base backups for the respective users.

Notice.

Apps that use storage access framework (SAF), SSAID or Android KeyStore works properly only after an immediate restart.

3.2.5 Delete Backup

Delete backup only respects All users option and when it is selected, only the base backups for all users will be deleted with a prompt. When deleting backups for a single package, another dialog will be displayed where you can select the backups to delete.

3.3 Net Policy

Short for Network policy or network policies. It is usually located in the Android settings under Mobile data & Wifi section in the app info page of an app. Not all policies are guaranteed to be included in this page (e.g. Samsung), and not all settings are well-understood due to lack of documentation. App Manager can display all the net policies declared in the NetworkPolicyManager. Policies unknown to App Manager will have a Unknown prefix along with the policy constant name and number in the hexadecimal format. Unknown policies should be reported to App Manager for inclusion.

Net policy allows a user to configure certain networking behaviour of an app without modifying the ip tables directly and/or running a firewall app. However, the features it offers largely depend on Android version and ROM. A list of known net policies are listed below:

  1. None or POLICY_NONE: (AOSP) No specific network policy is set. System can still assign rules depending on the nature of the app.

  2. Reject background data or POLICY_REJECT_METERED_BACKGROUND: (AOSP) Reject network usage on metered networks when the application is in background.

  3. Allow background data when Data Saver is on or POLICY_ALLOW_METERED_BACKGROUND: (AOSP) Allow metered network use in the background even when data saving mode is enabled.

  4. Reject cellular data or POLICY_REJECT_CELLULAR (Android 11+) or POLICY_REJECT_ON_DATA (up to Android 10): (Lineage OS) Reject mobile/cellular data. Signals network unavailable to the configured app as if the mobile data is inactive.

  5. Reject VPN data or POLICY_REJECT_VPN (Android 11+) or POLICY_REJECT_ON_VPN (up to Android 10): (Lineage OS) Reject VPN data. Signals network unavailable to the configured app as if the VPN is inactive.

  6. Reject Wi-Fi data or POLICY_REJECT_WIFI (Android 11+) or POLICY_REJECT_ON_WLAN (up to Android 10): (Lineage OS) Reject Wi-Fi data. Signals network unavailable to the configured app as if the device is not connected to a Wi-Fi network.

  7. Disable network access or POLICY_REJECT_ALL (Android 11+) or POLICY_NETWORK_ISOLATED (up to Android 10): (Lineage OS) Reject network access in all circumstances. This is not the same as enforcing the other three policies above, and is the recommended policy for dodgy apps. If this policy is enforced, there is no need to enforce the other policies.

  8. POLICY_ALLOW_METERED_IN_ROAMING: (Samsung) Possibly allow metered network use during roaming. Exact meaning is currently unknown.

  9. POLICY_ALLOW_WHITELIST_IN_ROAMING: (Samsung) Possibly allow network use during roaming. Exact meaning is currently unknown.

4 Frequently Asked Questions

4.1 App Components

4.1.1 What are the app components?

Activities, services, broadcast receivers (also known as receivers) and content providers (also known as providers) are jointly called app components. More technically, they all inherit the ComponentInfo class.

4.1.2 How are the tracker or other components blocked in AM? What are its limitations?

AM blocks application components (or tracker components) using a method called Intent Firewall (IFW), it is very superior to other methods such as pm (PackageManager), Shizuku or any other method that uses the package manager to enable or disable the components. If a component is disabled by the latter methods, the app itself can detect that the component is being blocked and can re-enable it as it has full access to its own components. (Many deceptive apps actually exploit this in order to keep the tracker components unblocked.) On the other hand, IFW is a true firewall and the app cannot detect if the blocking is present. It also cannot re-enable it by any means. AM uses the term block rather than disable for this reason.

Even IFW has some limitations which are primarily applicable for the system apps:

  • The app in question is whitelisted by the system i.e. the system cannot function properly without these apps and may cause random crashes. These apps include but not limited to Android System, System UI, Phone Services. They will run even if you disable them or block their components via IFW.

  • Another system app or system process is calling a specific component of the app in question via interprocess communication (IPC). In this case, the component will be activated regardless of its presence in the IFW rules or even if the entire app is disabled. If you have such system apps, the only way to prevent them from running is to get rid of them.

