TTFA2: Mobile Phone Security and Android Apps
Mobile Phone Security and Android Apps
In this chapter you will learn;
- Some background info on Mobile Phones and security
- How to send encrypted SMS messages on an Android phone
- How to set up a VPN on an Android phone to allow safer browsing
Background info on mobile phones and security - maybe adapted from here - http://en.flossmanuals.net/basic-internet-security/ch047_understanding-risks/
The Guardian project are doing really useful work on Android platform
Blurred faces camera app
ObscuraCam is a visual privacy app for photo and video, that gives you the power to better protect the identity of those captures in your photos, before you post them online. ObscuraCam will automatically detect faces that you can pixelate, redact (blackout) or protect with funny nose and glasses.
Encrypted file system
Encrypted SMS Messages
Setting up a VPN on an Android Phone
some info and a link to step by step instructions - http://en.flossmanuals.net/basic-internet-security/ch050_vpn-on-android/
Encrypted Web browsing
Orbot & Orweb - These two apps really go hand in hand, Orbot is the Android port of Tor a tool for anonymous online activity (whilst tor is not completely secure it's still a lot better than nothing) and Orweb is a browser made for it by The Guardian Project which is automatically configured to use Tor.
Status net client
Peer to peer phone calls via wifi mesh network
Currently implemented features include:
- Free voice calls between Serval Mesh-enabled phones
- MeshMS, our free mesh-based SMS
Local wireless webserver
Using Paw and the PirateBox plugin it is possible to run a webserver from your phone. Users see the wireless network broadcasting from your phone, connect to it, and are then redirected to a local webpage that also runs on your phone.
This can be used for sharing bust card information at a demo. Or sharing the ObscuraCam.apk amongst a crowd for example. By default the app also installs a local chatroom that runs on the phone acting as the server. This should maybe be deleted for security reasons?
Activists can be detained by authorities in order to stop their work or to gain access to information they are carrying on their persons. In these situations it is often difficult for that individual to anticipate their detention, leaving the data they are carrying unprotected and easily compromised. If a remote support team is able to determine that their team member has been detained, it should be possible for them to remotely control that member’s mobile device to either erase or disable access to the information it. There are a number of applications that can do this.
Android lost is both free (as in beer, not libre) and allows control via SMS which is useful as it allows you to turn on 3G if it is turned off. (It does seem to use Google log in credentials, could anyone comment on whether this poses a security risk? (marker says: yeah, bigtime, you may as well ask the cops to erase your PNC record)