Database Info

[APP] closeFeint, disable openFeint for rooted users

I hate openFeint so I made an app to disable it
https://market.android.com/details?id=benor.closeFeint
I'm still a new user here so it's not a link, if any one can edit this message and make this a link I'll thank him (and give him a free copy of this already free app )
I could debug it only on CM7 so i would like to see if it works on other roms.
The usual it might toast your device and don't blame me (It shouldn't it didn't even restarted my phone while i developed it)

Why do you have to disable adblocking, is there a way to have disable openfeint and not mess up with adblocking.

Just posting the link for convenience:
https://market.android.com/details?id=benor.closeFeint

Any chance of a direct download link or mediafire or ddopbox

ofantastic said:
Any chance of a direct download link or mediafire or ddopbox
Click to expand...
Click to collapse
@benor, let me know if you want me to take this link down
http://www.mediafire.com/?bm718kq7lf3i3d4

sweet, just what i wanted

goood idea closing feint thanx

Are there any methods that will not disable ADblocker?

I'd love to know about alternatives to disable/remove Openfeint too.
The condescending vibe this developer gives off, messing with installed applications that are none of his concern, I would never touch that. I would pay for an ad-free 'premium' version, but not from this developer. Removing annoying Openfeint nag screens in exchange for other nag screens just doesn't make any sense.

Android ad blockers work by dumping entries into the hosts file. This app also does the same. To be fair to the developer, he'd have to somehow make his app run every time after an ad blocker runs to ensure OpenFeint remains blocked, which would be annoying to support.
Since AdAway (my favourite ad blocker; it's open sourced) has a blacklist option, add the following entries to it:
openfeint.com
api.openfeint.com
scoreloop.com
and OpenFeint will be blocked by AdAway as it's doing the ads. There's also "*.openfeint.com" but I'm sure that that isn't valid hosts file syntax.

dfkt_ said:
I'd love to know about alternatives to disable/remove Openfeint too.
The condescending vibe this developer gives off, messing with installed applications that are none of his concern, I would never touch that. I would pay for an ad-free 'premium' version, but not from this developer. Removing annoying Openfeint nag screens in exchange for other nag screens just doesn't make any sense.
Click to expand...
Click to collapse
It's a single host file. He might not believe in the blocking of ads. He makes it very clear in his description that it does not work in tandem with Adblockers and that those who use it are not his audience.
He's not being condescending. Who is anyone (not talking about you specifically) to voluntarily download his free app and then get pissy when it does exactly what he said would not work? And then to have the audacity to downrate it to 1 star because they were too stupid to read the description before installing the app?
Honestly, the comments for this app's market listing just go to further confirm that most Android app users are complete idiots with a self-importance complex and they don't think before installing an app. (Not that iOS reviewers are much better)
Based on some of the comments, you'd think that the app was being shoved down peoples' throats.

qwerty12, thank you very much for the explanation! I didn't know this just uses the regular hosts file. If this app overwrites what AdAway put there, then it seems to be rather poorly conceived.
So far I did a chmod 000 and a chown/chgrp 9999 on the Openfeint folder in /sdcard, which only solved half the issue. Will add your URLs to the hosts file.
Liquidsolstice, it's this sentence from the description in the Market that I find condescending: "It will disable you adblockers, if you are using any ad blocker you aren't my audience and i'm not planing to change this." Of course I didn't download it and then whined about it or downrated it, this was warning enough. I agree that the comments on the Market don't show much effort on the users' side. But at least the developer should give a reason *why* he disables ad blockers, instead of that snooty one-liner.

