Related
Pronounced "say candy", the goal of SecAndy is to come up with as secure and private of an OS as possible. So as not to reinvent the wheel, we'll base this initiative on our open source code of choice (Android or maybe other developers' choice).
I am not a developer myself but I can without a doubt, because of former professional experiences, organize a project and gather the right people together as a community in order to make sure that project sees the light of day after it has acquired a life of its own if needed, which I think we will agree is something that this kind of project requires because of the scrutiny it will quickly attract.
I am officially calling upon this post all interested developers that could help us fork Android or other open source OS.
Let's get a kickstarter funded and let the party begin. I will update you later today on the advancement of such.
This thread welcomes constructive ideas and developer participation, but here are beginning requirements we'll need to fulfill eventually to privatize and secure android :
- default browser allowing custom search engines such as https://ixquick.com or duckduckgo
- default system search pointing to those custom engines for online component
- control of gps at firmware level to allow full disability
- peer to peer file exchange (think BitTorrent sync) with 1024 to 2048 bit encryption
- implementation of secure sms and mms exchange (think textsecure)
- implementation of encrypted voice channels (think redphone or SIP with end-to-end encryption)
- root vpn for all online access
- systemwide warning of insecure solutions (example : wanting to use gmail or regular email)
- PGP transparent email solution
- Tor option for root vpn (subject to mitm attacks but more on that later)
- peerguardian type auto-updated database to identify suspicious IP address ranges
- systematic in-out firewall control auto updated with peerguardian database and community based rules database
- hardened malware protection and app permissions with automatic permission audit based on application type
- full device encryption and lockup (in case of unauthorized user)
- full remote wipe out and bricking with auto IMEI reporting (in case of theft, might have to be amended because of attack vector)
- full remote location capability with real time tracking (that one might have to be scratched, high security risk because of attack vector)
This obviously doesn't cover all the bases but would be a good start... I know a lot of these options can be implemented with a mismatch of apps and custom Roms but having it all at an OS level AOKP style would greatly help in building an android by the people for the people community that could eventually loosen the stranglehold of less than transparent corporations.
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
e-motion said:
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
Click to expand...
Click to collapse
I don't want to be insulting, but no programming work has been done on your part, and you're just asking for people to dive in this project to get managed by someone they never heard of. It's not really surprising no one has commented yet.
I understand what you're saying but any comment, even if only just to show interest in such a project, will be key to drive developers to it.
I might not have started any development but I have clear understanding of how to design secure solutions. I can't go into details of why that is, however you can clearly see with my 2nd post that some research has been done. If I wanted a solution for me alone, I could just go on with my own little pudding of custom ROM and security apps.
However, because of the recent news events that SHOULD have awaken this population, I thought now might finally be the right time to try to get such a project off the ground. But without anyone even showing any interest, why would any developer be drawn to it ? If people would rather focus more on content consumerism than on what might happen under an umbrella of spooks that they're paying for with their taxes, then they have learned nothing from history and deserve what's coming to them, simple as that.
This is NOT a development thread in case you haven't noticed, so telling me I haven't developed anything yet is not even relevant.
In case anyone cares, this will be moved shortly in the t-mobile Note 2 Android development thread as a Touchwiz proof of concept ROM. Little steps, little steps...
Sent from my SGH-T889 using Tapatalk 2
mobile sec
While I am not a developer I would be interested in this project. I've been thinking about this a bit lately given recent events. I think a useful privacy preserving security related app and phone combo might have these features:
-some way to separate the baseband processor (radio) from the OS. It seems most phones share memory with the radio and this fact can and has been exploited. Own the bb processor and you own the phone. Perhaps a 3g dongle plugged into an android phone in host mode would work. Some of these usb "data only" radios can be unlocked for voice too. I believe a rooted phone with IP tables/firewall running would be much more secure than a conventional mobile phone.
-an anonymising network for connecting to servers/peers. I think the i2p network is well suited for this purpose. Rather than connect to services that are not designed with your anonymity/privacy in mind, connect to hidden/darknet servers that make it extremely difficult to ascertain your real IP and location. Perhaps an i2p router running on your home computer relaying i2p traffic while also maintaining a long lived encrypted connection to your mobile in order to "push" data to it. In this way the user benefits from the anonymising network, contributes to the network, but doesn't have the battery drain of relaying packets from the phone (if this is even possible).
-end-to-end encryption. Perhaps OTR messaging for texting and perhaps openPGP for transferring binary files as I don't believe file transfer in OTR is available at this time.
-an app that uses the above network that is capable of sending/receiving encrypted text, audio, video, gps location etc and does not leak any personal information that you don't want leaked. XMPP might be a good choice (with perhaps out-of-band binary transfers for efficiency). Giving your unique identifier to another person that is using the same app would allow you to communicate with them while not revealing your phone number, imei, imsi, etc. There would be some latency in the communication especially with binary transfers but I would gladly accept that for the added security.
anyway, just wanted to add this to the conversation and hope to see this project take shape as we definitely need more security enabled os's and apps.
Freeware isnt something you really find much in the Android community.
You hear the term thrown around quite a bit, but even alot of what is termed as freeware, actually isnt.
The Lion's Share of Android apps are not Freeware at all, and the Vast majority of the so-called 'freeware' apps that are available for us to download & use daily are not truly freeware at all
I would like to draft a set of guidelines for what would ideally become a certification standard for the ethical creation & development of free apps
Apps adhering to this standard could be classified under this genre of apps, and even bear a symbol within the app, overlaid on its logo, showing users it belongs and mentioned in the app's description, showing users how it was developed, and stating that it adheres to the guidelines and fulfills the requirements of the new standard.
I would also like to compile a list of any existing apps which already meet these criteria
and all Apps filling these requirements will fall under the realm of this Guild.
Please feel free to offer your own ideas & input as to what you feel would be best for the end user, and any rules or criteria you feel are relevant to forming a framework of guidelines & prerequisites needed for apps to be called under this name, and be brought under the umbrella of this guild.
Please feel free to offer suggestions for the certification & class name and/or Guild name as well
this is all preliminary work, and I'm looking for anyone interested in helping to build this community and standard & promote its use.
There could be 2 classes of apps, Freeware & Benefit-Ware
Or there could just be one set of rules for each, stating "IF.. such and such, THEN... such and such"
If you are an App User, please mention anything you find annoying, bothersome, or troublesome.
If you are an App Developer who knows about or is displeased with the ethics and developments of certain apps which gives other apps and developers bad names, please mention anything you can that might assist us in reigning in the cowboys of the App Wild West.
Also, if somethings are simply & 100% "Not Possible" because of the Android OS, these would be issues the Guild will work to make Individual Device Manufacturers as well as the Android team at Google aware of
So, it could start something like this:
- An app should not contain ads nor promotions which cannot be closed or disabled
- An app should not contain any full-screen ads nor any ads which limit or effect user interaction with the app
- An app should not give reminders which pop up and ask the user for money, ratings, or to download additional apps
- All requests for financial support, ratings, and downloading of additional apps should be contained in the 'About' Section of the Apps Settings
- All apps which produce sound of any sort must include its Volume Controls, including in-app Mute
- All apps with services which wish to run at start up must include their own settings option to enable or disable "Start when Android Starts"
- An app must not Auto-start unless the User has specifically selected it to, nor shall it be kept running if it has not been manually Launched by a User since the last Boot time.
- An app must allow users to manually select the installation directory upon installation
- An app must have its own internal Uninstall button in the "About" Menu Settings
- An app must install 'portably', that is, without adding data to the internal phone storage
- All apps which save data must have a User-Selectable Save Location which can be used to replace the App Default Save Location
- All Apps must Uninstall completely and leave no folder behind, asking users whether or not to uninstall specific items which might contain important user data
I hope other people can add to this list
thanks
I would like to stress that this isnt a knock on any existing programs, nor do I expect anyone to change what they are doing who isn't willing to.
If you hate the idea of this, please continue doing what you are doing.
This is for people who want to join or participate because these are the apps they would prefer to use, or make.
thanks
Others may include:
- An app must ask users whether or not the user wants to add a shortcut to the users default Home screen, regardless of the user's own phone settings. Perhaps an "Allow Shortcut" selection for Shortcuts which are going to be added
- An app must ONLY install shortcuts to the program currently being installed, and can in no way add shortcuts to the Home screen, the apps drawer, or the installation directory, to any other program nor any website at all.
- An app may include a single, small, unobtrusive "Donate/Beer" button on a menu bar with other menu buttons, but to be at the far right or farthest/last menu item available on the menu
- An app must not include permissions for anything other than the express intent & use of the app for its specified purpose.
