docs/raw/zh-rTW/index.html
App Manager
用戶手冊
v4.0.5
27 7月 2025
Copyright © 2020–2025 Muntashir Al-Islam
明智而緩慢。他們跌跌撞撞地跑得很快。 —勞倫斯修士,羅密歐與朱麗葉
App Manager 是一個提供大量功能的高級的 Android 軟件包管理器,因此,需要用戶手冊來幫助用戶正確使用。本文作為 App Manager 的用戶手冊,旨在描述 App Manager 所提供的每一個功能。 本文也可以被認為是 App Manager 的 “官方” 指南,並指明 App Manager 的預期行為。翻譯可能有誤 (原文為英文)。因此,每個有能力的用戶應該閱讀該文件的英文版本,以獲得最佳的體驗。 此外還可能有其他非官方的或第三方的資源,如博客文章、視頻、聊天群組等。雖然這些資源可能對許多人有用,但它們可能不是針對最新版本。 如果在App Manager中發現任何偏離本文檔的情況,應在 App Manager 問題追蹤內反映。
AM — App Manager
Block/Unblock — Used for component blocking or unblocking. How components are blocked depends on the user preferences.
IFW — Intent Firewall (意圖防火墻)
Ops — operations (操作), e.g. app ops, batch ops, 1-click ops
SSAID — Settings.Secure.ANDROID_ID - 分配給每個應用的設備標識符 (Android Oreo及以上版本),由應用簽名與包android的SSAID組合生成的。因此,除非用戶選擇格式化設備,否則它保證對每個應用來說都是獨一無二的。它被廣泛用於跟蹤用戶。
Tracker — Denotes tracker components throughout the document and in App Manager except in the scanner page. Trackers include libraries such as crash reporters, analytics, profiling, identification, ad, location, etc. Thus, they are not equal in functions. There is no distinction or bias between open source and closed source libraries that promote tracking.
當前,支持的版本是v2.6.0(穩定版),v3.0.0(alpha和debug版)。先前版本的 App Manager 可能包含安全漏洞,不應繼續使用。
App Manager 通過以下渠道發布。 非官方來源可能分發 App Manager 的修改版本,後果自負。
F-Droid 1
Link: https://f-droid.org/packages/io.github.muntashirakon.AppManager
GitHub repository.
Normal releases: https://github.com/MuntashirAkon/AppManager/releases
Debug releases: https://github.com/MuntashirAkon/AppManager/actions
Telegram.
Normal releases: https://t.me/AppManagerChannel
Debug releases: https://t.me/AppManagerDebug
除了GitHub外其他都是鏡像鏈接。tags 應當始終是最新的,但 master 分支不保證是 最新的。如果計劃 clone master 分支,請使用 GitHub 鏈接而不是其他鏈接。
sourcehut: https://git.sr.ht/~muntashir/AppManager
App Manager 不接受直接通過PR/MR進行的翻譯。翻譯僅通過 Weblate 進行自動化管理。 要加入翻譯團隊,請訪問 https://hosted.weblate.org/engage/app-manager/。
用戶可有通過多種方式做出貢獻,如創建有用 issues 、參加討論、 改進文檔和翻譯,添加未被認可的庫或跟蹤器, 審查源代碼以及報告安全漏洞。
在位於源碼根目錄下的BUILDING文件中可以獲得編譯指導。
除GitHub之外的倉庫目前被視為鏡像,在這些網站提交的 PR/MR 將不被接受. 2 相反,patches (.patch 文件) 可以通過電子郵件附件提交。請務必對Commits簽名(Signing-off) 更多信息請參見位於源碼根目錄下的CONTRIBUTING文件.
注意.
在通過電子郵件提交補丁是,整個郵件對話在將來可能會被公開訪問. 所以,請不要除了您的姓名和電子郵件地址之外,不要包含任何個人身份信息(PII).
捐贈或購買並不是使用App Manager的必要條件. 雖然 App Manager 不支持任何任何內購, 但可以通過 Open Source Collective 向 App Manager 的所有者發送捐贈.
Open Source Collective 是 Open Collective 平台上的一個財政托管機構,以幫助開源項目管理他們的財務狀況。 目前,它支持通過銀行賬戶、PayPal、信用卡或借記卡和加密貨幣發起捐贈.
Link: https://opencollective.com/muntashir.
通過發送捐款,發送者同意他們不應使用捐款作為籌碼來使作者優先考慮其所請求的功能. 請求新功能不需要任何捐贈,且它們的優先級是按作者傾向排序.
App Manager 接受任何資助的提議 有興趣的組織的代表可以通過以下方式直接聯系聯系所有者: §1.6.
In addition, the maintainers and contributors of this project DO NOT consent to the creation, sale, or promotion of tokens, cryptocurrencies, NFTs, or any other financial instruments that claim to represent this project, its code, or its community. Any such attempts are unauthorized and not affiliated with this project in any way.
Muntashir Al-Islam3
郵箱: muntashirakon [at] riseup [dot] net
Key Fingerprint: 7bad37c2981e41f8f6abea7f58f0b4f26c346fce
GitHub: https://github.com/MuntashirAkon
Twitter: https://twitter.com/Muntashir
主頁面列出所有已安裝、已卸載和已備份的應用。 單獨點擊任何已安裝的應用項目可打開相應的 應用詳情頁。 對於未安裝的系統應用,它會顯示一個 對話框提示,可以用來重新安裝該應用。 使用列表選項中的 排序 ,可以選擇應用列表的排序方式,退出應用後仍會保留排序方式。 使用列表選項中的 過濾,可以過濾列表選項。 篩選也可以通過搜索欄進行過濾,並支持正則表達式。 Figure 1: 主頁面中的一個應用程序列表項
批處理也可以在這個頁面內進行。 多選模式可以由點擊任何應用圖標或長按列表中的任何一項進入。 進入後,僅需單擊列表中的任何一項便可選中,而不是打開應用程序詳情頁。 該模式下,批處理操作位於位於頁面底部的多選菜單,包括包括:
將選中應用添加到 配置
備份、恢覆或刪除應用程序
阻止應用中的追蹤器
清除應用數據或緩存
啟用/停用/強制停止/卸載應用程序
導出屏蔽規則
阻止應用的後台操作 (Android 7 及更高版本)
導出APK文件到 AppManager/apks
設置聯網規則
無障礙.
進入多選模式後,鍵盤或遙控器的左右鍵呼出多選菜單。
淺灰橙(日間模式下) / 深藍(夜間模式下) – 多選模式下被選中的應用
淺紅(日間模式下) / 深紅 (夜間模式下) – 停用的應用
黃色星標 – 可調試的應用
橙色 日期 – 應用可讀取日志
橙色 UID – 用戶 ID 在應用間被共享
橙色 SDK – 使用明文網絡通信(如 HTTP)
紅色 包名 – 應用禁止清除數據
紅色_備份標識_ – 已卸載的應用存在一個或多個備份
橙色_備份標識_ – 備份過期, 如基本備份中包含已安裝的應用的舊版本
深藍綠色 備份標識 – 備份在期, 如基本備份中包含已安裝應用的相同或更高版本
深藍綠色 包名 – 已強行停止運行的應用
深藍綠色 版本 – 不活躍的應用
紫紅 – 常駐應用(一直運行的應用)
一個應用程序可以是 用戶 或 系統 應用,同時存在以下後綴:
X – 支持多種架構
0 – 不含dex文件
° – 已暫停應用
# – 應用程序請求系統分配一個大堆,即 大運行時內存
? – 應用程序請求虛擬機處於安全模式。
版本名稱有以下前綴:
_ – 沒有硬件加速(減慢應用中的過渡動畫)
~ – 僅測試模式
debug – 可調試應用
選項菜單提供了幾個選項,可用以對列出的應用程序進行排序和過濾, 以及轉到 App Manager 內或外的不同頁面。
列表選項 包含了對主頁面中的列表進行排序和過濾的選項。
主頁面中列出的應用程序可以按照以下方式進行排序:
用戶應用優先 用戶應用將優先展示
應用標簽 根據應用標簽(也稱為 應用程序名稱)升序排序。(默認選項)
包名 根據包名升序排序
最後更新 根據更新時間降序排序
共享 user ID 根據共享 user ID升序排序
目標 SDK 根據目標SDK升序排序
簽名 根據簽名信息升序排序
已停用優先 已停用將優先展示
已阻止優先 根據已阻止的應用組件數目降序排序
已備份優先 已備份將優先展示
追蹤器 根據追蹤器數目降序排序S
最後操作 根據被App Manager操作的應用時間降序排序
此外,還有 反轉 選項,可以用來對列表進行反向排序。 無論怎樣排序偏好,應用程序都是先按字母順序排序,以防止產生任何隨機排序結果.
主頁面中列出的應用可以通過以下方式進行過濾:
用戶 僅用戶應用
系統 僅系統應用
停用 僅停用應用
被阻止 僅被阻止組件的應用
可打開 僅至少有一個Aactivity的應用
有備份 僅有備份的應用
無備份 僅沒有備份的應用
運行中 僅正在運行的應用
有分包 僅有分包(多Apk)應用
已安裝 僅已安裝應用
已卸載 僅已卸載應用
與排序不同,它可以同時應用多個過濾選項, 如,停用的用戶應用可以通過選擇 _用戶_和 _停用_列出,這對批處理特別有用,在這種情況下過濾用戶應用可能是必要的,以便安全地進行某些操作。 Unlike sorting, it is possible to apply more than one filtering options at the same time. For example, the disabled user applications can be listed by selecting both User apps and Disabled apps. This can be particularly useful for batch operations where filtering the user applications may be necessary to carry out certain operations safely.
也可以列出僅存在於 profile 中的應用程序。這個可以 對於在配置文件上執行某些操作(例如,卸載配置文件中的所有應用程序)很有用 不能通過 Profiles page 完成。
點擊 指南 打開離線版的App Manager用戶手冊. 它也可能打開在線版本如果如果相應的功能拆分feat_docs未安裝, 或系統 WebView不存在.
1-Click Ops 代表單擊操作。它打開 corresponding page 在新活動中。
應用程序使用統計,例如 屏幕時間、數據使用量(移動和 Wi-Fi)、 單擊菜單中的 App Usage 選項可以訪問打開應用程序的次數。但是,它需要 使用權限 權限。如果使用訪問功能被禁用,則不會列出此菜單項 設置。
此菜單項打開一個新頁面,其中顯示正在運行的應用程序或進程的列表。它還顯示 當前內存和緩存(如果可用)使用情況。如果 App Manager 無法使用 root 或 ADB,它只會顯示自己 在最新版本的 Android 中。正在運行的應用程序或進程也可以在 結果頁面。每個進程 ID (PID) 的日誌也可以在 log viewer 中查看。 此外,還可以通過單擊圖標或長按 物品。正常單擊任何項目會打開一個對話框,其中顯示更詳細的信息。
此菜單項打開 profiles page。配置文件是一種配置經常使用的方法 任務。它們也可以通過快捷方式調用。
若系統中已安裝APK Updater ,則可通過此菜單項直接打開. 若系統中不存在該應用,則該選項將被隱藏.
如果系統中已安裝Termux ,則可直接從此菜單項運行會話(或 新會話). 如果應用不存在,則此選項將被隱藏.
This menu item opens the debloater page that lists all the bloatware available in the device and in App Manager. It also suggests alternative applications based on the criteria set by the Android Debloat List project.
This menu item opens the labs page that lists all the additional features. They include Log Viewer, System Config, Terminal, File Manager (as Files), UI Tracker, Interceptor, and Code Editor pages.
此菜單項將打開本應用的 設置.
應用詳情 頁面由 11 個標簽頁組成。它描述了一個應用程序所能有的幾乎所有信息, 包括其清單中的所有屬性、應用操作、簽名 信息、庫等等。
本頁中使用的顏色列表及它們的含義:
正紅 (日間) / 深紅 (夜間) – 危險權限或, 被阻止的組件(使用App Manager操作)
亮紅 (日間) / 緋紅 (夜間) – 被阻止的組件(其他應用操作)
鮮橙 (日間) / 深橙 (夜間) – 追蹤器組件
亮紫 (日間) / 深紫 (夜間) – 正在運行的組件
應用信息 選項卡包含關於一個應用程序的基本信息, 許多操作可以在此標簽中執行.
以下的列表與“應用信息”選項卡中列出的順序相同.
應用圖標 : 應用圖標,若應用沒有圖標,則顯示系統默認圖標. 可以點擊圖標,進行與剪貼板中的 SHA 或 MD5 進行 APK 簽名驗證.
應用標簽 : 應用程序名.
包名 : 應用程序包名,點擊覆制.
版本 : 版本分為兩部分: 第一部分稱 版本名(Version Name). 格式各不相同,但常由多個以點分隔的整數組成. 第二部分稱 版本號. 其被第一個括號括起來. 版本代碼是一個整數,用於 區分應用程序版本 (因為機器無法讀取版本名). 簡言之, 新版本的應用程序具有比舊版本更高的版本代碼. 如,如果 123 和 125 是一個應用程序的兩個版本代碼,我們可以說後者比前者更新(後者的版本代碼更高). 在不同平台(移動、平板、桌面等)或架構(32/64 位、ARM 或 Intel)上為同一版本提供不同 APK 文件的應用程序,版本號可能會產生誤導,因為它們通常會為每個平台添加前綴 .
