Security concerns for surveillance camera - Security Discussion

I have an old Sony Xperia Z2 that is not being used. I plan to either sell it or use it as a surveillance camera.
The one thing that makes me hesitant to just make it a surveillance camera is the security concern that I have. I’m simply afraid that it might get hacked as the phone does not receive any more security patches for the stock ROM.
If using it as a surveillance camera, I would not use it for anything else and would uninstall all other apps than the surveillance app. I would probably not have any SIM in the phone, just have it connected to my WIFI and through that send images to an online server.
Should I be concerned about the security or just go on and make it a surveillance camera?
Would the phone be more secure if running Cyanomodgen instead of the stock ROM? There are nightly builds for the Z2 but I want the time spent on phone maintenance to be as short as possible.
My WIFI is encrypted and I only use strong passwords.

I would not worry.
An old slow phone is not a priority for hackers.
And you could make it a non issue by firewalling it to only connect to your lan router.
Then it could not even be used as the world's slowest email spammer.

Thanks for your reply.
But if I want to upload images to a web server online then I cannot block it off from the internet. Which, I guess, makes it somehow vulnerable.
Is Droidwall a good option if looking for something to block everything but the IP addresses of my current hosting company.
Would the phone be more secure if running Cyanomodgen instead of the stock ROM? There are nightly builds for the Z2 but I want the time spent on phone maintenance to be as short as possible.

Droid wall had not been updated on a long time as I remember.
You should be looking at afwall.
Which is basically a front end for iptables rules
(Which is what most Linux based network protection is based on.And I think you could get a doctorate and still not know everything about ip tables) but the fire wall is not designed to block single ip addresses do you will have to look at custom rules, which means lots of confusing research. (Only confusing for the first while)
No I don't know of a simple way of doing it.But there is tons of information on iptables rules online.
You may also want to look at the hosts file to block common attacking addresses.
It should not matter if you are on a oem Rom or a custom one. (Other than a oem will have more things running slowing down your phone)

I don't think the phone receives any more updates for the stock ROM. So in that case, I guess the custom ROM, which receives updates, is safer.
I'm leaning towards just putting a memory card in the phone and run it offline. That way I don't have to worry about any updates or firewalls, I can just check the images on the memory card in case anything bad has happened inside or outside of the house.

Related

Lost Phone Locators -- Privacy?

Currently looking for a suitable Phone Tracker/Locators in case phone gets misplaced.
For those interested in your options, this sums it up well: http://www.androidpolice.com/2011/11/28/mobile-security-app-shootout-final-roundup-out-of-a-sea-of-apps-just-one-emerges-as-a-clear-winner-in-keeping-your-device-safe/
My questions is, how safe in terms of privacy are the trackers that also provide a centralized web interfaces?
Think about it, you are essentially installing an agent that allows the developer (if they so choose) to track where ever it is you are at and control your phone at anytime.
Sure YOU require a password to access your account, but surely the developer could have full access to all accounts using this software.
I used to use Tasker for remote SMS tracking, but the added features of these web integrated trackers are appealing since they also have remote picture taking, remote erase, locking, etc.
How would you weight on privacy vs feature trade off?
klau1 said:
Currently looking for a suitable Phone Tracker/Locators in case phone gets misplaced.
My questions is, how safe in terms of privacy are the trackers that also provide a centralized web interfaces?
Think about it, you are essentially installing an agent that allows the developer (if they so choose) to track where ever it is you are at and control your phone at anytime.
Sure YOU require a password to access your account, but surely the developer could have full access to all accounts using this software.
How would you weight on privacy vs feature trade off?
Click to expand...
Click to collapse
In my opinion it's really a matter of trust. First and foremost, do some research on the developer and app you're considering, look at the feedback, reputation, etc. then make a decision on how safe you feel about the service. It's similar to deciding if you feel safe signing up with a company like LIfeLock. In order for them to protect your sensitive data, you must freely give them all of your sensitive data. How safe would you feel about that? Would you trust them enough not to be malicious?
But then again, aren't you putting the same amount of trust and taking the same risks with the developer of ANY app you install on your phone?
As far as the apps themselves, I have used Find My Droid, the one Best Buy offers, and I can't remember the name of the third one and I found that all three are not as useful as I originally thought.
1. The gps feature was nice but did not pinpoint an exact address, just a general area. How useful is that?
2. I did a "stolen phone" test with the apps and it took them all between 5 and 15 minutes to lockdown the phone and one just plain failed.
3. The remote picture taking feature didn't work and if you plan on using an ICS rom, since the front facing camera doesn't work, the picture taking feature doesn't do much good.
4. The apps are useless if a perp pulls the battery which renders the gps completely useless.
So in summary, I personally wouldn't use one of those phone tracker apps. If you misplace your phone, just call it from someone else's and if you accidently left your phone at a bar or someplace public, call your provider for a replacement because you probably won't see that old one ever again.

