From Encrypt Everything
Robot.png
With widespread use of smartphones and the introduction of Long Term Evolution (LTE) cellular networks, cell phones are quickly becoming one of the most commonly used personal computers. This opens up a whole new front in the fight for personal privacy. Recent examples of threats to personal privacy include (un)lawful access legislation Bill C-30 and Carrier IQ. Thankfully it is relatively easy to set up your Android device in order to have a decent expectation of privacy. However it is not possible to fully secure an Android device, or any cell phone for that matter. Cell phones are not private devices.
Contents
[hide]
1 General Android privacy tips
2 Using a free and open source firmware
3 Using free and open source software (FOSS)
3.1 Software you should use
3.1.1 Droidwall
3.1.2 Firefox
3.1.2.1 Firefox add-ons you should use
3.1.3 Permissions Denied
3.1.4 Iptableslog
3.1.5 ObscuraCam
3.1.6 Orbot
3.2 Resources for FOSS for Android
4 Encrypting communications and files
4.1 RedPhone
4.2 Textsecure
4.3 CSipSimple
4.4 Android Privacy Guard
4.5 K-9 Mail
4.6 LUKSManager
4.7 Cryptonite
5 Removing invasive apps
General Android privacy tips
Assume your device can and will be compromised, completely, if lost or stolen.
Nothing on the phone you don't want someone else to have access to, ever.
Consider not using banking applications.
Pay close attention to application permissions. Important!
Consider enabling Disk Encryption if you have ICS (note: this only encrypts the /data partition)
Use TextSecure which will store all SMS in an encrypted DB as well as allow you to send encrypted SMS to other TextSecure? users
Open source is your friend.
Turn off all google data syncing (wireless network passwords, gmail, calendar, contacts, etc.)
Mozilla's boot2gecko is an option and should be fairly privacy-friendly.
You can run Debian in a chroot environment on Android, but this still requires running the full Android stack. Here is a step by step guide.
Using a free and open source firmware
Many phones will be compatible with the open source firmware Cyanogenmod. Check the devices page and follow the instructions for your device. Users interested in a fully free and open source firmware may wish to look into Replicant. Using one of these firmwares will give your phone a system without advertisements, programs you dont need that slow down the phone (bloatware), and invasive software like Carrier IQ.
Using free and open source software (FOSS)
268205-96-20101001155126.png
Using FOSS on your Android is one of the best ways to preserve your privacy. If the software has it's source public, you know there isn't anything hidden that might violate your privacy or take control of your device. For this reason free (as in freedom) software is incredibly important for personal privacy and control over your device. Given the existence of SOPA and C-11, programs like Carrier IQ, and the warrantless surveillance in C-30, now more than ever it is becoming increasingly clear how important free software is. Out of respect for your freedom this guide uses only free or at the very least open source software.
Software you should use
Droidwall
Droidwall allows you to set which apps can connect to the Internet on a white-list basis. It uses the powerful built-in Android firewall Iptables.
It can also be downloaded directly from the Google Marketplace.
Firefox
Firefox is an open source web browser that respects your privacy. Don't keep too many tabs open or install add-ons you dont need for best performance.
Firefox add-ons you should use
NoScript blocks scripts and other potentially malicious content on a per-site basis.
AdBlockPlus blocks ads.
Proxy Mobile is an add-on for HTTP, SOCKS and SSL proxy settings. Works by default with Orbot.
Permissions Denied
Permissions Denied allows you to easily control what permissions you give your apps access to. This is also a feature built into Cyanogenmod and can be found under "Application info".
It is also available on the Google Marketplace.
Iptableslog
IptablesLog monitors iptables logging to display a real-time list of which apps are making Internet connections, and provides statistics about those app connections such as a list of all the hosts, number of bytes transmitted, last timestamp, etc. Another tab lists installed applications along with connection statistics such as packets/bytes counters; sortable by AppID (UID), application name, counters, etc.
It is also available on Google Play.
ObscuraCam
ObscuraCam is a secure camera app that can obscure, encrypt or destroy pixels within an image. This project is in partnership with WITNESS.org, a human rights video advocacy and training organization.
It is also available on the Google Marketplace.
Orbot
Orbot brings the features and functionality of Tor to the Android mobile operating system, allowing for anonymous mobile browsing and censorship circumvention. Requires the Firefox add-on Proxy Mobile.
It is also available on the Google Marketplace.
Resources for FOSS for Android
Note: May not be 100% clean licensing.
http://www.reddit.com/r/fossdroid - A subreddit for Android FOSS
https://guardianproject.info/ - Easy to use apps for privacy
http://f-droid.org/ - A repository with downloadable app
https://wiki.koumbit.net/AndroidFreeSoftware
http://www.cuteandroid.com/tag/open-source
http://www.appbrain.com/user/ssssch/free-software
http://alternativeto.net/software/?profile=android&license=opensource
Encrypting communications and files
RedPhone
RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
Textsecure
Textsecure is a security enhanced text messaging application that serves as a full replacement for the default text messaging application. Messages to other TextSecure users are encrypted over the air, and all text messages are stored in an encrypted database on the device.
It is also available from the Android Marketplace.
CSipSimple
CSipSimple is a free and open source SIP client for Android that provides end-to-end encryption using ZRTP. It’s compatibility with desktop SIP clients such as jitsi makes it an ideal solution for secure voice.
It is also available from the Android Marketplace.
Android Privacy Guard
Android Privacy Guard allows you to encrypt or decrypt files or messages, and can easily be used for an extra layer of encryption.
K-9 Mail
K-9 is a FLOSS replacement for the built-in Android mail app. It integrates with APG to provide PGP email signing and encryption.
LUKSManager
LUKSManager provides on-the-fly encryption (AES by default) to virtual folders on Android devices. The virtual folders can be dynamically mounted, unmounted, created and deleted as needed.
Cryptonite
Cryptonite is an app for mounting encrypted EncFS and Truecrypt volumes.
It is also available on Google Play
Removing invasive apps
Note: It is a good idea to have made a Nandroid backup of your system before deleting system apps. Deleting certain apps can make your phone stop working properly.
Note: Must have rooted and installed a terminal emulator or put Cyanogenmod on your phone to do this.
You may wish to remove an app that has invasive permissions or takes control of your device away from you. A good example of the latter is Google's recently revealed ability to pull applications from Android devices, which came to light during the recent fiasco with malware on the Android marketplace. Obvious candidates for where this capability could be in the phone are the Google Marketplace package (Vending.apk) and other Google apps (to install apps without the Google Marketplace app use the Android Debug Bridge). On your Android device, open your app tray and launch your terminal emulator. When it is running enter:
su
mount -o rw,remount /system
cd /system/app/
ls
You will now see all of your system apps listed on your screen. It is a good privacy practice to go through these applications and delete those that can have their missing functionality replaced by FOSS alternatives. For more information about .apk names and their functions visit the Cyanogenmod barebones page. To remove an apk type:
rm -f <apk name>.apk