標簽 : (也稱標簽雲) 標簽包括應用程序最基本、最簡潔、有用的信息,如—
水平滾動操作面板 一個操作面板,由可以對應用執行的各種操作組成, 有關可用操作的完整列表,請參閱§2.2.2.3.
路徑與目錄 : 應用有關路徑的各種信息,包括 應用目錄 (where the APK files reside), 數據目錄 (internal, device protected and externals), 應用分包目錄 (along with the split names), and 本機原生 JNI 庫 (如果有). JNI 庫用於調用通常用 C/C++ 編寫的本機原生代碼, 使用本機原生庫可以使應用程序運行得更快或幫助應用程序使用使用非 Java 語言編寫的第三方庫,同大多數遊戲中一樣. 通過單擊每個目錄項右側的啟動圖標, 可以通過第三方文件管理器打開目錄,前提是它們支持並獲得必要的權限.
數據使用 : 操作系統報告的應用程序使用的數據量. 根據 Android 版本,這可能需要廣泛的權限,包括 訪問應用使用情況 和 電話 權限.
存儲與緩存 : 顯示有關應用程序大小(APK 文件、優化文件)、數據和緩存的信息。 在舊設備中,還會顯示外部數據、緩存、媒體和 OBB 文件夾的大小. 如果在較新的設備中未授予 訪問應用使用情況s 權限,此部分將隱藏.
更多信息 例如–
Tracker info. Number of tracker components in the application (e.g., 5 trackers) The colour of the tag appears orange if the trackers are unblocked and dark cyan if they are blocked in App Manager. Clicking on the tag opens a dialog containing the list of tracker components which can also be blocked or unblocked provided App Manager has sufficient privileges.
Application type. User application or system application. For a system application, it displays whether the application is an updated version of the system application or the application is installed systemless-ly via Magisk.
Split APK info. Number of splits in the APK excluding the base APK (e.g., 5 splits). Clicking on the tag opens a dialog containing a few additional information, such as name, type, and size.
Debuggable. The application can be debugged over ADB. Debuggable applications can enjoy certain functions unavailable to a regular application. The data of the application might be accessible via ADB (e.g. using run-as command) without any additional permissions.
Test only. The application is a test-only application. Test-only applications can enjoy certain functions unavailable to a regular application. The data of the application might be accessible via ADB (e.g. using run-as command) without any additional permissions.
No code. The application does not have any code associated with it i.e., DEX files aren’t present. In some system applications, the actual code might be located in another place.
Large heap. The application has requested large heap size i.e., more space in memory (RAM) is requested for dynamic allocation. It is still up to the operating system to decide whether to allocate large space for the application. App Manager, for example, requests large heap size because it needs to load an entire APK into memory while scanning an APK.
Open links. The application may open certain links from any applications. If the application can open any links by default, the color of the tag would be red, dark cyan if otherwise. Clicking on the tag opens a dialog with the supported hosts or domains listed. In Android 12 onwards, it displays an option to enable or disable opening links by default provided App Manager has sufficient permissions. Otherwise, it displays an option to open the system settings page for the application.
Running. One or more services of the application is currently running in the background. Clicking on the tag opens a dialog containing the list of running services. Clicking on any services opens the log viewer with default filter set to the UID associated with the service (which can be different from the UID of the application if it is running in a separate or isolated process) provided the log viewer feature is enabled. There’s also an option to force-stop the application.
Stopped. The application is force stopped. This may not prevent it from running automatically later.
Disabled. Denotes that the application is disabled (hidden from the launcher).
Suspended. Denotes that the application is suspended (grayed out in the launcher).
Hidden. Denotes that the application is hidden (hidden from the launcher).
MagiskHide. MagiskHide is enabled for the application. Clicking on the tag opens a dialog containing the list of process names within the application that can be added to or removed from the MagiskHide list.
MagiskDenyList. The application is present in Magisk DenyList. Clicking on the tag opens a dialog containing the list of process names within the application that can be added to or removed from Magisk DenyList.
WX. The application violates the “W^X policy” and is capable of writing and executing in the same directory or in the same portion of memory. This allows the execution of arbitrary executables either by the modification of executables embedded within the application or by downloading them from the Internet.
Bloatware. The application may be a known bloatware. Clicking on the tag opens a dialog containing detailed information in addition to suggestions (if available).
KeyStore. The application has items in the Android KeyStore. Clicking on the tag opens a dialog containing all the KeyStore files that belong to the application.
Backup. The application was backed up using App Manager at least once. Clicking on the tag opens a dialog containing all the available backups along with metadata.
No battery optimisation. Battery optimisation is disabled for the application. It is possible to re-enable battery optimisation by clicking on the tag.
Sensors disabled. Sensors are disabled for the application. Sensors are disabled for most applications by default.
Net policy. Network policy (e.g., background data usage) is configured for the application. Clicking on the tag displays a dialog containing the supported policies for the platform along with the options to configure them.
SSAID. Clicking on the tag opens a dialog containing the current SSAID assigned to the application. It is also possible to reset/regenerate the SSAID if needed.
SAF. Denotes that the application has been granted to access one or more storage locations or files i.e. URIs via Storage Access Framework (SAF). Clicking on the tag opens a dialog containing the list of granted URIs.
Play App Signing. Indicates that the application might be signed by Google.
Xposed. Indicates that the application may be an Xposed module. Clicking on the tag displays a dialog with additional information.
Static Shared Library. Denotes that the application serves as a static shared library for one or more applications. Clicking on the tag opens a dialog containing a list of installed versions of the library along with an option to uninstall them.
如上節所述,水平滾動操作面板由各種與應用相關的操作組成, 如 -
啟動 : 啟動應用. 前提是要有一個可啟動活動.
禁用 : 停用應用. 若應用已被禁用或用戶沒有足夠的權限,則不會顯示該按鈕. 禁用應用後,將從應用程序列表中隱藏,應用的快捷方式也可能被刪除. 只能通過App Manager或任何其他支工具重新啟用該應用. Android設置中沒有任何選項可以啟用禁用的用戶應用.
卸載 : 卸載應用
啟用 : 啟用應用. 若應用已啟用或用戶沒有足夠的權限,則不會顯示該按鈕.
強制停止 : 強制停止應用.
清除數據 : 清除應用數據. 清除包括存儲在應用內部和(僅Android 10 以上)外部目錄中的任何應用數據,包括帳戶(如果由應用設置)、緩存等. 例如,清除 App Manager 數據將會刪除所有保存的規則(但不會清除已阻止組件),因此你應該檢查備份你的規則文件。若用戶沒有足夠的權限,則不會顯示此按鈕.
清除緩存 : 清除應用緩存. 沒有任何原生方法可以清除特定應用程序的緩存,因此,需要root權限才能清除應用程序內部存儲中的緩存.
安裝 : 通過第三方應用安裝應用. 此按鈕僅在應用尚未安裝時顯示.
What’s New : 若外部應用已安裝,則會顯示此按鈕. 單擊此按鈕將顯示一個對話框,將以版本控制方式,顯示打開的版本和安裝的版本之間的差異. 包括: 版本, 追蹤器, 權限, 組件, 簽名 (校驗值改變 ), 特性, 共享庫 與 SDK.
更新 : 若應用的版本號高於已安裝的應用,則會顯示.
重裝 : 若應用與已安裝的應用具有相同的版本號,則會顯示.
降級 : 若應用的版本號低於已安裝的應用,則會顯示.
應用清單(Manifest): 單擊將在單獨的頁面中顯示應用清單文件. 可以使用對應切換按鈕(位於右上方)開啟自動換行,也可以使用保存按鈕保存到存儲器.
掃描器 : 掃描應用以列出潛在的跟蹤器和庫. 若可用,它還會使用VirusTotal掃描文件.
共享首選項 : 顯示應用程序使用的共享首選項(Shared-Preferences)列表. 單擊列表中的首選項將打開共享首選項編輯器. 若用戶沒有足夠的權限,則不會顯示此按鈕.
數據庫 : 將顯示應用程序使用的數據庫列表. 若用戶沒有足夠的權限,則不會顯示此按鈕.
F-Droid : 在你常用的_F-Droid_ 客戶端中打開該應用.
Store : 在 _Aurora Store_打開該應用. 僅在_Aurora Store_後顯示.
選項菜單位於頁面的右上角, 下面給出了對現有選項的完整描述:
分享 : 共享按鈕可用於共享 APK 或(如果應用程序有多個拆分) APKS.
刷新 : 刷新應用信息選項卡.
在設置中查看 : 在 Android 設置中打開應用.
備份/恢覆 : 打開備份/恢覆對話框.
導出屏蔽規則 : 導出應用配置規則.
在 Termux 中打開 : 在 Termux 中打開應用. 實際以 su - user_id 命令運行且該 用戶ID 為應用的(內核)用戶 ID (參見§2.2.2.1). 此選項僅適用於 Root 用戶. 請參閱 §2.2.2.5 以了解如何配置 Termux 以運行來自第三方應用的命令.
在 Termux 中運行 : 在Termux中通過 run-as package_name 打開應用. 此選項僅對可調式應用有效並適用於 Root 與 Adb 用戶. 請參閱 §2.2.2.5 以了解如何配置 Termux 以運行來自第三方應用的命令.
MagiskHide : 打開一個對話框,其中包含應用程序中可以從 MagiskHide 列表中添加或刪除的進程列表.
MagiskDenyList : 打開一個對話框,其中包含應用程序中可以從 MagiskDenyList 添加或刪除的進程列表.
電池優化 : 啟用/禁用電池優化.
聯網策略: 配置應用的聯網策略(如後台數據使用) .
導出圖標 : 提取應用圖標並將其保存至共享存儲.
添加配置 : 應用程序添加到已配置的 配置文件.
默認情況下,Termux 不允許運行來自第三方應用的命令。要使用此選項,請使用 Termux v0.96 以上版本,並且必須在 ~/.termux/termux.properties 中添加 allow-external-apps=true。
Info.
啟用此選項不會削弱Termux的安全性。第三方應用仍然需要取得用戶允許才能在Termux中運行任意命令。
活動(Activities)、服務(Services)、**廣播接收器(Receivers)**和 內容提供者(Providers) 統稱為應用程序組件. 它們共享在許多相似特征,如,它們都有一個 名稱、一個 標簽、一個 圖標 並且通過 意圖(Intent) 執行. 應用程序組件是應用的本構造,必須在應用程序清單中聲明. 應用程序清單是存儲應用程序特定元數據的文件,Android 通過讀取元數據來處理應用。
這些選項卡中使用的顏色在 §2.2.1 中進行了解釋。也可以在彈出菜單對列表進行排序.
Activity 是可以由 Android 唯一標識的窗口或頁面(如_主頁_ 和 應用詳情頁 是兩個活動). 每個活動可以有多個 UI 組件,稱為 部件(widgets) 或 碎片(fragments),每個組件都可以嵌套或放置在彼此之上. 開發人員還可以選擇使用名為_意圖過濾器(intent filters)_選擇打開外部文件、鏈接等. 如當使用文件管理器打開文件時,文件管理器或操作系統通過 PackageManager 掃描意圖過濾器以查找能夠打開文件的活動,並用其打開文件.
標記_exportable_ 的活動通常可以由任何第三方應用程序打開. 有些活動需要權限,如果是這種情況,只有具有這些權限的應用程序才能打開. 在 活動 選項卡中,可以通過 啟動 按鈕啟動, 若有必要可提供額外信息,如意圖(Intent)的 extras、data或Action. 長按 啟動 按鈕會打開提供此類功能的 Activity Interceptor 頁面.
Notice.
如果您無法打開任何活動,則很可能它具有某些未滿足的依賴項目,例如_應用詳情頁_ ,由於其至少需要提供一包名. 由於無法機械式推斷這些依賴關系,因此默認情況下可能無法通過 App Manager 打開這些活動.
也可以通過 創建快捷方式 按鈕來創建活動的快捷方式
Caution.
如果您卸載App Manager,應用管理器創建的所有快捷方式都將丟失.
與用戶可以看到的 activities 不同, Services 處理後台任務。例如, 如果您使用手機的 Internet 瀏覽器從 Internet 下載視頻,則 Internet 瀏覽器正在使用 前台服務 下載內容。
當一個活動被關閉或從 Recents 部分中刪除時,它可能會立即被銷毀,具體取決於 許多因素,例如手機有多少可用內存。但如果需要,服務可以無限期地運行。如果更多 服務在後台運行,由於內存和/或處理能力不足,手機可能會變慢,以及 手機的電池會更快耗盡。較新的 Android 版本啟用了電池優化功能 默認情況下適用於所有應用程序。啟用此功能後,系統可以隨機終止任何服務。然而, 前台服務(即使用固定通知運行的服務,例如音樂播放器)通常不是 除非系統資源不足(內存、電池等),否則終止。供應商特定的庫存 ROM 可以提供更多 積極的優化。例如,MIUI 有一個非常激進的優化功能,稱為 MIUI 優化。
活動和服務都在同一個 looper 中運行 主循環器,這意味著服務並沒有真正在後台運行。開發人員的任務是 確保這一點。應用程序如何與服務通信?它用 broadcast receiver 或 Binder。
Receivers (also called broadcast receivers) can be used to trigger execution of certain tasks when certain events occur. These components are called broadcast receivers, because they are executed as soon as a broadcast message is received. These broadcast messages are sent using a method called Intent. Intent is a special feature in Android that can be used to open applications (i.e., activities), run services and send broadcast messages. Therefore, like activities, broadcast receivers use intent filters to receive the desired broadcast messages. Broadcast messages can be sent by the system or the application itself. When a broadcast message is sent, the corresponding receivers are activated by the system so that they can execute tasks. For example, if your phone is low on resources, it may freeze or experience lags for a moment after you enable mobile data or connect it to the Wi-Fi. This is because broadcast receivers that can receive android.net.conn.CONNECTIVITY_CHANGE are activated by the system as soon as the data connection is enabled. Since many applications typically use this intent filter, they are all activated almost immediately by the system which causes the freezing or lags.