Security from physical theft/abuse of the WiFi Only Transformer Pad Infinity TF700

(Prospective TF700 buyer here.)
So since the device is WiFi only for most of us, no apps that provide post-theft security via receiving an SMS message are applicable.
I can't think of any way to get the tablet back or find its location post-theft. It would be nice if there was a security app that could act of receiving a specific e-mail instead of SMS.
Aside from post-theft action, before theft I know we can use a password to secure the contents of the tablet. But is the built in screen lock via password the best means to secure it?
I just wanted to foster some discussion and ideas around this topic. Since it's much harder than with a phone. Feel free to chime in with whatever is on your mind related to this subject.
Darnell_Chat_TN said:
(Prospective TF700 buyer here.)
So since the device is WiFi only for most of us, no apps that provide post-theft security via receiving an SMS message are applicable.
I can't think of any way to get the tablet back or find its location post-theft. It would be nice if there was a security app that could act of receiving a specific e-mail instead of SMS.
Aside from post-theft action, before theft I know we can use a password to secure the contents of the tablet. But is the built in screen lock via password the best means to secure it?
I just wanted to foster some discussion and ideas around this topic. Since it's much harder than with a phone. Feel free to chime in with whatever is on your mind related to this subject.
Click to expand...
Click to collapse
This is a valuable way for this kind of thinks and imo it's better than any app.But also keep in mind that even so if you lost your device it will not be easy to get it back,but atleast you could destroy your personal data.Oh,and even if it was a 3G model,the first thing a thief will do is shutting down the device and throw out the SIM.
Pretoriano80 said:
This is a valuable way for this kind of thinks and imo it's better than any app.But also keep in mind that even so if you lost your device it will not be easy to get it back,but atleast you could destroy your personal data.Oh,and even if it was a 3G model,the first thing a thief will do is shutting down the device and throw out the SIM.
Click to expand...
Click to collapse
Thanks.
Far as what the thief will do depends on their intelligence . The one who took my wife's phone kept the SIM in to use our plan as their own.
There are several antivirus apps available that provide remote wiping (abd/or locking) functionality and such, although I do not know if they can turn on WiFi and report the device's location in the process.
I guess Asus Device Tracker will have to do for me.
I do share some of the concerns of the OP in that other thread, but for me it beats nothing.
Device encryption. Takes awhile to do but the device will be useless without the pin. I have been meaning to turn it on, I just never have my charger handy when I think of doing it. Maybe tonight...
Unfortunately Android device encryption slows down the device (which isn't the fastest anyway in our case) and drains battery faster. It cannot be undone without the full wipe, too. It is nothing like TrueCrypt in these respects.
Edit: It seems it can give you some problems with rooting, ROMs and others, too, which makes it a wildcard, although I'd love to use it. Apart from that, it's far from perfect security, as enabling debugging mode will still allow adb access without PIN verification if the device is powered and after the pre-boot PIN verification (which it probably will be when stolen).
WhisperCore looks interesting, but it says Temporarily Unavailable where the download link should be present.
MartyHulskemper said:
There are several antivirus apps available that provide remote wiping (abd/or locking) functionality and such, although I do not know if they can turn on WiFi and report the device's location in the process.
Click to expand...
Click to collapse
Most work via SMS.
You might be interested in another aspect of Device Tracker: http://forum.xda-developers.com/showpost.php?p=30305551&postcount=21
d14b0ll0s said:
You might be interested in another aspect of Device Tracker: http://forum.xda-developers.com/showpost.php?p=30305551&postcount=21
Click to expand...
Click to collapse
So nevermind using Asus Device Tracker given that news .
And device encryption just has too many negative side effects for me personally.
So there's no decent 3rd party app and we can't trust Asus any further than we can throw one of their techs.
It seems the only security for me at this time is encrypting the most sensitive data via an app just for those pieces of data and general physical security.
