#unstable #beta #release
App Manager v4.0.0-beta01

Funding campaign dates have been updated as this is going to be the last campaign in many years.
If you're running ADB, you may need to restart your device first.

- Added full support for Android 14
* Fixed compatibility issues
* Support installing apps that targets SDK 22 or earlier (privileged mode only)
- [Experimental] Use outlines for color codes

App Details page
- Allowed launching non-exported activities in no-root/ADB mode
The “Search assistant” (usually set to Google Assistant) feature allows setting arbitrary activity via the assistant key-value pair stored in the secure settings database. Hence, non-exported (that is, app private) activities can be launched even in no-root mode by exploiting this feature. However, modifying a secure setting require android.permission.WRITE_SECURE_SETTINGS permission which is granted automatically in ADB mode and has to be granted manually in no-root mode via ADB.
App Manager also cannot trigger the assistant on its own in the no-root mode, because it doesn't have enough permissions (it requires android.permission.INEJECT_EVENTS permission which cannot be granted to the user applications). Activity shortcuts also use this feature when they cannot be launched in privileged mode.

App Usage page
- Make the combo-box static on top

App Info tab
- Fixed handling multiple users in no-root mode
- Fixed listing granted URIs
- Prevent crashes in tablets running buggy GSI firmware

Code Editor
- Prevented the editor from crashing if it is restarted from Recents

Installer
- Enabled installing system apps with a different signature
The “Install only” button is enabled for system apps when the signatures are different. This is useful for only those who have disabled signature verification using methods, such as CorePatch.

Log Viewer
- Added a batch option to copy the selected logs
- Changed list selection modes.
1. Normal mode
- Click: expand/collapse text
- Long click: Open context menu
2. Selection mode
- Click: Select clicked item
- Long click: Select items between the last selected item to the clicked item if possible. Otherwise, only click the item.

Main page
- Avoided reopening the keyboard while searching is active, but the keyboard was closed manually
- [Batch Ops] Fixed saving some APK files due to naming issues.

Profiles
- Fixed applying profiles
- Fixed loading label after refreshing the app list.

Running Apps page
- Refresh running apps every 10 seconds.

Scanner page
- Fixed scanning using VirusTotal.

Settings
- [Experimental] Initial support for custom command for mode of ops
- Avoided auto-detecting ADB port number if Wi-Fi is inactive
- Display ADB pairing dialog directly when a pairing may be required
- Improved auto-connecting to ADB
* When mode is set to auto, instead of checking the active ADB host and port first, the status of the ADB daemon is checked
* When mode is set to “Wireless debugging”, developer settings and wireless debugging are enabled automatically before attempting any connections. This requires:
1. android.permission.WRITE_SECURE_SETTINGS to be granted to App Manager, OR
2. App Manager connected via root or ADB at least once (in which case, the permission above is granted automatically)
* Attempt to fetch the current port for ADB over TCP via service.adb.tcp.port property instead of using the default 5555 port or the previously saved value.
- Pair ADB via notification
- Improved preferences and dialogs
* Added a dedicated page for VirusTotal
* Added a dedicated page for mode of operations
* Moved “Use the Internet” to Privacy settings
* Added feature toggler for Log Viewer and Installer
* Display build expiry and funding campaign notices only in the main settings
* Replace “Remove all rules” with a primary button
* Input boxes are focused by default
* For numeric inputs, only the numeric keyboard is displayed
* Input texts aren't added to the user suggestions.
- Avoided displaying “Imported” for Watt and Blocker when nothing is selected
- Check if the selected directory is actually a directory before attempting to import a backup
- Fixed displaying wireless debugging options when App Manager is unable to enable Wireless Debugging.

UI
- Draw activities around the display cutouts
- Tint combo-boxes in primary container color to match Android 12+ styles
- Used circular progress for initialization
- Fixed styling some popup menus.

