[liberationtech] Secure Android guide?
Karl Fogel
kfogel at red-bean.com
Mon Jul 15 09:00:40 PDT 2013
Jon Camfield <jon at joncamfield.com> writes:
>Julian - this is an excellent and concise quickstart guide to Android
>security -- have you considered posting it into
>https://github.com/opensafermobile/materials ? Those materials which
>were posted on the http://safermobile.org/ site (which is now
>offline), but they're beginning to show their age.
You may be interested in the Guardian ROM project, currently under way:
http://shadowdcatconsulting.com/blog/2013/2/13/guardian-rom-secure-android-rom.html
I think it may be behind its originally-planned schedule, as is normal
with such things :-), but I know Kyle Davidson is actively working on
it.
-K
>On Saturday, July 13, 2013 10:30 AM, Julian Oliver wrote:
>> ..on Sat, Jul 13, 2013 at 03:13:41PM +0200, Jerzy Łogiewa wrote:
>>> Hello!
>>>
>>> If I want Android phone and have it be most secure, how to do it?
>>> Is there some guide with steps?
>>>
>>> Like this:
>>>
>>> 1- Buy some handset such as X, Y 2- Re-flash to Z firmware 3-
>>> Change P settings to J ... 4- Install OrBot, RedPhone, and so on
>>>
>>> What is recommended here by experts?
>>>
>>> PS: I am willing to have device ONLY for secure communications.
>>
>> Disclaimer: while some journalists/people call me an expert I've
>> never, ever named myself as such!
>>
>> Firstly, smartphones are a huge risk if you're really concerned
>> about your security. Nonetheless, here's a start:
>>
>> You can install CyanogenMod - and not install the Google suite -
>> for a pleasant and largely Google-free experience. To be safer,
>> don't install a nightly build. Take out the SIM card. Flash
>> CyanogenMod using the simple instructions for your device on their
>> website. Encrypt the file-system once the device is installed. Set
>> up a 6-or-more line swipe pattern without visual feedback (and keep
>> your screen clean!). Disable developer mode and MTP browsing, until
>> you need it. Connect the device to a wireless network you control.
>> Install DroidWall (or similar open source firewall) and lock down
>> any unknown and/or promiscuous processes (vastly less with
>> CyanogenMod than Android). Don't use Google Play. Download and
>> install OopenVPN client and tunnel to your favourite trusted
>> OpenVPN server. Put on OrBot and run the OrWeb Tor browser. Edit
>> your exit nodes to those that suit. Install Firefox and requisite
>> extensions that protect against cookie tracking etc. Use StartPage
>> instead of Google as your default search engine. Don't install any
>> random games or other software. If you need something like a PDF
>> reader, be sure it's open source and the APK you download checksums
>> out (SHA256).
>>
>> I've done the above, more or less, with my last two Android phones.
>> My SIII is especially good to work with. I've audited it on the
>> wire and I trust working with it so far. How you use it is another
>> thing. If you rarely need to make calls over the cellular network
>> then use Airplane Mode until you need to call - that'll get you off
>> the grid where cell provider location tracking/logging is
>> concerned. Better still, don't use a SIM card at all and
>> tunnel/ZRTP VoIP with something like RedPhone.
>>
>> Cheers,
>>
>
>--
>Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list