[ExI] [liberationtech] Secure Android guide?
Eugen Leitl
eugen at leitl.org
Mon Jul 15 16:10:21 UTC 2013
----- Forwarded message from Julian Oliver <julian at julianoliver.com> -----
Date: Sat, 13 Jul 2013 16:30:26 +0200
From: Julian Oliver <julian at julianoliver.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Secure Android guide?
User-Agent: Mutt/1.5.20 (2009-06-14)
Reply-To: liberationtech <liberationtech at lists.stanford.edu>
..on Sat, Jul 13, 2013 at 03:13:41PM +0200, Jerzy Łogiewa wrote:
> Hello!
>
> If I want Android phone and have it be most secure, how to do it? Is there some guide with steps?
>
> Like this:
>
> 1- Buy some handset such as X, Y
> 2- Re-flash to Z firmware
> 3- Change P settings to J ...
> 4- Install OrBot, RedPhone, and so on
>
> What is recommended here by experts?
>
> PS: I am willing to have device ONLY for secure communications.
Disclaimer: while some journalists/people call me an expert I've never, ever
named myself as such!
Firstly, smartphones are a huge risk if you're really concerned about your
security. Nonetheless, here's a start:
You can install CyanogenMod - and not install the Google suite - for a pleasant
and largely Google-free experience. To be safer, don't install a nightly build.
Take out the SIM card. Flash CyanogenMod using the simple instructions for your
device on their website. Encrypt the file-system once the device is installed.
Set up a 6-or-more line swipe pattern without visual feedback (and keep your
screen clean!). Disable developer mode and MTP browsing, until you need it.
Connect the device to a wireless network you control. Install DroidWall (or
similar open source firewall) and lock down any unknown and/or promiscuous
processes (vastly less with CyanogenMod than Android). Don't use Google Play.
Download and install OopenVPN client and tunnel to your favourite trusted
OpenVPN server. Put on OrBot and run the OrWeb Tor browser. Edit your exit
nodes to those that suit. Install Firefox and requisite extensions that protect
against cookie tracking etc. Use StartPage instead of Google as your default
search engine. Don't install any random games or other software. If you need
something like a PDF reader, be sure it's open source and the APK you download
checksums out (SHA256).
I've done the above, more or less, with my last two Android phones. My SIII is
especially good to work with. I've audited it on the wire and I trust working
with it so far. How you use it is another thing. If you rarely need to make
calls over the cellular network then use Airplane Mode until you need to call -
that'll get you off the grid where cell provider location tracking/logging is
concerned. Better still, don't use a SIM card at all and tunnel/ZRTP VoIP with
something like RedPhone.
Cheers,
--
Julian Oliver
PGP B6E9FD9A
http://julianoliver.com
http://criticalengineering.org
--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the extropy-chat
mailing list