hackernews client

Shizuku: App that lets you use system APIs with higher privileges without root

76 pointsposted a year ago

(shizuku.rikka.app)

28 Comments

teroshan

a year ago

Shizuku is a boon to get around Android's limited app auto-update capabilities, which helps when using non-Google Play apps.

See [1] for a list of apps leveraging Shizuku.

I use:

- Droid-ify [2] as a F-Droid alternative, to have auto-updating apps

- Mihon [3] as a Manga reader, with auto-updating extensions

- Canta [4] to remove bloat

[1]: https://github.com/timschneeb/awesome-shizuku

[2]: https://f-droid.org/packages/com.looker.droidify/

[3]: https://github.com/mihonapp/mihon

[4]: https://github.com/samolego/Canta

Add to that Island[1] which unlocks work profiles on phoned where the manufacturer didn't. (And is an easy way to hide apps from other apps without rooting. This is required for some baking apps throwing a tantrum if you use your phone).

Also Ambient Music Mod[2] which gets you constant low power background music recognition a la Pixel on non pixels.

[1] https://gitlab.com/secure-system/Insular [2] https://github.com/KieronQuinn/AmbientMusicMod

JadeNB

a year ago

> This is required for some baking apps throwing a tantrum if you use your phone.

Is this a common behavior? Do you know why?

svieira

a year ago

My suspicion is that these banking apps are running root detection code that look for the presence of certain other apps that signal "rootedness".

The stated reason is always "we don't want malware being able to steal your account information".

The non-stated reason is often "it makes our threat modeling easier if we can rely on the OS' defenses existing and working so we assumed. As a consequence of that assumption we are not entirely sure that what we are doing is safe from ordinary adversarial behavior on a device without these guardrails. So we don't want to run in such an environment and find out that our concerns were justified".

JadeNB

a year ago

Thank you; that makes sense. The original quote referred to "baking apps," and it honestly didn't occur to me that it was a typo!

pohuing

a year ago

It might be. The library my banking app uses is called Promon Shield. It was broken in 2018 as part of this paper: https://obfuscator.re/nomorp-paper-dimva2018.pdf

> Promon Shield protects most of the banking apps on the German market. As of April 23, 2018, four out of the top ten financial apps in Germany make use of Promon’s solution.

I'm switching banks now to find one that lets me use my non rooted phone in peace.

As for why? I'm not sure. My guess is to prevent clueless people running their banking app with malware installed. preventing roots might just be a side-effect.

user

a year ago

[deleted]

jeroenhd

a year ago

What limitations are there these days? My F-Droid updates apps automatically in the background, for instance.

teroshan

a year ago

I use it on multiple devices, including an Android 11 e-reader which doesn't support the capability to auto-update natively.

As for newer Android versions I don't remember exactly what my issues were, but I think it had to do with a manual confirmation for update or non-background updates. To be confirmed though.

luuurker

a year ago

I believe that on the newer Android versions (eg, 14), you have to confirm the update once and then the app/store that tried to update that app can do it automatically from then on.

pushupentry1219

a year ago

I thought droid-ify does auto-update without shinzuku (or root)? I turned it off because I don't like auto-update, but I could've sworn it still works.

eNV25

a year ago

It only works with new versions of android. It's a feature.

jacooper

a year ago

This is only the case when using anything older than android 13.

Unbiased8678

a year ago

I have also used canta to remove bloat along with App Ops to manage permissions.

Brian_K_White

a year ago

I have to use it to make my non-US phone work in the US.

Sony Xperia 1 VI, a new top of the line flagship phone from Sony, has all the necessary hardware to be compatible with US carriers, but simply lacks config files for the US because it is not sold in the US.

Shizuku and another app combine to get a few of the settings set which brings it most of the way there.

(Brand new 2024 flagship with headphone jack and SD card! And unlockable bootloader, and good camera including a real macro mode which is specifically something I use a lot for documenting electronics projects. The one remaining blemish is no n71 5g band. I have 5g but just not that band, but that is one of the more important ones that can reach into buildings better. Still though, I do have 5g while inside my house so one of the other bands is doing something.)

Anyway, point is just that I have several real reasons to want this specific phone and not either a S24 or a Pixel 9. And Apps like Shizuku have legit non-nefarious purposes.

ratg13

a year ago

I thought the config files were downloaded over the air.

I don’t understand how you could have a flagship phone not work everywhere.

