{"id":13843729,"url":"https://github.com/linuxct/PhoneAccountDetector","last_synced_at":"2025-07-11T19:33:26.053Z","repository":{"id":45060099,"uuid":"437180865","full_name":"linuxct/PhoneAccountDetector","owner":"linuxct","description":"#PAAD: PhoneAccount Abuse Detector for Android 6.0+ devices","archived":true,"fork":false,"pushed_at":"2022-10-04T22:00:46.000Z","size":339,"stargazers_count":106,"open_issues_count":0,"forks_count":6,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-08-05T17:39:06.787Z","etag":null,"topics":["abuse-detection","android","aosp","emergency-calls","paad","phoneaccount"],"latest_commit_sha":null,"homepage":"https://paad.linuxct.space","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linuxct.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-11T03:48:42.000Z","updated_at":"2023-10-31T11:43:06.000Z","dependencies_parsed_at":"2023-01-19T05:45:31.206Z","dependency_job_id":null,"html_url":"https://github.com/linuxct/PhoneAccountDetector","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxct%2FPhoneAccountDetector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxct%2FPhoneAccountDetector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxct%2FPhoneAccountDetector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxct%2FPhoneAccountDetector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linuxct","download_url":"https://codeload.github.com/linuxct/PhoneAccountDetector/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225755125,"owners_count":17519206,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abuse-detection","android","aosp","emergency-calls","paad","phoneaccount"],"created_at":"2024-08-04T17:02:25.491Z","updated_at":"2024-11-21T15:31:27.645Z","avatar_url":"https://github.com/linuxct.png","language":"Kotlin","funding_links":[],"categories":["Kotlin"],"sub_categories":[],"readme":"\u003cp align=\"center\" width=\"100%\"\u003e\n  \u003cimg src=\"https://github.com/linuxct/PhoneAccountDetector/blob/main/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png?raw=true\" alt=\"logo\"\u003e\u003c/img\u003e\u003cbr/\u003e\n\u003c/p\u003e\n\n# PhoneAccount Abuse Detector (PAAD)\u003cbr/\u003e [![Latest Version](https://img.shields.io/github/v/release/linuxct/PhoneAccountDetector)](https://github.com/linuxct/PhoneAccountDetector/releases/latest) ![Compatibility](https://img.shields.io/badge/compat-API%2029%2B-brightgreen)\n\n**Simple application to enumerate and detect any application that (ab)uses adding an indefinite amount of PhoneAccount(s) to Android's TelecomManager.** As seen on [Android Police](https://www.androidpolice.com/heres-a-way-to-find-out-if-911-calls-on-your-android-phone-might-fail/), [XDA-Developers](https://www.xda-developers.com/avoid-android-emergency-calling-bug-this-app/), [Xataka Android](https://www.xatakandroid.com/aplicaciones-android/descubre-tu-movil-puede-bloquearse-llamando-a-emergencias-esta-app-te-dice), [Ars Technica](https://arstechnica.com/gadgets/2022/01/google-fixes-nightmare-android-bug-that-stopped-user-from-calling-911/).  \n\nCheck out the project's amazing landing page at [paad.linuxct.space](https://paad.linuxct.space/).\n\n## Background\n\nThis application exists because malicious or just improperly programmed applications can, intentionally or not, block your device from the ability to call emergency numbers. If you are in such a situation, this app helps you to find the culprit – which you then can uninstall (or disable).  \n\nFor the exact details on the vulnerability (why this happens, how it was discovered, fixes timeline, ...), please check the article by Mishaal Rahman [here](https://medium.com/@mmrahman123/how-a-bug-in-android-and-microsoft-teams-could-have-caused-this-users-911-call-to-fail-6525f9ba5e63).  \n\n## About permissions\n\nThis application requires two call management permissions, [Manifest.permission.READ_PHONE_STATE](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) and [Manifest.permission.READ_PHONE_NUMBERS](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_NUMBERS).  \n\nREAD_PHONE_STATE is used in all supported Android versions, whereas READ_PHONE_NUMBERS is requested on Android 12 and onwards exclusively. This is because on Android, in order to read which applications are adding PhoneAccounts to Android's TelecomManager, these permissions are necessary.  \n\nNo permission is (ab)used to log, collect or process any personally identifiable user information.\n\n## Download\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/linuxct/PhoneAccountDetector/releases/latest/download/app-release.apk\"\u003e\n    \u003cimg src=\"https://i.imgur.com/eKVKAIk.png\" alt=\"Download button\"\u003e\u003c/img\u003e\u003cbr/\u003e\n    Click here to download the latest version\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://play.google.com/store/apps/details?id=space.linuxct.phoneaccountdetector\"\u003e\n    \u003cimg src=\"https://i.imgur.com/RvsPBjV.png\" alt=\"Download button\"\u003e\u003c/img\u003e\u003cbr/\u003e\n    Click here to download from Google Play\u003cbr/\u003e(usually a few versions behind GitHub, so GitHub is recommended)\n  \u003c/a\u003e\n\u003c/p\u003e\n\n## Application usage\n\nThe application is very simple, and contains 2 components:\n- A message at the top of the device, explaining if the application detected a possible abuse of this functionality which may cause issues while attempting to call Emergency Services.  \n- A list of the applications that have registered a Phone Account in your device, usually including your own SIM Cards, Google Duo, Teams, among others. Alongside each app, the number of accounts is displayed to facilitate the identification of the malfunctioning/hijacking application.  \n\u003cbr/\u003e\n\u003cp align=\"center\"\u003e\n  Check this video if you have doubts on how to interpret this data:\u003cbr/\u003e\u003cbr/\u003e\n  \u003ca target=\"_blank\" href=\"https://www.youtube.com/embed/MT9Xs01Zwa0?ecver=1\u0026autoplay=1\u0026cc_load_policy=1\u0026iv_load_policy=3\u0026rel=0\u0026yt:stretch=16:9\u0026autohide=1\u0026color=red\"\u003e\n    \u003cimg src=\"https://i.imgur.com/IJYA3oo.png\" alt=\"Watch on YouTube\"\u003e\u003c/img\u003e\n  \u003c/a\u003e\u003cbr/\u003e\n  (Thanks to \u003ca href=\"https://www.youtube.com/c/AndroidExplainedTips\"\u003eExplaining Android\u003c/a\u003e for the video)\n\u003c/p\u003e\n\n## Screenshots\n\n\u003cp align=\"center\" width=\"100%\"\u003e\n  \u003cimg width=\"30%\" src=\"https://i.imgur.com/gDhJHeb.png\" alt=\"Permission management\"\u003e\u003c/img\u003e\u003cbr/\u003e\n  Permissions necessary for the app to work\n\u003c/p\u003e\n\u003cbr/\u003e\n\u003cp align=\"center\" width=\"100%\"\u003e\n  \u003cimg width=\"30%\" src=\"https://i.imgur.com/I4zSf8R.png\" alt=\"Abnormal case\"\u003e\u003c/img\u003e\u003cbr/\u003e\n  Case where Teams added 4 PhoneAccounts to TelecomManager\u003cbr/\u003e\n  The app flags this as abnormal behaviour\u003cbr/\u003e\n\u003c/p\u003e\n\u003cbr/\u003e\n\u003cp align=\"center\" width=\"100%\"\u003e\n  \u003cimg width=\"30%\" src=\"https://i.imgur.com/tsKHKTT.png\" alt=\"Normal case\"\u003e\u003c/img\u003e\u003cbr/\u003e\n  Case without any abnormal app behaviour\n\u003c/p\u003e\n\n## Build\n\nYou can use Android Studio to build the application, or you can build it by using the CLI.  \n\nNavigate to the folder where the source code is located:  \n```cd /path/where/you/downloaded/PhoneAccountDetector/```  \n\nThen, check that Gradle runs properly by executing:  \nFor Linux/MacOS: `./gradlew tasks`  \nFor Windows: `gradlew tasks`  \n\nYou can now build the application in release or debug flavor:   \n`./gradlew assemble`  \n\nAfter it's done building, you will now need to sign the resulting APK by using apksigner, or jarsigner. Here's an example:  \n```apksigner sign --ks /path/to/example.keystore --ks-pass pass:\"EXAMPLEPASSWORD\" --v1-signing-enabled true --v2-signing-enabled true --verity-enabled true *.apk```  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinuxct%2FPhoneAccountDetector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinuxct%2FPhoneAccountDetector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinuxct%2FPhoneAccountDetector/lists"}