Receivers can also be used for inter-process communication (IPC), i.e., it can be used to communicate across multiple applications or even different components of a single application.
Providers are primarily used for data management. For example, when you save an APK file or export rules in App Manager, it uses a content provider called .fm.FmProvider to save the APK or export the rules. There are many providers, including the ones provided by the system, that can be used to manage various content-related tasks, such as database management, tracking, searching, etc. Each provider has a field called Authority which is unique to the application in the entire Android ecosystem just as the package name.
Unlike the no-root users who are mostly spectators in these tabs, root users can perform various operations.
On the right-most side of each component item, there is a switch which can be used to toggle the blocking status of that particular component. If Instant Component Blocking is not enabled or blocking is never applied to the application before, it is required to apply the changes using the Apply rules option in three-dots menu. It is also possible to remove the already-applied rules using the same option (which would be read as Remove rules this time).
It is also possible to block the component using one of the several methods by long clicking on the button.
See also: FAQ: App Components
It is possible to disable tracker components using the Block tracker option in the three-dots menu. All tracker components will be blocked regardless of the tab you’re currently in.
Info.
Tracker components are a subset of application components. Therefore, they are blocked using the same method used for blocking any other components.
See also:
App Ops , 使用權限 and 權限 選項卡與權限相關。 安卓中,在不具有相同身份(稱為 shared ID)的應用或進程之間進行通信常常需要權限,其由權限控制器管理。 一些被視為_普通_ 的權限,若它們出現在應用程序清單中,則會自動授予,但_危險_權限 和 開發 權限需要用戶確認。 選項卡中使用的顏色在 §[subsec:app-details-color-codes] 中有解釋。
App Ops 代表"應用操作 (Application Operations)". 自 Android 4.3 開始,Android 使用 App Ops 控制大多系統權限,每個 App Op 都有一個與之關聯的唯一編號,該編號與其私有名稱將一同顯示在“App Ops”選項卡中,一些 App Ops 也有一個公共名稱。 大量的應用操作是也與權限相關,在此選項卡中,若 App Ops 相關的權限被視為危險則被標記為危險。其他信息如 標志位(flags), 權限名稱 (permission name), 權限描述(permission description),包名 (package name),群組 ( group) 也取自相關的 權限。
其他可能包括以下內容:
模式(Mode): 描述了當前授權狀態,可以是"允許 (allow)"、"拒絕(deny)"(實際為錯誤)、"忽略(ignore)"(實際為拒絕)、"默認(default)"(從手機供應商或 AOSP 內部設置的默認列表推斷)、"前台(foreground)" (在新的Android版本中,應用只能在前台運行時獲取該權限),以及一些供應商自定義的模式,如MIUI使用詢問(ask)。
時長(Duration): 此 App Ops 現已使用的時間(可能為負原因未知)。
允許時刻(Accept Time): 上一次 App Op 被許可。
拒絕時刻(Reject Time): 上一次 App Op 被拒絕。
提示.
若 android.permission.GET_APP_OPS_STATS 由 ADB 授予,則此選項卡的內容對非 root 用戶可見.
每個 App Op 項都有切換按鈕,可用於允許或拒絕(忽略)它,其他受支持的模式也可以通過長按來設置。 如果選項卡中未列出所需的 App Op,可使用菜單中的 設置自定義 App Op 。 菜單中的 重置為默認 可重置App Ops, 或使用拒絕危險權限的相關操作。 受 App Ops 本身工作方式所限,系統可能需要不少時間來更改它們。
Tip.
拒絕某些 App Ops 可能會導致應用行為異常,若所有修覆手段都失敗,可嘗試使用 重置為默認 選項。
可以以升序方式按 App Ops 名稱和其編號對列表排序,也可以優先顯示拒絕的 App Ops。
See also: 附錄: App Ops
系統預定義權限 (Uses Permissions) 是應用(申請)所使用的權限,其在應用程序清單中使用 uses-permission 標簽聲明。 其 "標志位 (flags)"、"權限名 (permission name)"、"權限描述 (permission description)"、"包名 ( package name)"、"群組 (group)" 取自相關權限。
特權用戶可通過切換按鈕授予或撤銷 危險 (dangerous) 和 開發 (development) 權限,也可以使用菜單中的相應選項。 只能撤銷以上兩種權限,因為Android不允許修改 普通 (normal) 權限(其中大多數是)。但仍有可能撤銷它們通過編輯 runtime-permissions.xml 本身,但是否可能仍不明確。
提示.
由於系統默認會撤銷危險權限,因此撤銷所有危險權限與重置所有權限是一樣的。
可以以升序方式按權限名稱對列表排序,也可以優先顯示拒絕的權限。
(自定義) 權限 通常是應用自身定義的自定義權限,包括該應用聲明的、標記為"內部( Internal)" 權限,其他應用聲明、標記為"外部( External)"的權限。外部權限在應用程序組件中指定為依賴項,即應用只有在擁有指定的權限時才能調用該組件:
名稱 每個權限都有的唯一的名稱,如 android.permission.INTERNET ,但多個應用可以請求同一個權限。
圖標 每個權限都可以有一個自定義圖標,其他權限選項卡沒有任何圖標,因為它們在應用程序清單中不包含任何圖標。
描述 描述權限的可選字段,若沒有與權限關聯的任何描述,則不會顯示該字段。
標志位(Flags) 使用標志符號或 保護名稱(Protection Level) 名稱描述權限, 諸如 普通 normal、開發 development、危險 dangerous,、即時 instant, 已授權 granted、已撤銷 revoked、簽名 signature、特權 privileged 等。
包名 表示與權限關聯的包名,即定義權限的包名。
群組(Group) 與權限關聯的群組(如果有),幾個相關的權限通常可以組合在一起。
Signatures are actually called signing information. An application is signed with one or more signing keys by its developer before publishing it. The integrity of an application, i.e., whether the application is from the actual developer and has not been modified by another person, can be checked using the signing certificate included in the APK files. This is because when an application is modified by an unauthorised entity, the application can longer be signed with the original signing keys since the signing keys are unknown to the entity. One way to verify the integrity of an application is via the checksums generated from the certificates. If the developer supplies the checksums for the signing certificates, they can be compared against the checksums generated in the Signatures tab to verify the application. For example, if you have downloaded App Manager from GitHub or Telegram Channel, you can verify whether the application was actually released by me by simply matching the following SHA256 checksum with the one displayed in this tab:
320c0c0fe8cef873f2b554cb88c837f1512589dcced50c5b25c43c04596760ab
Several hashing algorithms are used to generate checksums in this tab. They include MD5, SHA1, SHA256 and SHA512.
Caution.
Signing information should be verified using a reliable hashing algorithm, such as SHA256. DO NOT rely on MD5 or SHA1 checksums as they are known to generate the same checksums for multiple certificates.
Uses Features tab lists the features declared by the application, such as OpenGL ES, telephony, and leanback. Some features can be required by the application, and some features can be optional. Required features must be present in the system along with the required version. Otherwise, any attempt to install the application will be denied by the system. Colours used in this tab are explained in §2.2.1.
Configurations tab lists the configurations required by the application, such as input method type (qwerty, 12 key), touch screen type (finger, stylus, etc.), and navigation type (dial pad, trackball, wheel). This tab is going to be empty for most applications.
Shared libraries tab lists the legacy JAR dependencies, any static shared library dependencies (currently, the only known cases are the Chromium-based browsers and WebViews) as well as the JNI (Java native interface) libraries. For JNI libraries, it specifies platform (x86/x86_64/ARM/AArch64), architecture (32/64 bit), object type (shared object or executable), etc.
This page is displayed on selecting the 1-Click Ops option in the main menu.
This option can be used to block or unblock the ad/tracker components from the installed applications. On selecting this option, App Manager will ask if it should list trackers from all the applications or only from the user applications. Novice users should avoid blocking trackers from the system applications in order to avoid bad consequences. After that, a multi-choice dialog box will appear where it is possible to exclude one or more applications from this operation. The changes are applied immediately on pressing the block or unblock button.
Notice.
Certain applications may not function as expected after blocking their trackers. If that is the case, remove the blocking rules all at once or one by one in the component tabs of the App Details page for the corresponding application.
See also: App Details Page: Blocking Trackers
This option can be used to block certain application components as specified by their signatures. A signature of a component is the full name or partial name of the component. For safety, it is recommended to add a . (dot) at the end of each partial signature, because the underlying algorithm searches and matches the components in a greedy manner. It is also possible to insert more than one signature in which case all the signatures have to be separated by white spaces. Similar to the option above, there is also an option to apply blocking to the system applications.
Caution.
If you are not aware of the consequences of blocking applcations components by their signatures, you should avoid using this option as it may result in bootloop or soft brick, and you may have to apply factory reset as a result.
This option can be used to configure certain applcation operations of all or selected applications. There are two fields. The first field can be used to insert more than one app op constants (either names or values) separated by white spaces. It is not always possible to know in advance about all the app op constants as they vary from device to device and from OS to OS. Desired app op constant can be found in the App Ops tab located in the App Details page. The second field can be used to insert or select one of the modes that will be set against the specified app ops.
Caution.
Unless you are well-informed about app ops and the consequences of blocking them, you should avoid using this option.
1-Click options for back up. As a precaution, it lists the affected backups before performing any operation.
Back up all the installed applications.
Back up all the installed applications that have a previous backup.
Back up all the installed applications without a previous backup.
Verify the recently made backups of the installed applications and redo backup if necessary.
If an app has changed since the last backup, redo its backup. It checks a number of indices including application version, last update date, last launch date, integrity and file hashes. Directory hashes are taken during the backup process and are stored in a database. On running this operation, new hashes are taken and compared with the ones kept in the database.
1-Click options for restore. As a precaution, it lists the affected backups before performing any operation.
Restore base backup of all the backed up applications.
Restore base backup of all the backed up applications that are not currently installed.
Restore base backup of already installed applications whose version codes are higher than the installed version code.
Delete caches from all applications, including Android system. During this operation, caches of all the running applications may not be cleared as expected.
Profiles page can be accessed from the options-menu in the main page. It primarily displays a list of configured profiles along with the typical options to perform operations on them. New profiles can also be added using the plus button at the bottom-right corner. Profiles can be imported, duplicated or deleted. Clicking on a profile item opens its profile page.
The three-dots menu in the top-right corner opens the global option menu. It has an option to import an existing profile that was previously exported from App Manager.
Long clicking on any profile item brings up another options-menu. It offers the following options:
Apply now…. This option can be used to apply the profile directly. When clicked, a dialog is displayed where it is possible to select a profile state. On selecting one of the states, the profile will be applied immediately.
Delete. Clicking on this option will remove the profile immediately without a warning.
Duplicate. This option can be used to duplicate the profile. When clicked, a dialog is displayed where it is possible to set a name for the new profile. On clicking “OK”, the profile page will be loaded by duplicating all the configurations that this profile have. However, the profile will not be saved until it is saved manually.
Copy profile ID. This option is used to copy the unique profile ID of the profile. The profile ID can be used to trigger the profile from a third-party application.
Export. Export the profile to an external storage. Profiles exported this way can be imported via the import option as mentioned above.
Create shortcut. This option can be used to create a shortcut for the profile. There are two options: Simple and Advanced. When configured with the latter option, it prompts the user to select a profile state when the shortcut is invoked. The former option, on the other hand, always uses the default state that was configured when the profile was last saved.
Profile page displays the configurations for a profile. It also offers the options to edit them.
The three dots menu in the top-right corner opens the options-menu. It contains several options such as–
Apply. This option can be used to apply the profile directly. When clicked, a dialog is displayed where it is possible to select a profile state. On selecting one of the states, the profile will be applied immediately.
Save. Save changes to the profile.
Discard. Discard any modifications made since the last time it was saved.
Delete. Clicking on this option will remove the profile immediately without a warning.
Duplicate. This option can be used to duplicate the profile. When clicked, a dialog is displayed where it is possible to set a name for the new profile. On clicking “OK”, this page will be reloaded by duplicating all the configurations that this profile have. However, the new profile will not be saved until it is saved manually.
Create shortcut. This option can be used to create a shortcut for the profile. There are two options: Simple and Advanced. When configured with the latter option, it prompts the user to select a profile state when the shortcut is invoked. The former option, on the other hand, always uses the default state that was configured when the profile was last saved.
Apps tab lists the packages configured for this profile. Packages can be added or removed using the plus button located near the bottom of the screen. A package can also be removed by long clicking on it (in which case, a popup will be displayed with the only option, delete).
Configurations tab can be used to configure the selected packages.
The unique ID for this profile, currently set based on the profile name. The profile ID can be used to trigger the profile from a third-party application.
This is the text that will be displayed in the profiles page. If not set, the current configurations will be displayed instead.