d14b0ll0s said:
Unfortunately Android device encryption slows down the device (which isn't the fastest anyway in our case) and drains battery faster. It cannot be undone without the full wipe, too. It is nothing like TrueCrypt in these respects.
Edit: It seems it can give you some problems with rooting, ROMs and others, too, which makes it a wildcard, although I'd love to use it. Apart from that, it's far from perfect security, as enabling debugging mode will still allow adb access without PIN verification if the device is powered and after the pre-boot PIN verification (which it probably will be when stolen).
WhisperCore looks interesting, but it says Temporarily Unavailable where the download link should be present.
Click to expand...
Click to collapse
I'd be weary of device encryption if you plan on doing anything to the tablet other than keeping it fully stock. I'm not even sure how OTA updates are handled. Granted the situation is a bit different (and totally my fault) but I encrypted my HD on my laptop (TrueCrypt) which was awesome at first. I didn't see a noticeable depreciation in speed and felt a lot more comfortable . I decided to try a dev build of Win8 one day, so I partitioned my drive and installed through the Win8 setup process. Short version is that my encrypted partition fot trashed and I lost all of my data that wasn't backed up yet.
So yea, be careful when you encrypt.
[OT] Actually, according to TrueCrypt, Windows installer should only change your bootloader and rescue boot from a removable memory should do the trick with recovering TrueCrypt MBA. Did it wipe your data or just the boot record?
---------- Post added at 09:43 PM ---------- Previous post was at 09:38 PM ----------
Darnell_Chat_TN said:
So nevermind using Asus Device Tracker given that news .
And device encryption just has too many negative side effects for me personally.
So there's no decent 3rd party app and we can't trust Asus any further than we can throw one of their techs.
It seems the only security for me at this time is encrypting the most sensitive data via an app just for those pieces of data and general physical security.
Click to expand...
Click to collapse
I think partial encryption is fine, but of course can be compromised easier when not everything is encrypted.
As to third-party apps, I believe there's a lot of these, but after this ASUS example I'm not sure I want to use any of them.
In case you still want sth like that, just have a look at Google Play: https://play.google.com/store/search?q=anti+theft&c=apps
I'm not sure what it actually did at the end of the day (can't remember). I THINK it would only boot to the Win8 partition and while the other partition was there I couldn't access it from anything (I vaguely recall the partition showing up saying that it was 0% full). I tried to restore the MBR and I ran a few different analysis tools to see if I could recover files.
After a few days I decided that it wasn't worth it. It as almost a year ago and most of my stuff was backed up, I really only lost some music and some pictures. I decided to cut my losses, reformat everything, and reinstall Windows7.
d14b0ll0s said:
...
As to third-party apps, I believe there's a lot of these, but after this ASUS example I'm not sure I want to use any of them.
In case you still want sth like that, just have a look at Google Play: https://play.google.com/store/search?q=anti+theft&c=apps
Click to expand...
Click to collapse
Some of these actually look pretty good to me . It would be nice if they made them to work with your own personal machine and not their servers, but they obviously need to use a model that makes them money :laugh: .
Unlike Asus, 3rd party app makers don't hold the device warranty in their hands. They survive off me willing to use and trust their services.
When you're rooted then I recommend Cerberus I use on both my phone and the tablet. I had luckily never the chance to use it in a real situation but from my testing I can tell that it works really good.
It has a trial version so you can test it before buying.
Sent from my Galaxy Nexus using xda premium
avast! is the answer
Seems as if avast! Mobile Security can do everything the Asus Device Tracker can do. And even more, since it also has a virus scanner, firewall, network meter, SMS/call blocker and more other features than I care to remember. And it's FREE. All that and no worries of losing warranty.
avast! can lock the device tight via a web site, wipe it and more. And it can be configured to not be easily removed. So it's the answer to me.

Is there a completely secure rom for xt1032?