LiquidSolstice said:
It's a single host file. He might not believe in the blocking of ads. He makes it very clear in his description that it does not work in tandem with Adblockers and that those who use it are not his audience.
He's not being condescending. Who is anyone (not talking about you specifically) to voluntarily download his free app and then get pissy when it does exactly what he said would not work? And then to have the audacity to downrate it to 1 star because they were too stupid to read the description before installing the app?
Honestly, the comments for this app's market listing just go to further confirm that most Android app users are complete idiots with a self-importance complex and they don't think before installing an app. (Not that iOS reviewers are much better)
Based on some of the comments, you'd think that the app was being shoved down peoples' throats.
Click to expand...
Click to collapse
Some things are never acceptable under any circumstances.
Openfeint is one of them.
Airpush is another.
Anyone helping others to not have to deal with this junk is doing a service to the community and it should be commended.
It is malware plain and simple (Anything that while the app isn't open puts any junk on the screen is malware).
There is so few developers with any integrity on Android. (Everything is malware or adware - these things are are frowned upon even on Windows don't get why it is ok on a mobile device (hint it is not)).
If you make something worth having (That is a game) and give away a bit (No strings) and it is good you will make allot of money selling the rest for a game. Just like the old proper shareware model.
(I only buy DRM free stuff hence I bought the humble Android bundle for 6 times the average - no interest in anything else or social anything).
Filling other peoples devices with malware to compensate for the developers inability to create a decent app is unacceptable and always will be.
(I would be less bothered if the Market was structured in a way that I could easily avoid this type of junk (i.e adware / malware / stuff that gives away your personal information in a different section).
Regardless of what it is any adware/malware is always one star from me and always will be. (Other than if it is specifically stated in the description that it is adware. (Then I just would never install it).

qwerty12 said:
Android ad blockers work by dumping entries into the hosts file. This app also does the same. To be fair to the developer, he'd have to somehow make his app run every time after an ad blocker runs to ensure OpenFeint remains blocked, which would be annoying to support.
Since AdAway (my favourite ad blocker; it's open sourced) has a blacklist option, add the following entries to it:
openfeint.com
api.openfeint.com
scoreloop.com
and OpenFeint will be blocked by AdAway as it's doing the ads. There's also "*.openfeint.com" but I'm sure that that isn't valid hosts file syntax.
Click to expand...
Click to collapse
Works! Thanks!

ninesky browser - privacy worry

Hi everybody!
I recently started looking for a browser to replace the stock one and I think I installed every possible option there is without giving much thought to the consequences - app permissions and possible violation of my privacy and misuse of my data.
So I found what I thought was a really nice and well-functioning browser called Ninesky from the Android market.
Luckily for me I did not get to use it for long, before I detected a strange pattern - Ninesky would automatically start itself upon boot, connect to a server in China, upload some data and receive some back and then just sit there and wait idly.
The server that it connects to belongs to a company called aBitCool, which is, according to Bloomberg, an ISP in China.
So I kill it off and after a while it's back, doing the same thing. I also noticed a similar behavior for Dolphin HD, except that it would send data just once very quickly after boot-up and then close itself and stay quiet. That led me to Google it a little, which in turn led me to an existing thread about Dolphin HD on this forum.
So here are my noob questions that I hope somebody can answer, please:
1. Can somebody take a look at Ninesky browser and let us all know what kind of data it is transmitting about its users upon boot and maybe even later on during the actual use of the browser? The list of permissions that Ninesky asks for is huge and that makes me a little worried. Also, Ninesky runs a "safety check" of every URL visited. I wonder what that really is.
2. Say it would try to steal information from its users - would it be possible for the app to somehow get access to my stored usernames and passwords from other programs (such as Gmail or Skype) or are these encrypted? I presume that if I were stupid enough to let Ninesky's password manager "remember" my usernames and passwords for certain websites then that information would be easily accessible to them.
3. Can an app with such permissions also function as a keylogger?
4. I can understand why folks here would write some apps on their own and share them with the rest of us. I can understand why a developer or a company would write an app and make one version available for "free" or as an ad supported one and/or offer a premium version for $$$. At the end of the day developers need to eat and pay their bills just like the rest of us and companies are (for the most part) profit-seeking institutions (unless they are GE or MS that have money to burn). That said - why for the love of god would anybody, other than an enthusiast, develop a browser, for which they will not ask for any $$ or won't even display any ads in it? Where is the catch? Now, I know that Opera and Firefox get money from Google to use it as their default search engine, but would this really apply for a few random Chinese companies? Where is the catch?
Thank you.