4.1.4 Does app components blocked by other tools retained in AM?

No. But components blocked by the Android System or any other tools are displayed in the App Details page (within the component tabs). In v2.5.12 and onwards, you can import these rules in Settings. But since there is no way to distinguish between components blocked by third-party apps and components blocked by the System, you should be very careful when choosing app.

4.1.5 What happened to the components blocked by AM which are also blocked by other tools?

AM blocks the components again using Intent Firewall (IFW). They are not unblocked (if blocked using pm or Shizuku method) and blocked again. But if you unblock a component in the App Details page, it will be reverted back to default state —- blocked or unblocked as described in the corresponding app manifest —- using both IFW and pm method. However, components blocked by MyAndroidTools (MAT) with IFW method will not be unblocked by AM. To solve this issue, you can first import the corresponding configuration to AM in Settings in which case MAT’s configurations will be removed. But this option is only available from v2.5.12.

4.1.6 What is instant component blocking?

When you block a component in the App Details page, the blocking is not applied by default. It is only applied when you apply blocking using the Apply rules option in the top-right menu. If you enable instant component blocking, blocking will be applied as soon as you block a component. If you choose to block tracker components, however, blocking is applied automatically regardless of this setting. You can also remove blocking for an app by simply clicking on Remove rules in the same menu in the App Details page. Since the default behaviour gives you more control over apps, it is better to keep instant component blocking option disabled.

4.1.7 Tracker classes versus tracker components

All app components are classes but not all classes are components. In fact, only a few of the classes are components. That being said, scanner page displays a list of trackers along with the number of classes, not just the components. In all other pages, trackers and tracker components are used synonymously to denote tracker components, i.e. blocking tracker means blocking tracker components, not tracker classes.

Info.

Tracker classes cannot be blocked. They can only be removed by editing the app itself.

4.1.8 How to unblock the tracker components blocked using 1-Click Ops or Batch Ops?

Some apps may misbehave due to their dependency to tracker components blocked by AM. From v2.5.12, there is an option to unblock tracker components in the 1-Click Ops page. However, in previous versions, there is no such options. To unblock these tracker components, first go to the App Details page of the misbehaving app. Then, switching to the Activities tab, click on the Remove rules options in the top-right menu. All the blocking rules related to the components of the app will be removed immediately. Alternatively, if you have found the component that is causing the issue, you can unblock the component by clicking on the unblock button next to the component name. If you have enabled instant component blocking in Settings, disable it first as Remove rules option will not be visible when it is enabled.

If you have Google Play Services (com.google.android.gms) installed, unblocking the following services may fix certain crashes:

  1. Ad Request Broker Service .ads.AdRequestBrokerService

  2. Cache Broker Service .ads.cache.CacheBrokerService

  3. Gservices Value Broker Service .ads.GservicesValueBrokerService

  4. Advertising Id Notification Service .ads.identifier.service.AdvertisingIdNotificationService

  5. Advertising Id Service .ads.identifier.service.AdvertisingIdService

4.2 ADB over TCP

4.2.1 Do I have to enable ADB over TCP everytime I restart?

Unfortunately, yes. However, as of v2.5.13, you don’t need to keep AoT enabled all the time as it now uses a server-client mechanism to interact with the system, but you do have to keep the Developer options as well as USB debugging enabled. To do that, enable ADB over TCP and open App Manager. You should see working on ADB mode toast message in the bottom. If you see it, you can safely stop the server. For Lineage OS or its derivative OS, you can toggle AoT without any PC or Mac by simply toggling the ADB over network option located just below the USB debugging, but the server can’t be stopped for the latter case.

4.2.2 Cannot enable USB debugging. What to do?

See §3.1.2 in Chapter 3.

4.2.3 Can I block tracker or any other application components using ADB over TCP?

Sadly, no. ADB has limited permissions and controlling application components is not one of them.

4.2.4 Which features can be used in ADB mode?

Most of the features supported by ADB mode are enabled by default once ADB support is detected by AM. These include disable, force-stop, clear data, grant/revoke app ops and permissions. You can also install applications without any prompt and view running apps/processes.

4.3 Miscellanea

4.3.1 I don’t use root/ADB. Am I completely safe from any harms?

Yes. AM cannot modify any system settings without root or ADB over TCP.