I was looking for a custom rom that would be so secure that no one else apart from me could access the data stored on my phone. A good visual example of the rom would be imaginary black hole that is picky with the things it absorbs into itself and doesn't shoot anything out of it when there's too much things being sucked up at once. The thing that android is so vulnerable in terms of user privacy that the device becomes an open book when apps with certain permissions is installed. You might ask why do I need such a security. I would like to ask the same question because my device has to be personal istead of privacy leaker that on default grants access to leak my data for apps that has the required permissions to be able to steal my data without me ever noticing it. I don't get how a lot of people is fine with all of this when 10 years ago everyone would be mad about it. They might say that all of this is for our own security, but in my eyes it's all about sharing our data by selling it.
I hope I made my points why I am looking for a secure rom.

Signal Private Messenger

Hi,
I've discovered the description of "Signal Private Messenger" app, but I don't know what thinking about it.
Its description seem's to indicate that you can communicate voice and text securely end to end with your smartphone, and that it's open source.
What is really securely ? I don't know and "I want to know"
Thanks in advance for your answers.
Hi, The short answer is Yes. Signal is by Open Whisper Systems & runs on iOS and Android. You can use it as a regular SMS/MMS app; as well as encrypted SMS/MMS/phone calls. To activate the encryption you need to exchange keys with the person you want to message.
Hope this helps!
equi_design said:
Hi, The short answer is Yes. Signal is by Open Whisper Systems & runs on iOS and Android. You can use it as a regular SMS/MMS app; as well as encrypted SMS/MMS/phone calls. To activate the encryption you need to exchange keys with the person you want to message.
Hope this helps!
Click to expand...
Click to collapse
Hi,
Thanks for your answer.
Your answer is a good summary of the app's features.
But what are you thinking about the word "securely" ?
Is it a dream or a reality ?
The app's editor highlights testimonies from known people who use it. Is it sufficient to trust this app ?
Has someone in this forum examined the code of this app ?
Nothing is completely secure.
In my opinion, & from my use, Signal is more secure than a normal messengering app - but less secure than a talk in real life.
If you are interested in security, please check out this XDA subforum; http://forum.xda-developers.com/general/security
And read up here: www.eff.org
Hm, nice to see a discussion going on. Have just heard Snowden recommend the app so I thought I'd check it out. BUT, there is a but ... I intentionally blocked the app from any internet usage whatsoever with AFWall+ donate. I've set up my AFW to show a toast whenever it blocks an app trying to use the internet so that I know which apps try to use the net in the background without my permission or intention. To my surprise my AFW blocks Signal all the time when I use Signal. And I mean ALL the time. How does this make sense? Why would a privacy app try to connect to the internet constantly? I've not got WiFi calling and I've not even enabled it in Signal's settings. Am I missing something here or is there sth wrong with the app? It's making me feel that it is constantly trying to leak data and that's why it attempts to use the internet. Good thing I have a robust thing on board such as AFWall... best firewall out there.
jonathansmith said:
Hm, nice to see a discussion going on. Have just heard Snowden recommend the app so I thought I'd check it out. BUT, there is a but ... I intentionally blocked the app from any internet usage whatsoever with AFWall+ donate. I've set up my AFW to show a toast whenever it blocks an app trying to use the internet so that I know which apps try to use the net in the background without my permission or intention. To my surprise my AFW blocks Signal all the time when I use Signal. And I mean ALL the time. How does this make sense? Why would a privacy app try to connect to the internet constantly? I've not got WiFi calling and I've not even enabled it in Signal's settings. Am I missing something here or is there sth wrong with the app? It's making me feel that it is constantly trying to leak data and that's why it attempts to use the internet. Good thing I have a robust thing on board such as AFWall... best firewall out there.
Click to expand...
Click to collapse
It's encrypted, end to end. It's not leaking anything. The code is opensource, you can go and review the code and build it yourself.
