文档章节

Cell phone privacy guide (Android)

LiSteven
 LiSteven
发布于 2013/02/01 11:37
字数 1305
阅读 105
收藏 0
From Encrypt Everything
Robot.png
With widespread use of smartphones and the introduction of Long Term Evolution (LTE) cellular networks, cell phones are quickly becoming one of the most commonly used personal computers. This opens up a whole new front in the fight for personal privacy. Recent examples of threats to personal privacy include (un)lawful access legislation Bill C-30 and Carrier IQ. Thankfully it is relatively easy to set up your Android device in order to have a decent expectation of privacy. However it is not possible to fully secure an Android device, or any cell phone for that matter. Cell phones are not private devices.
Contents
 [hide]

    1 General Android privacy tips
    2 Using a free and open source firmware
    3 Using free and open source software (FOSS)
        3.1 Software you should use
            3.1.1 Droidwall
            3.1.2 Firefox
                3.1.2.1 Firefox add-ons you should use
            3.1.3 Permissions Denied
            3.1.4 Iptableslog
            3.1.5 ObscuraCam
            3.1.6 Orbot
        3.2 Resources for FOSS for Android
    4 Encrypting communications and files
        4.1 RedPhone
        4.2 Textsecure
        4.3 CSipSimple
        4.4 Android Privacy Guard
        4.5 K-9 Mail
        4.6 LUKSManager
        4.7 Cryptonite
    5 Removing invasive apps

General Android privacy tips

    Assume your device can and will be compromised, completely, if lost or stolen.

    Nothing on the phone you don't want someone else to have access to, ever.

    Consider not using banking applications.

    Pay close attention to application permissions. Important!

    Consider enabling Disk Encryption if you have ICS (note: this only encrypts the /data partition)

    Use TextSecure which will store all SMS in an encrypted DB as well as allow you to send encrypted SMS to other TextSecure? users

    Open source is your friend.

    Turn off all google data syncing (wireless network passwords, gmail, calendar, contacts, etc.)

    Mozilla's boot2gecko is an option and should be fairly privacy-friendly.

    You can run Debian in a chroot environment on Android, but this still requires running the full Android stack. Here is a step by step guide.

Using a free and open source firmware

Many phones will be compatible with the open source firmware Cyanogenmod. Check the devices page and follow the instructions for your device. Users interested in a fully free and open source firmware may wish to look into Replicant. Using one of these firmwares will give your phone a system without advertisements, programs you dont need that slow down the phone (bloatware), and invasive software like Carrier IQ.
Using free and open source software (FOSS)
268205-96-20101001155126.png

Using FOSS on your Android is one of the best ways to preserve your privacy. If the software has it's source public, you know there isn't anything hidden that might violate your privacy or take control of your device. For this reason free (as in freedom) software is incredibly important for personal privacy and control over your device. Given the existence of SOPA and C-11, programs like Carrier IQ, and the warrantless surveillance in C-30, now more than ever it is becoming increasingly clear how important free software is. Out of respect for your freedom this guide uses only free or at the very least open source software.
Software you should use
Droidwall

Droidwall allows you to set which apps can connect to the Internet on a white-list basis. It uses the powerful built-in Android firewall Iptables.

It can also be downloaded directly from the Google Marketplace.
Firefox

Firefox is an open source web browser that respects your privacy. Don't keep too many tabs open or install add-ons you dont need for best performance.
Firefox add-ons you should use

NoScript blocks scripts and other potentially malicious content on a per-site basis.

AdBlockPlus blocks ads.

Proxy Mobile is an add-on for HTTP, SOCKS and SSL proxy settings. Works by default with Orbot.
Permissions Denied

Permissions Denied allows you to easily control what permissions you give your apps access to. This is also a feature built into Cyanogenmod and can be found under "Application info".

It is also available on the Google Marketplace.
Iptableslog

IptablesLog monitors iptables logging to display a real-time list of which apps are making Internet connections, and provides statistics about those app connections such as a list of all the hosts, number of bytes transmitted, last timestamp, etc. Another tab lists installed applications along with connection statistics such as packets/bytes counters; sortable by AppID (UID), application name, counters, etc.

It is also available on Google Play.
ObscuraCam

ObscuraCam is a secure camera app that can obscure, encrypt or destroy pixels within an image. This project is in partnership with WITNESS.org, a human rights video advocacy and training organization.

It is also available on the Google Marketplace.
Orbot

Orbot brings the features and functionality of Tor to the Android mobile operating system, allowing for anonymous mobile browsing and censorship circumvention. Requires the Firefox add-on Proxy Mobile.

It is also available on the Google Marketplace.
Resources for FOSS for Android

Note: May not be 100% clean licensing.

http://www.reddit.com/r/fossdroid - A subreddit for Android FOSS

https://guardianproject.info/ - Easy to use apps for privacy

http://f-droid.org/ - A repository with downloadable app

https://wiki.koumbit.net/AndroidFreeSoftware

http://www.cuteandroid.com/tag/open-source

http://www.appbrain.com/user/ssssch/free-software

http://alternativeto.net/software/?profile=android&license=opensource
Encrypting communications and files
RedPhone

RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
Textsecure

Textsecure is a security enhanced text messaging application that serves as a full replacement for the default text messaging application. Messages to other TextSecure users are encrypted over the air, and all text messages are stored in an encrypted database on the device.

