Skip to content

bleelblep/CarrierVanityName

BranchesTags
 
 

Repository files navigation

Carrier Vanity Name

A small Android app that overrides the carrier name (and optionally the SIM country ISO) shown by the system, without rooting your phone. Changes survive reboots. Hit Reset in the app to undo.

This is a fork of nullbytepl/CarrierVanityName that fixes the crash introduced by the October 2025 Pixel security patch (upstream issues #29, #32).

Status

Version Min Android What's new
1.2 (this fork) 9.0 (API 28) Routes carrier-config writes through an Instrumentation broker on devices with the Oct 2025 patch or later, so Set / Reset no longer crash.
1.1 (upstream) 9.0 (API 28) Adds SIM country ISO override.

Requirements

  • Android 9 or newer.
  • Shizuku running and granted to this app. The workaround uses Shizuku's shell-UID binder to call hidden telephony APIs.
  • A SIM card in the slot you want to rename.

Warning

Anything that talks to system services through Shizuku can leave your phone in a weird state if something goes wrong. This is provided as is, with no warranty. You use it at your own risk.

Install

Grab the APK from the Releases page and sideload it. The upstream releases at nullbytepl/CarrierVanityName are still up too, but they pre-date the Oct 2025 fix.

Use

  1. Open Shizuku and make sure the service is running.
  2. Open Carrier Vanity Name and grant the Shizuku permission prompt.
  3. Pick the SIM slot.
  4. Type the carrier name you want shown. Optionally enter a two-letter ISO country code (e.g. us, jp) to override the SIM's country.
  5. Tap Set. Tap Reset to revert.

The change is applied via CarrierConfigManager overrides, so it survives reboots until you reset it.

Build from source

Carrier Vanity Name calls several hidden Android APIs (ICarrierConfigLoader, IActivityManager, UiAutomationConnection, TelephonyFrameworkInitializer, hidden overloads on SubscriptionManager / TelephonyManager, hidden constants on CarrierConfigManager). None of these are in the public android.jar that ships with the Android SDK, so a clean gradlew assembleDebug against a stock SDK install fails to compile.

To get it to build, swap your SDK's android.jar for a hidden-API one:

  1. Find your Android SDK. On Windows it's usually %LOCALAPPDATA%\Android\Sdk — Android Studio shows the path under Settings → Languages & Frameworks → Android SDK.
  2. Back up the stock jar: 
    Copy-Item "$env:LOCALAPPDATA\Android\Sdk\platforms\android-33\android.jar" `
          "$env:LOCALAPPDATA\Android\Sdk\platforms\android-33\android.jar.orig"
  3. Drop in the API 33 jar from Reginer/aosp-android-jar: 
    Invoke-WebRequest `
  -Uri  "https://raw.githubusercontent.com/Reginer/aosp-android-jar/main/android-33/android.jar" `
  -OutFile "$env:LOCALAPPDATA\Android\Sdk\platforms\android-33\android.jar"
  4. From the repo root: 
    .\gradlew clean assembleDebug
    The APK ends up at app\build\outputs\apk\debug\app-debug.apk.

To revert, copy android.jar.orig back over android.jar. The swap only affects compile time — the device runs against its own framework regardless.

How the Oct 2025 fix works

The October 2025 Pixel patch tightened the caller-identity check on ICarrierConfigLoader.overrideConfig. Calling it over Shizuku (which proxies as the shell UID) now throws, instead of writing the override. That's the instant crash on Set / Reset.

On affected builds, the app:

  1. Reads Build.VERSION.SECURITY_PATCH and switches to the broker path when the patch date is 2025-10 or later.
  2. Asks the activity manager (over Shizuku) to launch BrokerInstrumentation inside the app's own process.
  3. From inside the broker, calls IActivityManager.startDelegateShellPermissionIdentity to take on shell's permission identity, then calls CarrierConfigManager.overrideConfig directly. If the system rejects persistent=true, it retries with persistent=false.
  4. Older builds still take the original direct path.

Credits

  • nullbytepl/CarrierVanityName — the original app.
  • kyujin-cho/pixel-volte-patch — the broker workaround pattern. BrokerInstrumentation.kt is a port of upstream's file of the same name, and the security-patch-date dispatch in TargetFragment.overrideCarrierConfig follows the approach from Moder.overrideConfig there.
  • Reginer/aosp-android-jar — hidden-API android.jar used at build time.
  • Shizuku — the binder proxy that makes any of this possible on a non-rooted device.

License

GPL-3.0. See LICENSE. Because the broker code is adapted from kyujin-cho/pixel-volte-patch (GPL-3.0), this whole project is GPL-3.0 too.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages

  • Kotlin 100.0%