Author Topic: Secure Android Phones (Read 1210 times)

RevDisk · « **on:** September 09, 2014, 08:37:37 AM »

Someone asked earlier, but I figured it's worth its own topic. Your stock carrier locked cell phone is generally fairly insecure. Obviously, the carrier can push content to your phone without your permission and remotely control it. That's fairly understood. However, even worse is that carriers tend to take their time patching known vulnerabilities in Android. At a certain point, they also stop patching a device period. Also, anyone that compromises your Google account may be able to silently install apps on your phone.

So, what are your options?

Hardware side!

Well, if you don't want to go the DIY route, go with Blackphone. It has a couple subscription services, such as remote wipe and whatnot. Tech specs are on par with a Samsung Galaxy S5, and the OS is a fork of the 4.4 KitKat with some custom coding for security improvements. No google play store, so you'd probably want to install the Amazon App Store.

https://blackphone.ch/

If you don't want to shell out $600, buy any phone supporting Cyanogenmod.
You can find the list here: http://wiki.cyanogenmod.org/w/Devices

if you want to go the extra mile, here's some hardening info:
http://www.sans.org/reading-room/whitepapers/sysadmin/securely-deploying-android-devices-33799
http://forum.xda-developers.com/showthread.php?t=1954513
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

Software side!

Anti-virus and security related:

http://www.av-test.org/en/home/ - Here's an independent test of numerous anti-virus, anti-malware and related applications for all platforms
DroidWall - Good Android firewall

Privacy related apps, most do not required rooted phone or cyanogenmod. All are open source, else they would not be on the list.
AES Crypt and Cryptonite are good Truecrypt alternatives for android.
KeePass is hands down the best password manager, and has clients for virtually every modern OS.
RedPhone is an encrypted SIP app, allows for secure voice chat. TextSecure is the sister app for text messages.
SSE is a general encryption app.
"The Guardian Project" is an excellent collection of privacy related apps.
https://play.google.com/store/apps/developer?id=The+Guardian+Project
https://guardianproject.info/

mtnbkr · « **Reply #1 on:** September 09, 2014, 10:57:51 AM »

Quote from: RevDisk on September 09, 2014, 08:37:37 AM

Hardware side!

Well, if you don't want to go the DIY route, go with Blackphone. It has a couple subscription services, such as remote wipe and whatnot. Tech specs are on par with a Samsung Galaxy S5, and the OS is a fork of the 4.4 KitKat with some custom coding for security improvements. No google play store, so you'd probably want to install the Amazon App Store.

https://blackphone.ch/

This Blackphone? http://thehackernews.com/2014/08/nsa-proof-blackphone-gets-rooted-within_11.html?m=1

Chris

Sergeant Bob · « **Reply #2 on:** September 09, 2014, 11:05:18 AM »

Thanks for the ComSec info Rev!

Will be checking out DroidWall for a start.

RevDisk · « **Reply #3 on:** September 09, 2014, 01:32:55 PM »

Quote from: mtnbkr on September 09, 2014, 10:57:51 AM

This Blackphone? http://thehackernews.com/2014/08/nsa-proof-blackphone-gets-rooted-within_11.html?m=1

Chris

https://blog.blackphone.ch/2014/08/10/blackphone-rooted-at-defcon%E2%80%8A-%E2%80%8Apart-1/

One wasn't a hack at all. Other is patched. Last requires direct consent. See last paragraph of your link.

Calumus · « **Reply #4 on:** September 09, 2014, 06:42:42 PM »

Nice timing, I was rooting my Note 2 from Verizon when I clicked on this thread. Casual has a one click app that roots, and unlocks the bootloader at the same time. Cyanogenmod is going on tonight. I will say that I couldn't get the app to run properly due to some unknown configuration conflict on both my macbook pro, or in Windows 7. I kept getting disconnected halfway through. Once I booted into Mint, it was 1 click, 2 reboots of the phone, and done. Backing everything up now, and flashing in a bit.

Hawkmoon · « **Reply #5 on:** September 09, 2014, 10:22:08 PM »

Quote from: RevDisk on September 09, 2014, 08:37:37 AM

Software side!

Anti-virus and security related:

http://www.av-test.org/en/home/ - Here's an independent test of numerous anti-virus, anti-malware and related applications for all platforms
DroidWall - Good Android firewall

If I (hypothetically) have an Android phone, and if I (hypothetically) do NOT have and do NOT want a Google account (which means -- hypothetically, of course -- no access to the Google Apps store, how might I (hypothetically) obtain and install the aforementioned DroidWall?

bedlamite · « **Reply #6 on:** September 10, 2014, 07:45:56 AM »

Quote from: Hawkmoon on September 09, 2014, 10:22:08 PM

If I (hypothetically) have an Android phone, and if I (hypothetically) do NOT have and do NOT want a Google account (which means -- hypothetically, of course -- no access to the Google Apps store, how might I (hypothetically) obtain and install the aforementioned DroidWall?

If you (hypothetically) send me a PM with a hypothetical email, I could (hypothetically) send it to you.

RevDisk · « **Reply #7 on:** September 10, 2014, 02:34:02 PM »

Project Page
https://code.google.com/p/droidwall/

Installer Package
https://code.google.com/p/droidwall/downloads/detail?name=droidwall-v1_5_7.apk

Source Code
https://code.google.com/p/droidwall/source/browse/#svn%2Ftags%2Fv1.5.7

It's GPL code. You can do whatever you want, without any hypotheticals.

Armed Polite Society

News:

Author Topic: Secure Android Phones (Read 1210 times)

RevDisk

Secure Android Phones

mtnbkr

Re: Secure Android Phones

Sergeant Bob

Re: Secure Android Phones

RevDisk

Re: Secure Android Phones

Calumus

Re: Secure Android Phones

Hawkmoon

Re: Secure Android Phones

bedlamite

Re: Secure Android Phones

RevDisk

Re: Secure Android Phones