I was a big supporter of Ninesky but I uninstalled today. It does seem to be constantly running and transmitting data, though what data is being transmitted I don't know. LBE also kept notifying me that it was trying to obtain my location information even when I wasn't using it. I uninstalled it through the Market and left a one star review.
Drunk texted from my MIUI Thunderbolt.

I'm writing a review of about 13 different Android browsers, and came across Ninesky. Has anyone heard anything more about the privacy concerns and what data it might be transmitting?

well....if it keeps requesting the location even while its closed, thats not a good sign...

Not good. This needs addressing.
I have changed my review on Market also until we get some answers.
Cheers to the OP.

I agree. I think my review should come out tomorrow, hopefully the developer reaches out. It really is a decent browser.
Sent from my Transformer Prime TF201 using xda premium

´I'll leave you here my tests made since Monday with last versions of each app:
==|Boat 4.0.1|==
#Just after starting#
- Ask for GPS location
- 211.151.139.246 (China Network Information Center)
#When going to any website#
- IP from that website
--------------------------------------------------------
==|Dolphin HD 8.6.1|==:silly:
#Just after starting#
- 184.73.86.141 (AMAZON.COM - amazonaws.com - US)
- 65.52.32.12 (Microsoft Corp - US)
- 107.20.57.0 (AMAZON.COM - amazonaws.com - US)
and one more on this IP range type...
- 205.251.242.197 (AMAZON.COM - amazonaws.com - US)
- 205.251.242.165 (AMAZON.COM - amazonaws.com - US)
- 72.21.195.98 (AMAZON.COM - amazonaws.com - US)
#When going to any website#
- IP from that website
--------------------------------------------------------
==|Firefox 14.0.1|==
#Just after starting#
- No Ping
#When going to any website#
- 80.67.92.43 (AKAMAI TECHNOLOGIES US) *
- 93.184.219.20 (EdgeCast Networks - US) *
- IP from that website
* note: not always, most of the times just go to IP website we asked
--------------------------------------------------------
==|Opera 12.0.4|==:victory:
#Just after starting#
- No Ping
#When going to any website#
- IP from that website
note: DON'T use Opera Turbo or EVERY single info WILL pass through their servers...
--------------------------------------------------------
It's pretty obvious to me who are the most privacy oriented here...
STAY WAY FROM OPERA MINI AND DOLPHIN MINI AND ALL MINI VERSIONS. They process all info on their server first for speed.

Anyone researched Xscope or could research this browser?
If you explain how, I could do it myself!!
Sent from my GT-I9000 using xda premium

But the OP got it wrong with money burning by GE & MS. There's no such thing, its all business. Just to let you know, in the browser wars - Firefox was Google's first step into browsing. Then came Chrome.
For all privacy concerns, LBE Privacy Guard is a good option. Though its Korean, if am not wrong.
Well, finally there's options out there. Nobody is forcing us to download, install & use their apps.
Sent from my MT11i using Tapatalk 2

bombayboy said:
But the OP got it wrong with money burning by GE & MS. There's no such thing, its all business. Just to let you know, in the browser wars - Firefox was Google's first step into browsing. Then came Chrome.
For all privacy concerns, LBE Privacy Guard is a good option. Though its Korean, if am not wrong.
Well, finally there's options out there. Nobody is forcing us to download, install & use their apps.
Sent from my MT11i using Tapatalk 2
Click to expand...
Click to collapse
Agree with everything BUT Firefox was never connected to Google like Chrome. Firefox's current existence is owed almost exclusively to its search partnership with Google wherein Mozilla Corp receives a portion of ad revenue from Google queries initiated from Firefox's search bar. This revenue amounts to tens of millions of dollars. But Mozilla and Google Relations Strained Due to Chrome.
Firefox its independent and don't collect your data like Chrome/Google do...