4.3.2 Why does AM have the INTERNET permission when it doesn’t connect to the Internet?

AM uses the INTERNET permission for the following reasons:

  1. To provide ADB over TCP support for the non-root users. ADB over TCP is a custom network protocol that usually runs on port 5555. Therefore, to connect to this port via localhost, AM needs this permission.

  2. To execute privileged code both on root and ADB mode. AM, being a user app, cannot execute privileged code nor can it access any hidden APIs. Consequently, AM runs a server in the privileged environment using app_process at port 60001 and on the user side, AM connects to this server and execute privileged code remotely from the app. Now, there are alternative ways to communicate with a remote service. Currently, they are under consideration.

4.3.3 How are the trackers and libraries are updated?

Trackers and libraries are updated manually before making a new release.

4.3.4 Any plans for Shizuku?

App Manager’s use of hidden API and privileged code execution is now much more complex and cannot be integrated with other third party apps such as Shizuku. Here are some reasons for not considering Shizuku (which now has Apache 2.0 license) for App Manager:

  1. Shizuku was initially non-free which led me to use a similar approach for App Manager to support both root and ADB

  2. App Manager already supports both ADB and root which in some cases is more capable than Shizuku

  3. Relying on a third-party app for the major functionalities is not a good design choice

  4. Integration of Shizuku will increase the complexity of App Manager.

4.3.5 What are bloatware and how to remove them?

Bloatware are the unnecessary apps supplied by the vendor or OEM and are usually system apps. These apps are often used to track users and collect user data which they might sell for profits. System apps do not need to request any permission in order to access device info, contacts and messaging data, and other usage info such as your phone usage habits and everything you store on your shared storage(s).

The bloatware may also include Google apps (such as Google Play Services, Google Play Store, Gmail, Google, Messages, Dialer, Contacts), Facebook apps (the Facebook app consists of four or five apps), Facebook Messenger, Instagram, Twitter and many other apps which can also track users and/or collect user data without consent given that they all are system apps. You can disable a few permissions from the Android settings but be aware that Android settings hides almost every permission any security specialist would call potentially dangerous.

If the bloatware were user apps, you could easily uninstall them either from Android settings or AM. Uninstalling system apps is not possible without root permission. You can also uninstall system apps using ADB, but it may not work for all apps. AM can uninstall system apps with root or ADB (the latter with certain limitations, of course), but these methods cannot remove the system apps completely as they are located in the system partition which is a read-only partition. If you have root, you can remount this partition to manually purge these apps but this will break Over the Air (OTA) updates since data in the system partition has been modified. There are two kind of updates, delta (small-size, consisting of only the changes between two versions) and full updates. You can still apply full updates, but the bloatware will be installed again, and consequently, you have to delete them all over again. Besides, not all vendors provide full updates.

Another solution is to disable these apps either from Android settings (no-root) or AM, but certain services can still run in the background as they can be started by other system apps using Inter-process Communication (IPC). One possible solution is to disable all bloatware until the service has finally stopped (after a restart). However, due to heavy modifications of the Android frameworks by the vendors, removing or disabling certain bloatware may cause the System UI to crash or even cause bootloop, thus, (soft) bricking your device. You may search the web or consult the fellow users to find out more about how to debloat your device.

From v2.5.19, AM has a new feature called profiles. The profiles page has an option to create new profiles from one of the presets. The presets consist of debloating profiles which can be used as a starting point to monitor, disable, and remove the bloatware from a proprietary Android operating system.

Note.

In most cases, you cannot completely debloat your device. Therefore, it is recommended that you use a custom ROM free from bloatware such as Graphene OS, Lineage OS or their derivatives.

5 Specifications

5.1 Rules Specification

5.1.1 Background

AM currently supports blocking activities, broadcast receivers, content providers, services, app ops and permissions, and in future I may add more blocking options. In order to add more portability, it is necessary to import/export all these data.

Maintaining a database should be the best choice when it comes to storing data. For now, several tsv files with each file having the name of the package and a .tsv extension. The file/database will be queried/processed by the RulesStorageManager class. Due to this abstraction, it should be easier to switch to database or encrypted database systems in future without changing the design of the entire project. Currently, All configuration files are stored at /data/data/io.github.muntashirakon.AppManager/Files/conf.