- No app may, at any time, access a users personal information unless the app has direct interaction with such information as directly related to a service it is providing as a primary function of the app - And even then, the apps access to information must not be sent online nor over the internet unless specified as such due to it being a primary function of the app - and if & when personal information is sent online, the owner of the server must have a secure server which is not accessed by himself or his employees, but in which information is automatically transferred by software to and from the end users needed locations, and to no other place shall the information be passed - Nor shall it be kept on the server while not being sent or received to/from the users locations, without the users express consent, as an additional option.
- A "Primary Function" is defined as a Function which is the main or only reason a user installs or interacts with the site, and will be the main focus of the apps description
- Secondary Functions are not allowed to gain internet access, nor have any interaction with any online server or service, nor be granted any access to personal information nor any stored data outside the apps own install directory, etc.
- Apps must, in a written disclaimer provided in the "About" section of the apps own settings, give specific details as to the apps permissions and justify with specific reasons and technical details why each function requires each form of permission, and exactly how the app will use each permission, including server specifications & information-handling specifics, where applicable.
- Apps qualifying for inclusion in the Guild will clearly label themselves in one of 3 categories exclusively - Freeware, Benefitware, or Trialware.
- Apps labelled as Free, or containing the word "Free" must 1.) be 100% ad-free, 2.) not be a Trial, 3.) be fully functional, & 4.) not bother users for payments, ratings, etc.
- Apps labelled as "Benefitware" may include 1.) ads adhering to the guidelines for the inclusion of ads, 2.) requests for financial assistance in accordance with the guidelines for requests of Financial Assistance, 3.) Added Functionality which is above and beyond the scope of the original, feature-rich, fully-functional program, & 4.) Other items which are primarily of benefit to the developer, but which adhere to the guidelines of Enjoyable, Unfettered User Interaction
- Apps labeled clearly as "Trialware" may 1.) Limit the functionality of the apps Primary Functions, 2.) Must have a fully-functioning trial period of no less than 30 days, 3.) Must not be limited in any way during the Evaluation Period (e.g. no "20-character", "2-page", "3-time" limitations, or the such), & 4.) after the Trial Period, the app will be completely 100% uninstallable, and a re-install of the app on a specific device will begin a new 30-day evaluation (Users will not be treated like criminals nor presumed Guilty of Fraudulent use before proven otherwise).
- Other apps will not gain classification, certification, or inclusion in the Guild, and may refer to themselves in anyway they care to, but may broadly be referred to as "junkware" if they are found to not conform to the Principles, Guidelines & Statutes set forth and adhered to by the Guild & its Members & Affiliates
-
Also:
- An app must have an option to turn off Automatic updates, and may not self-check for updates otherwise.
- All Settings a User sets must be permanent and may not be reset nor shall those permission requests for updates, etc, be altered or changed nor be made to reappear, nor require the user to specify the same setting more than once.
- No app shall ever contact its servers for anything other than a user-launched request for the specific function required by the user at the time of the request.
- No app nor server nor company shall in any way interact with its apps or servers in anyway other than to execute the exact function called for by the user according to the UI meaning and implicit intent of the action
-
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
MarkanthonyDonald said:
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
Click to expand...
Click to collapse
Hi, markanthonydonald. welcome to the forum, I see this is your first day registered, and your first post no less.
That's right, all the prior results are belong to the settings of it t almost at all from the prior r results, but dont stop trying your point o of that the alternatives are to us, and thats the most bases of it. ll
-
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
Click to expand...
Click to collapse
Great Idea!
- An App must have a complete Version History contained in the About Menu Settings, or a Menu Item Devoted to Version History, with Detailed explanations as to why the changes were added, and if they are only to fix a bug with device x, why is it recommended to install it if you arent using that device
- Each App Update should be available as a complete App Stand-Alone APK installer, or installable from the Play Store Directly. No App should require Updates, nor provide updates for which there is no Standalone APK or an updated Google Play Installation.
alot of devs set up their apps just good enough to get on Google play, without getting kicked off, and then after you install it, they update the app with functions & behaviors that would get it kicked from the Play Store.
great work catching that one, thanks
-
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine
Click to expand...
Click to collapse
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
We need a list of example apps that we feel embody the spirit of honesty, transparency, user-centric programming & packaging, and which are either made in the spirit of true freeware, or made in the spirit of goodwill, and have either Benefitware or Trialware which adheres to consumer-oriented needs & interests
The following behaviors DO NOT qualify for inclusion in the Guild:
- Any app which appears desperate to flash things in front of your face, particularly things which flash or change scenes or color rapidly, change in a single frame, or less than a 1 second cross-dissolve, and which are overly animated, bothersome, annoying, or which may lead to epileptic reactions, which cannot be permanently closed or disabled for the duration of the session.
- Any app which appears to desperately or urgently present users with matters of no immediate significance or importance to the user. This includes the pestering need for ratings, requests for financial assistance, downloading of the developers other apps or partner apps, offers to visit the Play store or any other external website, etc..
- Any Benefit-ware app with any full-screen advertisement at all, from Internal or external sources used to promote the sales, use, or downloading of its own other products & services or those of an external company
- Any Benefitware which does not allow you to close a bar-style advertisement with a clear, easily-accessed, and adequately-sized close button
- Any Benefitware which re-opens an ad which has been closed within the same 24-hour period, or since reboot.
- Any Trialware which limits functionality of its products to a state inconsistent with the primary function of the app
- Any Trialware which does not allow a minimum 30-day trial period
- Any Trialware which limits the functions within its trial period in any way
- Any Trialware which doesnt openly allow a re-installation of a Trial package on fresh uninstall/reinstall
A user is to be given as much time as is required for him/her to fully evaluate the product. Often times a user may begin a 30-day trial period, only to never have the time to use it, including having no time to even look through it the day it was installed
Furthermore, All apps containing promotions of their own products are to be classified as Benefitware, and not Freeware, even if there are no ads from external advertising companies.
Feel free to add to this list, or to add an app you believe warrants inclusion for its programming efforts, ethics, & merits
-
A similar Evaluation Period problem arises when users are given a 30-time evaluation. As one "Evaluation" day is simply a 24-hour period since the app was launched.
Launching the app by accident, or launching the app and immediately closing it, removes evaluation days from your trial, days in which no evaluating took place.
Even if we give each launch a time-specific interval where an app which is running for 10 or 15 minutes is considered "Evaluated" for one day, it doesnt take into account that launching the app then closing it where it sits opened in the background still takes away your evaluation days, or opening it, then answering the door or going to grab a sandwich also takes from your evaluation period
We could find other solutions to this problem, but one of the primary characteristics for an app or developer to be included in the Guild is to treat the user as if they were a guest in an actual store, and not a criminal pirate on a baby-killing spree, meaning:
- No app or developer should treat a user like a criminal, nor assume he is engaging or will engage in criminal activity, nor accuse him of such activities, nor behave in a manner which displays mistrust or accusations of users
- An app & developer must leave it to fate, heaven, and the common goodwill of mankind to have its requests & guidelines (such as for trials, etc) met, and can in no way behave in a manner which is inconsistent with good will
- All agreements made will be made in Good Faith with the community at large
you wont walk into a department store and be tackled by the security guards and forced to pay for something you didnt even try on, simply because you touched in on the rack, or be banned from the store for life until you do pay for it.. simply because the paranoid psychotic lunatic in charge of the store thinks everybody who walks into his store is a dirt-poor crack-head criminal out to steal his supremely precious goods
-
Also:
- An app is not to be created for the sole intention of Data Collection or Information Gathering, and apps which appear to do so will be blacklisted
- An app is not to be developed or created for the primary purpose of spreading advertising spam, shady promotions, other sites & services, etc, and any app found to be out of balance with respect to this criteria will be blacklisted
- Any app found to be in breech of any of the guidelines shall be blacklisted. Concerned Members could write a letter to the developer instructing them on the things they could change for inclusion in the Guild, if they so choose
- No app shall include advertisements or links of/to any shady or malicious programs or websites, including phishing sites, spoof sites, porn sites, or any site which executes malicious code or scripts, or which is deemed as an unhealthy website, program, or service by the world-wide community of web experts as a whole
- Any app or developer found in severe breech of the spirit of the Guild will be banned for life. Severe offenses include things such as falsifying information, deception, betrayal, lying, perpetuating viruses/malware or web-based attacks, hacks or intrusions, or stealing private information & personal data; the gathering of personal data for uses unspecific to the service or which willfully compromise the security & privacy of users; or if an app or developer is found to be using the information & data of users in a way which destroys the Integrity & Trustworthiness of the app & developer, and undermines, corrupts, corrodes, or destroys the Trust & Faith the community has put in the app & developer
-
chinarabbit said:
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
Click to expand...
