Protect Sensitive Data On Your Android Phone Using XPrivacyLua Xposed Module

There are many apps available for use on Android smartphones on the Google Play Store, and it’s not really possible to verify the authenticity and credibility of each developer before downloading an application. The reality is that many apps require access to sensitive parts of our smartphones and data, and there’s almost no way of knowing if the sensitive data being collected are really needed for the recipient application to work, or if they are being used for malicious intents.

However, since you’re using an Android smartphone, this shouldn’t be too much of a problem. In fact, the reason why some people are still using Android smartphones is how easy it is to customize features and do virtually whatever you want, and the same applies to data privacy. Today, I’m going to show you how you can protect sensitive data on your Android smartphones with an Xposed module called XprivacyLua.

That name sounds familiar, doesn’t it? If you’ve been tweaking Android and using Xposed Installer modules for a long time, you must have surely come across the Xprivacy Xposed module. It’s a very useful software extension that you can use to feed fake data to applications that request for sensitive data on your Android smartphone, and while it’s still working, it hasn’t been updated for a long time and it doesn’t support Android versions newer than Android 6.0.1 Marshmallow. This is what prompted XDA Developer Forums member M66B to develop XprivacyLua, a successor to Xprivacy.

XprivacyLua is also a module for the Xposed Framework that lets you control what data is fed to applications. Here are some features of XprivacyLua:

XprivacyLua Features

XprivacyLua is primarily used to restrict the access that applications have to certain categories of data on a smartphone, and this applies to both user-installed apps and system app. Additionally, it supports multi-user control, so different users can have different data restriction profiles.

XprivacyLua applies restrictions when applications try to perform the following sensitive actions:

  • Get applications (hide installed apps)
  • Get calendars (hide calendars)
  • Get call log (hide call log)
  • Get contacts (hide contacts, including blocked numbers)
  • Get location (fake location, hide NMEA messages)
  • Get messages (hide MMS, SMS, SIM, voicemail)
  • Get sensors (hide all sensors)
  • Read account name (fake name, mostly e-mail address)
  • Read clipboard (fake paste)
  • Read identifiers (fake build serial number, Android ID, GSF ID, advertising ID)
  • Read network data (hide cell info, Wi-Fi networks/scan results/network name)
  • Read telephony data (hide IMEI, MEI, SIM serial number, voicemail number, etc)
  • Record audio (prevent recording)
  • Record video (prevent recording)
  • Use camera (fake camera not available)

Why not deny application permissions instead?

The answer is simple; denying applications permissions, in most cases, causes them to misbehave and crash. With XprivacyLua, apps still have the permissions they need to function well, but they are fed with fake data instead of getting the sensitive ones on your phone that you want to be kept private. That way, things are balanced on all ends.

Things to Note

XprivacyLua is compatible only with Android 6.0 Marshmallow and newer versions of the Android OS. If you need such feature on older Android versions up to 4.0.3 KitKat, use Xprivacy instead.

Also, you need the Xposed Framework installed on your smartphone to even get a chance to use XprivacyLua at all. Here are some guides on installing Xposed Framework on your Android smartphone:

Lastly, the software is still in development (beta mode), so some bugs are to be expected.


Download the XprivacyLua module on the Xposed Repository.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.