5.1.2 Rules File Format

5.1.2.1 Internal

The format below is used internally within App Manager and is not compatible with the external format.

    <name> <type> <mode>|<component_status>|<is_granted>

Here:

  • <name> – Component/permission/app op name (in case of app op, it could be string or integer)

  • <type> – One of the ACTIVITY, RECEIVER, PROVIDER, SERVICE, APP_OP, PERMISSION

  • <mode> – (For app ops) The associated mode constant

  • <component_status> – (For components) Component status

    • true – Component has been applied (true value is kept for compatibility)

    • false – Component hasn’t been applied yet, but will be applied in future (false value is kept for compatibility)

    • unblocked – Component is scheduled to be unblocked

  • <is_granted> – (For permissions) Whether the permission is granted or revoked

5.1.2.2 External

External format is used for importing or exporting rules in App Manager.

    <package_name> <component_name> <type> <mode>|<component_status>|<is_granted>

This the format is essentially the same as above except for the first item which is the name of the package.

Caution.

The exported rules have a different format than the internal one and should not be copied directly to the conf folder.

6 Changelogs

6.1 v2.6.0 (385)

6.1.1 Introducing Backups

Back up/restore feature is now finally out of beta! Read the corresponding guide to understand how it works.

6.1.2 Introducing Log Viewer

Log viewer is essentially a front-end for logcat. It can be used to filter logs by tag or pid (process ID), or even by custom filters. Log levels AKA verbosity can also be configured. You can also save, share and manage logs.

6.1.3 Lock App Manager

Lock App Manager with the screen lock configured for your device.

6.1.4 Extended Modes for App Ops

You can set any mode for any app ops that your device supports, either from the 1-click ops page or from the app ops tab.

6.1.5 New Batch Ops: Add to Profile

You can now easily add selected apps to an existing profile using the batch operations.

6.1.6 App Info: Improved

App info tab now has many options, including the ability to change SSAID, network policy (i.e. background network usage), battery optimization, etc. Most of the tags used in this tab are also clickable, and if you click on them, you will be able to look at the current state or configure them right away.

6.1.7 Advanced Sort and Filtering Options in the Main Page

Sort and filter options are now replaced by List Options which is highly configurable, including the ability to filter using profiles.

6.1.8 About This Device

Interested in knowing about your device in just one page? Go to the bottom of the settings page.

6.1.9 Enable/disable Features

Not interested in all the features that AM offers? You can disable some features in settings.

6.1.10 New Languages

AM now has more than 19 languages! New languages include Farsi, Japanese and Traditional Chinese.

6.1.11 Signing the APK Files

You can now import external signing keys in AM! For security, App Manager has its own encrypted KeyStore which can also be imported or exported.

6.1.12 New Extension: UnAPKM

Since APKMirror has removed encryption from their APKM files, it’s no longer necessary to decrypt them. As a result, the option to decrypt APKM files has been removed. Instead, this option is now provided by the UnAPKM extension which you can grab from F-Droid. So, if you have an encrypted APKM file and have this extension installed, you can open the file directly in AM.

6.2 v2.5.20 (375)

6.2.1 Introducing Profiles

Profiles finally closes the related issue. Profiles can be used to execute certain tasks repeatedly without doing everything manually. A profile can be applied (or invoked) either from the Profiles page or from the home screen by creating shortcuts. There are also some presets which consist of debloating profiles taken from Universal Android Debloater.

6.2.1.0.1 Known limitations
  • Exporting rules and applying permissions are not currently working.

  • Profiles are applied for all users.

6.2.2 The Interceptor

Intent Intercept works as a man-in-the-middle between source and destination, that is, when you open a file or URL with another app, you can see what is being shared by opening it with Interceptor first. You can also add or modify the intents before sending them to the destination. Additionally, you can double-click on any exportable activities in the Activities tab in the App Details page to open them in the Interceptor to add more configurations.

6.2.2.0.1 Known limitation

Editing extras is not currently possible.

6.2.3 UnAPKM: DeDRM the APKM files

When I released a small tool called UnAPKM, I promised that similar feature will be available in App Manager. I am proud to announce that you can open APKM files directly in the App Info page or convert them to APKS or install them directly.