Others
- Added more network policies from Motorola devices.
* POLICY_REJECT_METERED
* POLICY_REJECT_BACKGROUND
* POLICY_REJECT_ALL
- Automatically grant usage stats permission in privileged mode
The feature, as usual, can be disabled in settings.
- Enabled creating activity shortcuts for other users
- Avoided fetching packages for other users if there's no permission to do so
- Fixed blocking components in Android 14
- Fixed blocking providers when only IFW is set
Intent Firewall (IFW) does not support blocking providers. So, when IFW-only mode was enabled, it tried to apply only the IFW rules which resulted in the providers remaining unblocked. From now on, the providers are blocked via “disable” option.
- Fixed launching remote services in OnePlus devices
- Fixed retrieving the list of packages in some devices
- Fixed retrieving and updating permission flags in Android 12 onwards

Full list of changes: https://github.com/MuntashirAkon/AppManager/compare/v4.0.0-alpha02...v4.0.0-beta01

⚠️ Important.
From now on, if you want to contact me via email, please send it to am4android [at] riseup [dot] net. This shall be enforced with the release of the next stable release, which means that any attempt to contact me via any other email addresses will be ignored and may be reported as spam. Also, due to a high volume of emails of late, I may not be able to reply to all of them, especially the ones that does not contain any helpful info such as crash reports or the steps to reproduce the issue. If you're blocked on GitHub for your misconduct, chances are your messages will be filtered in my email client as well. This is a part of the ongoing measure to ensure the safety and longevity of my projects by blocking anybody who tries to harm the projects by any means. It should also be noted that only official sources should be used to download the applications. Third-party sources may provide modified version of the applications which may contain malware.

Third-party app stores should also take note of my message and take necessary actions to update the email address.

📣 May'24 Updates.
1. I've suspended GitHub discussions indefinitely as a number of people have been seen abusing this feature in order to bypass the GitHub issue templates.
2. Updates will now be posted in the App Manager channel rather than in the AM Debug channel to improve the transparency of App Manager project.
3. A new beta will be released near mid-June after updating the documentation.
4. Funding campaign for 2024 was ended on 31 May/1 June (depending on the timezone), and it won't be renewed next year.
5. A “Contributor of the Month” certificate will be issued each month to encourage users to contribute to App Manager and the related projects. It will be issued to a contributor (not to the maintainers) with more impacts than any other contributors (excluding the maintainers). This could be any type of contribution, such as bug fixes, feature improvements, documentation, creating helpful issues, community engagements, and funding. The description of the contribution(s) will be provided in the certificate. A public record will also be kept for verification. The decision will be made heuristically and in good faith. The certificate may not be issued for the month if there isn't any contributor with significant impact or if the contributor has opted out of this program. (Claim the first certificate by dropping a certificate template at @LostFreedom!)
6. I'll be starting my Ph.D. in Computer Science at the University of California, Riverside this September! (Shout-out to those who live near Riverside and Los Angeles!) My research will be very close to Android and Linux. So, it won't have a significant impact on the development of App Manager. More information will be available in my blog in due time.

📣 June'24 Updates.
1. I couldn't manage to publish the beta on time due to Eid and my illness (basically the flu you have before the monsoons). v4.0.0-beta02 and v3.1.7 will be released this week.
2. "Contributor of the Month" will be skipped for June since there wasn't any contributor with notable contributions.
3. Google seems to be introducing a lot of breaking changes to the permission APIs in Android 14 as they're figuring out a way to handle virtual devices. Notable changes were introduced in the following revisions: r29 and r50. This may cause frequent crashes as App Manager may not always be up-to-date with the changes.

I hope July will be a productive month as I intend to release v4.0.0 stable by the end of July.

Battery Charge Limiter (BCL) v1.1.0

BCL is now in the maintenance mode. Since Android has added native support for charging control*, there's no point in developing this app anymore. The app may, at best, receive occasional bug fixes in the future.**

- Added support for Android 12 and later
- Added Tamil and Simplified Chinese translations

---
* If your device has native support for charging control and it’s functional, the app will not work properly and your device may enter into an infinite loop of charging and discharging. Please uninstall the app if this happens to you.
** The app was originally developed for my own use. A public release was made based on user request. I no longer use the app since my device has native support for charging control on Android 14.

No-root users can utilize a notification system. This can be done by issuing a conditional notification using an automation app, or you can use this app: https://f-droid.org/packages/biz.binarysolutions.healthybatterycharging/