Click to collapse
I use zeam launcher, that definetely qualifies.
robneymcplum said:
I use zeam launcher, that definetely qualifies.
Click to expand...
Click to collapse
Cool, thanks
It seems its not under development anymore.
Perhaps a goal of the Organization can be to encourage, promote, or reward excellence in Programming as well..
It may help to motivate devs who've grown disassociated or whos apps may not be getting the attention they deserve.
I currently use Lightning Launcher, and I would definitely say it qualifies as well. It has the most features of any launcher I've tested, and one of the smallest foot prints as well.. its fast and minimalistic, and completely free, and never bothers you about anything.. it has more features than you'd expect from any high-priced app.. if it has additional paid options I dont even know, as the app is extremely feature rich and has all the functions you could ever want, and many more you havent even thought up yet
These kinds of apps make using Android Phones worthwhile
-
Other important requirements -
- Any App wherein the user enters personal, private, or sensitive information, which has the ability to sync Across Devices & Computers through Web-based Servers, shall:
- Provide a switch to turn off all syncing options & functions
- Provide an adequately useful method for SD Card Storage export which is not dependent on the software which was used to create it
- Be fully functional, practical & useful, as per the intent for use of the primary function of the app, in an offline state.
- No app shall automatically start Services such as GPS, Wi-Fi, etc, without offering a user Prompt for acceptance of such actions
- All apps which turn on services like GPS, Wi-Fi, Bluetooth, etc, shall contain a settings option to permanently disable turning on of any such external services
- All information Sent or Received through online servers or web services shall be secure & inaccessible by the host, in the following ways:
- The information & data sent by users shall enter the server and leave the server, and not be kept on the server except for the brief moment during transfer, without being subject to any sort of copy mechanism, nor filter, nor scan, nor shall accessing the content in any way while the information is passing through the server be allowed
- Information & Data uploaded to storage servers for later access by users shall be encrypted by the server administrators with 128-bit encryption, and be stored thus encrypted until it is Retrieved from the server by the user or users granted password access by the owner of the information.
- Server administrators & owners are forbidden from accessing any user information on their servers, and must encrypt the files & user data in such a way that its available only to the user, and otherwise remains in a software-encrypted state upon the server, inaccessible by server admins & owners
- Servers shall be vigilantly maintained and frequently tested for security
- If a server is used for "cloud" storage by the user, the User Data shall be backed-up in an Encrypted state, and frequently tested for data integrity
- Servers which are not secure and which do not encrypt user files & data files, or which do not design themselves to be secure from admin access of data and other third-party viewers, shall be known as "Public Servers", and a Warning Prompt shall appear on the device or computer each time the Server is accessed and data is sent or received (there shall be no method for disabling this prompt). The Warning Message shall clearly state the user is accessing a "Public Server" (capitalized) and that any data sent or received is freely viewable to third-parties, and server owners & administrators shall include themselves as third-party viewers
- First Party users & viewers (hereafter referred to as the "Owner") are designated as both the Device & User which uploaded the data to the server for storage
- Second Party users & viewers are defined specifically as both the Device & User which downloads or accesses the data which was previously stored, and who has been given password-protected permission by the Owner (First Party)
-Third Party is broadly inclusive of any organization, company, or individual who has access or potential access to the Owner's Data. Third Party also includes Devices, Computers, Servers, & Software which handles, accesses or views (or has the potential to do so), in an unencrypted state (not 128-bit or higher), any data or information belonging to or uploaded by the First Party / Owner, with the exception of Software or an Algorithm accessing the data for the sole purpose of automated Encryption to 128-bit level, or decryption from 128-bit, which does not copy, record, send or store any user-sent/received data at all, and which no other software or entity views, has access to, or monitors, records, sends, or retrieves in any way whatsoever
- "Encrypt" (also Encryption, Encrypted, Encrypting, etc) is defined as 128-bit automated, unmonitored software / algorithm encryption processed by a program without oversight or monitoring by any other software, algorithm, or entity,and which has no other function other than Encryption
- To Qualify for Inclusion in the Guild, Server owners must open up their server modules, processes and other relevant information to review by the Guild or one of its member affiliates for inspection, review, & certification. Server Owners must also provide sworn affidavits stating the integrity and security of the data, and how the data is used, who has access, how information is processed, transferred, encrypted, etc. and submit said Affidavits to the Guild before being removed from the Guild Security Blacklist.
-
I think we've already narrowed the list of qualifying software to less than what's available for Windows Phone
-
A qualifying app must also have the ability to retain full functionality after an Android OS reinstall.. meaning a portable install or an install which can use existing files found in File System Root/data/data without errors when reinstalling the app
No developer shall make any requests for donations or monetary compensation of any kind, who has included in his app any form of advertising or which has been given any permissions pertaining to user data & usage information
No App shall require specific permissions for advertisements or promotions.
No in-app advertisement shall require any special permissions or access whatsoever.
No advertisement or information gathering function shall piggyback on other functions requiring access or permissions, nor shall any advertisement or information gathering function utilize access or permissions granted to the app for its core, non-advertising, non-data collecting, non-marketing functions
== THREAD PURPOSE ==
I'm opening this thread to share and learn ideas about privacy solutions, please respect the purpose and keep this thread clean. My main language isn't English so if you spot errors or omissions please PM to me so I can correct them. Thank you.
All trolling or demotivating posts, disbelieving about privacy concerns or defending Google honor will be reported for cleaning.
== PROBLEM, HYPOTHESIS, TESTS, CONCLUSION ==
For years I've been very annoyed about privacy abuse on Internet and since Snowden and Assange revelations my concerns raised. I'm sure my personal and professional life is common and boring but I want privacy with my things just like I don't want a guy next table in the coffee shop listening to my talking subjects.
My first decision was to deploy a personal server, in my home, with OwnCloud. All went fine for some months until I realized the pain it was maintaining the system working, from server attacks and system fails to energy bills nothing could justify such paranoia. The OwnCloud Android client was also very bad those days.
The second idea was hosting OwnCloud and mail services on a private host, but this didn't made any sense because data wasn't encrypted and every employee could easily see my thermonuclear projects and my banana pancakes secret recipes. It was also a paid solution for nothing.
Finally I thought "If you're using German services you should be fine, Germany privacy data laws are the toughest in the world (even better than Swiss in this matter)". I'm in Europe so using European services was a no brainier decision, preferably in Germany and owned by German companies. Yes, I know you can't trust anyone but even so I think it's a well balanced solution.
== SERVICES ==
These are my services right now, share yours and try to justify why they're equal or even better. This list will be changed as needed:
Mail - GMX (Germany)
- Generally I really don't like 1&1 services but GMX is really good and working only on European servers. I advise you to don't use their other service, mail.com, because this one use USA servers. Unfortunately all other free German providers have low storage space. If you're willing to pay for privacy try Dutch StartMail but it's beta at the moment.
Contacts & calendar - fruux (Germany)
- Amazing services, great philosophy. For privacy and decentralization purposes I've opt for don't have this services on my mail provider. Unfortunately their servers are on Amazon Ireland, but I believe fruux have implemented cryptographic code on their system.
Cloud - HiDrive (Germany)
- I NEVER upload sensitive information to the cloud, even encrypted (remember Heartbleed and AES backdoor theory?). I was using Wuala for years but gave up after have been acquired by LaCie (USA). Tresorit shouldn't be trusted either, they're using Microsoft Azure servers, each uploaded and shared link pass through USA. Mega is darkness, I don't like the smell of it.
Apps - F-Droid (UK/France)
- FOSS is the way you should go, F-Droid is the obvious choice. F-Droid client was forked from Aptoide's source code.
Aptoide (Portugal) it's good but not consensual. Recently they're processing Google with Antitrust Complaint in EU proving they're concerned. You can only trust Aptoide IF you choose to install apps from their main centralized store (the default one, be ware and don't trust any other user store). http://m.aptoide.com/about
If you can't find what you're looking for then you can use Blank Store or Opera Mobile Store. Never choose Amazon Appstore, apps installed from there have proprietary code inserted.
Search engines - DuckDuckGo (USA!)
- Technically DuckDuckGo is a meta-search engine. It's amazingly good and you have lots of options to choose (did you know you can directly search images from Google if you search !gi [image you're searching for]?).
Another great alternative is Startpage (Netherlands).
== ANDROID SYSTEM ==
My Android system:
- CyanogenMod + freecyngn + NOGAPPS + SuperSU
- TWRP recovery
- Hardening Android for Security and Privacy
== APPS ==
My essential apps are:
Apps client - F-Droid (FOSS)
- See services above.
Privacy and cleaning - AdAway and AFWall+ (both OSS)
- Obvious choices on each privacy concerned system. Block almost everything, trust no one.
