[liberationtech] Secure Android guide?

[Cooper Quintin]

Jerzy,
I gave a talk a while ago on pragmatic smartphone security.  The video
can be found here:
http://vimeo.com/46044290
And more up to date slides can be found here:
https://github.com/cooperq/spiders

Enjoy! Please feel free to contact me directly if you have other questions.

Cooper Quintin
Technology Director - radicalDESIGNS
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA

On 07/13/2013 11:45 AM, Jerzy Łogiewa wrote:
> Thank you Julian!
> 
> Can you tell me about this "largely" Google-free experience? Is it about the OS being Google, or are some more components still there?
> 
> --
> Jerzy Łogiewa -- jerzyma at interia.eu
> 
> On Jul 13, 2013, at 4:30 PM, Julian Oliver wrote:
> 
>> You can install CyanogenMod - and not install the Google suite - for a pleasant
>> and largely Google-free experience. To be safer, don't install a nightly build.
>> Take out the SIM card. Flash CyanogenMod using the simple instructions for your
>> device on their website. Encrypt the file-system once the device is installed.
>> Set up a 6-or-more line swipe pattern without visual feedback (and keep your
>> screen clean!). Disable developer mode and MTP browsing, until you need it.
>> Connect the device to a wireless network you control. Install DroidWall (or
>> similar open source firewall) and lock down any unknown and/or promiscuous
>> processes (vastly less with CyanogenMod than Android). Don't use Google Play.
>> Download and install OopenVPN client and tunnel to your favourite trusted
>> OpenVPN server. Put on OrBot and run the OrWeb Tor browser.  Edit your exit
>> nodes to those that suit.  Install Firefox and requisite extensions that protect
>> against cookie tracking etc. Use StartPage instead of Google as your default
>> search engine.  Don't install any random games or other software. If you need
>> something like a PDF reader, be sure it's open source and the APK you download
>> checksums out (SHA256).
>>
>> I've done the above, more or less, with my last two Android phones. My SIII is
>> especially good to work with. I've audited it on the wire and I trust working
>> with it so far. How you use it is another thing. If you rarely need to make
>> calls over the cellular network then use Airplane Mode until you need to call -
>> that'll get you off the grid where cell provider location tracking/logging is
>> concerned. Better still, don't use a SIM card at all and tunnel/ZRTP VoIP with
>> something like RedPhone.
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>