Denotes how certain configured options will behave by default. For instance, if disable option is turned on, the applications will be disabled if the state is on and will be enabled if the state is off. Currently, it only supports on and off values.
Select users for which is the profile will be applied. All users are selected by default.
This behaves the same way as the Block Components… option does in the 1-Click Ops page. However, the blocking here is only applied to the selected packages. If the state is on, the components will be blocked, and if the state is off, the components will be unblocked. The option can be disabled (regardless of the inserted values) by clicking on the disabled button on the input dialog.
See also: What are the app components?
This behaves the same way as the Set Mode for App Ops… option does in the 1-Click Ops page. However, the operation here is only applied to the selected packages. If the state is on, the app ops will be denied (i.e. ignored), and if the state is off, the app ops will be allowed. The option can be disabled (regardless of the inserted values) by clicking on the disable button in the input dialog.
This option can be used to grant or revoke certain permissions from the selected packages. Like others above, permissions must be separated by white spaces. If the state is on, the permissions will be revoked, and if the state is off, the permissions will be allowed. The option can be disabled (regardless of the inserted values) by clicking on the disable button in the input dialog.
This option can be used to take a backup of the selected applications and its data or restore them. Two options are available here: Backup options and backup name.
Backup options. Same as the backup options of the backup/restore feature. If not set, the default options will be used.
Backup name. Set a custom name for the backup. If the backup name is set, each time a backup is made, it will be given a unique name with backup-name as the suffix. This behaviour will be fixed in a future release. Leave this field empty for regular “base” backups (also, make sure not to enable backup multiple in the backup options).
If the state is on, the packages will be backed up, and if the state is off, the packages will be restored. The option can be disabled by clicking on the disable button in the input dialog.
Danger.
This option is not yet implemented.
Allow freezing or unfreezing the selected packages depending on the value of the state. If the state is on, the packages will be frozen, and if the state is off, they will be unfrozen.
Allow the selected packages to be force-stopped.
Enable clearing cache for the selected packages.
Enable clearing data for the selected packages.
Enable blocking or unblocking of the tracker components from the selected packages depending on the value of the state. If the state is on, the trackers will be blocked, and if the state is off, the trackers will be unblocked.
Enable saving APK files at AppManager/apks (or in the directory selected in the settings page) of the selected packages.
Settings page can be used to customise the behaviour of App Manager.
配置應用內語言, App Manager 目前支持19種語言。
配置應用程式內主題。
Whether to use a black background instead of the material themed background.
Change layout direction, either left to right or right to left. This is usually set using the selected language but not everybody prefers the same direction.
啟用或禁用應用 App Manager 中的某些功能,如
攔截器(Interceptor)
應用清單文件瀏覽器(Manifest viewer)
掃描器(Scanner)
包安裝器(Package installer)
使用情況(Usage access): 關閉此選項後,App Manager 將永遠不會請求 Usage Access 權限.
日志瀏覽器(Log viewer)
Lock App Manager using Android screen lock provided a screen lock is configured.
Warning.
If screen lock is disabled in Android after enabling this setting, App Manager will not open until it is enabled again.
Whether to run App Manager in the background to reduce the initialisation delay. On certain devices, this can also help if you’re frequently disconnected from ADB.
Whether to activate the Internet features in App Manager. This currently include VirusTotal and Pithus scanning in the Scanner page.
This setting allows a third-party application to get access to certain features, such as profiles.
Mode of operation defines how App Manager works as a whole. It has the following options:
Auto. Let App Manager decide the suitable option. Although this is the default option, non-rooted users should use the no-root mode.
Root. Operate App Manager in root mode. App Manager will fall back to no-root mode if root is not detected, or in rare cases when Binder communication through root is disabled (e.g. in Phh SuperUser).
ADB over TCP. Operate App Manager in ADB mode via ADB over TCP. App Manager will fall back to no-root mode if ADB over TCP is not enabled.
Wireless debugging. Enable ADB via Wireless Debugging. It will try to connect to the configured port automatically at first. On failure, it will ask the user to either pair or connect to the ADB daemon manually. App Manager will fall back to no-root mode if it fails to connect to the ADB daemon this way.
No-root. Operate App Manager in no-root mode. While App Manager performs better in this mode, all the root- or ADB-specific features will be disabled.
It also displays the actual mode of operation at the top. The actual mode of operations are root, ABD and no-root.
Notice.
“Remote service” is only required for ADB users or when you use the custom commands.
Configure the signature schemes to be used when APK signing is enabled. v1 and v2 signature schemes are enabled by default, but v3 should also be enabled to ensure proper security in Android 9 or later.
Configure the signing key for signing APK files. Keys from an existing KeyStore can be imported to App Manager, or a new key can be generated.
Tip.
If you need to use the key in the future, it is recommended that you create a KeyStore yourself and import the key here. Without a proper backup, keys generated within App Manager are at the risk of being deleted.
Performs zip alignment when App Manager signs an APK file. Zip alignment stores the files in the APK file (which is actually a zip file) in a way that a zip file reader can access the files quite easily using random access instead of loading the entire APK file in the memory, which results in the reduction of Android’s memory usage. Note that this step is required if an application’s manifest has extractNativeLibs set to true.
Configure the default behaviour of the installer. You can also find most of the settings by clicking on the cog icon when you install an application.
選擇APK安裝位置,可以為 自動、僅內部 和_傾向外部_. 在較新的Android版本中,最後一個選項可能並不總是能如期在外部存儲中安裝應用.
Whether to block the tracking components immediately after installing the application.
Whether to display changes in version, trackers, components, permissions, signatures, SDK, etc. in a version controlled style before installing the application if the application has already been installed.
選擇安裝程序,對一些明確檢查其安裝程序的應用很有用 (只適用於 root/ADB 用戶).
安裝應用前是否對 APK 文件進行簽名. 轉至 APK 簽名 部分來配置簽名.
Whether to perform DEX optimization immediately after installing the application. This can be useful for heavy applications, such as the gaming applications.
Whether to always install applications in the background. A notification will be issued once the installation is finished.
與 備份恢覆 相關的設置.
Set the compression method to be used during backups. App Manager supports GZip, BZip2 and Zstandard compression methods, GZip being the default compression method. It doesn’t affect the restore of an existing backup.
Customise the back up/restore dialog displayed while taking a backup.
See also: Backup options
Allow backup of applications that has entries in the Android KeyStore. This option is disabled by default because a few apps (such as Signal or Element) may crash if restored.
Set an encryption method for the backups. App Manager currently supports OpenPGP (via OpenKeyChain), AES, RSA and ECC. Like APK signing, The AES, RSA and ECC keys are stored in the KeyStore and can be imported from other KeyStores.
Danger.
For your own safety, it is not recommended generating RSA and ECC keys inside App Manager. Instead, they should be imported from a KeyStore stored in a secure place.
In case of AES, the generated key should be stored in a secure place, such as in a password manager.
Select the storage where the backups will be stored. This is also where logs and exported APK files are saved.
Notice.
The backup volume only specifies the storage, not the path. Backups are traditionally stored in the AppManager folder inside the storage path. But when the path is selected using Storage Access Framework (SAF), the selected path or directory is used directly.
Import backups from old and discontinued projects such as Titanium Backup, OAndBackup, and Swift Backup (version 3.0 to 3.2). The backups are not deleted after importing to prevent data loss in case the imported backups cannot be restored properly.
By default, blocking rules are not applied unless they are applied explicitly in the App Details page for any application. After enabling this option, all (old and new) rules are applied immediately for all applications without explicitly enabling blocking for an application.
See also: FAQ: What is instant component blocking?
It is possible to import or export blocking rules within App Manager for all applications. The types of rules (components, app ops or permissions) that should be imported or exported can also be selected. It is also possible to import blocking rules from Blocker and Watt. If it is necessary to export blocking rules for a single application, the corresponding App Details page can be used to export rules, or for multiple apps, batch operations can be used.
See also: Rules Specification
Export blocking rules for all applications configured within App Manager. This may include app components, app ops and permissions based on the options selected in the multi-choice options.
Import previously exported blocking rules from App Manager. Similar to export, this may include app components, app ops and permissions based on the options selected in the multi-choice options.
Add components disabled by other applications to App Manager. App Manager only keeps track of the components disabled within App Manager. If application components are blocked or disabled by other tools or applications, this option can be utilised to import them. On clicking this option, App Manager will find the components potentially disabled by other applications or tools and list only the name of the applications along with the number of matched components. For safety, all the applications are unselected by default. They have to be selected manually, and the blocking has to be re-applied via App Manager.
Caution.
Be careful when using this tool as there can be many false positives. Choose only the applications that you are certain about.
Import configuration files from Watt, each file containing rules for a single package and file name being the name of the package with .xml extension.
Tip.
Location of configuration files in Watt: /sdcard/Android/data/com.tuyafeng.watt/files/ifw
Import blocking rules from Blocker, each file containing rules for a single package. These files have a .json extension.
One-click option to remove all rules configured within App Manager. This will enable all blocked components, app ops will be set to their default values and permissions will be granted.
This option lets you control the users App Manager should operate on. App Manager operates on all users in root or ADB mode by default.
Defines the format of the APK name to be used while saving it via batch operations or through profiles. App Manager offers some special keywords enclosed inside % (percentage) signs and available below the input box. These keywords are:
label. Denotes the name or label of the application. This can be localised to the configured language depending on the app.
package_name. Denotes the name of the package or application ID, the unique identifier that each application has.
version. Denotes the current version of the application extracted from its manifest.
version_code. Denotes the current version code of the application that can be used to separate two versions of the same application.
min_sdk. Denotes the minimum SDK (i.e. Android framework version) that the application can operate on. This data is only available since Android 7 (Nougat).
target_sdk. Denotes the SDK that this application targets. The application can operate on higher SDK but only in the compatibility mode.
datetime. Denotes the time and date when the APK is exported.
Import or export the KeyStore used by App Manager. This is a Bouncy Castle KeyStore with bks extension. Therefore, other KeyStore such as Java KeyStore (JKS) or PKCS #12 are not supported. If a key is needed to be imported from such a KeyStore, the relevant options should be should as specified above.
Display Android version, security, CPU, GPU, battery, memory, screen, languages, user info, etc.
Scanner page appears after clicking on the scanner button in the App Info tab. External APK files can also be opened for scanning from file managers, web browsers, etc.
It scans for trackers and libraries, and displays the number of trackers and libraries as a summary. It also displays checksums of the APK file as well as the signing certificates. If VirusTotal is configured in the settings, it also attempts to retrieve reports from VirusTotal, or uploads the APK file if it is not in the database. It also display a link to the Pithus report provided the Internet features are enabled.
Disclaimer.
App Manager only scans an application statically without prejudice. The application may provide the options for opting out, or in some cases, certain features of the tracker may not be used at all by the application (e.g. F-Droid), or some applications may simply use them as placeholders to prevent the breaking of certain features (e.g. Fennec F-Droid). The intention of the scanner is to give you an idea about what the APK might contain. It should be taken as an initial step for further investigations.
Clicking on the first item (i.e. number of classes) opens a new page containing a list of tracker classes for the application. All classes can also be viewed by clicking on the Toggle Class Listing menu. The SMALI or Java version of the class can be viewed by simply clicking on an item.
Notice.
Due to various limitations, it is not possible to scan all the components of an APK file. This is especially true if an APK is highly obfuscated or packed. The scanner also does not check strings (or website signatures).
The second item lists the number of trackers along with their names. Clicking on the item displays a dialog containing the name of trackers, matched signatures, and the number of classes against each signature. Some tracker names may have 2 prefix which indicates that the trackers are in the ETIP stand-by list, i.e., whether they are actual trackers is still being investigated.
The third item lists the number of libraries along with their names. The information are mostly taken from IzzyOnDroid repo.
See also: FAQ: Tracker classes vs tracker components
Interceptor can be used to intercept communication between applications using Intent. It works as a man-in-the-middle between the source and the destination applications. It offers a feature-complete user interface for editing Intents.
Warning.
Interceptor only works for implicit intents where the app component isn’t specified.
See also:
Intent filters are used by the applications to specify the tasks they are able to perform or the tasks they are going to perform using other applications. For example, when you’re opening a PDF file using a file manager, the file manager will try to find the applications to open the PDF with. To find the right applications, the file manager will create an Intent with filters such as the MIME type and ask the system to retrieve the applications capable of opening this filter. The system will search through the Manifest of the installed applications to match the filter and list the application components that are able to open this filter (in our case the PDF). At this, either the file manager will open the desired application component all by itself or use a system provided option to open it. If multiple application components are able to open it and no default is set, you may get a prompt where you have to choose the right application component.
Action specifies the generic action to perform such as android.intent.action.VIEW. Applications often declare the relevant actions in the Manifest file to catch the desired Intents. The action is particularly useful for broadcast Intent where it plays a vital rule. In other cases, it works as an initial way to filter out the relevant application components. Generic actions such as android.intent.action.VIEW and android.intent.action.SEND are widely used by applications. Hence, setting this alone may match many application components.
Data is originally known as URI (Uniform Resource Identifier) defined in RFC 2396. It can be web links, file location, or a special feature called content. Contents are an Android feature managed by the content providers. Data are often associated with a MIME type.
Examples:
http://search.disroot.org/?q=URI%20in%20Android%20scheme&categories=general&language=en-US
https://developer.android.com/reference/android/net/Uri
file:///sdcard/AppManager.apk
mailto:[email protected]
content://io.github.muntashirakon.AppManager.provider/23485af89b08d87e898a90c7e/AppManager.apk
MIME type of the data. For example, if the data field is set to file:///sdcard/AppManager.apk, the associated MIME type can be application/vnd.android.package-archive.