Android browser - Boat (proprietary code)
- I just love the options, specs, interface and speed. I know this choice will be highly controversial for some because it's a Chinese made browser, but isn't a cloud browser (like the also Chinese Maxthon) and it's really easy to firewall it from calling home (something somehow difficult with Dolphin). The obvious FOSS choice for almost everyone would be Firefox but I really hate their Android app and I have some bad thoughts about their Google connections. The FOSS best shot would be Tint or Lightning, but they're rather limited and AOSP it's even worse. Chrome it's obviously excluded for privacy sake.
Boat devs also used to be active on Xda with many supporters. For security precautions block port range 192.241.158.0/24 and 211.151.0.0/24.
Email app - K-9 (FOSS)
- The oldest, most forked and trusted email client. Needs a deep design/interface Overhaulin' (hey, Chip Foose...)
Contacts and calendar sync - Fruux + Birthday Adapter (FOSS)
- See services above.
Password & confidential safe - KeePassDroid (FOSS)
- Believe me, I don't know a single password of my accounts and I have hundreds. The only really big and complex password I know is the one from KeePass.
Antivirus - NONE, JUST DON'T
- I will not discuss here about the needs or true benefits of these apps but I can assure your data is leaking each time you go online. All them claim about privacy but they're always collecting "unidentifiable data".
== I will post links for everything soon. Please include links in your posts when justified. Thanks. ==
== Android Alternative FOSS ==
This is a list of some well known apps and their open source alternatives. Incredibly some of them are even better than "official" or paid apps, some others are quite limited but evolving and much secure.
It's impossible to put everything here, only the best apps I've tried with success will be listed. Please keep posting your suggestions.
BitTorrent Sync > Syncthing
Chrome > Firefox
Dolphin > Tint Browser
Dropbox > OwnCloud, Seafile
Facebook > Tinfoil for Facebook
Gmail > k-9 Mail
Lux Auto Brightness > YAAB
Tasker > SwiP
Titanium Backup > oandbackup
Twitter > Twidere
Reserved, just in case.
Really great thread sancho_panzer. I never thought someone can be as paranoid as I am, but I found you.
I'd like to add a few services:
Posteo (Mail):
A german email provider that doesn't claim as much data aa most of them do. It just needs your mail, pw of course and you can add your mobile phone number if you like to (it will be saved hashed in their database). Posteo has great SSL connections and uses a the first (german) provider the new protocol DANE as well as DNSSEC. You can use their CalDav and CardDav server and choose to encrypt your address book and your calendar. The service costs 1€ per month (10 cents for additional aliases and 20ct for the next gig), that can be paid by post mail, PayPal or bank transfer. The last two way won't get linked to your account.
CalDav/CardDav
To manage my addressbook and calendar on multiple devices I use aCal from F-Droid.
For googling issues there is a browser add on for PCs that tunnels the Google searchs for you called disconnect.me
Greetz, and i appreciate your love to FOSS very much!
@traceless There are lots of people on Xda concerned about privacy on Android and the Internet. I really hope this thread could help them to take some measures about it and share alternatives.
Thank you for https://posteo.de/ suggestion. Could be a great service problem is I don't speak German. I really don't understand why the website don't have an English version. I'm also concerned with recent leaks news about *.de domains ( http://www.bbc.com/news/technology-25825784 ).
I've tried CalDav-sync and CardDav-sync and they're great little apps, but if you want a FOSS solution try DAVdroid and the very new Flock from F-Droid.
I really can't trust https://disconnect.me/ . ( http://www.darkreading.com/document.asp?doc_id=1251070& ) or Ghostery, both track you ( http://www.reddit.com/r/firefox/comments/1qkc2b/disconnect_vs_ghostery/ ). If you're using Firefox on PC or Android my advice is to install Adblock Edge (Adblock Plus is worse and heavy) + Self-Destructing Cookies (BetterPrivacy is also great) + NoScript. You should also consider CleanQuit.
@sancho_panzer
I knew, that Disconnect was founded by a former Google employee but didn't know he was linked to the NSA. Anyway my current FF configuration looks just as you recommended, but I additionally installed a plugin that's called FireGloves. This is especially useful if you want to make fingerprinting your browser harder. It disables or disguises trackable settings; if you'd like to every browsing session. How unique ones configuration is, can be seen here at Panopticlick.
I agree, that it's a pity some services aren't available in the most common languages. Posteo's webmailer can be changed to English, but the whole service is German. Btw you don't have to be worried about the de ccTLD, the 16m mail that were compromised earlier this year were most likely taken due a hack of a german online shop and as the most customers were germans, the majority of the mails end up with *.de. So it doesn't mean every german domain is compromised and mail provider are insecure.
As you don't speak german you could take a look at Secure-Mail, a mail service provided by the mainly german VPN Perfect Privacy. It hosts in NL and supposes to store no identifiable data and is also encrypted. I found no setting to change the language to english on Secure-mail, but I thought I've seen it once in english, maybe it canges only if your country is english-speaking.
Flock is really nice, but I stay with aCal, cause it comes with a calender other than the integrated one and I'm not dependent on the built-in one with the (also switchable) Googl sync.
Excellent thread, thank you for starting it.
Edit : I think HTTPS Everywhere by the EFF should be mentioned in a thread like this.
https://www.eff.org/https-everywhere
sancho_panzer said:
I'm sure my personal and professional life is common and boring but I want privacy with my things just like I don't want a guy next table in the coffee shop listening to my talking subjects.
Click to expand...
Click to collapse
It doesn't matter if you think you life is important enough to be watched or if it's just boring. The fact that you know you *could* be watched in every move you make, automatically changes your behaviour. It changes the way you think, it changes the way you speak and write. It influences the way you interact with others. Feeling watched makes you fear of what you do!
Opening a thread like this is a good thing to begin to overcome this fear. :good:
Good linux expert, my colleague, told me some finding, android wise.....
He has installed Android Firewall, and blocked every possible application and system modules, including kernel.
In apk log, found that all ip packets sent by android kernel are routed through some chinese ip address, regardless of theirs final destination.
After some research, turned out that this IP is used by NSA. Yes, all ip packets going out of our android phone are sniffed by NSA. Embedded in kernel.
My 2 cents here, and sorry if ot.
Cheers!
Sent from my GT-I9195 using Tapatalk
Nice thread, thanks! :good:
Some thoughts from my side:
I generally distrust every online service, especially if I don't pay for them. I think it is better to decentralise services and host them on self managed servers in families, groups of friends,... and thus basically only give data to trusted persons you know in real life.
Here are two good links that show alternatives to proprietary software/cloud services:
https://prism-break.org/en/
https://wiki.debian.org/FreedomBox/LeavingTheCloud
== SERVICES ==
Mail -
I think mails are generally difficult to self-host. So you need a good mail service. Posteo was mentioned here, another similar reliable german mail provider (with english translation) is mailbox.org. They even encrypt unencrypted incoming mails with your PGP-key before they store them.
Contacts & calendar -
Posteo and mail.org also include contact and calendar synchronisation via CalDav/CardDav. Even better: Host it by yourself.
Instant Messaging -
XMPP (Jabber) is an open decentralised protocol with lots of implementations for almost every platform. You can host it by yourself or use an existing server. There are also very good clients for Android like Conversations or Xabber
== ANDROID SYSTEM ==
Two additions:
Free Your Android! - campaign of the Free Software Foundation Europe
IMSI Catcher/Spy Detector
== APPS ==
sancho_panzer said:
Android browser - Boat (proprietary code)
Click to expand...
Click to collapse
Don't do this! Firefox for Android is also a good choice. And Orweb not to forget!
traceless said:
I use aCal from F-Droid
Click to expand...
Click to collapse
DAVdroid is also a very good FOSS CalDav/CardDav-provider that integrates with the contacts/calendar app of android. And it is under active development (in contrast to aCal)
I can only agree that using posteo.de is a must. Completely anonymous. I put cash in an envelop (didn't actually touch any of it myself ) and they opened my account no problem. Last time I checked their site alao had an English version. Feel free to pm me with translation issues. I speak both languages fluently. Also a thread like this without XPrivacy?
For those interested in tor along with afwall, I have posted instructions on getting them to work together in the afwall thread
I prefer the Android system to be: OMNI + NOGAPPS + SuperSU
Note that freecyngn & NOGAPPS author has switched to OMNI
Regarding OwnCloud: it's a great software, but you're right not to trust it when it runs on some server that is not under your control. That's why I run OwnCloud on a Raspberry Pi that is running at my home, behind my firewall. Syncing is made with CardDAV and CalDAV, and both apps use SSL. I think I can trust that one.
dvdram said:
Regarding OwnCloud: it's a great software, but you're right not to trust is when it runs on some server that is not under your control. That's why I run OwnCloud on a Raspberry Pi that is running at my home, behind my firewall. Syncing is made with CardDAV and CalDAV, and both apps use SSL. I think I can trust that one.