6.2.4 Multiple user

App manager now supports multiple users! For now, this requires root or ADB. But no-root support is also being considered. If you have multiple users enabled and click on an app installed in multiple profiles, an alert prompt will be displayed where you can select the user.

6.2.5 Vive la France!

Thanks to the contributors, we have one more addition to the language club: French. You can add more languages or improve existing translations at Weblate.

6.2.6 Report crashes

If App Manager crashes, you can now easily report the crash from the notifications which opens the share options. Crashes are not reported by App Manager, it only redirects you to your favourite Email client.

6.2.7 Android 11

Added support for Android 11. Not everything may work as expected though.

6.2.8 App Installer Improvements

6.2.8.1 Set installation locations

In settings page, you can set install locations such as auto (default), internal only and prefer external.

6.2.8.2 Set APK installer

In settings page, you can also set default APK installer (root/ADB only) instead of App Manager.

6.2.8.3 Multiple users

In settings page, you can allow App Manager to display multiple users during APK installation.

6.2.8.4 Signing APK files

In settings page, you can choose to sign APK files before installing them. You can also select which signature scheme to use in the APK signing option in settings.

6.2.8.4.1 Known limitation

Currently, only a generic key is used to sign APK files

6.3 v2.5.17 (368)

6.3.1 App Installer

As promised, it is now possible to select splits. AM also provides recommendations based on device configurations. If the app is already installed, recommendations are provided based on the installed app. It is also possible to downgrade to a lower version without data loss if the device has root or ADB. But it should be noted that not all app can be downgraded. Installer is also improved to speed up the installation process, especially, for root users. If the app has already been installed and the new (x)apk(s) is newer or older or the same version with a different signature, AM will display a list of changes similar to What’s New before prompting the user to install the app. This is useful if the app has introduced tracker components, new permissions, etc.

6.3.1.0.1 Known Limitations
  • Large app can take a long time to fetch app info and therefore it may take a long time display the installation prompt.

  • If the apk is not located in the internal storage, the app has to be cached first which might also take a long time depending on the size of the apk.

6.3.2 Scanner: Replacement for Exodus Page

Exodus page is now replaced with scanner page. Scanner page contains not only a list of trackers but also a list of used libraries. This is just a start. In the future, this page will contain more in depth analysis of the app.

6.3.3 Introducing System Config

System Config lists various system configurations and whitelists/blacklists included in Android by either OEM/vendor, AOSP or even some Magisk modules. Root users can access this option from the overflow menu in the main page. There isn’t any official documentation for these options therefore it’s difficult to write a complete documentation for this page. I will gradually add documentations using my own knowledge. However, some functions should be understandable by their name.

6.3.4 More Languages

Thanks to the contributors, AM now has more than 12 languages. New languages include Bengali, Hindi, Norwegian, Polish, Russian, Simplified Chinese, Turkish and Ukrainian.

6.3.5 App Info Tab

More tags are added in the app info tab such as KeyStore (apps with KeyStore items), Systemless app (apps installed via Magisk), Running (apps that are running). For external apk, two more options are added namely Reinstall and Downgrade. Now it is possible to share an apk via Bluetooth. For system apps, it is possible to uninstall updates for root/ADB users. But like the similar option in the system settings, this operation will clear all app data. As stated above, exodus has been replaced with scanner.

6.3.7 Running Apps Page

It is now possible to sort and filter processes in this tab. Also, the three big buttons are replaced with an easy-to-use three dot menu. Previously the memory usage was wrong which is fixed in this version.

6.3.8 Built-in Toybox

Toybox (an alternative to busybox) is bundled with AM. Although Android has this utility built-in from API 23, toybox is bundled in order to prevent buggy implementations and to support API < 23.

6.3.9 Component Blocker Improvements

Component blocker seemed to be problematic in the previous version, especially when global component blocking is enabled. The issues are mostly fixed now.

Caution.

The component blocking mechanism is no longer compatible with v2.5.6 due to various security issues. If you have this version, upgrade to v2.5.13 or earlier versions first. After that, enable global component blocking and disable it again.

6.3.10 Improvements in the App Details Page

Value of various app ops depend on their parent app ops. Therefore, when you allow/deny an app op, the parent of the app op gets modified. This fixes the issues some users have been complaining regarding some app ops that couldn’t be changed.

