Android Security

Is Android Xposed Module XPrivacyLua dead in the water?

M66B is a well-known developer which got a lot of attention with his XPrivacy Xposed Module back in the day, his latest Xposed Module is called XPrivacyLua which can fake application in order to prevent to give out the app your real ID’s.


About XPrivacyLua

Basically, it’s an Xposed module – which needs the Xposed Framework to be installed first – that protects your privacy by feeding applications fake data or no data at all, or by restricting applications from accessing data categories such as location, contacts or storage. The idea is to provide an XPosed Module which is stable but still allows you to protect your real data.

XPrivacy Lua itself doesn’t revoke or block applications’ permissions the way Android does, except internet and storage access which means most apps don’t misbehave or crash when they’re denied access. This was criticized on his XPrivacy app before.

No ‘privacy’ proof

The developer or the community couldn’t provide any evidence that faking information data on an app basis really helps to escape or prevent data theft. I also explained that the module is not the allround cure on GitHub.

Android by itself tries to remove the unneeded data an app can send away, their API’s are also regulated and Android provides several developer guidance aka rules to prevent an abuse. However, this can be bypassed and was in the past problematically since there here and there still malware apps, even in the official Google Play Store.

I see in general projects like AV or some modules critical, they often promise you a lot of things but as we know most of their promises are worthless because it can be bypassed, in this case, root is a security problem by itself and the reason why it’s not active in Android. Critical things like MAC address etc. which really expose you because these things are unique to each user/device couldn’t be faked due restrictions by Android itself.

However a test in order to see if that really prevents or change anything could have been easily created, sadly no one ever did.

Big Project with manpower problems

M66B always creates big projects which are depending on third-party libraries and framework such as XPosed or Android’s VPN API, this still is a big problem – because of such dependencies you are might not be able to push your project since Xposed Framework or other things are bugged or currently unstable. This is also another reason why the development will ‘slow down’.

It’s unclear why the project already stopped or get slowed down, the official explanation on this says that all feature are all ‘finished’ the promised or possible promised function to restrict more permission or to work with custom fake ID’s wasn’t hold. It should be mentioned that this was optional and depend on which developer process steps the official XPosed Framework makes, so from this point the developer is not to blame here.

Strange reasons to drop the development

Similar to his previous app XPrivacy the developer gives up way too fast and it mostly comes out of nowhere, he states the following:

As already pointed out, this is more complex than it might seem. The interest in XPrivacyLua is low and not really growing, so I am not going to put effort into things like this. For the time being there will be only maintenance and support and maybe new hook definitions. Xposed for Android Oreo is also still beta and buggy, so there is not a good base for further development seen from this perspective too.

M66B on XDA

This news is really bad for ‘privacy’ fans because the hope in XPrivacyLua was really big and some people might feel disappointed – which I can fully understand. However, the development by itself continues officially but there will be no new features introduced.

I think we all need to pay our bills and that’s one of the main reason I assume, you spent a lot of time developing a module and then you might not get the attention you need in order to sell enough to survive or to continue the development. I totally get this and I don’t see it as negative, it’s just normal for developers. The sad news is that XPrivacy or XPrivacyLua are more or less the ‘best weapons’ on a rooted device in order to fake your data, there similar modules in the Xprivacy repo but none of them are as complex as the one from M66B – as mentioned it’s a huge project even if it looks easy.

Fantastic support

M66B is very active in the XDA community and provides outstanding support, which makes it even harder to believe that he will now focus on other projects or things. He really earned my respect during the years with his ideas and his developer skills – there not many developers putting so many time into a single project – which I can guarantee you.

Closing Words

  • Manpower
  • Not enough app sales in order to continue or push the development or M66B’s  motivation
  • Problems with Xposed Framework itself
  • Android OS restrictions
  • Time reasons

These are the big points at the end when it comes to development, sadly XprivacyLua developer M66B also suffers from these points and this is really a shame. He deserves some support in my opinion for all his hard work and the hours he spent with us trying to explain literally everything in the XDA forum – All these things are outstanding but it doesn’t help if there other bigger issues and your project then will suffer no matter what you do.

I hope M66B will at least provide us (in case the Xposed framework gets updated) with some basic updates to keep his module running but I’m optimistic enough and say ‘he will’. I would have loved to see this module becoming more complex so that I could have written more about it, the aspect if faking data really is a ‘privacy’ benefit or not was one of the points which were on my todo list.

I like to close this article with a ‘thank you’ for all your hard work, I hope we’re seeing more from you in the future with maybe another app with great potential. I also like to say thanks to the community which seems to love the module and the people which constantly updated and helped on GitHub to complete the documentation & FAQ.

Since the source code is open on GitHub we never know if not someone continues or contribute to the project in order to improve it. We will see, time will tell…

One reply on “Is Android Xposed Module XPrivacyLua dead in the water?”

Comments are closed.