Click to expand...
Click to collapse
And what connection are you using? I thought about exactly the same solution, but it's nearly useless with ADSL.. (6 MBit/s down and just 60kbits upstream)
Thank you guys for your contribution on this thread.
Ultramanoid said:
I think HTTPS Everywhere by the EFF should be mentioned in a thread like this.
https://www.eff.org/https-everywhere
Click to expand...
Click to collapse
@Ultramanoid You're absolutely right I forgot to mention it, I use it with Firefox on my laptop and it's great.
dvdram said:
Opening a thread like this is a good thing to begin to overcome this fear. :good:
Click to expand...
Click to collapse
@dvdram I agree and don't understand why so much people just don't care to talk about it.
jukyO said:
Good linux expert, my colleague, told me some finding, android wise.....
He has installed Android Firewall, and blocked every possible application and system modules, including kernel.
In apk log, found that all ip packets sent by android kernel are routed through some chinese ip address, regardless of theirs final destination.
After some research, turned out that this IP is used by NSA. Yes, all ip packets going out of our android phone are sniffed by NSA. Embedded in kernel.
Click to expand...
Click to collapse
@jukyO Lookout, the real test here should be made on a clean system, just ROM and a Firewall. That's the only way you can say it's kernel coded. Some apps use kernel to send and receive packets, your alert could be related to one of these.
Another debatable subject should be SElinux. Many ROMs, like CyanogenMod, have it in enforcing mode by default. If you install another kernel, like Alucard, SElinux become permissive. Even if SElinux is considered OS we all should not forget that was developed and implemented by NSA (!).
bastei said:
Here are two good links that show alternatives to proprietary software/cloud services:
https://prism-break.org/en/
https://wiki.debian.org/FreedomBox/LeavingTheCloud
== SERVICES ==
Mail -
I think mails are generally difficult to self-host. So you need a good mail service. Posteo was mentioned here, another similar reliable german mail provider (with english translation) is mailbox.org. They even encrypt unencrypted incoming mails with your PGP-key before they store them.
Contacts & calendar -
Posteo and mail.org also include contact and calendar synchronisation via CalDav/CardDav. Even better: Host it by yourself.
Instant Messaging -
XMPP (Jabber) is an open decentralised protocol with lots of implementations for almost every platform. You can host it by yourself or use an existing server. There are also very good clients for Android like Conversations or Xabber
== ANDROID SYSTEM ==
Two additions:
Free Your Android! - campaign of the Free Software Foundation Europe
IMSI Catcher/Spy Detector
== APPS ==
Don't do this! Firefox for Android is also a good choice. And Orweb not to forget!
DAVdroid is also a very good FOSS CalDav/CardDav-provider that integrates with the contacts/calendar app of android. And it is under active development (in contrast to aCal)
Click to expand...
Click to collapse
@bastei Thanks for your useful input. I know Boat would be controversial talk but if you read my comments you'll see I'm aware about the dangers of such decision. Even so I'm convinced about the safety of it.
Firefox is my primary choice on my laptops since the earlier version 3. Even if I tried alternatives on some occasions I've always returned to Firefox security and true development power (I always use it to analyse code and test all websites I make), the only real alternative was Opera (the original one with Presto engine, not the crap they use these days).
Android Firefox is a completely different beast. It's heavy, buggy, need extras for simple tasks like automatic close and clean or user agent changing, but above all WHY THE HELL CAN'T WE MAKE FOLDERS and organise favorites at will? The only solution I found for favourites was to sync them with my PC, organise all there and sync them back. Did I mentioned the ridiculous times it FC? Maybe in the future, right now the only FOSS I could consider is Tint Browser.
an0n981 said:
Also a thread like this without XPrivacy?
For those interested in tor along with afwall, I have posted instructions on getting them to work together in the afwall thread
Click to expand...
Click to collapse
@an0n981 XPrivacy and Xposed could be all we need IF they were OSS. The other problem are the inevitable lags introduced by these layers.
I've tested several configurations on my phones and tablets over the time but ultimately my OP describes my options at this moment. This subject isn't closed and will never be, there aren't perfect security systems, and that's the purpose of this thread, I'm sure the OP will be changed on some occasions. Please keep suggesting alternatives and solutions, your contribution will be greatly appreciated.
aelmahmoudy said:
I prefer the Android system to be: OMNI + NOGAPPS + SuperSU
Note that freecyngn & NOGAPPS author has switched to OMNI
Click to expand...
Click to collapse
@aelmahmoudy OMNI is a valid CM alternative, developed and maintained by well know Xda developers. Unfortunately I don't really like the excessive cleanliness and limitations. The only way I could advise it would be complemented with Xposed+XPrivacy+GravityBox, besides NOGAPPS and SuperSU.
I can't talk for them but I believe @MaR-V-iN and many other ditched CM after the group became comercial oriented, the inclusion of analytical and proprietary code didn't helped either. CM it's still the base for lots of ROMs and I'm still convinced it's the best for me, provided that are VM snapshots and thoroughly cleaned and modded like mentioned on my OP.
sancho_panzer said:
...
@an0n981 XPrivacy and Xposed could be all we need IF they were OSS. The other problem are the inevitable lags introduced by these layers...
Click to expand...
Click to collapse
Both are 100% open source, just not distributed through F-Droid. You can compile them yourself, source is on GitHub. Security software will always add some lag.
an0n981 said:
Both are 100% open source, just not distributed through F-Droid. You can compile them yourself, source is on GitHub. Security software will always add some lag.
Click to expand...
Click to collapse
You're absolutely right, my mistake. Still when I used them my system felt somehow lagging.
:delete:
err on the side of kindness
traceless said:
And what connection are you using? I thought about exactly the same solution, but it's nearly useless with ADSL.. (6 MBit/s down and just 60kbits upstream)
Click to expand...
Click to collapse
I admit I have a bit more speed than you, but it depends on what you want to use OwnCloud for. I use it only for syncing calendars and contacts, and for that few bits of information even your speed is more than enough, although you should consider to do the first time syncing over WiFi. Later, when you add contacts and calendar entries, you won't notice much disadvantage.
Of course, if you want to sync pictures and movies, that speed will not be enough. But do you really need that? Is it not much more efficient to copy pictures and photos via USB cable, when you're at home? Do you really need to sync them while on the road?
That is what you need to ask yourself. Like I said: contacts and meetings are very small pieces of information, less than a text message. A 60k download (from your phone's point of view) is more than enough for that.
dvdram said:
I admit I have a bit more speed than you, but it depends on what you want to use OwnCloud for. I use it only for syncing calendars and contacts, and for that few bits of information even your speed is more than enough, although you should consider to do the first time syncing over WiFi. Later, when you add contacts and calendar entries, you won't notice much disadvantage.
Of course, if you want to sync pictures and movies, that speed will not be enough. But do you really need that? Is it not much more efficient to copy pictures and photos via USB cable, when you're at home? Do you really need to sync them while on the road?
That is what you need to ask yourself. Like I said: contacts and meetings are very small pieces of information, less than a text message. A 60k download (from your phone's point of view) is more than enough for that.
Click to expand...
Click to collapse
Thanks. Firstly I wanted to use it for an alternative to Dropbox but then I found out the Cal- and CardDAV support. And you're totally right with syncing after first initialisation. Maybe I get an RPi later and try this one and also the owncloud feed reader [emoji2]
Any idea how to use the FF sync of owncloud, since FF only supports upgrading old accs to the new mozilla ones but personally I'd prefer the old way.
Greetz
Table Of Contents
~ Introduction
~ Basic Stuff
Applications
~ Vpn's
~ Antivirus
~ FindmyPhone apps
~ mySecureMail
~ 1Password
~ Signal
~ AppLock
~ Snoopsnitch
~ AFwall+
Firefox Addons
~ Bluhell Firewall
~ CanvasBlocker
~ Clean Links
~ Decentraleyes
~ Disable WebRTC
~ HTTPS everywhere
~ Privacy Badger
~ Procon Latte Content Filter
~ Self Destructing Cookies
// Optional
~ Less Spam please
~ AdBlock Plus
~ Less Spam please
Secure Mail Providers
~ Proton Mail
~ Lavabit
~ HushMail
~ vfemail
A Tad To Paranoid
~ Ipkungfu
~ Snort
Disclaimer I Am Not responsible for the end of the world, your device, your lives or anything else that goes wrong. This is a guide to be more secure on Android.
Introduction
Hello!
This is an attempt to help users who are either very tech savvy or not. While this is a guide and I imagine some might disagree, I will take into consideration complaints or suggestions and I will adjust the post accordingly.