If an app has the target API 23 or less, its permissions cannot be modified using the pm grant … command. Therefore, for such apps, option to toggle permission has been disabled.

The signature tab is improved to support localization. It also displays multiple checksums for a signature.

6.3.11 App Manifest

Manifest no longer crashes if the size of the manifest is too long. Generated manifest are now more accurate than before.

6.4 v2.5.13 (348)

6.4.1 Bundled App (Split APK)

Bundled app formats such as apks and xapk are now supported. You can install these apps using the regular installation buttons. For root and adb users, apps are installed using shell, and for non-root users, the platform default method is used.

6.4.1.0.1 Known Limitations
  • Currently all splits apks are installed. But this behaviour is going to change in the next release. If you only need a few splits instead of all, extract the APKS or XAPK file, and then, create a new zip file with your desired split apks and replace the ZIP extension with APKS. Now, open it with AM.

  • There is no progress dialog to display the installation progress.

6.4.2 Direct Install Support

You can now install APK, APKS or XAPK directly from your favourite browser or file manager. For apps that need updates, a What’s New dialog is displayed showing the changes in the new version.

6.4.2.0.1 Known Limitations
  • Downgrade is not yet possible.

  • There is no progress dialog to display the installation progress. If you cannot interact with the current page, wait until the installation is finished.

6.4.3 Remove All Blocking Rules

In the Settings page, a new option is added which can be used to remove all blocking rules configured within App Manager.

6.4.4 App Ops

  • App Ops are now generated using a technique similar to AppOpsX. This should decrease the loading time significantly in the App Ops tab.

  • In the App Ops tab, a menu item is added which can be used to list only active app ops without including the default app ops. The preference is saved in the shared preferences.

6.4.4.0.1 Known Limitation

Often the App Ops tab may not be responsive. If that’s the case, restart App Manager.

6.4.5 Enhanced ADB Support

ADB shell commands are now executed using a technique similar to AppOpsX (This is the free alternative of AppOps by Rikka.). This should dramatically increase the execution time.

6.4.5.0.1 Known Limitation

AM can often crash or become not responsive. If that’s the case, restart App Manager.

6.4.6 Filtering in Main Page

Add an option to filter apps that has at least one activity.

6.4.7 Apk Backup/Sharing

Apk files are now saved as app name_version.extension instead of package.name.extension.

6.4.8 Batch Ops

  • Added a foreground service to run batch operations. The result of the operation is displayed in a notification. If an operation has failed for some packages, clicking on the notification will open a dialog box listing the failed packages. There is also a Try Again button on the bottom which can be used to perform the operation again for the failed packages.

  • Replaced Linux kill with force-stop.

6.4.9 Translations

Added German and Portuguese (Brazilian) translations.

6.4.9.0.1 Known Limitation

Not all translations are verified yet.

6.4.10 App Data Backup

Install app only for the current user at the time of restoring backups. Support for split apks is also added.

Data backup feature is now considered unstable. If you encounter any problem, please report to me without hesitation.

7 App Ops

7.1 Background

App Ops (short hand for Application Operations) are used by Android system (since Android 4.3) to control application permissions. The user can control some permissions, but only the permissions that are considered dangerous (and Google thinks knowing your phone number isn’t a dangerous thing). So, app ops seems to be the one we need if we want to install apps like Facebook and it’s Messenger (the latter literary records everything if you live outside the EU) and still want some privacy and/or security. Although certain features of app ops were available in Settings and later in hidden settings in older version of Android, it’s completely hidden in newer versions of Android and is continued to be kept hidden. Now, any app with android.Manifest.permission.GET_APP_OPS_STATS permission can get the app ops information for other applications but this permission is hidden from users and can only be enabled using ADB or root. Still, the app with this permission cannot grant or revoke permissions (actually mode of operation) for apps other than itself (with limited capacity, of course). To modify the ops of other app, the app needs android.Manifest.permission.UPDATE_APP_OPS_STATS permissions which isn’t accessible via pm command. So, you cannot grant it via root or ADB, the permission is only granted to the system apps. There are very few apps who support disabling permissions via app ops. The best one to my knowledge is AppOpsX. The main (visible) difference between my app (AppManager) and this app is that the latter also provides you the ability to revoke internet permissions (by writing ip tables). One crucial problem that I faced during the development of the app ops API is the lack of documentation in English language.