If you're blocking it from accessing the internet, then it's going to try again, probably because it can see that there is a network connection live.
@jonathansmith
Thanks for your detailed feedback.
It will be nice if someone in this forum could analyze the code of this open source app.
As for me, I am unfortunately not competent.
Were you able to identify with AFW the site the app was trying to connect ?
dtective said:
It's encrypted, end to end. It's not leaking anything. The code is opensource, you can go and review the code and build it yourself. If you're blocking it from accessing the internet, then it's going to try again, probably because it can see that there is a network connection live.
Click to expand...
Click to collapse
Thank you, that's exactly what I don't get. Why would it attempt to establish a connection. Ofc I'm blocking it. I'm blocking tons of others apps as well, but unlike Signal (and a few other suspicious apps) the other apps do not try to establish a connection.
As I said, when you block an app from accessing the net with AFWall you can tell AFWall to give you a toast showing you when every signle time when AFWall blocks a certain app trying to access the net. So, with 99% of my AFWall-blocked apps I don't get this toast, meaning that those apps don't even attempt to access the net (but better stay safe and have em blocked.) With some tricky apps though, AFwall shows that toast msg indicating that it successfully blocks a certain app from accessing the net. That's what I don't get - why would Signal be set up in a way that it would attempt to access the net. Prolly WiFi calling or sth but I'd rather use it for now only as a default SMS client.
Yes, you are right. Signal can see that there is a network connection live and that's why it constantly tries to connect to it. Just wish Signal would get it once and for all that it is blocked for good and stop trying to access the net.
If anyone knows which Services, Broadcast Receivers, or Activities from Signal should be disabled (using MyAndroidTools for example) please do share which ones they are so I can disable them and thus prevent Signal from constantly trying to establish a connection. The toast msg from AFW does become annoying when it is every second second
---------- Post added at 11:39 AM ---------- Previous post was at 11:33 AM ----------
iwanttoknow said:
Were you able to identify with AFW the site the app was trying to connect ?
Click to expand...
Click to collapse
Maybe gotta look into the log of AFW. The toast msg only shows the ip address which Signal ties to connect but AFwall prevents it form doing. But that's not the prob for me. Doesn't matter too much what it tries to access cos I know AFWall is good enough at preventing that. Just want to stop Signal from trying to access whatever it is trying to access! Will let you know if I figure it out!
---------- Post added at 12:00 PM ---------- Previous post was at 11:39 AM ----------
equi_design said:
Nothing is completely secure.
And read up here: www.eff.org
Click to expand...
Click to collapse
I second that. Nothing is, indeed! And thanks for reminding me about eff ... here's a good one - https://www.eff.org/https-everywhere @iwanttoknow check it out!
And here's a bit of a follow-up. Managed to catch the toast. Not sure if it is always the same ip that AFW blocks, but will try to pay attention. A reverse search reveals that the geo location of the ip is some place in Washington, US.
https://imgur.com/a/5fhIf
As I understood it
(And I could be wrong I left signal years ago when it was text secure)
Signal does NOT use sms to send messages
That functionality of the app was dropped a while back
It uses internet only to transmit encrypted messages
And it uses its own message server to host your messages.
It seems like decent software
I abandoned it because it uses your personal phone number as your identifier..
And it will not work with out a phone number..
Which for me is just crazy as every government in the world and most phone companies are selling /tracking your "meta" data based on your smart phone and it's phone number.
Think of it as any other encrypted internet message system
But it uses your phone number as an identifier...
Everyone gets my pubic email address now for communication.
Cops, government, hospital, work, stores,etc
It's the 21st century. Why use a phone number for anything anymore?
nutpants said:
As I understood it
(And I could be wrong I left signal years ago when it was text secure)
Signal does NOT use sms to send messages
That functionality of the app was dropped a while back
It uses internet only to transmit encrypted messages
And it uses its own message server to host your messages.
It seems like decent software
I abandoned it because it uses your personal phone number as your identifier..
And it will not work with out a phone number..