If you know of any apps that are not on my list please inform me I will be happy to adjust the post. (please explain why the app is useful and provide the name of it) while it mostlikly very possible to find everything in this post by searching the web, It might take some time to collate everything so I decided to make a post and put everything down into text.
The point of this guide is to provide several ways to secure your device. You don't need to use it all you can simply cherry pick what you want or use bits.
This is a suggestion Guide if anything. So naturally you can adjust the bellow to your needs.
Finally I'm no security Pro. I am a crazy man who has made himself overly paranoid after some years of learning white hat hacking. If you find something a bit to ridiculous or over the top just ignore it. Nor is it designed to scare you. Just help
Basic Stuff
Lock screen
The first line of defense! This is very basic but often overlooked. A pin/password/pattern are all great! While alternative lock screens might look good, there security is questionable. As one can get around it if they can make your system run on system apps only. While I know little about it market lockscreens and their security. Perhaps it be possible using an app such as Link2SD to make it a system app. Adding better security?
Fingerprint is secureish, but security concerns about fingerprint harvesting is a reason I don't use it. Good security system includes keeping your screen clean and buttons.
Don't like yucky screens.
Sim Lock
Enable Lock SIM card, found under:
Code:
Settings -> Personal -> Security -> Set up SIM card lock.
Simply put this will mean after turning your phone on you'll need to put in a pin to ring anyone.
Device Encryption
Pretty basic. Encrypt your data. You life. Encryption for everyone!!!
Code:
Settings -> Personal -> Security -> Encryption.
Nfc
TURN IT OFF UNLESS YOU NEED IT ON!!!
My dislike of contactless is well founded, I know a few people who have been done by countless swipe hacks. £10 taken out 6 or 8 times poor people. While some NFC or pay apps can only be used with a passcode or fingerprint which adds more security, general rule is having it turned of. Saves battery too so... Ye
Software Updates
To be fair most of the resident xdaers are well up-to-date with security patches. As most of you run roms. With security updates in them. So keep your self updated!
Applications
VPN's
Virtual private networks, aren't only useful for hackers trying to stay hidden but useful for normal people to hide their ips from the evil-doers of the world. While Vpn's are not 100% mainly because there is a gap between connection to the VPN. They are great on the hole.
Open VPN (Both Connect and for Android)
Play Store Link
This is an app that allows you to connect to the various Vpn's, while most are paid a few are free (see Note). Majority of sites explain how to connect to their VPN others aren't as simple this app also means you can make your own VPN and connect to it. Some useful guides exist below for making your own VPN:
VPN server on Android
tutorial on making and hosting your own VPN
Note: WARNING, while some VPN with a free service and pay for upgrades tend to be trust worthy some fully freemium ones are questionable. Some have been branded honeypots and although you may not worry about being logged it might still bring in some privacy concerns.
Free/Upgrade/Payfor VPNs
VyrpVPN
Playstore link
Possibly the fastest and most reliable, doesn’t share your data with anyone, and only keeps logs of IP addresses, connection times, and bytes used for 30 days. It offers 50 server locations spread across the globe, support for 256-bit encryption, and uses Chameleon, which hides the fact you are using a VPN service. It's a little pricey. But I'd always advise going for by yearly in any VPN it always works out cheaper. But there is a free option with a limited usage limit.
Tunnel bear VPN
Playstore link
I use this one personally. While it might not be the fastest it's very versatile easy to use no fiddly bits, and also its excellent value for money with it clocking in around £30 quid a year for up to 5 Devices, TunnelBear doesn't track what you do online, no logy logy of your IP, and won't whore out your data with them third-party peps. It also supports 256-bit encryption. So woo! Also has a free 500m monthly limit as well if you want to try it out.
NordVPN
Playstore Link
Possibly the most well established VPN. Some SERIOUS Encryption under the hood and they log absolutely nothing as well. Again yearly Plan is a lot cheaper. And possibly cheapest one. All rounder really also the account has a .ovpn file which is required by open VPN app.
Express VPN
Playstore Link
The service allows you to have two symoltanious connections which, I don't know, might be useful to you. They have good customer service though and pretty good connection. No logging and pretty well priced. With a 30-day back guarantee.
IPvanish
Playstore Link
They take no logging seriously! And have a solid encryption and a good price scheme. There's not much to say about this one. It's very good though.
The above are ones I personally or people I know have used, they are by no means in order. There are a number of ones that available do a good search! Always do research. Find good deals and make sure you are always secure.
Antivirus
It's still a bit of a question if you really need an Antivirus on Android. I personally say it's useful as a tool box. Most provide find my phone and so on.
Avira
Playstore Link
Test Results here:Av-Test
A great app, not too intrusive. Really useful and fairly simple to use.
Lookout
Playstore Link
I use this one personally with conjunction with another. Has theft protection and a number of other features that need an upgrade
Avast
Playstore Link
Test results here:Av-test
I use this one as well. It's a great service and very useful. Wifi scanning, call blocking and a number of other features.
AVL
Playstore Link
This is a bear bones app just for maleware scanning. Great app. Easy to use.
Sophos
Playstore Link
Test results here:av-test
Very solid app. Useful to have to protect you. Simple app. Business level protection.
The above list is from apps I my self have used and can recommend. As always there is a large variety. Search away, check tests on independent labs. And decided for your self.
Findmyphone Apps
Loosing your phone is concerning, a lost phone could fall in hands of a nice person. But then it could end up in an evil doers hand thus wiping of data is fundamental! The following apps are highly recommended and well rated.
Android Device Manager
Cerberus
Prey
mySecureMail
Playstore link
Unlimited amount of email accounts in one encrypted secure place. Password protected and Free!
1Password
Playstore Link
Having various passwords can be confusing, while the actual security of them is questionable after all having passwords saved on your phone might be concerning. But with high encryption and good security keeps all your information safe and secure!
Signal
Playstore Link
It provides end-to-end encryption to secure all communications and the app can also verify the identity of who people are messaging, as well as the what channels they are using! A really secure app, with concerns mounting about how private you really are this app is very good for security.
Applock
Playstore Link
Lock all your important apps from being prayed on. Does what it says on tin.
SnoopSnitch
Playstore Link
This only works on some phones! Be careful. It's basically a IMSI catcher.
There is another one here which in my opinion is a fantastic app and deserves support! XDA IMSI catcher
An IMSI Catcher is a great peace of kit warning against fake base stations. Or trying to scan your network.
AFwall+
PlayStore Link
A front end app that means you can set what apps are allowed to use Internet.
//While there is no support yet for Nougut for xposed: But for those running below The app XPrivacy is a must have! Really good security focused app.
Firefox Addons
But I use Chrome/Opera/<Insert other browser here>, I use Firefox on my phone, the reason being is because of the extension side. While I am aware opera has this addon ability, I will be using Firefox Addons only. Also Chrome has no extension support for mobile yet? Oh well munches out on RAM anyway.
These Addons are mirrored on Opera, if you prefer Opera, I'm sure you can find the same addon or one that works similar.
Bluhell Firewall
Addons Link
Lightweight Ad-Blocker and Tracking/Privacy Protector.
CanvasBlocker
Addons Link
Blocks the JS-API for modifying to prevent Canvas-Fingerprinting
CleanLinks
Addons Link
Converts obfuscated or nested links to genuine clean links.
Decentraleyes
Addons LinkThe aim of this add-on is to cut-out the middleman by providing lightning speed delivery of local (bundled) files to improve online privacy.
Disable WebRTC
Addons Link
WebRTC leaks your actual IP addresses from behind your VPN, by default.
HTTPS Everywhere
Addons Link
enabling HTTPS encryption automatically on sites that are known to support it
Privacy Badger
Addons Link
Better Privacy stops ads and invisible trackers
Pro Latte Content Filter
Addons Link
Block sites containing pornography, or any other kind of material, based on simple keyword lists.
Self Destructing Cookies
Addons link
BOOM!! GOES THE COOKIES.
//Optional
Less spam, please
Addons Link
Disposable Emails. Great for them pesky sites that ask for emails the spam you with rubbish
Ad Block plus
Addons Link
Does what it says on the tin. There are Addons that block pages from saying you have an ad blocker.
Secure Mail Providers
Why more people don't use secure encryption emails is beyond me sometimes. But regardless it's something I'd strongly recommend! Tell your friends too, and family! Get your dog on them. While there are a number available the following are ones I've used or still continue to use!
Proton Mail
Lavabit.com
hushmail.com/
vfemail.net/
Proton Mail is the main one I use anymore. It's an excellent app and great service with double log in and encryption. Like your emails in a double safe. Do note! If you forget your password, it will turn your emails into plonk and be completely useless.