This is similar to action in the sense that it is also used by the system to filter application components. This has no further benefits. Unlike action, there can be more than one category. Clicking on the plus button next to the title allows adding more categories.
Flags are useful in determining how system should behave during the launch or after the launch of an activity. This should not be touched as it requires some technical background. The plus button next to the title can be used to add one or more flags.
Extras are the key-value pairs used for supplying additional information to the destination component. More extras can be added using the plus button next to the title.
Represents the entire Intent as a URI (e.g. intent://…). Some data cannot be converted to string, and as a result, they might not appear here.
List all the activity components that matches the Intent. This is internally determined by the system (rather than App Manager). The launch button next to each component can be used to launch them directly from App Manager.
Reset the Intent to its initial state.
Resend the edited Intent to the destination application. This may open a list of applications where the desired application is needed to be selected. The result received from the target application will be sent to the source application. As a result, the source application will not know if there was a man-in-the-middle.
Shared preferences can be edited in this page. Clicking any item on the list opens the edit dialog where the item can be edited. The floating action button in the bottom-right corner can be used to add a new item. To save or delete the file, or to discard current changes, the respective options in the menu can be used.
Many root-only features can still be used by enabling ADB over TCP. To do that, a PC or Mac is required with Android platform-tools installed, and an Android phone with developer options & USB debugging enabled.
Root users.
If superuser permission has been granted to App Manager, it can already execute privileged code without any problem. Therefore, root users do not need to enable ADB over TCP. But if you insist on using ADB over TCP, you must revoke superuser permission for App Manager.
See also: FAQ: ADB over TCP
Developer options is located in Android Settings , either directly near the bottom of the page (in most ROMs) or under some other settings, such as System (Google Pixel, Lineage OS, Asus Zenfone 8.0+), Additional Settings (Xiaomi MIUI, Oppo ColorOS), More Settings (Vivo FuntouchOS), More (ZTE Nubia). Unlike other options, it is not visible until explicitly enabled by the user. If it is already enabled, you can use the search box in Android Settings to locate it as well.
This option is available within Android Settings as well but like the location of the developer options, it also differs from device to device. But in general, you have to find Build number (or MIUI version for MIUI ROMs and Software version for Vivo FuntouchOS, Version for Oppo ColorOS) and tap it at least 7 (seven) times until you finally get a message saying You are now a developer (you may be prompted to insert pin/password/pattern or solve captchas at this point). In most devices, it is located at the bottom of the settings page, inside About Phone. But the best way to find it is to use the search box.
After locating the developer options, enable Developer option (if not already). After that, scroll down a bit until you will find the option USB debugging. Use the toggle button on the right-hand side to enable it. At this point, you may get an alert prompt where you may have to click OK to actually enable it. You may also have to enable some other options depending on device vendor and ROM. Here are some examples:
Enable USB debugging (Security settings) as well.
Enable Allow ADB debugging in charge only mode as well. When connecting to your PC or Mac, you may get a prompt saying Allow access to device data? in which case click YES, ALLOW ACCESS.
Notice.
Often the USB debugging mode could be disabled automatically by the system. If that’s the case, repeat the above procedure.
Depending on the device and the version of operating system, you have to enable Disable Permission Monitoring , or USB debugging (Security settings) along with Install via USB.
Depending on the device and the version of operating system, you have to enable Disable Permission Monitoring.
Make sure you have USB tethering enabled.
In case USB Debugging is greyed out, you can do the following:
Make sure you enabled USB debugging before connecting your phone to the PC or Mac via USB cable
Enable USB tethering after connecting to PC or Mac via USB cable
(For Samsung) If your device is running KNOX, you may have to follow some additional steps. See official documentations or consult support for further assistant
In order to enable ADB over TCP, you have to set up ADB in your PC or Mac. Lineage OS users can skip to §3.1.4.1.
Download the latest version of Android SDK Platform-Tools for Windows
Extract the contents of the zip file into any directory (such as C:\``adb) and navigate to that directory using Explorer
Open Command Prompt , PowerShell , or Terminal from this directory. You can do it manually from the start menu or by holding Shift and right clicking within the directory in File Explorer and then clicking either on Open command window here, or Open PowerShell window here (depending on what you have installed). You can now access ADB by typing adb (Command Prompt) or ./adb (PowerShell). Do not close this window yet.
Tip.
If you have WinGet installed, you can install ADB using the following command:
winget install --id Google.PlatformTools
After that, you can simply type adb to access ADB.
Download the latest version of Android SDK Platform-Tools for macOS
Extract the contents of the zip file into a directory by clicking on it. After that, navigate to that directory using Finder and locate adb
Open Terminal using Launchpad or Spotlight and drag-and-drop adb from the Finder window into the Terminal window. Do not close the Terminal window yet
Tip.
If you have Homebrew installed, you can install ADB using the following command:
brew install --cask android-platform-tools
After that, you can simply type adb in any Terminal window to access ADB.
In your favourite terminal emulator, run the following command:
If it is successful, you can simply type ./adb in the in same terminal emulator window or type ~/Downloads/platform-tools/adb in any terminal emulator to access ADB.
Lineage OS (or its derivatives) users can directly enable ADB over TCP using the developer options. To enable that, go to the Developer options , scroll down until you find ADB over Network. Now, use the toggle button on the right-hand side to enable it and skip to §3.1.4.3.
Warning.
You can turn off ADB over Network in developer options, but turning off this option will also stop App Manager’s remote server. So, turn it off only when you’re not going to use App Manager in ADB over TCP mode.
For other ROMs, you can do this using the command prompt/PowerShell/terminal emulator that you’ve opened in the step 3 of the previous section. In this section, I will use adb to denote ./adb, adb or any other command that you needed to use based on your platform and software in the previous section.
Connect your device to your PC or Mac using a USB cable. For some devices, it is necessary to turn on File transfer mode (MTP) as well
To confirm that everything is working as expected, type adb devices in your terminal. If your device is connected successfully, you will see something like this:
Finally, run the following command to enable ADB over TCP:
Danger.
You cannot disable developer options or USB debugging after enabling ADB over TCP.
After enabling ADB over TCP, relaunch App Manager. App Manager should detect ADB mode automatically. If it cannot, you can change the mode of operation to ADB over TCP in the settings page. There, you can also verify whether App Manager has correctly detected ADB as indicated by the inferred mode.
Notice.
In some Android devices, the USB cable is needed to be disconnected from the PC before connecting to App Manager.
Warning.
ADB over TCP will be disabled after a reboot. In that case, you have to follow §3.1.4.2 again.
If you are running Android 11 or later and capable of connecting to a Wi-Fi network for, at least, a few moments, Wireless Debugging is the recommended approach as it offers more protection than ADB over TCP. It requires two steps:
ADB pairing. The initial and a bit complex step for a novice user. Fortunately, this step is not required all the time.
Connecting to ADB. Needs to be done every time you reboot your phone. App Manager can also automate this step in most devices.
In the Developer options page, find Wireless debugging and click to open it. In the new page, turn on Use wireless debugging. Depending on the operating system, you might see a dialog prompt asking you to verify your decision. If that is the case, click Allow.
Tip.
For easy access, you might want to add Wireless debugging in the notification tiles section. To do this, find Quick settings developer tiles in the Developer options page and click to open it. In the new window, enable Wireless debugging. In case you do not see this setting, you may find a Wireless debugging tile in the tile customization panel.
In App Manager, navigate to Settings > Mode of operation and then enable Wireless debugging. At this, App Manager will try to establish a wireless debugging connection automatically which will fail if it has not been paired before. Once it fails, it will ask you to either connect or pair ADB. Select pair and a new dialog will appear. It will ask you to navigate to the Wireless debugging page.
Note.
As of v4.0.0, pairing is done using a notification prompt. So, if you have disabled notification for App Manager, you must enable it first.
In the Wireless debugging page, select Pair device with pairing code. At this, a dialog containing a pairing code will be displayed. A notification asking for the pairing code will also be visible almost instantly. Insert the pairing code in the input box in the notification and click pair. If the pairing is successful, App Manager will display notification with the message “paired”, and the dialog in the Wireless debugging page will be dismissed automatically. You will also be able to see App Manager listed as an ADB client in the same page.
Notice.
If you do not use App Manager in ADB mode for a while, App Manager might be removed from the list of clients. In that case, you have to repeat the above procedure.
App Manager should be able to connect to ADB automatically if the mode of operation is set to auto, ADB over TCP or Wireless debugging. If this is not the case, select Wireless debugging in Settings > Mode of operation. If App Manager fails to detect or connect to ADB, it will ask you to connect or pair ADB. Select connect.
Now, navigate to the Wireless debugging page in Android settings, and note down the port number displayed in the page. In App Manager’s dialog prompt, replace the port number with the one you have noted earlier, and click connect.
Once a connection has been established, you can disable Wireless debugging in Android settings.
Caution.
Never disable USB Debugging or any other additional options described in §3.2.1. If you do this, the remote server used by App Manager will be stopped, and you may have to start all over again.
App Manager has a modern, advanced and easy-to-use backup/restore system implemented from the scratch. This is probably the only app that has the ability to restore not only the app or its data but also permissions and rules that you’ve configured within App Manager. You can also choose to back up an app multiple times (with custom names) or for all users.
See also:
Back up/restore is a part of batch operations. It is also located inside the options menu in the App Info tab. Clicking on Backup/Restore opens the Backup Options. Backups are located at /storage/emulated/0/AppManager by default. You can configure custom backup location in the settings page in which case the backups will be located at the AppManager folder in the selected volume.
Note.
If one or more selected apps do not have any backup, the Restore and Delete Backup options will not be displayed.
Backup options (internally known as backup flags) let you customise the backups on the fly. However, the customisations will not be remembered for the future backups. If you want to customise this dialog, use Backup Options in the Settings page.
A complete description of the backup options is given below:
APK files. Whether to back up the APK files. This includes the base APK file along with the split APK files if they exist.
Internal data. Whether to back up the internal data directories. These directories are located at /data/user/<user_id> and (for Android N or later) /data/user_de/<user_id>.
External data. Whether to back up data directories located in the internal memory as well as SD Card (if exists). External data directories often contain non-essential app data or media files (instead of using the dedicated media folder) and may increase the backup size. However, it might be essential for some apps. Although it isn’t checked by default (as it might dramatically increase the size of the backups), you may have to check it in order to ensure a smooth restore of your backups.
OBB and media. Whether to back up or restore the OBB and the media directories located in the external storage or the SD Card. This is useful for games and the graphical software which actually use these folders.
Cache. Android apps have multiple cache directories located at every data directories (both internal and external). There are two types of cache: cache and code cache. Disabling this option excludes both cache directories from all the data directories. It is generally advised to exclude cache directories since most apps do not clear the cache regularly and usually handled by the OS itself. Apps such as Telegram may use a very large cache (depending on the storage space) which may dramatically increase the backup size. When it is disabled, AM also ignores the no_backup directories.
Extras. Backup/restore app permissions, net policy, battery optimization, SSAID, etc., enabled by default. Note that, blocking rules are applied after applying the extras. So, if an item is present in both places, it will be overwritten (i.e., the one from the blocking rules will be used).
Rules. This option lets you back up blocking rules configured within App Manager. This might come in handy if you have customised permissions or block some components using App Manager as they will also be backed up or restored when you enable this option.
Backup Multiple. Whether this is a multiple backup. By default, backups are saved using their user ID. Enabling this option allows you to create additional backups. These backups use the current date-time as the default backup name, but you can also specify custom backup name using the input field displayed when you click on the Backup button.
Custom users. Backup or restore for the selected users instead of only the current user. This option is only displayed if the system has more than one user.
Skip signature checks. When taking a backup, checksum of every file (as well as the signing certificate(s) of the base APK file) is generated and stored in the checksums.txt file. When you restore the backup, the checksums are generated again and are matched with the checksums stored in the said file. Enabling this option will disable the signature checks. This option is applied only when you restore a backup. During backup, the checksums are generated regardless of this option.
See also: Settings: Encryption
Backup respects all the backup options except Skip signature checks. If base backups (i.e., backups that don’t have the Backup Multiple option) already exist, you will get a warning as the backups will be overwritten. If Backup Multiple is set, you have an option to input the backup name, or you can leave it blank to use the current date-time.
Restore respects all the backup options and will fail if APK files option is set, but the backup doesn’t contain such backups or in other cases, if the app isn’t installed. When restoring backups for multiple packages, you can only restore the base backups (see backup section for an explanation). However, when restoring backups for a single package, you have the option to select which backup to restore. If All users option is set, AM will restore the selected backup for all users in the latter case but in the former case, it will restore base backups for the respective users.
Notice.
Apps that use storage access framework (SAF), SSAID or Android KeyStore works properly only after an immediate restart.
Delete backup only respects All users option and when it is selected, only the base backups for all users will be deleted with a prompt. When deleting backups for a single package, another dialog will be displayed where you can select the backups to delete.
It is possible to trigger profiles configured inside App Manager via third-party applications such as Automation or Tasker. Traditionally, Intents are used to trigger such operations.
In order to ensure proper security, an authorization key is required. To generate a authorization key, go to Settings page and then Privacy > Authorization Manager. If an authorization key has not been generated, it will be generated automatically. The key can be regenerated as required.