7.2 Introduction to App Ops

Figure 1 describes the process of changing and processing permission. AppOpsManager can be used to manage permissions in Settings app. AppOpsManager is also useful in determining if a certain permission (or operation) is granted to the application. Most of the methods of AppOpsManager are accessible to the user app but unlike a system app, it can only be used to check permissions for any app or for the app itself and start or terminating certain operations. Moreover, not all operations are actually accessible from this Java class. AppOpsManager holds all the necessary constants such as OP_*, OPSTR_*, MODE_* which describes operation code, operation string and mode of operations respectively. It also holds necessary data structures such as PackageOps and OpEntry. PackageOps holds OpEntry for a package, and OpEntry, as the name suggests, describes each operation.

AppOpService is completely hidden from a user application but accessible to the system applications. As it can be seen in Figure 1, this is the class that does the actual management stuff. It contains data structures such as Ops to store basic package info and Op which is similar to OpEntry of AppOpsManager. It also has Shell which is actually the source code of the appops command line tool. It writes configurations to or read configurations from /data/system/appops.xml. System services calls AppOpsService to find out what an application is allowed and what is not allowed to perform, and AppOpsService determines these permissions by parsing /data/system/appops.xml. If no custom values are present in appops.xml, it returns the default mode available in AppOpsManager.

7.3 AppOpsManager

AppOpsManager stands for application operations manager. It consists of various constants and classes to modify app operations.

7.3.1 OP_* Constants

OP_* are the integer constants starting from 0. OP_NONE implies that no operations are specified whereas _NUM_OP denotes the number of operations defined in OP_* prefix. While they denote each operation, the operations are not necessarily unique. In fact, there are many operations that are actually a single operation denoted by multiple OP_* constant (possibly for future use). Vendors may define their own op based on their requirements. MIUI is one of the vendors who are known to do that.

public static final int OP_NONE = -1;
public static final int OP_COARSE_LOCATION = 0;
public static final int OP_FINE_LOCATION = 1;
public static final int OP_GPS = 2;
public static final int OP_VIBRATE = 3;
...
public static final int OP_READ_DEVICE_IDENTIFIERS = 89;
public static final int OP_ACCESS_MEDIA_LOCATION = 90;
public static final int OP_ACTIVATE_PLATFORM_VPN = 91;
public static final int _NUM_OP = 92;

Whether an operation is unique is defined by sOpToSwitch. It maps each operation to another operation or to itself (if it’s a unique operation). For instance, OP_FINE_LOCATION and OP_GPS are mapped to OP_COARSE_LOCATION.

Each operation has a private name which are described by sOpNames. These names are usually the same names as the constants without the OP_ prefix. Some operations have public names as well which are described by sOpToString. For instance, OP_COARSE_LOCATION has the public name android:coarse_location.

As a gradual process of moving permissions to app ops, there are already many permissions that are defined under some operations. These permissions are mapped in sOpPerms. For example, the permission android.Manifest.permission.ACCESS_COARSE_LOCATION is mapped to OP_COARSE_LOCATION. Some operations may not have any associated permissions which have null values.

As described in the previous section, operations that are configured for an app are stored at /data/system/appops.xml. If an operation is not configured, then whether system will allow that operation is determined from sOpDefaultMode. It lists the default mode for each operation.

7.3.2 MODE_* Constants

MODE_* constants also integer constants starting from 0. These constants are assigned to each operation describing whether an app is authorised to perform that operation. These modes usually have associated names such as allow for MODE_ALLOWED, ignore for MODE_IGNORED, deny for MODE_ERRORED (a rather misnomer), default for MODE_DEFAULT and foreground for MODE_FOREGROUND.

  1. MODE_ALLOWED. The app is allowed to perform the given operation

  2. MODE_IGNORED. The app is not allowed to perform the given operation, and any attempt to perform the operation should silently fail, i.e. it should not cause the app to crash

  3. MODE_ERRORED. The app is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException

  4. MODE_DEFAULT. The app should use its default security check, specified in AppOpsManager

  5. MODE_FOREGROUND. Special mode that means “allow only when app is in foreground.” This mode was added in Android 10

  6. MODE_ASK. This is a custom mode used by MIUI whose uses are unknown.

7.3.3 PackageOps

AppOpsManager.PackageOps is a data structure to store all the OpEntry for a package. In simple terms, it stores all the customised operations for a package.

public static class PackageOps implements Parcelable {
    private final String mPackageName;
    private final int mUid;
    private final List<OpEntry> mEntries;
    ...
}

As can be seen in Listing 2, it stores all OpEntry for a package as well as the corresponding package name and its kernel user ID.