Which for me is just crazy as every government in the world and most phone companies are selling /tracking your "meta" data based on your smart phone and it's phone number.
Think of it as any other encrypted internet message system
But it uses your phone number as an identifier...
Everyone gets my pubic email address now for communication.
Cops, government, hospital, work, stores,etc
It's the 21st century. Why use a phone number for anything anymore?
Click to expand...
Click to collapse
You have to go back in time when the app was called Textsecure and it provided end to end encryption for SMS. The app was available on F-Droid until someone discovered that plain text sms were saved unencrypted on device. After that, the dev temporarily closed the source and also demanded that the app be removed from F-Droid, because in his view distribution on F-droid was "insecure." Well, that hole was fixed and the following versions worked pretty well. About the same, time, the dev started to be bothered by TSA every time he travelled by air. Then, within a few subsequent releases, google binaries and internet permission were included. Then, the app started to crash if internet service was restricted. In addition, you could only get the app from Googleplay, which means, you must have Gapps and Google Services Framework, which has total control over the phone and regularly "phones" home (obviously not your home). GSF can get your outgoing text before encryption and incoming text after.. Despite all of the above, one could still compile the app and use it without GSF. Then suddenly, the dev announced that he would no longer support encrypted SMS. About that time, he started receiving literally millions of $ from a US government's backed foundation. In addition, he was offered a lucrative contract to do encryption for What's UP, which later became Facebook. Quite a change after being harassed in airports So, encrypted sms were dropped and the app turned into an internet messenger. You must register with your phone number; your data goes through Google servers and Whisper System's servers. And by the way, neither the Signal servers nor Redphone servers are open source. You can't use the app unless you have Gapps and GSF and if you use the app, you are known to Whisper Systems, Google and all 3-letter agencies...
This is not the first time I am posting on Textsecure/Signal, just do a search on XDA and F-Droid forums and you will find more info with links. I would stay away from anything coming out of Whisper Systems. Use Silence, which is a fork of Textsecure with encrypted SMS. For over-the-internet services, use Conversations.
And by the way, never use an app where everything: encryption, encryption method, registration, servers are in the hands of one entity, which won't allow you to use other servers...
nutpants said:
As I understood it ...
Click to expand...
Click to collapse
You might be right but for normal unencrypted messages Signal uses simple SMS. Have tried it and without any WiFi or data it simply sends a msg as an SMS. So far so good but u might have a point. I'm yet to test with someone who also has the app installed and see how encrypted msgs are transferred. I'd imagine it NOT to be over the internet, but then again you might have a point? Why? Because as I said I've blocked Signal with AFWall and I get a toast showing that Signal CONSTANTLY tries to connect to the internet when there is currently a live connection to the internet, be it Data or Wifi. So yeah, you might be right, but I need to test it out. In the meantime someone who has already done this would do us a favour by telling us how it works.
Using my personal phone number as identifier does not sound cool indeed. If you are right about this: 'It uses internet only to transmit encrypted messages. And it uses its own message server to host your message' then I guess I'm ok with using the net for transmitting encr. msg since they are encrypted with E2EE. As to where the msgs are hosted. I guess I'm better off having them stored at Signal's server than at Verizon's cos from Verizon they end up DIRECTLY to the government. I guess with nuff persuasion and money though they'd also end up there from Signal. It's the way of the world, isn't it? Also, as I mentioned in my last post, the IP which Signal constantly tries to connect to is in Washington. That's already fishy enough .... very fishy!
optimumpro said:
Use Silence, which is a fork of Textsecure with encrypted SMS. For over-the-internet services, use Conversations.
Click to expand...
Click to collapse
How about apps like 'Wire' and 'Wickr - Top Secret Messenger'? Are they any good? Will give Silence and Conversations a try! 10x for bringing them up.
unknown404 said:
How about apps like 'Wire' and 'Wickr - Top Secret Messenger'? Are they any good? Will give Silence and Conversations a try! 10x for bringing them up.
Click to expand...
Click to collapse
Wickr is not open source. So, for me it is out of the question. Wire sounds good, although they say they can terminate your account at any time. Also, they say the company is based in Switzerland, but the location for dispute resolution is San Francisco. They also say they can require you to download/upgrade the app, which means that if you want to stay on older version, they won't let you...
Again, I am against models where everything is concentrated in the same hands...
optimumpro said:
Wickr is not open source. So, for me it is out of the question. Wire sounds good, although they say they can terminate your account at any time. Also, they say the company is based in Switzerland, but the location for dispute resolution is San Francisco. They also say they can require you to download/upgrade the app, which means that if you want to stay on older version, they won't let you...
Again, I am against models where everything is concentrated in the same hands...
Click to expand...
Click to collapse
I guess I'm ok with Wickr's being closed source (but then again what do I know ... the discussion about open vs closed source goes both ways so more opinions are welcome). Just don't get why I made an account there and now trying to log back in I'm told the credential are wrong. Weird!
Hi,
In my first post, I was asking your opinions about "Signal Private Messenger" app.
Thanks all for your answers.
In your answers, I have discovered the names of Silence and Conversations apps.
Which level of confidence for them and why ?
iwanttoknow said:
Hi,
In my first post, I was asking your opinions about "Signal Private Messenger" app.
Thanks all for your answers.
In your answers, I have discovered the names of Silence and Conversations apps.
Which level of confidence for them and why ?
Click to expand...
Click to collapse
I'll be happy to hear more opinions as well but as optimumpro said, Silence really seems solid and offers E2EE, which is what I need. Have tested it with other users and seems good so far. Can't say anything about Conversations cos I've not used it yet. I read good stuff about Wickr as well, but yeah ... closed source deters many.
unknown404 said:
I'll be happy to hear more opinions as well but as optimumpro said, Silence really seems solid and offers E2EE, which is what I need. Have tested it with other users and seems good so far. Can't say anything about Conversations cos I've not used it yet. I read good stuff about Wickr as well, but yeah ... closed source deters many.
Click to expand...
Click to collapse
Both Conversations and Silence are open source, unlike Signal, which contains prebuilt binaries and jar files. Also, neither Conversations nor Silence forces you to register or use their servers, which Signal does.
optimumpro said:
Both Conversations and Silence are open source, unlike Signal, which contains prebuilt binaries and jar files. Also, neither Conversations nor Silence forces you to register or use their servers, which Signal does.
Click to expand...
Click to collapse
That I do second and that I do like!
Hi,
After reading some articles, I discovered that it was "easy" to assure End-to-end encryption (E2EE) for our communications. I share my understanding here, knowing that it's well known by experts in the domain. So thank you for being kind to me.
In fact, there is a difficulty for communicating parties who wanted to communicate without anyone spying their voice or written messages. They have to use cryptographic protocols relying on a shared secret. But how to share a secret on unsecure communication channels ?
It's "easy", due to the Diffie-Hellman cryptographic protocol which permits to do that. There are a lot of explanations about it on the Net. But it could be defeated by the man-in-the-middle attack (MITM). To counter this attack, you have "simply" to sign the shared secret with asymetric keys (with your secret key to sign the shared secret, and with your public key permitting to the other part verify it). If you are interested, see more explanations on the Net about asymetric cryptographic protocols.
I sincerely hope that I didn't say too much nonsense.
Silence app is based on Diffie-Hellman protocol, like other apps in the domain.
In summary, after reading your answers to my initial post :
- Silence app permits to exchange SMS/MMS, using E2EE.
- Conversations app is an instant messaging (IM) client for Android, using E2EE.
Signal Private Menssenger is an E2EE IM and voice calling app.
I have noted what has been written about Signal Private Menssenger in this thread, so is there a "less intrusive" E2EE voice calling app, in the same way as Silence ?
Thanks for your participation.