Caution.
Regenerating the authorization key can have some side effects such as invalidation of all the previously configured Intents.
The activity io.github.muntashirakon.AppManager.crypto.auth.AuthFeatureDemultiplexer is responsible for handling all the automations. Sending an intent to the activity lets App Manager perform the designated operation by redirecting the Intent to the designated activity or service.
It has two primary extras required in all conditions. The key names, data types are all follows:
auth. (String value) The authorization key as described in the earlier section.
feature. (String value) Name of the feature. Supported features are described in the next section.
App Manager current support a single feature, namely profile.
In order to trigger a profile, feature must have the value profile. In addition, the following extras can be included:
prof. (String value – required) The name of the profile as displayed in the Profiles page.
state. (String value – optional) State of the profile – currently on or off – as specified in the documentation. If this extra is not set, App Manager will display a prompt where a state must be selected. Therefore, for complete automation, this option should be set.
Short for Network policy or network policies. It is usually located in the Android settings under Mobile data & Wifi section in the app info page of an app. Not all policies are guaranteed to be included in this page (e.g. Samsung), and not all settings are well-understood due to lack of documentation. App Manager can display all the net policies declared in the NetworkPolicyManager. Policies unknown to App Manager will have a Unknown prefix along with the policy constant name and number in the hexadecimal format. Unknown policies should be reported to App Manager for inclusion.
Net policy allows a user to configure certain networking behaviour of an app without modifying the ip tables directly and/or running a firewall app. However, the features it offers largely depend on Android version and ROM. A list of known net policies are listed below:
None or POLICY_NONE : (AOSP) No specific network policy is set. System can still assign rules depending on the nature of the app.
Reject background data on metered networks or POLICY_REJECT_METERED_BACKGROUND : (AOSP) Reject network usage on metered networks when the application is in background.
Allow background data on metered networks even when Data Saver is on or POLICY_ALLOW_METERED_BACKGROUND : (AOSP) Allow metered network use in the background even when data saving mode is enabled.
Reject cellular data or POLICY_REJECT_CELLULAR (Android 11+) or POLICY_REJECT_ON_DATA (up to Android 10): (Lineage OS) Reject mobile/cellular data. Signals network unavailable to the configured app as if the mobile data is inactive.
Reject VPN data or POLICY_REJECT_VPN (Android 11+) or POLICY_REJECT_ON_VPN (up to Android 10): (Lineage OS) Reject VPN data. Signals network unavailable to the configured app as if the VPN is inactive.
Reject Wi-Fi data or POLICY_REJECT_WIFI (Android 11+) or POLICY_REJECT_ON_WLAN (up to Android 10): (Lineage OS) Reject Wi-Fi data. Signals network unavailable to the configured app as if the device is not connected to a Wi-Fi network.
Disable network access or POLICY_REJECT_ALL (Android 11+) or POLICY_NETWORK_ISOLATED (up to Android 10): (Lineage OS) Reject network access in all circumstances. This is not the same as enforcing the other three policies above, and is the recommended policy for dodgy apps. If this policy is enforced, there is no need to enforce the other policies.
POLICY_ALLOW_METERED_IN_ROAMING : (Samsung) Possibly allow metered network use during roaming. Exact meaning is currently unknown.
POLICY_ALLOW_WHITELIST_IN_ROAMING : (Samsung) Possibly allow network use during roaming. Exact meaning is currently unknown.
Reject data on metered networks or POLICY_REJECT_METERED : (Motorola) Reject network usage if it is a metered network.
Reject background data or POLICY_REJECT_BACKGROUND : (Motorola) Reject network usage in the background.
Disable network access or POLICY_REJECT_ALL : (Motorola) Reject network access altogether. Like Lineage OS, it blocks internet connections via iptables. But whether it signals the unavailability of network to the configured app is not known.
Note.
Corresponding Lineage OS patches are as follows:
Activities, services, broadcast receivers (or only receivers) and content providers (or only providers) are jointly called application components. More technically, they all inherit the ComponentInfo class and can be launched via Intent.
App Manager typically blocks application components (or tracker components) using a method called Intent Firewall (IFW), it is superior to other methods such as pm (PackageManager), Shizuku or any other method that uses the package manager to enable or disable the components. If a component is disabled by the latter methods, the application itself can detect that the component is being blocked and can re-enable it as it has full access to its own components. (Many deceptive applications actually do this in order to keep the tracker components unblocked.) On the other hand, IFW is a true firewall and the application cannot detect if its components are being blocked. App Manager uses the term block rather than disable for this reason.
Even IFW has some limitations which are primarily applicable for the system applications:
The application in question is whitelisted by the system i.e. the system cannot function properly without these applications and may cause random crashes. These applications include but not limited to Android System, System UI, Phone Services. They will continue to work even if they are disabled or blocked.
Another system application or system process has activated a specific component of the application in question via interprocess communication (IPC). In this case, the component will be activated regardless of blocking status or even if the entire application is disabled. If there is such a system application that is not needed, the only way to prevent it from running is by getting rid of it.
No. But the application components blocked by the system or any other tools are displayed in the component tabs. These rules can be imported from Settings. However, it is not possible for App Manager to distinguish the components blocked by the third-party tools and components blocked by the system. Therefore, the applications listed in the import page should be selected with care.
App Manager blocks the components again if requested. In case of unblocking, they will be reverted to the default state as specified in the manifest of the application. But if the components were blocked by MyAndroidTools (MAT) with IFW method, they will not be unblocked by App Manager as it uses a different format. To fix this issue, the rules have to be imported from Settings at first, in which case MAT’s configurations will be permanently removed.
When you block a component in the App Details page, the blocking is not applied by default. It is only applied when you apply blocking using the Apply rules option in the top-right menu. If you enable instant component blocking, blocking will be applied as soon as you block a component. If you choose to block tracker components, however, blocking is applied automatically regardless of this setting. You can also remove blocking for an application by simply clicking on Remove rules in the same menu in the App Details page. Since the default behaviour gives you more control over applications, it is better to keep instant component blocking option disabled.
All application components are classes but not all classes are components. In fact, only a few of the classes are components. That being said, scanner page displays a list of trackers along with the number of classes, not just the components. In all other pages, trackers and tracker components are used synonymously to denote tracker components, i.e. blocking tracker means blocking tracker components, not tracker classes.
Info.
Tracker classes that are not components cannot be blocked. They can only be removed by editing the application itself.
Unfortunately, yes. This is because the ADB daemon, the process responsible for ADB connection, is also restarted after a reboot, and it does not re-enable ADB over TCP.
ADB has limited number of permissions and controlling application components is not one of them. However, the components of a test-only app can be controlled via ADB. If App Manager detects such an application, it enables the blocking options automatically.
Supported features are enabled automatically in the ADB mode. Supported features include disabling, force-stopping, clearing application data, granting or revoking app ops and permissions, and so on. It is also possible to install or uninstall applications without any prompt from the system.
Yes. AM cannot modify any system settings without root or ADB.
Trackers and libraries are updated manually before making a new release.
No, APKs aren’t deleted by App Manager after they are installed.
App Manager’s use of hidden API and privileged code execution is now much more complex and cannot be integrated with other third party apps such as Shizuku. Here are some reasons for not considering Shizuku (which now has Apache 2.0 license) for App Manager:
Shizuku was initially non-free which led me to use a similar approach for App Manager to support both root and ADB
App Manager already supports both ADB and root which in some cases is more capable than Shizuku
Relying on a third-party app for the major functionalities is not a good design choice
Integration of Shizuku will increase the complexity of App Manager.
Bloatware are the unnecessary pre-installed apps, usually system apps. Some of the apps are often used to track users and collect user data which they might sell for profits. Many system apps do not need to request any permission to access device info, contacts and messaging data, and other usage info, such as your phone usage habits and everything you store on your shared storage(s).
The bloatware may also include Google apps, Meta apps, and Twitter/X which can also track users and/or collect user data without consent. You can disable a few permissions from Android settings but be aware that Android settings hides many permissions a security researcher would call potentially dangerous (e.g., internet, sensor).
Were the bloatware user apps, they could be easily uninstalled either from Android settings or AM. Uninstalling system apps is not possible without privileged permission, but even then, it cannot remove the system apps completely as they are located in the system partition which is a read-only partition. If you have root, you can remount this partition to manually purge these apps but this will break Over the Air (OTA) updates since data in the system partition has been modified. There are two kind of updates, delta (small-size, consisting of only the changes between two versions) and full updates. You may still be able to apply full updates, but the bloatware will be installed again, and consequently, you have to delete them all over again.
Another solution is to disable these apps either from Android settings or AM, but certain services can still run in the background as they can be started by other system apps using Inter-process Communication (IPC). One possible solution is to disable all bloatware until the service has finally stopped (after a restart). However, due to heavy modifications of the Android frameworks by the vendors, removing or disabling certain bloatware may cause the System UI to crash or even cause bootloop. From v4.0.0, AM has a new feature called Debloater which can be used as a starting point to monitor, disable, and remove the bloatware from a proprietary Android operating system.
Note.
In most cases, you cannot completely debloat your device. Therefore, it is recommended that you use a custom ROM free from bloatware, such as Graphene OS, Lineage OS or their derivatives.
AM currently supports blocking activities, broadcast receivers, content providers, services, app ops and permissions, and in future I may add more blocking options. In order to add more portability, it is necessary to import/export all these data.
Maintaining a database should be the best choice when it comes to storing data. For now, several tsv files with each file having the name of the package and a .tsv extension. The file/database will be queried/processed by the RulesStorageManager class. Due to this abstraction, it should be easier to switch to database or encrypted database systems in future without changing the design of the entire project. Currently, All configuration files are stored at /data/data/io.github.muntashirakon.AppManager/Files/conf.
The format below is used internally within App Manager and is not compatible with the external format.
<name> <type> <mode>|<component_status>|<is_granted>
Here:
<name> – Component/permission/app op name (in case of app op, it could be string or integer)
<type> – One of the ACTIVITY, RECEIVER, PROVIDER, SERVICE, APP_OP, PERMISSION
<mode> – (For app ops) The associated mode constant
<component_status> – (For components) Component status
<is_granted> – (For permissions) Whether the permission is granted or revoked
外部格式用於在 App Manager 中導入或導出規則。
<package_name> <component_name> <type> <mode>|<component_status>|<is_granted>
除了第一項是包的名稱外,該格式與上述格式基本相同。
注意.
導出的規則與內部規則的格式不同,不應直接複製到 conf 文件夾。
Added option to allow installing the existing applications in the installer page
Display unsafe bloatware info
Display vector icon on the splash screen in Android 7.1 and earlier
Enabled “Clear data from uninstalled apps” to no-root users in 1-click ops page
Enabled predictive back in Android 14 onwards
Improved accessibility by updating the content description of the action items
In app info tab, open “Open by default” setting in the “Open links” dialog
In debloater page, sort by app label (or app name) rather than package name
Fixed freezing an app with “Remember for this app” turned on
Fixed selecting texts in the list items due to framework bugs
Fixed setting app ops in custom ROMs with MIUI properties injected
Fixed updating profile modification status when an application is deleted from the list
Handled common colors and cursor movements in terminal output.
Optimized searching and filtering in the main page
Adopted sentence-case for the titles
Use the configured state to execute a profile for the simple shortcuts
Prevented crashing while searching throughout the application
Fixed integer overflow issue in the tar compression.
Updated translations
Improved handling the list items throughout App Manager
Fixed a regression error in file manager
Fixed spinners in the App Usage and the System Config pages.
Updated bloatware
Fixed fetching applications in multi-user environment in no-root mode
Fixed opening app-manager URLs from the web browsers
Fixed updating SSAID
Prevented a crash in Android < 9.0 that occurs due to invalid app ops.
In the App Details page, a new tab “Overlays” is added where per-app overlays are displayed. They can also be enabled or disabled using the toggle button. In addition, if the App Details page of an overlay package is opened, a “Overlay” tag will be displayed in the App Info tab. Clicking on the tag opens a dialog containing additional info along with a button that allows navigating to the App Details page of the overlay target package if it is installed.
At present, it only works for root/ADB users in Android 8 (Oreo) and later.
If the application corresponding to the shortcut being launched is frozen, App Manager will now offer you to unfreeze the app temporarily so that the shortcut can be launched. The app will be frozen again once the screen is locked.
This may not work on devices without a screen lock or if the screen is locked some time after the display goes off.
market-like URL supportThird-party applications can now open the App Details page of any installed package by invoking an Intent with an URL with the following format:
app-manager://details?id=<pkg>&user=<user_id>
where <pkg> stands for package name, and <user_id> stands for the user ID which is optional.
In order to improve accessibility, certain color codes have been improved. Visit Settings > About > Version/Changelog for details.
Avoided waiting for the remote server to respond when no-root mode is set
Fixed downgrading apps in Android 10 onwards
Fixed installer issues in the Huawei stock operating systems
Improved text formatting in the “What’s New” dialog
In the UI tracker window, fixed clicking on the icon after it is iconified
Updated bloatware and suggestions
App Manager v4.0.0 comes with a lot of new features and improvements. Visit Settings > About > Version/Changelog for details.
The new logo is just a cursive “A”. The design is based on the Tengwar Telcontar font which was created to bring the Tengwar script, originally created by J. R. R. Tolkien, to the digital world. The letter has the classic App Manager color (i.e., #dcaf74) and uses a pure black background instead of a shade of grey.