7.3.4 OpEntry

AppOpsManager.OpEntry is a data structure that stores a single operation for any package.

public static final class OpEntry implements Parcelable {
    private final int mOp;
    private final boolean mRunning;
    private final @Mode int mMode;
    private final @Nullable LongSparseLongArray mAccessTimes;
    private final @Nullable LongSparseLongArray mRejectTimes;
    private final @Nullable LongSparseLongArray mDurations;
    private final @Nullable LongSparseLongArray mProxyUids;
    private final @Nullable LongSparseArray<String> mProxyPackageNames;
    ...
}

Here:

  • mOp: Denotes one of the OP_* constants

  • mRunning: Whether the operation is in progress (i.e. the operation has started but not finished yet). Not all operations can be started or finished this way

  • mMOde: One of the MODE_* constants

  • mAccessTimes: Stores all the available access times

  • mRejectTimes: Stores all the available reject times

  • mDurations: All available access durations, checking this with mRunning will tell you for how long the app is performing a certain app operation

  • mProxyUids: No documentation found

  • mProxyPackageNames: No documentation found

7.3.5 Usage

TODO

7.4 AppOpsService

TODO

7.5 appops.xml

Latest appops.xml has the following format: (This DTD is made by me and by no means perfect, has compatibility issues.)

<!DOCTYPE app-ops [

<!ELEMENT app-ops (uid|pkg)*>
<!ATTLIST app-ops v CDATA #IMPLIED>

<!ELEMENT uid (op)*>
<!ATTLIST uid n CDATA #REQUIRED>

<!ELEMENT pkg (uid)*>
<!ATTLIST pkg n CDATA #REQUIRED>

<!ELEMENT uid (op)*>
<!ATTLIST uid
n CDATA #REQUIRED
p CDATA #IMPLIED>

<!ELEMENT op (st)*>
<!ATTLIST op
n CDATA #REQUIRED
m CDATA #REQUIRED>

<!ELEMENT st EMPTY>
<!ATTLIST st
n CDATA #REQUIRED
t CDATA #IMPLIED
r CDATA #IMPLIED
d CDATA #IMPLIED
pp CDATA #IMPLIED
pu CDATA #IMPLIED>

]>

The instruction below follows the exact order given above:

This definition can be found at AppOpsService.

7.6 Command Line Interface

appops or cmd appops (on latest versions) can be accessible via ADB or root. This is an easier method to get or update any operation for a package (provided the package name is known). The help page of this command is self-explanatory:

AppOps service (appops) commands:
help
Print this help text.
start [--user <USER_ID>] <PACKAGE | UID> <OP>
Starts a given operation for a particular application.
stop [--user <USER_ID>] <PACKAGE | UID> <OP>
Stops a given operation for a particular application.
set [--user <USER_ID>] <[--uid] PACKAGE | UID> <OP> <MODE>
Set the mode for a particular application and operation.
get [--user <USER_ID>] <PACKAGE | UID> [<OP>]
Return the mode for a particular application and optional operation.
query-op [--user <USER_ID>] <OP> [<MODE>]
Print all packages that currently have the given op in the given mode.
reset [--user <USER_ID>] [<PACKAGE>]
Reset the given application or all applications to default modes.
write-settings
Immediately write pending changes to storage.
read-settings
Read the last written settings, replacing current state in RAM.
options:
<PACKAGE> an Android package name or its UID if prefixed by --uid
<OP>      an AppOps operation.
<MODE>    one of allow, ignore, deny, or default
<USER_ID> the user id under which the package is installed. If --user is not
specified, the current user is assumed.

  1. For distributing normal releases only↩︎

  2. GitHub 的 PR 將使用 git patch 進行手動合併, 因此, GitHub 可能會錯誤地將它們標記為closed而不是merged.↩︎

  3. 你也可以稱呼我為”Muntashir Akon”↩︎