Thank you for reading this post! I really appreciate it, I put this together just so people can be helped there is no one place. My hope is to turn this into quite a buzzing post, I'd like to constantly update it having it a great go to resource for your needs. Give me a thanks for my hard work if you think it's deserved
Warning: The following is not for Amateurs or new to XDA, you MUST be running a LinuxGNU interface! This is extra security usually set on PCs, and may work depending on your interface.
A Tad too Paranoid
Ipkungfu
Open up your terminal running in your Linux IDE.
Input :
Code:
sudo apt-get install ipkungfu
Next we need to configure the file there are two ways to do this way 1 you can configure in the terminal with "Nano" :
Code:
sudo nano /etc/ipkungfu/ipkungfu.conf
Or move it to SD card, open with your favorite text editor then move back like so:
Code:
mv /etc/ipkungfu/ipkungfu.conf /sdcard
Then to move back:
Code:
mv /sdcard/ipkungfu.conf /etc/ipkungfu
Once you have got the config file open you want to un comment and adjust accordingly to your needs. Here is an example of what you can change:
Code:
# IP Range of your internal network. Use "127.0.0.1"
# for a standalone machine. Default is a reasonable
# guess.
LOCAL_NET="192.168.1.0/255.255.255.0"
-------
Code:
# Set this to 0 for a standalone machine, or 1 for
# a gateway device to share an Internet connection.
# Default is 1.
GATEWAY=0
-------
Code:
# Temporarily block future connection attempts from an
# IP that hits these ports (If module is present) FORBIDDEN_PORTS="135 137 139"
-------
Code:
# Drop all ping packets?
# Set to 1 for yes, 0 for no. Default is no.
BLOCK_PINGS=1
-------
Code:
# What to do with 'probably malicious' packets
#SUSPECT="REJECT"
SUSPECT="DROP"
-------
Code:
# What to do with obviously invalid traffic
# This is also the action for FORBIDDEN_PORTS
#KNOWN_BAD="REJECT"
KNOWN_BAD="DROP"
-------
Code:
# What to do with port scans
#PORT_SCAN="REJECT"
PORT_SCAN="DROP"
These are just a suggestion, adjust to your needs!
Once you've done and moved back or saved the nano, (to save use ctrl+X) everything should be done. Now type in:
Code:
sudo ipkungfu
Jump on over to shields Up and see something Coolio. Hopefully.
Snort
This is intrusion detection, have a look at seeing who's been at your door, this is a basic configuration. To set this up. We simply type:
Code:
sudo apt-get install snort
Once that's done type:
Code:
snort -D
All done, you can view live packets like so:
Code:
sudo snort
Or view logs:
Code:
sudo nano /var/log/snort/alert
~ More May be added soon
~ Give us a thanks please
Reserved
**This is not spam! There is a two week trial period with full features, after that it costs. I encourage you to try it for 2 weeks n see what ya think.
Since the coronavirus hit, and even longer, I've been working on putting together the ultimate package for adblocking, tracker crushing, just, a pure web experience where your device isn't downloading garbage that eats up data, especially useful for 4g/5g connections! It's divine browsing and not having to click off boxes for cookie notices and use the app notices and adblock notices, yeah!
Way back in 2013 I rooted my first device, the Evo 3D. then ensued an almost compulsive urge to use my devices the way I want, from theming (I love dark themed apps) to adblocking. I haven't found an all-in-one solution for my adblocking, etc. needs, and so I imagine there's others out there looking for the same. The ultimate one stop shop for android needs. I've found it thru a little app called Adguard. An extremely powerful app, with options to run extensions that further the android experience. Such as video downloaders, which may be considered warez here on XDA. YT dl'ers, vimeo, fb, p*rn, e.g. There's fb ad zappers and timeline cleaner, Google Search mods, HTML5 Video support, more YT modifications, Twitter video downloader and ad blocker, Instagram mods, the list goes on. And as a bonus, Adguard supports running a hosts file, I've include the one I use.
If you don't find Adguard useful, I assure the hosts file is. You can extract it from the zip I've uploaded. It's geared towards multinational use, as I've targeted major ad networks from across the globe.. I've come across ones that block Microsoft store, mine doesn't. Use it on your desktop, laptop, Android, or even Mac or iPhone. We're all inclusive here, no discrimination. And it's only 3.3 MB so it won't bog down your processor or take up a lotta RAM.
Good news, Adguard doesn't require a rooted device, though it would make it a little easier in setting up a proxy. But yea, this mod won't void your warranty. If android device isn't rooted, setting up a VPN connection is required. The VPN is thru Adguard, so no worries about paying for a separate VPN service. It is highly recommended to check out Adguard's website for info, especially when it comes to setting up dnscrypt or dns over https. Here is a list of faq's- https://kb.adguard.com/en/android/faq
I'll be the first to admit, I'm am android layman, I'm more of a big picture guy rather than a details guy, plus I'd rather you learn it on your own so you get a better understanding of what's involved.
Also offered is theming options to websites. One important one you'll find ( to add DNS filters) is filterlists.com. I've included filter lists in this package that I've found useful and helpful. I could go on and on about all the features, I'll stick to a select few I'm most excited about. so when you install this, check out how I took a modification, a filter, called DarkFilterLists, n made it better( more colorful anyway), @ www.filterlists.com/lists Check out reddit n imgur n xda n pinterest n facebook n twitter n YouTube n Google n music streaming sites n video streaming sites and the list goes on. like I said, it's a much cleaner browsing experience! PLEASE! Test my work, n it's not all on me, I've found so much help online plus with tampermonkey's modules this is a kickass mod. You should definitely check out all the extensions! Be careful where you get them from. The down side is that Adguard costs. U get 2 weeks free n after that u can pay monthly, yearly, or like $70 last time I checked for a lifetime.
Edit- I wanna share a couple more links that have been helpful.
Extensions at greasyfork
https://greasyfork.org/en/scripts?page=1
The extensions I've found very useful. There's plenty of YT dl'ers, hide facebook ads, view pinterest without login, and many more.
How to write your own filters
https://help.eyeo.com/en/adblockplus/how-to-write-filters#basic
Learning what wildcards do is the key to this thing. Find out what these do- a |pipe| an *asterisk* and whatever this thing is- ^
Go into User Rules in Adguard settings, I've tried to keep it tidy, with sections for each site. A lot of this isn't my work. If I cited ones' work, well, I'm citing everyone that contributes to filterlists, thank you for helping to teach myself! There isn't an all-in-one guide to this thing, so it's my goal to help others learn n understand the different aspects this app is capable of.
I need help with this, because I can't host it from Dropbox because once it catches on, they would suspend my account for so many downloads, same with the other sites. will someone please help me with this.
Now for the instructions or directions on how to install this. Adguard is in the Play Store. 2 weeks fully featured, during this period, you'll notice a bulge or wetness in your undies. don't worry, it's common. this is a judgement free zone here. so install, go to settings-
General-Import settings.json I supply here. Then settings- Content Blocking- user rules- import adguard_cb_user_filter...then go into your wifi settings and type in the settings in the pics included with my zip file you download.
And you're all set, ENJOY!! Don't thank me for this, thank others involved responsible for Adguard
I will host it from my dropbox til I get help-
Download
**I've pulled this due to lack of interest**
**pm me if you'd like to try
you can flash it in recovery, but I don't see the point
please share this with your closest friend(s)
If you want me to fix something, please ask, n I'll work on it. If you find a fix, PLEASE, let me know, I'll include it! I've tried hard to get Spotify n Pandora's Web Players to work, to no avail. So that's my challenge for you, can you do it?
There are some exceptions, such as-
- When watching videos at starz.com and hulu.com, go to video page, disable Adguard Stealth mode, start video, then re-enable Adguard
- Adguard needs to be disabled to load dropbox.com, then re-enable Adguard (edit, nvm- fixed!)
- Disable Adguard to get YT comments to load in a browser (edit, nvm- fixed!)
Tips
- make sure to delete Facebook app cache after enabling Adguard for 1st time
- proxy browsers cannot be filtered by Adguard, like Puffin browser
- pics are included in zip file to help set up wifi
** Congratulations XDA on 3.5 million threads!
reserved
-DNScrypt over HTTPS Wifi Advanced Settings
You may use 8080 as port also
-It's suggested to use Adguards DNSes on your router
-Under Private DNS, use- dns.adguard.com
**Changelog**
Fixed...
4-19-2020
- YouTube comments
- Pinterest loading
- imdb images and video loading
- Twitter feed loading, video thumbnails are fixes, I figured out that tracking parameters will block some things
4-24-20
- Facebook Paypal transfers
4-25-20
- change.org signing petitions
- signing in to yahoo
4-26-20
- Vimeo website
4-28-20
- Instagram loading
4-30-20
- TikTok loading
Edited...