App Manager now targets Android 14 and fully supports Android 15.
KeyStore backup/restore is not working in Android 12 and later.
Debloating profiles were available as “Presets” in the Profiles page which has now been replaced with the Debloater page and can be accessed from the three-dots menu in the Main page. ADL is a new project that focuses on maintaining a list of bloatware as well as potential open source alternatives. Contributions are welcome!
App Manager offers an (almost) fully-featured file manager with basic file operations, such as copy, cut, rename, and delete along with the batch operations. It also offers an extensive “Open with…” dialog to open a file with another app, and a comprehensive file properties viewer. Folders can also be added to the list of favorites for quick access. And many more.
Manifest and code viewers have been replaced with this new editor. Among other regular features, it includes proper syntax highlighting and advanced searching options. In addition, files from third-party apps can also be opened for editing.
All 1-click operations, batch operations, and profile invocations are now stored as history. The history items can also be executed from the History page. To ensure consistency, the profile state, configurations, package list are also stored, and this stored version is executed instead of the actual profile. As a result, this works even if the profile is deleted.
Freeze/unfreeze feature now supports setting per-app freezing method which is beneficial in certain scenarios, such as when a user want to suspend some apps while using the disable method as the default. In addition, an “Advanced suspend” option is added which force-stops an application before suspending it, thus, prevent it’s services from running in the background.
Log viewer now supports enhanced searching and filtering options, such as keyword- and regular expression-based searching and filtering. Please read the in-app changelog for details. Support for batch operations has also been added.
App Manager now supports launching non-exported activities in no-root and ADB mode. However, in no-root mode, android.permission.WRITE_SECURE_SETTINGS permission is required.
Five new tags are added in the App Info tab. They are: bloatware, Xposed, sensors disabled, open links, and static shared libs. Clicking on “bloatware” will display more information regarding the bloatware and suggest alternatives, “Xposed” tag will display dependency information, “open links” will display a list of links supported by the application, and “static shared libs” will display all version of the application installed in the system along with an option to uninstall them. The latter is useful for applications, such as Trichrome.
“Sensors disabled” only works real-time. That means if the application is not currently active, this tag will always display even though the applications may use sensors while it is running. This is a framework limitation and nothing can be done to avoid it effectively.
It is not possible to modify installer options during the installation by clicking on the “settings” button in the installation dialog. The installer options will be applied to all the applications installed in the same session (i.e., the installer queue).
App Manager now supports running its remote server (which is used as a proxy for running privileged operations) as any supported user (UID). This includes root (0), system (1000), and shell/ADB (2000) through the custom commands. This is also useful for Fire TVs which have disabled connecting to ADB from localhost through socket connection. In addition, ADB pairing is now done using notifications rather than split screen. ADB connection speed can also be improved by choosing to run App Manager in the background which can be configured in the settings.
Data usage widget display the total data usage for the day, similar to the screen time widget which displays the total screen time for the day. In addition, existing widgets have been improved.
Replaced log viewer, sys config, Terminal, etc. with Labs page
Added an option to disable sensors for each app in the App Info tab
Added an option to perform runtime optimization of applications in the 1-click Ops page and in the App Info tab
Added support for Zstandard compression for backup/restore
Enabling APK signing now automatically enables zip align feature
Support exporting application list as CSV or JSON in the batch operations
Added pure black theme support
Display current activity name (when possible) in the UI Tracker window
Added an option to filter apps by user in the Main page
Display a link to Pithus report in the scanner page if available.
App Manager v3.1.0 comes with a few new features and a lot of improvements. Visit Settings > About > Version/Changelog for details.
App Manager now targets Android 13 which means most issues in Android 12 and 13 has been addressed, including SSAID and SAF issues as well as monochrome icons and other theming issues.
KeyStore backup/restore not working in Android 12 and later.
Enable/disable is replaced with freeze/unfreeze to allow greater control on the behaviours of an app. It supports suspend, disable and hide functionalities which can be controlled at Settings > Rules > Default freezing method. In order to make it easy to freeze or unfreeze an app, shortcuts can also be created from the App Info tab by long clicking on the freeze or unfreeze button.
In the Main page, it is now possible to export the list of apps in either XML or Markdown format using batch operations. In the future, the XML file may also be imported to App Manager.
App Manager now fully supports encrypting backups using ECC in addition to offering AES, RSA and OpenPGP.
Two new languages are added: Korean and Romanian.
In the main page, more sorting and filtering options are added. Sorting options include sorting the apps by total size, total data usage, launch count, screen time and last usage time. Filtering options include filtering the apps having at least one item in the Android KeyStore, filtering apps with URIs granted via SAF, and filtering apps with SSAID.
Fixed various issues with ADB pairing, handled incomplete USB debugging. Some rooting methods cannot allow interprocess communication via Binder. In those cases, ADB mode is used as a fallback method by enabling it automatically if possible.
When possible, App Manager will be able to display apps from work profile in no-root mode in addition to allowing basic operations such as launching the app or navigating to the system settings. For backups, it is now possible to restore backups for other users, but for work profile, some apps may only work properly after re-enabling the work profile. In the installer page, selecting All users will now install the app for all users instead of only the current user. Finally, in the app info tab, current app can be installed in another profile using the Install for… option available in the three-dots menu. This is analogous to the pm install-existing command, thereby, making the installation process a lot faster.
Explorer can now open DEX and JAR files in addition to APK files. Several sorting options as well as folder options are also added as the list options.
In app info tab, a new tag called WX is added. It is displayed in Android 10 and later if the application targets Android 9 or earlier. It indicates W^X violation which allows the app to execute arbitrary executable files either by the modification of executables embedded within the app or by downloading them from the Internet.
App ops are now managed automatically to avoid various app ops related crashes in various platforms. This will also lessen the amount of crashes in an unsupported operating system.
In the Main page, enabled batch uninstallation in no-root mode.
Enabled advanced searching. Searching now matches not only app labels but also package names.
Copy the intercepted Intent as am command which can be run from either an ADB shell or a terminal using root with the same effectiveness.
Explicitly handle the Internet permission which is a runtime permission in the OS.
Fixed permission denied issues in the installer due to a framework issue introduced in MIUI 12.5.
Fixed crashes in the Interceptor page due to a framework issue introduced in Android 11.
Improved Java-Smali conversion by including all the subclasses during conversion
Improved scanning performance in the Scanner page
Improved updating the list of apps in the Main page
Scan all the available paths to detect systemless-ly installed system apps
vacuum SQLite database before opening it for viewing or editing.
App Manager v3.0.0 comes with a lot of features and improvements. See Settings > About > Version/Changelog to see a more detailed changelog.
Material 3, somewhat similar to Material You, is a significant improvement over Material Design 2 with support for dynamic colours in Android 12 and later. In addition, many design changes have been made in App Manager without any significant changes in the overall user experience.
Switches are still based on Material Design 2 which will be fixed in a future release.
Wireless debugging support has been fully implemented. Head over to §3.2 for instructions on how to configure wireless debugging.
No-root users.
Due to auto-detection feature, startup time might be large for no-root users when the mode of operation is set to auto. Instead, no-root users should select no-root instead of auto.
App Manager is fully translated into Indonesian and Italian languages and can be enabled in settings. Bengali is removed due to lack of translators.
App Explorer can be used to browse the contents of an application. This includes binary XML files, DEX contents or any other media files. DEX contents can only be explored in Android Oreo (Android 8) and later. It’s also possible to convert an .smali file into .java for a better understanding of the reversed code. This feature, if not needed, can be disabled in Settings > Enable/disable features.
It is possible to import backups from discontinued or obsolete applications such as Titanium Backup, OAndBackup and Swift Backup (version 3.0 to 3.2). Go to Setting > Backup/restore to find this option.
VirusTotal is a widely used tool to scan files and URLs for viruses. In the scanner page and in the running apps page, an option to scan files with VirusTotal has been added. But the option is hidden by default. To enable the option, it is necessary to obtain an API key from VirusTotal. Go to Settings > VirusTotal API Key for more information.
Internet feature.
This is currently the only feature which require an Internet connection. If you wish to use any Internet feature that might also be added in the future, enable Use the Internet in Settings > Enable/disable features.
As the implementation of routine operations is being delayed, an option to trigger profiles from the external automation software is added. See §3.4 for instructions on how to configure profile automation.
Application installer includes several improvements including the ability to downgrade applications in no-root mode, installing multiple applications at once and blocking trackers after installation. In Android 12 and later, no-root users can update applications without any user interactions.
It is now possible to configure how App Manager should block a component. Visit Settings > Rules > Default blocking method for more information. In the components tab, long clicking the block/unblock button opens a context menu which allows per-component blocking in a similar manner. ADB users can also block the components of a Test only app.
In some pages, the search bar supports additional searching which includes searching via prefix, suffix or even regular expressions. In the main page, it is also possible to search for applications using the first letters of each word, e.g. App Manager can be listed by searching for am.
Shared libraries tab has received a significant improvements. It can display three types of libraries, such as native, jar and APK files.
Activity interceptor can be opened directly from the activities tab by long clicking on the launch button, and similarly, activities can be launched from the activity interceptor page with or without root, for any users.
Notice.
Currently, activities opened via root cannot send the results back to the original applications.
Screen time widget is quite similar to Digital Wellbeing’s widget by the same name. It displays the total screen time for the day along with the top three apps from all users.
Clear cache widget can be to clear cache from all the applications directly from the home screen.
Back up/restore feature is now finally out of beta! Read the corresponding guide to understand how it works.
Log viewer is essentially a front-end for logcat. It can be used to filter logs by tag or pid (process ID), or even by custom filters. Log levels AKA verbosity can also be configured. You can also save, share and manage logs.
Lock App Manager with the screen lock configured for your device.
You can set any mode for any app ops that your device supports, either from the 1-click ops page or from the app ops tab.
You can now easily add selected apps to an existing profile using the batch operations.
App info tab now has many options, including the ability to change SSAID, network policy (i.e. background network usage), battery optimization, etc. Most of the tags used in this tab are also clickable, and if you click on them, you will be able to look at the current state or configure them right away.
Sort and filter options are now replaced by List Options which is highly configurable, including the ability to filter using profiles.
Interested in knowing about your device in just one page? Go to the bottom of the settings page.
Not interested in all the features that AM offers? You can disable some features in settings.
AM now has more than 19 languages! New languages include Farsi, Japanese and Traditional Chinese.
You can now import external signing keys in AM! For security, App Manager has its own encrypted KeyStore which can also be imported or exported.
Since APKMirror has removed encryption from their APKM files, it’s no longer necessary to decrypt them. As a result, the option to decrypt APKM files has been removed. Instead, this option is now provided by the UnAPKM extension which you can grab from F-Droid. So, if you have an encrypted APKM file and have this extension installed, you can open the file directly in AM.
Profiles finally closes the related issue. Profiles can be used to execute certain tasks repeatedly without doing everything manually. A profile can be applied (or invoked) either from the Profiles page or from the home screen by creating shortcuts. There are also some presets which consist of debloating profiles taken from Universal Android Debloater.
Exporting rules and applying permissions are not currently working.
Profiles are applied for all users.
Intent Intercept works as a man-in-the-middle between source and destination, that is, when you open a file or URL with another app, you can see what is being shared by opening it with Interceptor first. You can also add or modify the intents before sending them to the destination. Additionally, you can double-click on any exportable activities in the Activities tab in the App Details page to open them in the Interceptor to add more configurations.
Editing extras is not currently possible.
When I released a small tool called UnAPKM, I promised that similar feature will be available in App Manager. I am proud to announce that you can open APKM files directly in the App Info page or convert them to APKS or install them directly.
App manager now supports multiple users! For now, this requires root or ADB. But no-root support is also being considered. If you have multiple users enabled and click on an app installed in multiple profiles, an alert prompt will be displayed where you can select the user.
Thanks to the contributors, we have one more addition to the language club: French. You can add more languages or improve existing translations at Weblate.
If App Manager crashes, you can now easily report the crash from the notifications which opens the share options. Crashes are not reported by App Manager, it only redirects you to your favourite Email client.
Added support for Android 11. Not everything may work as expected though.
In settings page, you can set install locations such as auto (default), internal only and prefer external.
In settings page, you can also set default APK installer (root/ADB only) instead of App Manager.
In settings page, you can allow App Manager to display multiple users during APK installation.
In settings page, you can choose to sign APK files before installing them. You can also select which signature scheme to use in the APK signing option in settings.
Currently, only a generic key is used to sign APK files
As promised, it is now possible to select splits. AM also provides recommendations based on device configurations. If the app is already installed, recommendations are provided based on the installed app. It is also possible to downgrade to a lower version without data loss if the device has root or ADB. But it should be noted that not all app can be downgraded. Installer is also improved to speed up the installation process, especially, for root users. If the app has already been installed and the new (x)apk(s) is newer or older or the same version with a different signature, AM will display a list of changes similar to What’s New before prompting the user to install the app. This is useful if the app has introduced tracker components, new permissions, etc.
Large app can take a long time to fetch app info, and therefore, it may take a long time display the installation prompt.
If the apk is not located in the internal storage, the app has to be cached first which might also take a long time depending on the size of the apk.
Exodus page is now replaced with scanner page. Scanner page contains not only a list of trackers but also a list of used libraries. This is just a start. In the future, this page will contain more in depth analysis of the app.