sushidog said:
Agree with everything BUT Firefox was never connected to Google like Chrome. Firefox's current existence is owed almost exclusively to its search partnership with Google wherein Mozilla Corp receives a portion of ad revenue from Google queries initiated from Firefox's search bar. This revenue amounts to tens of millions of dollars. But Mozilla and Google Relations Strained Due to Chrome.
Firefox its independent and don't collect your data like Chrome/Google do...
Click to expand...
Click to collapse
Connected with reference to Google promoting & supporting Firefox before they decided to go with Chrome.
I still use Firefox, Aurora & Chrome
Sent from my MT11i using Tapatalk 2

If you're not paying it, you are the product being sold.
Remember this when downloading free apps which are not open source.

DnaPolymerase said:
If you're not paying it, you are the product being sold.
Remember this when downloading free apps which are not open source.
Click to expand...
Click to collapse
Like facebook which sells our data
Sent from my MT11i using Tapatalk 2

Calamitous with Ninesky
Hi,
I stumbled upon XDA Developers forum today and I was so grateful to find this write-up; it was the only honest review I could find of Ninesky. So, thank you.
I want to share an experience our family went through a few weeks ago. Perhaps it will answer some of your questions and alert some users out there of what this browser could do. We have an unfortunate incident happen to our child: My little boy received an android tablet for a gift this October. He was so eager downloading all the apps and games he could find, and in about a month, it was completely personalized. We regularly monitored his downloads, the games he played, and the apps he utilized.
Much to our regret, we really did not give much thought to the browsers he had installed. He had more than three at one point and Ninesky was always in the background. Sadly, whenever he would search for apps, we later discovered Ninesky directly linked him to several stores that was not common to Google or Firefox. Some of them had Anime icons (mostly innocent looking), nicely titled games for their tiles. Some apps were legitimate and very cool games; however, some apps were direct links to hard-core porn websites and a whole universe of filth (not excluding child-porn). They attached themselves to the tablet like trojans and was quite aggressive in linking the user to overseas app stores (inappropriate). Every time a game would be uploaded from one of these stores, it gives auto-access to these atrocious websites and videos. Because Ninsky always functioned in incognito--one of it's touted features--we almost had no access to the history or cookies when this browser was used. Almost anyway ... it took us hours (and some hacking) to track and identify what was really going on, the seeming source of it was this "sophisticated" browser.
So the catch may be that this browser has no advertisements because it plays host to several groups funding the porn industry. That's my suspicion anyway, based on what we went through.
I cannot begin to say how grieved we are that our son was exposed to all this, especially that we discovered it so much later. We thought we paid attention. That being said, he's back to playing with his remote control car outside, where life is a bit less complex.
More power to your forum and thanks again.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
xenofont said:
Hi everybody!
I recently started looking for a browser to replace the stock one and I think I installed every possible option there is without giving much thought to the consequences - app permissions and possible violation of my privacy and misuse of my data.
So I found what I thought was a really nice and well-functioning browser called Ninesky from the Android market.
Luckily for me I did not get to use it for long, before I detected a strange pattern - Ninesky would automatically start itself upon boot, connect to a server in China, upload some data and receive some back and then just sit there and wait idly.
The server that it connects to belongs to a company called aBitCool, which is, according to Bloomberg, an ISP in China.
So I kill it off and after a while it's back, doing the same thing. I also noticed a similar behavior for Dolphin HD, except that it would send data just once very quickly after boot-up and then close itself and stay quiet. That led me to Google it a little, which in turn led me to an existing thread about Dolphin HD on this forum.
So here are my noob questions that I hope somebody can answer, please:
1. Can somebody take a look at Ninesky browser and let us all know what kind of data it is transmitting about its users upon boot and maybe even later on during the actual use of the browser? The list of permissions that Ninesky asks for is huge and that makes me a little worried. Also, Ninesky runs a "safety check" of every URL visited. I wonder what that really is.
2. Say it would try to steal information from its users - would it be possible for the app to somehow get access to my stored usernames and passwords from other programs (such as Gmail or Skype) or are these encrypted? I presume that if I were stupid enough to let Ninesky's password manager "remember" my usernames and passwords for certain websites then that information would be easily accessible to them.
3. Can an app with such permissions also function as a keylogger?
4. I can understand why folks here would write some apps on their own and share them with the rest of us. I can understand why a developer or a company would write an app and make one version available for "free" or as an ad supported one and/or offer a premium version for $$$. At the end of the day developers need to eat and pay their bills just like the rest of us and companies are (for the most part) profit-seeking institutions (unless they are GE or MS that have money to burn). That said - why for the love of god would anybody, other than an enthusiast, develop a browser, for which they will not ask for any $$ or won't even display any ads in it? Where is the catch? Now, I know that Opera and Firefox get money from Google to use it as their default search engine, but would this really apply for a few random Chinese companies? Where is the catch?
Thank you.
Click to expand...
Click to collapse