Pet project - Offline Android tablet as personal assistant, private storage, etc..

Hello all!
New to XDA Forums here... well, new on posting, been lurking for years now.
So, I have this new pet project that I want to invest some time and money come 2017, and it's like this:
I want to get an Android tablet that will be kept permanently offline after initial setup, and will hold all sorts of personal information away from the interwebs.
After thinking about it, I decided to share thoughts, receive input and comments here and perhaps in some other forums to see if I can accumulate some interesting ideas.
I'll start with the most obvious question: which tablet brand and model would you think is interesting for something like this?
The ones I considered so far: HTC Nexus 9 for rooting, Samsung Galaxy Tab S or S2 for the fingerprint scanner, nVidia Shield Tab K1 for raw power and futureproofing.
Plan is to go full paranoia, disassemble the tablet, pull out stuff like cameras, microphones, possibly even speakers, and let this become a device that can only be accessed via touchscreen or connecting external speakers and microphones. Wi-fi chip and/or antenna will also go, Bluetooth, NFC if it's there, eventually modify the USB connector for power only. New stuff only via SD card perhaps.
Yes, this means I'll be forever locking it into a certain state, but it's a pet project to see how far I can go without rendering it useless... further, I'll see if there's a way to make those changes reversible, as long as you open the device up again and such. This is of course all gradual, just ideas, might not go so far.
OS and software wise, this will need a relatively recent version of Android for full disk encryption... though it would be kinda nice to have Nougat's file encryption instead. Pros and cons to consider with each device.
Some offline apps I put in a consideration list... some of them I haven't tested just yet, but will be looking into soon enough:
Apps: AppLock
Files: Crypt4All Lite, ES File Explorer
Calendar, Contacts: Flock, Fruux
Passwords: KeePassDroid
Assistant: Utter!
Dictionary: Offline Dictionaries
Translation: Bing Translate
Maps: HERE Maps
Notes: MonoSpace
Again, the idea is to have the tablet fully functioning and connected at first - update, install, configure and load it up with everything needed, and then permanently make it an offline device. I'm not sure how many of those will actually work without any network connection, but my research has been around apps that have offline options.
Any inputs are welcome, I appreciate any recommendations for hardware, apps and custom roms for the task.
You can imagine the device overall as a personal assistant, media consumption device that will securely hold private information like calendar, passwords, contacts and files in general. Not meant to be disposable, but of course, inaccessible if stolen or lost.
Thanks for reading so far, I'll keep this thread updated with progress, but I'll probably only start working on it early next year.
XSportSeeker said:
Hello all!
New to XDA Forums here... well, new on posting, been lurking for years now.
So, I have this new pet project that I want to invest some time and money come 2017, and it's like this:
I want to get an Android tablet that will be kept permanently offline after initial setup, and will hold all sorts of personal information away from the interwebs.
After thinking about it, I decided to share thoughts, receive input and comments here and perhaps in some other forums to see if I can accumulate some interesting ideas.
I'll start with the most obvious question: which tablet brand and model would you think is interesting for something like this?
The ones I considered so far: HTC Nexus 9 for rooting, Samsung Galaxy Tab S or S2 for the fingerprint scanner, nVidia Shield Tab K1 for raw power and futureproofing.
Plan is to go full paranoia, disassemble the tablet, pull out stuff like cameras, microphones, possibly even speakers, and let this become a device that can only be accessed via touchscreen or connecting external speakers and microphones. Wi-fi chip and/or antenna will also go, Bluetooth, NFC if it's there, eventually modify the USB connector for power only. New stuff only via SD card perhaps.
Yes, this means I'll be forever locking it into a certain state, but it's a pet project to see how far I can go without rendering it useless... further, I'll see if there's a way to make those changes reversible, as long as you open the device up again and such. This is of course all gradual, just ideas, might not go so far.
OS and software wise, this will need a relatively recent version of Android for full disk encryption... though it would be kinda nice to have Nougat's file encryption instead. Pros and cons to consider with each device.
Some offline apps I put in a consideration list... some of them I haven't tested just yet, but will be looking into soon enough:
Apps: AppLock
Files: Crypt4All Lite, ES File Explorer
Calendar, Contacts: Flock, Fruux
Passwords: KeePassDroid
Assistant: Utter!
Dictionary: Offline Dictionaries
Translation: Bing Translate
Maps: HERE Maps
Notes: MonoSpace
Again, the idea is to have the tablet fully functioning and connected at first - update, install, configure and load it up with everything needed, and then permanently make it an offline device. I'm not sure how many of those will actually work without any network connection, but my research has been around apps that have offline options.
Any inputs are welcome, I appreciate any recommendations for hardware, apps and custom roms for the task.
You can imagine the device overall as a personal assistant, media consumption device that will securely hold private information like calendar, passwords, contacts and files in general. Not meant to be disposable, but of course, inaccessible if stolen or lost.
Thanks for reading so far, I'll keep this thread updated with progress, but I'll probably only start working on it early next year.
Click to expand...
Click to collapse
If you're going to keep it offline then there is no reason to be paranoid about it.
Sent from my SCH-I535 using Tapatalk
Droidriven said:
If you're going to keep it offline then there is no reason to be paranoid about it.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Well, it's going to be offline, but still mobile.
I realize I'm still going overboard with it, but it's mostly for testing purposes... honestly, I'm not really all that paranoid about it, boring life with nothing to hide blah blah.
I wanna see if the tablet can even work if I take all those modules off (cameras, wi-fi, bluetooth, etc). I've tested some smartphones that can work perfectly well even if you physically disconnect cameras, not sure about the rest.
I also have another pet project to have a device that is still online, but with the most security and privacy oriented measures in place... so it's a bit of testing for that too.
The underlying purpose is to see if I can modify multiple types of devices to be used in highly secure and privacy oriented scenarios. Part of my curiosity as a journalist I guess. Already turned an old laptop into a locked down Linux machine, but I didn't do much on the hardware side.
Other stuff like encryption and a strong user login system would need to be in place in case of robberies and such.
In any case, think of it as a testing platform... I know no devices will ever be completely secure and private, but willing to do as much as possible with a single device and no specialized tools to enhance things.

Categories

Resources