System Config lists various system configurations and whitelists/blacklists included in Android by either OEM/vendor, AOSP or even some Magisk modules. Root users can access this option from the overflow menu in the main page. There isn’t any official documentation for these options therefore it’s difficult to write a complete documentation for this page. I will gradually add documentations using my own knowledge. However, some functions should be understandable by their name.
Thanks to the contributors, AM now has more than 12 languages. New languages include Bengali, Hindi, Norwegian, Polish, Russian, Simplified Chinese, Turkish and Ukrainian.
More tags are added in the app info tab such as KeyStore (apps with KeyStore items), Systemless app (apps installed via Magisk), Running (apps that are running). For external apk, two more options are added namely Reinstall and Downgrade. Now it is possible to share an apk via Bluetooth. For system apps, it is possible to uninstall updates for root/ADB users. But like the similar option in the system settings, this operation will clear all app data. As stated above, exodus has been replaced with scanner.
It’s now relatively easy to navigate to various UI components using keyboard. You can use up/down button to navigate between list items and tab button to navigate to UI components inside an item.
It is now possible to sort and filter processes in this tab. Also, the three big buttons are replaced with an easy-to-use three dot menu. Previously the memory usage was wrong which is fixed in this version.
Toybox (an alternative to busybox) is bundled with AM. Although Android has this utility built-in from API 23, toybox is bundled in order to prevent buggy implementations and to support API < 23.
Component blocker seemed to be problematic in the previous version, especially when global component blocking is enabled. The issues are mostly fixed now.
Caution.
The component blocking mechanism is no longer compatible with v2.5.6 due to various security issues. If you have this version, upgrade to v2.5.13 or earlier versions first. After that, enable global component blocking and disable it again.
Value of various app ops depend on their parent app ops. Therefore, when you allow/deny an app op, the parent of the app op gets modified. This fixes the issues some users have been complaining regarding some app ops that couldn’t be changed.
If an app has the target API 23 or less, its permissions cannot be modified using the pm grant … command. Therefore, for such apps, option to toggle permission has been disabled.
The signature tab is improved to support localization. It also displays multiple checksums for a signature.
Manifest no longer crashes if the size of the manifest is too long. Generated manifest are now more accurate than before.
Bundled app formats such as apks and xapk are now supported. You can install these apps using the regular installation buttons. For root and adb users, apps are installed using shell, and for non-root users, the platform default method is used.
Currently all splits apks are installed. But this behaviour is going to change in the next release. If you only need a few splits instead of all, extract the APKS or XAPK file, and then, create a new zip file with your desired split apks and replace the ZIP extension with APKS. Now, open it with AM.
There is no progress dialog to display the installation progress.
You can now install APK , APKS or XAPK directly from your favourite browser or file manager. For apps that need updates, a What’s New dialog is displayed showing the changes in the new version.
Downgrade is not yet possible.
There is no progress dialog to display the installation progress. If you cannot interact with the current page, wait until the installation is finished.
In the Settings page, a new option is added which can be used to remove all blocking rules configured within App Manager.
App Ops are now generated using a technique similar to AppOpsX. This should decrease the loading time significantly in the App Ops tab.
In the App Ops tab, a menu item is added which can be used to list only active app ops without including the default app ops. The preference is saved in the shared preferences.
Often the App Ops tab may not be responsive. If that’s the case, restart App Manager.
ADB shell commands are now executed using a technique similar to AppOpsX (This is the free alternative of AppOps by Rikka.). This should dramatically increase the execution time.
AM can often crash or become not responsive. If that’s the case, restart App Manager.
Add an option to filter apps that has at least one activity.
Apk files are now saved as app name_version.extension instead of package.name.extension.
Added a foreground service to run batch operations. The result of the operation is displayed in a notification. If an operation has failed for some packages, clicking on the notification will open a dialog box listing the failed packages. There is also a Try Again button on the bottom which can be used to perform the operation again for the failed packages.
Replaced Linux kill with force-stop.
Added German and Portuguese (Brazilian) translations.
Not all translations are verified yet.
Install app only for the current user at the time of restoring backups. Support for split apks is also added.
Data backup feature is now considered unstable. If you encounter any problem, please report to me without hesitation.
App Ops (short hand for Application Operations ) are used by Android system (since Android 4.3) to control application permissions. The user can control some permissions, but only the permissions that are considered dangerous (and Google thinks knowing your phone number isn’t a dangerous thing). So, app ops seems to be the one we need if we want to install apps like Facebook and it’s Messenger (the latter literary records everything if you live outside the EU) and still want some privacy and/or security. Although certain features of app ops were available in Settings and later in hidden settings in older version of Android, it’s completely hidden in newer versions of Android and is continued to be kept hidden. Now, any app with android.Manifest.permission.GET_APP_OPS_STATS permission can get the app ops information for other applications but this permission is hidden from users and can only be enabled using ADB or root. Still, the app with this permission cannot grant or revoke permissions (actually mode of operation) for apps other than itself (with limited capacity, of course). To modify the ops of other app, the app needs android.Manifest.permission.UPDATE_APP_OPS_STATS permissions which isn’t accessible via pm command. So, you cannot grant it via root or ADB, the permission is only granted to the system apps. There are very few apps who support disabling permissions via app ops. The best one to my knowledge is AppOpsX. The main (visible) difference between my app (AppManager) and this app is that the latter also provides you the ability to revoke internet permissions (by writing ip tables). One crucial problem that I faced during the development of the app ops API is the lack of documentation in English language.
Figure 2: How app ops work
Figure 1 describes the process of changing and processing permission. AppOpsManager can be used to manage permissions in Settings app. AppOpsManager is also useful in determining if a certain permission (or operation) is granted to the application. Most of the methods of AppOpsManager are accessible to the user app but unlike a system app, it can only be used to check permissions for any app or for the app itself and start or terminating certain operations. Moreover, not all operations are actually accessible from this Java class. AppOpsManager holds all the necessary constants such as OP_*, OPSTR_*, MODE_* which describes operation code, operation string and mode of operations respectively. It also holds necessary data structures such as PackageOps and OpEntry. PackageOps holds OpEntry for a package, and OpEntry , as the name suggests, describes each operation.
AppOpService is completely hidden from a user application but accessible to the system applications. As it can be seen in Figure 1, this is the class that does the actual management stuff. It contains data structures such as Ops to store basic package info and Op which is similar to OpEntry of AppOpsManager. It also has Shell which is actually the source code of the appops command line tool. It writes configurations to or read configurations from /data/system/appops.xml. System services calls AppOpsService to find out what an application is allowed and what is not allowed to perform, and AppOpsService determines these permissions by parsing /data/system/appops.xml. If no custom values are present in appops.xml, it returns the default mode available in AppOpsManager.
AppOpsManager stands for application operations manager. It consists of various constants and classes to modify app operations.
See also: AppOpsManager documentation
OP_* ConstantsOP_* are the integer constants starting from 0. OP_NONE implies that no operations are specified whereas _NUM_OP denotes the number of operations defined in OP_* prefix. While they denote each operation, the operations are not necessarily unique. In fact, there are many operations that are actually a single operation denoted by multiple OP_* constant (possibly for future use). Vendors may define their own op based on their requirements. MIUI is one of the vendors who are known to do that.
public static final int OP_NONE = -1;
public static final int OP_COARSE_LOCATION = 0;
public static final int OP_FINE_LOCATION = 1;
public static final int OP_GPS = 2;
public static final int OP_VIBRATE = 3;
...
public static final int OP_READ_DEVICE_IDENTIFIERS = 89;
public static final int OP_ACCESS_MEDIA_LOCATION = 90;
public static final int OP_ACTIVATE_PLATFORM_VPN = 91;
public static final int _NUM_OP = 92;
Whether an operation is unique is defined by sOpToSwitch. It maps each operation to another operation or to itself (if it’s a unique operation). For instance, OP_FINE_LOCATION and OP_GPS are mapped to OP_COARSE_LOCATION.
Each operation has a private name which are described by sOpNames. These names are usually the same names as the constants without the OP_ prefix. Some operations have public names as well which are described by sOpToString. For instance, OP_COARSE_LOCATION has the public name android:coarse_location.
As a gradual process of moving permissions to app ops, there are already many permissions that are defined under some operations. These permissions are mapped in sOpPerms. For example, the permission android.Manifest.permission.ACCESS_COARSE_LOCATION is mapped to OP_COARSE_LOCATION. Some operations may not have any associated permissions which have null values.
As described in the previous section, operations that are configured for an app are stored at /data/system/appops.xml. If an operation is not configured, then whether system will allow that operation is determined from sOpDefaultMode. It lists the default mode for each operation.
MODE_* ConstantsMODE_* constants also integer constants starting from 0. These constants are assigned to each operation describing whether an app is authorised to perform that operation. These modes usually have associated names such as allow for MODE_ALLOWED, ignore for MODE_IGNORED, deny for MODE_ERRORED (a rather misnomer), default for MODE_DEFAULT and foreground for MODE_FOREGROUND.
MODE_ALLOWED. The app is allowed to perform the given operation
MODE_IGNORED. The app is not allowed to perform the given operation, and any attempt to perform the operation should silently fail, i.e. it should not cause the app to crash
MODE_ERRORED. The app is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException
MODE_DEFAULT. The app should use its default security check, specified in AppOpsManager
MODE_FOREGROUND. Special mode that means “allow only when app is in foreground.” This mode was added in Android 10
MODE_ASK. This is a custom mode used by MIUI whose uses are unknown.
AppOpsManager.PackageOps is a data structure to store all the OpEntry for a package. In simple terms, it stores all the customised operations for a package.
public static class PackageOps implements Parcelable {
private final String mPackageName;
private final int mUid;
private final List<OpEntry> mEntries;
...
}
As can be seen in Listing 2, it stores all OpEntry for a package as well as the corresponding package name and its kernel user ID.
AppOpsManager.OpEntry is a data structure that stores a single operation for any package.
public static final class OpEntry implements Parcelable {
private final int mOp;
private final boolean mRunning;
private final @Mode int mMode;
private final @Nullable LongSparseLongArray mAccessTimes;
private final @Nullable LongSparseLongArray mRejectTimes;
private final @Nullable LongSparseLongArray mDurations;
private final @Nullable LongSparseLongArray mProxyUids;
private final @Nullable LongSparseArray<String> mProxyPackageNames;
...
}
Here:
mOp: Denotes one of the OP_* constants
mRunning: Whether the operation is in progress (i.e. the operation has started but not finished yet). Not all operations can be started or finished this way
mMOde: One of the MODE_* constants
mAccessTimes: Stores all the available access times
mRejectTimes: Stores all the available reject times
mDurations: All available access durations, checking this with mRunning will tell you for how long the app is performing a certain app operation
mProxyUids: No documentation found
mProxyPackageNames: No documentation found
TODO
TODO
Latest appops.xml has the following format: (This DTD is made by me and by no means perfect, has compatibility issues.)
<!DOCTYPE app-ops [
<!ELEMENT app-ops (uid|pkg)*>
<!ATTLIST app-ops v CDATA #IMPLIED>
<!ELEMENT uid (op)*>
<!ATTLIST uid n CDATA #REQUIRED>
<!ELEMENT pkg (uid)*>
<!ATTLIST pkg n CDATA #REQUIRED>
<!ELEMENT uid (op)*>
<!ATTLIST uid
n CDATA #REQUIRED
p CDATA #IMPLIED>
<!ELEMENT op (st)*>
<!ATTLIST op
n CDATA #REQUIRED
m CDATA #REQUIRED>
<!ELEMENT st EMPTY>
<!ATTLIST st
n CDATA #REQUIRED
t CDATA #IMPLIED
r CDATA #IMPLIED
d CDATA #IMPLIED
pp CDATA #IMPLIED
pu CDATA #IMPLIED>
]>
The instruction below follows the exact order given above:
app-ops: The root element. It can contain any number of pkg or package uid
pkg: Stores package info. It can contain any number of uid
Package uid: Stores package or packages info
uid: The package user ID. It can contain any number of op
op: The operation, can contain st or nothing at all
st: State of operation: whether the operation is accessed, rejected or running (not available on old versions)
This definition can be found at AppOpsService.
appops or cmd appops (on latest versions) can be accessible via ADB or root. This is an easier method to get or update any operation for a package (provided the package name is known). The help page of this command is self-explanatory:
AppOps service (appops) commands:
help
Print this help text.
start [--user <USER_ID>] <PACKAGE | UID> <OP>
Starts a given operation for a particular application.
stop [--user <USER_ID>] <PACKAGE | UID> <OP>
Stops a given operation for a particular application.
set [--user <USER_ID>] <[--uid] PACKAGE | UID> <OP> <MODE>
Set the mode for a particular application and operation.
get [--user <USER_ID>] <PACKAGE | UID> [<OP>]
Return the mode for a particular application and optional operation.
query-op [--user <USER_ID>] <OP> [<MODE>]
Print all packages that currently have the given op in the given mode.
reset [--user <USER_ID>] [<PACKAGE>]
Reset the given application or all applications to default modes.
write-settings
Immediately write pending changes to storage.
read-settings
Read the last written settings, replacing current state in RAM.
options:
<PACKAGE> an Android package name or its UID if prefixed by --uid
<OP> an AppOps operation.
<MODE> one of allow, ignore, deny, or default
<USER_ID> the user id under which the package is installed. If --user is not
specified, the current user is assumed.