[SECURITY] Android Security for Conscious Mind

== THREAD PURPOSE ==
I'm opening this thread to share and learn ideas about privacy solutions, please respect the purpose and keep this thread clean. My main language isn't English so if you spot errors or omissions please PM to me so I can correct them. Thank you.
All trolling or demotivating posts, disbelieving about privacy concerns or defending Google honor will be reported for cleaning.
== PROBLEM, HYPOTHESIS, TESTS, CONCLUSION ==
For years I've been very annoyed about privacy abuse on Internet and since Snowden and Assange revelations my concerns raised. I'm sure my personal and professional life is common and boring but I want privacy with my things just like I don't want a guy next table in the coffee shop listening to my talking subjects.
My first decision was to deploy a personal server, in my home, with OwnCloud. All went fine for some months until I realized the pain it was maintaining the system working, from server attacks and system fails to energy bills nothing could justify such paranoia. The OwnCloud Android client was also very bad those days.
The second idea was hosting OwnCloud and mail services on a private host, but this didn't made any sense because data wasn't encrypted and every employee could easily see my thermonuclear projects and my banana pancakes secret recipes. It was also a paid solution for nothing.
Finally I thought "If you're using German services you should be fine, Germany privacy data laws are the toughest in the world (even better than Swiss in this matter)". I'm in Europe so using European services was a no brainier decision, preferably in Germany and owned by German companies. Yes, I know you can't trust anyone but even so I think it's a well balanced solution.
== SERVICES ==
These are my services right now, share yours and try to justify why they're equal or even better. This list will be changed as needed:
Mail - GMX (Germany)
- Generally I really don't like 1&1 services but GMX is really good and working only on European servers. I advise you to don't use their other service, mail.com, because this one use USA servers. Unfortunately all other free German providers have low storage space. If you're willing to pay for privacy try Dutch StartMail but it's beta at the moment.
Contacts & calendar - fruux (Germany)
- Amazing services, great philosophy. For privacy and decentralization purposes I've opt for don't have this services on my mail provider. Unfortunately their servers are on Amazon Ireland, but I believe fruux have implemented cryptographic code on their system.
Cloud - HiDrive (Germany)
- I NEVER upload sensitive information to the cloud, even encrypted (remember Heartbleed and AES backdoor theory?). I was using Wuala for years but gave up after have been acquired by LaCie (USA). Tresorit shouldn't be trusted either, they're using Microsoft Azure servers, each uploaded and shared link pass through USA. Mega is darkness, I don't like the smell of it.
Apps - F-Droid (UK/France)
- FOSS is the way you should go, F-Droid is the obvious choice. F-Droid client was forked from Aptoide's source code.
Aptoide (Portugal) it's good but not consensual. Recently they're processing Google with Antitrust Complaint in EU proving they're concerned. You can only trust Aptoide IF you choose to install apps from their main centralized store (the default one, be ware and don't trust any other user store). http://m.aptoide.com/about
If you can't find what you're looking for then you can use Blank Store or Opera Mobile Store. Never choose Amazon Appstore, apps installed from there have proprietary code inserted.
Search engines - DuckDuckGo (USA!)
- Technically DuckDuckGo is a meta-search engine. It's amazingly good and you have lots of options to choose (did you know you can directly search images from Google if you search !gi [image you're searching for]?).
Another great alternative is Startpage (Netherlands).
== ANDROID SYSTEM ==
My Android system:
- CyanogenMod + freecyngn + NOGAPPS + SuperSU
- TWRP recovery
- Hardening Android for Security and Privacy
== APPS ==
My essential apps are:
Apps client - F-Droid (FOSS)
- See services above.
Privacy and cleaning - AdAway and AFWall+ (both OSS)
- Obvious choices on each privacy concerned system. Block almost everything, trust no one.
Android browser - Boat (proprietary code)
- I just love the options, specs, interface and speed. I know this choice will be highly controversial for some because it's a Chinese made browser, but isn't a cloud browser (like the also Chinese Maxthon) and it's really easy to firewall it from calling home (something somehow difficult with Dolphin). The obvious FOSS choice for almost everyone would be Firefox but I really hate their Android app and I have some bad thoughts about their Google connections. The FOSS best shot would be Tint or Lightning, but they're rather limited and AOSP it's even worse. Chrome it's obviously excluded for privacy sake.
Boat devs also used to be active on Xda with many supporters. For security precautions block port range 192.241.158.0/24 and 211.151.0.0/24.
Email app - K-9 (FOSS)
- The oldest, most forked and trusted email client. Needs a deep design/interface Overhaulin' (hey, Chip Foose...)
Contacts and calendar sync - Fruux + Birthday Adapter (FOSS)
- See services above.
Password & confidential safe - KeePassDroid (FOSS)
- Believe me, I don't know a single password of my accounts and I have hundreds. The only really big and complex password I know is the one from KeePass.
Antivirus - NONE, JUST DON'T
- I will not discuss here about the needs or true benefits of these apps but I can assure your data is leaking each time you go online. All them claim about privacy but they're always collecting "unidentifiable data".
== I will post links for everything soon. Please include links in your posts when justified. Thanks. ==

