Difference between revisions of "TTFA2: Mobile Phone Security and Android Apps"
(Added Android Lost app) |
m (→Remote control) |
||
| (8 intermediate revisions by one other user not shown) | |||
| Line 18: | Line 18: | ||
[https://play.google.com/store/apps/details?id=org.witness.sscphase1&hl=en ObscuraCam] is a visual privacy app for photo and video, that gives you the power to better protect the identity of those captures in your photos, before you post them online. ObscuraCam will automatically detect faces that you can pixelate, redact (blackout) or protect with funny nose and glasses. | [https://play.google.com/store/apps/details?id=org.witness.sscphase1&hl=en ObscuraCam] is a visual privacy app for photo and video, that gives you the power to better protect the identity of those captures in your photos, before you post them online. ObscuraCam will automatically detect faces that you can pixelate, redact (blackout) or protect with funny nose and glasses. | ||
| + | |||
| + | ==Encrypted file system== | ||
| + | |||
| + | [https://play.google.com/store/apps/details?id=csh.cryptonite&hl=en Cryptonite ] | ||
==Encrypted SMS Messages== | ==Encrypted SMS Messages== | ||
| Line 36: | Line 40: | ||
==Encrypted VOIP== | ==Encrypted VOIP== | ||
| − | [ | + | [http://code.google.com/p/csipsimple/ Csip simple] |
| + | |||
| + | ==Status net client== | ||
| + | |||
| + | The [http://status.net/ Client] could be used to post microblogs such as https://indy.im | ||
| + | |||
| + | ==Peer to peer phone calls via wifi mesh network== | ||
| + | |||
| + | Currently implemented features include: | ||
| + | * Free voice calls between Serval Mesh-enabled phones | ||
| + | * MeshMS, our free mesh-based SMS | ||
| + | |||
| + | http://www.servalproject.org/ | ||
| + | |||
| + | ==Local wireless webserver== | ||
| + | |||
| + | Using [http://paw-android.fun2code.de/ Paw] and the [http://fun2code-blog.blogspot.co.uk/2011/12/piratebox-on-android.html PirateBox] plugin it is possible to run a webserver from your phone. Users see the wireless network broadcasting from your phone, connect to it, and are then redirected to a local webpage that also runs on your phone. | ||
| + | |||
| + | This can be used for sharing bust card information at a demo. Or sharing the ObscuraCam.apk amongst a crowd for example. By default the app also installs a local chatroom that runs on the phone acting as the server. This should maybe be deleted for security reasons? | ||
==Remote control== | ==Remote control== | ||
Activists can be detained by authorities in order to stop their work or to gain access to information they are carrying on their persons. In these situations it is often difficult for that individual to anticipate their detention, leaving the data they are carrying unprotected and easily compromised. If a remote support team is able to determine that their team member has been detained, it should be possible for them to remotely control that member’s mobile device to either erase or disable access to the information it. There are a number of applications that can do this. | Activists can be detained by authorities in order to stop their work or to gain access to information they are carrying on their persons. In these situations it is often difficult for that individual to anticipate their detention, leaving the data they are carrying unprotected and easily compromised. If a remote support team is able to determine that their team member has been detained, it should be possible for them to remotely control that member’s mobile device to either erase or disable access to the information it. There are a number of applications that can do this. | ||
| − | [ | + | [http://www.androidlost.com/#sms Android lost] is both free (as in beer, not libre) and allows control via SMS which is useful as it allows you to turn on 3G if it is turned off. (It does seem to use Google log in credentials, could anyone comment on whether this poses a security risk? (marker says: yeah, bigtime, you may as well ask the cops to erase your PNC record) |
Latest revision as of 23:06, 29 July 2012
Mobile Phone Security and Android Apps
In this chapter you will learn;
- Some background info on Mobile Phones and security
- How to send encrypted SMS messages on an Android phone
- How to set up a VPN on an Android phone to allow safer browsing
Background Info
Background info on mobile phones and security - maybe adapted from here - http://en.flossmanuals.net/basic-internet-security/ch047_understanding-risks/
Android
The Guardian project are doing really useful work on Android platform
Blurred faces camera app
ObscuraCam is a visual privacy app for photo and video, that gives you the power to better protect the identity of those captures in your photos, before you post them online. ObscuraCam will automatically detect faces that you can pixelate, redact (blackout) or protect with funny nose and glasses.
Encrypted file system
Encrypted SMS Messages
TextSecure is recommended by the Guardian project
Setting up a VPN on an Android Phone
some info and a link to step by step instructions - http://en.flossmanuals.net/basic-internet-security/ch050_vpn-on-android/
Encrypted Web browsing
Orbot & Orweb - These two apps really go hand in hand, Orbot is the Android port of Tor a tool for anonymous online activity (whilst tor is not completely secure it's still a lot better than nothing) and Orweb is a browser made for it by The Guardian Project which is automatically configured to use Tor.
Encrypted Email
Encrypted VOIP
Status net client
The Client could be used to post microblogs such as https://indy.im
Peer to peer phone calls via wifi mesh network
Currently implemented features include:
- Free voice calls between Serval Mesh-enabled phones
- MeshMS, our free mesh-based SMS
Local wireless webserver
Using Paw and the PirateBox plugin it is possible to run a webserver from your phone. Users see the wireless network broadcasting from your phone, connect to it, and are then redirected to a local webpage that also runs on your phone.
This can be used for sharing bust card information at a demo. Or sharing the ObscuraCam.apk amongst a crowd for example. By default the app also installs a local chatroom that runs on the phone acting as the server. This should maybe be deleted for security reasons?
Remote control
Activists can be detained by authorities in order to stop their work or to gain access to information they are carrying on their persons. In these situations it is often difficult for that individual to anticipate their detention, leaving the data they are carrying unprotected and easily compromised. If a remote support team is able to determine that their team member has been detained, it should be possible for them to remotely control that member’s mobile device to either erase or disable access to the information it. There are a number of applications that can do this.
Android lost is both free (as in beer, not libre) and allows control via SMS which is useful as it allows you to turn on 3G if it is turned off. (It does seem to use Google log in credentials, could anyone comment on whether this poses a security risk? (marker says: yeah, bigtime, you may as well ask the cops to erase your PNC record)