[liberationtech] Secure Android guide?

Mon Jul 15 06:40:50 PDT 2013

Julian - this is an excellent and concise quickstart guide to Android
security -- have you considered posting it into
https://github.com/opensafermobile/materials ?  Those materials which
were posted on the http://safermobile.org/ site (which is now
offline), but they're beginning to show their age.

Jon

On Saturday, July 13, 2013 10:30 AM, Julian Oliver wrote:
> ..on Sat, Jul 13, 2013 at 03:13:41PM +0200, Jerzy Łogiewa wrote:
>> Hello!
>> 
>> If I want Android phone and have it be most secure, how to do it?
>> Is there some guide with steps?
>> 
>> Like this:
>> 
>> 1- Buy some handset such as X, Y 2- Re-flash to Z firmware 3-
>> Change P settings to J ... 4- Install OrBot, RedPhone, and so on
>> 
>> What is recommended here by experts?
>> 
>> PS: I am willing to have device ONLY for secure communications.
> 
> Disclaimer: while some journalists/people call me an expert I've
> never, ever named myself as such!
> 
> Firstly, smartphones are a huge risk if you're really concerned
> about your security. Nonetheless, here's a start:
> 
> You can install CyanogenMod - and not install the Google suite -
> for a pleasant and largely Google-free experience. To be safer,
> don't install a nightly build. Take out the SIM card. Flash
> CyanogenMod using the simple instructions for your device on their
> website. Encrypt the file-system once the device is installed. Set
> up a 6-or-more line swipe pattern without visual feedback (and keep
> your screen clean!). Disable developer mode and MTP browsing, until
> you need it. Connect the device to a wireless network you control.
> Install DroidWall (or similar open source firewall) and lock down
> any unknown and/or promiscuous processes (vastly less with
> CyanogenMod than Android). Don't use Google Play. Download and
> install OopenVPN client and tunnel to your favourite trusted 
> OpenVPN server. Put on OrBot and run the OrWeb Tor browser.  Edit
> your exit nodes to those that suit.  Install Firefox and requisite
> extensions that protect against cookie tracking etc. Use StartPage
> instead of Google as your default search engine.  Don't install any
> random games or other software. If you need something like a PDF
> reader, be sure it's open source and the APK you download checksums
> out (SHA256).
> 
> I've done the above, more or less, with my last two Android phones.
> My SIII is especially good to work with. I've audited it on the
> wire and I trust working with it so far. How you use it is another
> thing. If you rarely need to make calls over the cellular network
> then use Airplane Mode until you need to call - that'll get you off
> the grid where cell provider location tracking/logging is 
> concerned. Better still, don't use a SIM card at all and
> tunnel/ZRTP VoIP with something like RedPhone.
> 
> Cheers,
> 