📣 July’24 Updates.
1. The situation in my country wasn’t very well this month (and won’t be in this month). The police, the special forces, the armed forces along with the student wing of the current political party attacked the students and civilians, protesting against a discriminating quota system in govt jobs, throughout the country resulting in the death of 277 or even more, which is highest number of deaths in a single movement since its independence in 1971 (we’re now calling it the July Massacre). In addition, the Internet wasn’t available for five days throughout the country, and the cellular Internet wasn’t available for ten days, and the Internet speed is still very slow. I posted some updates earlier in the debug channel on Telegram, and a few users emailed me and offered to help me in any way they can. Thank you for your emails. Just to give you an update, I’m well and safe, and I don’t need any help right now. I also couldn’t focus on anything else, including this project. So, I couldn’t make a beta release like I announced earlier.
2. “Contributor of the Month” will be skipped for July due to the above circumstances.
3. I’ve been seriously working on the backup/restore feature. It needs a lot of improvements including support for importing/exporting contacts, SMS/MMS, Wi-Fi configurations, VPN apps, autofill apps, accessibility apps, input methods, spell checkers, notification channels, and so on. Some of the features require a lot of work, and won’t be available anytime soon. Be sure to take a look at the changelogs to find what’s new in backups!
4. It appears that some directories aren’t accessible on some devices (Amazon Fire TV, or example) in ADB mode. What’s more curious is that newer Androids don’t support opening streams via ADB in some directories (blocked via SELinux). As a result, we may need alternative methods (such as no-root usage or streaming via shell) for those cases. However, further investigation is needed.

5. As I started looking into the permission issues, it appears that the sorting out all the permissions is not an easy thing to do, and a lot of people in the past have tried to come up with solutions, but none of them have offered any perfect solution. This is almost an impossible task for several reasons: a) There are two permission APIs (i.e., PermissionManager and AppOpsManager), b) Some permissions are merged with each other in those APIs which can cause unexpected behaviour both aren’t altered at the same time, c) Although each permission (or app op) supports a wide set of modes or flags, only a few specific modes or flags actually work with a permission and finding this out is complicated, especially for the infrequently used permissions (as they are not available in Android Settings to find how they should actually be granted or revoked), d) Many permissions (and most app ops) have no public documentation, making it difficult to find out what they are supposed to do, e) There are some other APIs that should’ve been included with the permission APIs (e.g., battery optimisation, sensor, net policy) as their independent presence makes no sense, f) Some vendors include their own sets of permissions and app ops whose behaviours are largely unknown, g) Vendors provide permission whitelists for some applications (fortunately, this is manageable through the permission flags), h) Same permissions work differently in each version of Android, and i) Some app ops depend on other app ops. Therefore, in creating a permission model, we’ll have to unify all those permission APIs and present them to the user in a way so that it would look as if the permissions are handled by a single permission API, and this isn’t an easy thing to do. Because we still have to provide a way to show which permissions are affected by the change and offer an option to alter them manually. This is further complicated by other apps (e.g., App Ops, Permission Pilot) that offer their own sets of abstraction, and the user expects similar behaviour from App Manager. Another issue is that the purpose of the “Uses Permissions” and “Permissions” tabs were to display the permissions declared in the manifest of the app. If such a permission model is implemented, it should not replace those tabs.

Bangladesh v2.0!

We have just got our second independence through a historical revolution! Congratulations to all Bangladeshis who follow this channel!

📣 August’24 Updates.

1. The month August has been quite eventful. The tyrannical govt of Bangladesh was ousted on 5 August as people joined the students in their one-point demand. The prime minister fled the country, police fled from their stations, students and army were in charge of law and order, and an interim govt was formed. Then, we saw many unsuccessful attempts by various parties to oust the new govt. Also, there was a sudden and massive flood in the Southeastern part of the country. Finally, when all things were settling down, I lost my grandmother in 22 August as she had multiple strokes due to old age. It was also my last month in my job as I am starting Ph.D. from September. I also needed to prepare for my journey to a new country, which will also be my first ever visit to any country as well as plane journey.
2. I am trying my best to update documentation so that I can release the next beta as soon as possible. v4.0.0 introduces a lot of changes. So, it’s taking some time, not to mention the distractions that I’m constantly facing.
3. Many people are talking about the latest Magisk privilege escalation vulnerability which allows a third-party application to obtain root without any prompt. The vulnerability is discovered by the Magisk contributors themselves and cannot be exploited easily. So, there’s no need to panic. You can also switch to the Canary channel to have a fix, but it’s not urgent.
4. On another news, Samsung users should really focus on debloating their stock ROM as we’re seeing a surge of vulnerabilities in their system and preinstalled applications. One of the primary reasons for privilege escalation vulnerabilities is the lack of audit of the system applications. UID < 10000 are special UIDs that need special care, especially UID 1000. Unfortunately, we can expect nothing from them as it seems that the security audits are skipped even for their kernel modules. My question is: if you cannot audit your system applications, why do you develop them in first place? Why not rely on the AOSP instead.