It is also available from the Android Marketplace.
CSipSimple

CSipSimple is a free and open source SIP client for Android that provides end-to-end encryption using ZRTP. It’s compatibility with desktop SIP clients such as jitsi makes it an ideal solution for secure voice.

It is also available from the Android Marketplace.
Android Privacy Guard

Android Privacy Guard allows you to encrypt or decrypt files or messages, and can easily be used for an extra layer of encryption.
K-9 Mail

K-9 is a FLOSS replacement for the built-in Android mail app. It integrates with APG to provide PGP email signing and encryption.
LUKSManager

LUKSManager provides on-the-fly encryption (AES by default) to virtual folders on Android devices. The virtual folders can be dynamically mounted, unmounted, created and deleted as needed.
Cryptonite

Cryptonite is an app for mounting encrypted EncFS and Truecrypt volumes.

It is also available on Google Play
Removing invasive apps

Note: It is a good idea to have made a Nandroid backup of your system before deleting system apps. Deleting certain apps can make your phone stop working properly.

Note: Must have rooted and installed a terminal emulator or put Cyanogenmod on your phone to do this.

You may wish to remove an app that has invasive permissions or takes control of your device away from you. A good example of the latter is Google's recently revealed ability to pull applications from Android devices, which came to light during the recent fiasco with malware on the Android marketplace. Obvious candidates for where this capability could be in the phone are the Google Marketplace package (Vending.apk) and other Google apps (to install apps without the Google Marketplace app use the Android Debug Bridge). On your Android device, open your app tray and launch your terminal emulator. When it is running enter:

su
mount -o rw,remount /system
cd /system/app/
ls

You will now see all of your system apps listed on your screen. It is a good privacy practice to go through these applications and delete those that can have their missing functionality replaced by FOSS alternatives. For more information about .apk names and their functions visit the Cyanogenmod barebones page. To remove an apk type:

rm -f <apk name>.apk

本文转载自:http://encrypteverything.ca/index.php/Cell_phone_privacy_guide_%28Android%29

LiSteven

LiSteven

粉丝 38
博文 268
码字总数 11616
作品 0
深圳
程序员
私信 提问
Google Map GPS Cell Phone Tracker 3.2.2 发布

Google Map GPS Cell Phone Tracker 3.2.2 发布,此版本已经提供在 Google play 上面,提供了更好更简单的 UI。 Google Map Gps Cell Phone Tracker 是一款使用 Google 地图来跟踪 Android,...

oschina
2014/05/07
1K
0
BitTorrent Bleep无服务器,点对点语音聊天

BitTorrent Bleep Alpha Goes Public, Introduces Mac and Android apps Communicating with friends, family and coworkers is easier than ever, but at what cost? The Internet promotes......

kongnanlive
2014/10/24
52
0
从android应用程序跳转到系统的各个设置页面

在android SDK文档中有这样一个类,android.provider.Settings类提供android系统各个页面的跳转常量: 使用实例例: 如果要launch Mobile Networks Setting页面按如下方法: Intent intent=...

g4wonderful
2012/12/12
0
0
android 外部启动activity,自定义action,action常量大全

从任意app,启动另外一个app的activity: 1. Intent i = new Intent(); ComponentName cn = new ComponentName("com.book.android2", "com.book.android2.AndroidSearch"); i.setComponent(c......

程序袁_绪龙
2015/01/14
0
0
android debug

怎样在Eclipse中使用debug调试程序? 最基本的操作是: 1, 首先在一个java文件中设断点,然后运行,当程序走到断点处就会转到debug视图下, 2, F5键与F6键均为单步调试,F5是step into,也就是...

buleberry
2014/03/12
0
0

没有更多内容

加载失败,请刷新页面

加载更多

Linux 性能分析利器 -火焰图 flame graph

简述 Perf 命令(performance的简写)是 Linux 系统原生提供的性能分析工具,返回 CPU 正在执行的函数名以及调用栈(stack)。 通常,它的执行频率是 99Hz(每秒99次),如果99次都返回同一个函数...

呼呼南风
20分钟前
4
0
 好程序员大数据知识点精讲 大数据之Linux

好程序员大数据知识点精讲 大数据之Linux -Linux是什么? Linux是一套作业系统,不是应用程序Linux的基本思想有两点:第一,一切都是文件;第二,每个软件都有确定的用途。 Shell——命令行解...

好程序员IT
24分钟前
1
0
mysql 多行结合

select a1.email as email ,a1.bg ,IFNULL(a1.bg, a2.bg) from ( select * from test01 where sdate = '2019-09-11' ) a1 LEFT join (select * from test01 where sdate = '2019-09-10') a2 ......

昏鸦
26分钟前
2
0
Netflix Eureka 续约 & 更新注册表信息

Eureka Client 要定期的向 Eureka Server 发送心跳请求以保持续约的状态。 也需要定期的从 Eureka Server 获取服务注册表数据,并将服务注册表数据缓存在客户端实例内。 Eureka Client 续约 ...

BryceLoski
29分钟前
18
0
IT兄弟连 Java语法教程 Java开发环境 JVM、JRE、JDK

要想开发Java程序,就需要知道什么是JVM、JRE以及JDK。JVM是运行Java程序的核心,JRE是支持Java程序运行的环境,而JDK是Java开发的核心,下面我们分别具体介绍它们以及它们之间的关系。 1.J...

老码农的一亩三分地
38分钟前
3
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部