4-19-2020
- "YP" site- video player components
- modified F*©kf*©kAdblock filter- increased chance of wildcards working
- modified Personal List filter
- Github images
4-21
- fixed tripadvisor.com site
5-10-20
- rewrote many many filter block rules
Added...
4-19-2020
- knocked out gotomeeting logs/telemetry
4-22-20
- added these tracking parameters to be stripped:
GetLoginStatus tag _gap stats errors __tn__ eid hc_ref __user sid region fbclid clickenc contentmarketing msn advert-second-chance advert mark mms prime-msn subscription ppb cpb source psource aid paid sig li pt it sd ri world en-us click http https dn fr pf ve ss pc gp mi bm nt nn jb la ut td nw app ver sver lang set_lang ct_lang ds brow_ver brow_sver p do uri plat typ gtm_auth gtm_preview gtm_cookies_win prop cup2key cup2hreq visited expires Max-Age path param param_str uc_param_str format type ip dns id post_id postid __cfduid domain SameSite osname channel family src ref href x apikey callback context pageURL apiKey next __typename shortcode gating_info Expires query module is_prefetch story_fbid query_id
4-23-20
- added these tracking parameters to be stripped:
omit_cover_media explore_popular __a __beoa __comet_req __csr __dyn __req __rev __hsi __spin_b __spin_r __spin_t __user __s dtr fb_dtsg __ccg
4-24-20
- added some ip trackers to be blocked
- added these tracking parameters to be stripped:
sa paid-display gdn sig xai hl z embed authuser ech gl gs_ri suggest tbm,
- removed x and p and many more from tracking parameters
4-25-20
- added these tracking parameters to be stripped:
recruiter recruited_by_id pwqa display .intl .lang done prefill authMechanism nonce __adt fb_dtsg_ag jazoest appid bucket error device prefetch features uuid site session sessionid ad_cdn ad_block ad_cpn ad_len ad_mt ads gtm.url __amp_source_origin hl k gs_lcp ck oq exm m csc swb aff_c aff_sub aff aff_sub2 aff_sub3 subid vuid __cfduid
4-26-20
- removed __a and __comet_req from tracking parameters, as they will block in-browser facebook messaging
- A ton of extensions, I'm still testing them, I modified one to detect more adblocking detecting scripts
...more on the way
Reserved...
Where is everybody at...
Adguard is a badass privacy tool...
And so much more...
If you don't wanna use the full app, there's a plugin for Samsung n Yandex browsers.
https://play.google.com/store/apps/details?id=com.adguard.android.contentblocker
Yes. AdGuard is the best ad blocker for Android in my experience.
And thanks for your sharing these information with us.
PiggyFlooper said:
**This is not spam! There is a two week trial period with full features, after that it costs. I encourage you to try it for 2 weeks n see what ya think.
Since the coronavirus hit, and even longer, I've been working on putting together the ultimate package for adblocking, tracker crushing, just, a pure web experience where your device isn't downloading garbage that eats up data, especially useful for 4g/5g connections! It's divine browsing and not having to click off boxes for cookie notices and use the app notices and adblock notices, yeah!
Way back in 2013 I rooted my first device, the Evo 3D. then ensued an almost compulsive urge to use my devices the way I want, from theming (I love dark themed apps) to adblocking. I haven't found an all-in-one solution for my adblocking, etc. needs, and so I imagine there's others out there looking for the same. The ultimate one stop shop for android needs. I've found it thru a little app called Adguard. An extremely powerful app, with options to run extensions that further the android experience. Such as video downloaders, which may be considered warez here on XDA. YT dl'ers, vimeo, fb, p*rn, e.g. There's fb ad zappers and timeline cleaner, Google Search mods, HTML5 Video support, more YT modifications, Twitter video downloader and ad blocker, Instagram mods, the list goes on. And as a bonus, Adguard supports running a hosts file, I've include the one I use.
If you don't find Adguard useful, I assure the hosts file is. You can extract it from the zip I've uploaded. It's geared towards multinational use, as I've targeted major ad networks from across the globe.. I've come across ones that block Microsoft store, mine doesn't. Use it on your desktop, laptop, Android, or even Mac or iPhone. We're all inclusive here, no discrimination. And it's only 3.3 MB so it won't bog down your processor or take up a lotta RAM.
Good news, Adguard doesn't require a rooted device, though it would make it a little easier in setting up a proxy. But yea, this mod won't void your warranty. If android device isn't rooted, setting up a VPN connection is required. The VPN is thru Adguard, so no worries about paying for a separate VPN service. It is highly recommended to check out Adguard's website for info, especially when it comes to setting up dnscrypt or dns over https. Here is a list of faq's- https://kb.adguard.com/en/android/faq
I'll be the first to admit, I'm am android layman, I'm more of a big picture guy rather than a details guy, plus I'd rather you learn it on your own so you get a better understanding of what's involved.
Also offered is theming options to websites. One important one you'll find ( to add DNS filters) is filterlists.com. I've included filter lists in this package that I've found useful and helpful. I could go on and on about all the features, I'll stick to a select few I'm most excited about. so when you install this, check out how I took a modification, a filter, called DarkFilterLists, n made it better( more colorful anyway), @ www.filterlists.com/lists Check out reddit n imgur n xda n pinterest n facebook n twitter n YouTube n Google n music streaming sites n video streaming sites and the list goes on. like I said, it's a much cleaner browsing experience! PLEASE! Test my work, n it's not all on me, I've found so much help online plus with tampermonkey's modules this is a kickass mod. You should definitely check out all the extensions! Be careful where you get them from. The down side is that Adguard costs. U get 2 weeks free n after that u can pay monthly, yearly, or like $70 last time I checked for a lifetime.
Edit- I wanna share a couple more links that have been helpful.
Extensions at greasyfork
https://greasyfork.org/en/scripts?page=1
The extensions I've found very useful. There's plenty of YT dl'ers, hide facebook ads, view pinterest without login, and many more.
How to write your own filters
https://help.eyeo.com/en/adblockplus/how-to-write-filters#basic
Learning what wildcards do is the key to this thing. Find out what these do- a |pipe| an *asterisk* and whatever this thing is- ^
Go into User Rules in Adguard settings, I've tried to keep it tidy, with sections for each site. A lot of this isn't my work. If I cited ones' work, well, I'm citing everyone that contributes to filterlists, thank you for helping to teach myself! There isn't an all-in-one guide to this thing, so it's my goal to help others learn n understand the different aspects this app is capable of.
I need help with this, because I can't host it from Dropbox because once it catches on, they would suspend my account for so many downloads, same with the other sites. will someone please help me with this.
Now for the instructions or directions on how to install this. Adguard is in the Play Store. 2 weeks fully featured, during this period, you'll notice a bulge or wetness in your undies. don't worry, it's common. this is a judgement free zone here. so install, go to settings-
General-Import settings.json I supply here. Then settings- Content Blocking- user rules- import adguard_cb_user_filter...then go into your wifi settings and type in the settings in the pics included with my zip file you download.
And you're all set, ENJOY!! Don't thank me for this, thank others involved responsible for Adguard
I will host it from my dropbox til I get help-
Download
**I've pulled this due to lack of interest**
**pm me if you'd like to try
you can flash it in recovery, but I don't see the point
please share this with your closest friend(s)
If you want me to fix something, please ask, n I'll work on it. If you find a fix, PLEASE, let me know, I'll include it! I've tried hard to get Spotify n Pandora's Web Players to work, to no avail. So that's my challenge for you, can you do it?
There are some exceptions, such as-
- When watching videos at starz.com and hulu.com, go to video page, disable Adguard Stealth mode, start video, then re-enable Adguard
- Adguard needs to be disabled to load dropbox.com, then re-enable Adguard (edit, nvm- fixed!)
- Disable Adguard to get YT comments to load in a browser (edit, nvm- fixed!)
Tips
- make sure to delete Facebook app cache after enabling Adguard for 1st time
- proxy browsers cannot be filtered by Adguard, like Puffin browser
- pics are included in zip file to help set up, wifi
** Congratulations XDA on 3.5 million threads!
Click to expand...
Click to collapse
Why not use blokada??? It's been recommended in XDA Guides section. check it out https://www.xda-developers.com/blokada-apk/
jamu08 said:
Why not use blokada??? It's been recommended in XDA Guides section. check it out https://www.xda-developers.com/blokada-apk/
Click to expand...
Click to collapse
Because AdGuard is so freaking good it's ridiculous.
You can get it for free trials or tell them you're a beta developer.
You can also buy it at Stack social for dirt cheap. I have bought the Family Licenses 3 times so I have up to like twenty devices that can be active at once. A few friends use them with me.
It's so worth it