The people with the most money generally travel the most.

Brian_K_White

a year ago

That's a nice theory but no.

There are several different kinds of configs.

The phone is global and not carrier locked, and you can make calls and sms and data.

It "works", just poorly. It works at a basic level, just not full coverage, not full speed, and not all features available.

Different countries use different radio bands, and so a phone that is nominally sold in a given country only enables those bands that are legal in that country.

So this phone is nominally for HK, which is the model with greatest overlap of supported bands with at least some US carriers. The hardware can do everything but the config that prevents it is sort of like a virtual hardware difference. In the past there might be different radio hardware, and now there is one hardware that is made to act like different hardware through firmware.

Without all available bands, you get less coverage and more contention with other users for available bandwidth. And your choice of carrier makes a big difference. Some of the mvnos only provide 2 or 3 bands total, while others might have a dozen.

Shizuku can not fix that particular problem. For that you have to be able to root the phone and edit some files in the rom. The term to search is "mbn hacking".

This has not been done for this phone yet, but apparently all the pieces are there to make it possible because the bootloader is unlockable and there is a way to unpack and repack a firmware.

I have unlocked my bootloader and tried to flash a modified bootloader to get magisk working, but it refused to flash the partition even though it's supposedly unlocked. So I don't have root and can't edit anything in the rom.

For another example, although basic 4g gsm works, there is no volte, vowifi, or vonr, simply because the carrier doesn't explicitly recognize or support the make & model.

But you can use Shizuku and Pixel IMS to enable all of those and they work fine. The settings in this case are tied to the sim. Once you set the settings they survive reboots and you can even uninstall the apps, but if you change your sim you lose the settings.

rs9000

a year ago

Just a clarification I needed when I first discovered Shizuku, this is something different from rooting your device, and you are not able for example to access some path like /data/data using Shizuku.

g-b-r

a year ago

In a very unusual requirement, unless you compile it yourself you're forced to use Chinese-provided binaries.

The app has almost root access; it's too juicy an opportunity, I think it's extremely likely to contain some bad stuff.

It's a disgrace that it's become so popular, someone should make an API-compatible FOSS alternative.

marcellus23

a year ago

It's not clear at all from the title, or even the linked webpage, that this is an Android thing.

user

a year ago

[deleted]

methuselah_in

a year ago

Here comes the Google

kajika91

a year ago

Was looking at who is the author and saw "Copyright [yyyy] [name of copyright owner]" in the LICENCE (https://github.com/RikkaApps/Shizuku/blob/master/LICENSE#L19...)

Is this still valid? If not does that mean that this app has no license?

JimDabell

a year ago

This is not valid. A valid copyright notice has three things – the copyright holder, the word “copyright” or equivalent, and when the work was created. If it doesn’t have these three things, it is invalid, which in the USA is equivalent to no notice at all.

However copyright is automatic virtually everywhere in the world, so no copyright notice is needed for it to be copyrighted.

A license is how the copyright holder grants permission for people to copy their works in ways that would normally be forbidden by copyright. The copyright notice being invalid doesn’t affect this.

whs

a year ago

The software is not FOSS anyway. The README file says that you can't redistribute self-compiled APK. That is also reason Shizuku is not on F-Droid, as both F-Droid and Shizuku authors don't trust each other's APK.

notpushkin

a year ago

It is. The [placeholders] here are a part of the Apache license text describing what to put in the source code to apply the license (see line 179). The author doesn’t follow this, but I think the intention is still clear so it’s fine.

TheDong

a year ago

Yes it's valid. I am not a lawyer, this is not legal advice.

As programmers, our instinct is to try to interpret things literally, as if they can be represented by math or code.

Copyright is a thing of the law, and laws are not like that. Laws are interpreted by humans, who generally attempt to interpret the spirit, and generally apply reasonable interpretations.

It's clear the author of the code intends it to be available under the Apache 2, and that's good enough.

kevin_b_er

a year ago

The author intends it to be a modified Apache 2.

   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.


  
    For the project as a whole, it is not free. You are FORBIDDEN to distribute the apk compiled by you (including modified, e.g., rename app name "Shizuku" to something else) to any store (IBNLT Google Play Store, F-Droid, Amazon Appstore etc.).

This is not Apache licensed, because the author is explicitly declaring its terms altered.

It is NOT open source, it violates freedom 1:

Freedom 1

   The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.