Revoking permissions for an android app?

Question

Say, an app declared itself as

<uses-permission android:name="android.permission.INTERNET" />

Is there a way for a user (or another app) to revoke that permission (w/o iptables of course)?

Answer 1

Blocking Internet

If what you want is to specifically block Internet access for selected apps AND your device is rooted then DroidWall is one of the options (use the blacklist mode). Btw, in the latest versions of Google Play app you'll notice that Internet permission won't even be listed when you install an app - Google decided it's not worth showing there..

Custom ROMs

Custom ROMs such as Cyanogen 7.x have built-in permission management. Once you enable the corresponding feature in Settings -> Cyanogenmod Settings you can disable the permissions you want by simply tapping a permission in the standard app system details screen. Cyanogenmod 9 and later don't have this feature anymore, because when the Cyanogenmod team were considering adding permission revocation to ICS, Google emailed them threatening to revoke Google Play access for devices running Cyanogenmod in case the feature persists in the Android 4.x builds.

AppOps

As of version 4.3 Android contains App Ops - a limited built-in permission management system that is not accessible from the main UI, but can be activated by calling an intent with action android.settings.APP_OPS_SETTINGS. There is an AppOps Starter app on the play market which will start the intent. If you use Nova launcher you can create a shortcut to AppOps via Add > Shortcut > Activities > Settings > App Ops (summary). You can also build the launcher yourself from source code.

Disabling specific activities

Elixir2 can selectively disable activities and broadcast receivers, so in many cases it might be able to disable specific ad activities which can be easily recognized by their package names.

Modifying APK files

You can also try to modify the apk file itself to remove the permissions you don't want, for example using ApkTool (very tricky and won't work if the developer takes security seriously).

PDroid

One more option is PDroid - it requires patching or recompiling your ROM. Once you have a ROM built with the PDroid code you can use the pDroid app on Google Play to configure each app as you wish.

xPosed Framework

Another alternative which only requires root, but not a specialized ROM is the Xposed Framework - a library which injects itself into the Android system process and which provides an API for other apps (called Xposed modules) to do the craziest possible things. At the implementation level, it allows the modules to intercept any Android API call, modify its parameters, and attach hooks. A description is available on the XDA developers forum. Once you install the framework, there are several modules that you can install which will give you total control over the permissions of any app, including feeding fake or random data for deviceID, contacts, locations, country, etc. Have a look, for example, at modules like xPrivacy, AppSettings, or AndroidTuner - they all allow altering permissions, or asking you for confirmation on access. There are also modules for controlling broadcast receivers and startup items. I have successfully run it on several devices with very good results, but subsequently found that battery consumption raised considerably, not sure whether it was because of the framework itself, or specific modules.