TTFA2: Mobile Phone Security and Android Apps

From HacktionLab: A UK-wide network tech-activists providing meet-ups, events, workshops, national skillshare gatherings and hacklabs
Jump to navigationJump to search

Mobile Phone Security and Android Apps

In this chapter you will learn;

  • Some background info on Mobile Phones and security
  • How to send encrypted SMS messages on an Android phone
  • How to set up a VPN on an Android phone to allow safer browsing

Background Info

Background info on mobile phones and security - maybe adapted from here -


The Guardian project are doing really useful work on Android platform

Blurred faces camera app

ObscuraCam is a visual privacy app for photo and video, that gives you the power to better protect the identity of those captures in your photos, before you post them online. ObscuraCam will automatically detect faces that you can pixelate, redact (blackout) or protect with funny nose and glasses.

Encrypted file system


Encrypted SMS Messages

TextSecure is recommended by the Guardian project

Setting up a VPN on an Android Phone

some info and a link to step by step instructions -

Encrypted Web browsing

Orbot & Orweb - These two apps really go hand in hand, Orbot is the Android port of Tor a tool for anonymous online activity (whilst tor is not completely secure it's still a lot better than nothing) and Orweb is a browser made for it by The Guardian Project which is automatically configured to use Tor.

Encrypted Email

k9 mail

Encrypted VOIP

Csip simple

Status net client

The Client could be used to post microblogs such as

Peer to peer phone calls via wifi mesh network

Currently implemented features include:

  • Free voice calls between Serval Mesh-enabled phones
  • MeshMS, our free mesh-based SMS

Local wireless webserver

Using Paw and the PirateBox plugin it is possible to run a webserver from your phone. Users see the wireless network broadcasting from your phone, connect to it, and are then redirected to a local webpage that also runs on your phone.

This can be used for sharing bust card information at a demo. Or sharing the ObscuraCam.apk amongst a crowd for example. By default the app also installs a local chatroom that runs on the phone acting as the server. This should maybe be deleted for security reasons?

Remote control

Activists can be detained by authorities in order to stop their work or to gain access to information they are carrying on their persons. In these situations it is often difficult for that individual to anticipate their detention, leaving the data they are carrying unprotected and easily compromised. If a remote support team is able to determine that their team member has been detained, it should be possible for them to remotely control that member’s mobile device to either erase or disable access to the information it. There are a number of applications that can do this.

Android lost is both free (as in beer, not libre) and allows control via SMS which is useful as it allows you to turn on 3G if it is turned off. (It does seem to use Google log in credentials, could anyone comment on whether this poses a security risk? (marker says: yeah, bigtime, you may as well ask the cops to erase your PNC record)