Search Mailing List Archives
[liberationtech] Secure Android guide?
julian at julianoliver.com
Sat Jul 13 07:30:26 PDT 2013
..on Sat, Jul 13, 2013 at 03:13:41PM +0200, Jerzy Łogiewa wrote:
> If I want Android phone and have it be most secure, how to do it? Is there some guide with steps?
> Like this:
> 1- Buy some handset such as X, Y
> 2- Re-flash to Z firmware
> 3- Change P settings to J ...
> 4- Install OrBot, RedPhone, and so on
> What is recommended here by experts?
> PS: I am willing to have device ONLY for secure communications.
Disclaimer: while some journalists/people call me an expert I've never, ever
named myself as such!
Firstly, smartphones are a huge risk if you're really concerned about your
security. Nonetheless, here's a start:
You can install CyanogenMod - and not install the Google suite - for a pleasant
and largely Google-free experience. To be safer, don't install a nightly build.
Take out the SIM card. Flash CyanogenMod using the simple instructions for your
device on their website. Encrypt the file-system once the device is installed.
Set up a 6-or-more line swipe pattern without visual feedback (and keep your
screen clean!). Disable developer mode and MTP browsing, until you need it.
Connect the device to a wireless network you control. Install DroidWall (or
similar open source firewall) and lock down any unknown and/or promiscuous
processes (vastly less with CyanogenMod than Android). Don't use Google Play.
Download and install OopenVPN client and tunnel to your favourite trusted
OpenVPN server. Put on OrBot and run the OrWeb Tor browser. Edit your exit
nodes to those that suit. Install Firefox and requisite extensions that protect
against cookie tracking etc. Use StartPage instead of Google as your default
search engine. Don't install any random games or other software. If you need
something like a PDF reader, be sure it's open source and the APK you download
checksums out (SHA256).
I've done the above, more or less, with my last two Android phones. My SIII is
especially good to work with. I've audited it on the wire and I trust working
with it so far. How you use it is another thing. If you rarely need to make
calls over the cellular network then use Airplane Mode until you need to call -
that'll get you off the grid where cell provider location tracking/logging is
concerned. Better still, don't use a SIM card at all and tunnel/ZRTP VoIP with
something like RedPhone.
More information about the liberationtech