Cell phone privacy guide (Android)

From Pirate Party of Canada
Jump to: navigation, search

Click here to go back to the root page for Operation Electronic Leviathan.

Robot.png
With widespread use of smartphones and the introduction of Long Term Evolution (LTE) cellular networks, cell phones are quickly becoming one of the most commonly used personal computers. This opens up a whole new front in the fight for personal privacy. Recent examples of threats to personal privacy include (un)lawful access legislation Bill C-30 and Carrier IQ. Thankfully it is relatively easy to set up your Android device in order to have a decent expectation of privacy. This process consists of using a free and open source firmware on your device, replacing device functionality with and using free and open source software (FOSS), encryption, and removing invasive apps.

Contents

Using a free and open source firmware

Many phones will be compatible with the open source firmware Cyanogenmod. Check the devices page and follow the instructions for your device. Users interested in a fully free and open source firmware may wish to look into Replicant. Using one of these firmwares will give your phone a system without advertisements, programs you dont need that slow down the phone (bloatware), and invasive software like Carrier IQ.

Using free and open source software (FOSS)

268205-96-20101001155126.png

Using FOSS on your Android is one of the best ways to preserve your privacy. If the software has it's source public, you know there isn't anything hidden that might violate your privacy or take control of your device. For this reason free (as in freedom) software is incredibly important for personal privacy and control over your device. Given the existence of SOPA and C-11, programs like Carrier IQ, and the warrantless surveillance in C-30, now more than ever it is becoming increasingly clear how important free software is. Out of respect for your freedom this guide uses only free or at the very least open source software.

Software you should use

Droid.png

Droidwall

Droidwall allows you to set which apps can connect to the Internet on a white-list basis. It uses the powerful built-in Android firewall Iptables brought over to Android from Linux).

It can also be downloaded directly from the Google Marketplace.

Firefox

Firefox is an open source web browser that respects your privacy. Don't keep too many tabs open or install add-ons you dont need for best performance. It makes an excellent alternative to the Facebook app and other apps that don't respect your privacy.

Firefox add-ons you should use

NoScript blocks scripts and other potentially malicious content on a per-site basis.

AdBlockPlus blocks ads.

Proxy Mobile is an add-on for HTTP, SOCKS and SSL proxy settings. Works by default with Orbot.

Permissions Denied

Permissions Denied allows you to easily control what permissions you give your apps access to. This is also a feature built into Cyanogenmod and can be found under "Application info".

It is also available on the Google Marketplace.

Iptableslog

IptablesLog monitors iptables logging to display a real-time list of which apps are making Internet connections, and provides statistics about those app connections such as a list of all the hosts, number of bytes transmitted, last timestamp, etc. Another tab lists installed applications along with connection statistics such as packets/bytes counters; sortable by AppID (UID), application name, counters, etc.

ObscuraCam

ObscuraCam is a secure camera app that can obscure, encrypt or destroy pixels within an image. This project is in partnership with WITNESS.org, a human rights video advocacy and training organization.

It is also available on the Google Marketplace.

Orbot

Orbot brings the features and functionality of Tor to the Android mobile operating system, allowing for anonymous mobile browsing and censorship circumvention. Requires the Firefox add-on Proxy Mobile.

It is also available on the Google Marketplace.

Resources for FOSS for Android

http://www.reddit.com/r/fossdroid - A subreddit for Android FOSS

http://f-droid.org/ - A repository with downloadable app

https://guardianproject.info/apps/ - Easy to use and open source apps for anonymity and privacy

https://wiki.koumbit.net/AndroidFreeSoftware

http://www.cuteandroid.com/tag/open-source

http://www.appbrain.com/user/ssssch/free-software

http://alternativeto.net/software/?profile=android&license=opensource

Encrypting communications and files

Textsecure

Textsecure is a security enhanced text messaging application that serves as a full replacement for the default text messaging application. Messages to other TextSecure users are encrypted over the air, and all text messages are stored in an encrypted database on the device.

It is also available from the Android Marketplace.

CSipSimple

CSipSimple is a free and open source SIP client for Android that provides end-to-end encryption using ZRTP. It’s compatibility with desktop SIP clients such as jitsi makes it an ideal solution for secure voice.

It is also available on the Google Marketplace.

Android Privacy Guard

Android Privacy Guard allows you to encrypt or decrypt files or messages, and can easily be used for an extra layer of encryption.

K-9 Mail

K-9 is a FLOSS replacement for the built-in Android mail app. It integrates with APG to provide PGP email signing and encryption.

LUKSManager

LUKSManager provides on-the-fly encryption (AES by default) to virtual folders on Android devices. The virtual folders can be dynamically mounted, unmounted, created and deleted as needed.

Removing invasive apps

Note: It is a good idea to have made a Nandroid backup of your system before deleting system apps. Deleting certain apps can make your phone stop working properly.

Note: Must have rooted and installed a terminal emulator or put Cyanogenmod on your phone to do this.

You may wish to remove an app that has invasive permissions or takes control of your device away from you. A good example of the latter is Google's recently revealed ability to pull applications from Android devices, which came to light during the recent fiasco with malware on the Android marketplace. Obvious candidates for where this capability could be in the phone are the Google Marketplace package (Vending.apk) and other Google apps. On your Android device, open your app tray and launch your terminal emulator. When it is running enter:

su
mount -o rw,remount /system
cd /system/app/
ls

You will now see all of your system apps listed on your screen. It is a good privacy practice to go through these applications and delete those that can have their missing functionality replaced by FOSS alternatives. For more information about .apk names and their functions visit the Cyanogenmod barebones page. To remove an apk type:

rm -f <apk name>.apk