== Android Alternative FOSS ==
This is a list of some well known apps and their open source alternatives. Incredibly some of them are even better than "official" or paid apps, some others are quite limited but evolving and much secure.
It's impossible to put everything here, only the best apps I've tried with success will be listed. Please keep posting your suggestions.
BitTorrent Sync > Syncthing
Chrome > Firefox
Dolphin > Tint Browser
Dropbox > OwnCloud, Seafile
Facebook > Tinfoil for Facebook
Gmail > k-9 Mail
Lux Auto Brightness > YAAB
Tasker > SwiP
Titanium Backup > oandbackup
Twitter > Twidere

Reserved, just in case.

Really great thread sancho_panzer. I never thought someone can be as paranoid as I am, but I found you.
I'd like to add a few services:
Posteo (Mail):
A german email provider that doesn't claim as much data aa most of them do. It just needs your mail, pw of course and you can add your mobile phone number if you like to (it will be saved hashed in their database). Posteo has great SSL connections and uses a the first (german) provider the new protocol DANE as well as DNSSEC. You can use their CalDav and CardDav server and choose to encrypt your address book and your calendar. The service costs 1€ per month (10 cents for additional aliases and 20ct for the next gig), that can be paid by post mail, PayPal or bank transfer. The last two way won't get linked to your account.
CalDav/CardDav
To manage my addressbook and calendar on multiple devices I use aCal from F-Droid.
For googling issues there is a browser add on for PCs that tunnels the Google searchs for you called disconnect.me
Greetz, and i appreciate your love to FOSS very much!

@traceless There are lots of people on Xda concerned about privacy on Android and the Internet. I really hope this thread could help them to take some measures about it and share alternatives.
Thank you for https://posteo.de/ suggestion. Could be a great service problem is I don't speak German. I really don't understand why the website don't have an English version. I'm also concerned with recent leaks news about *.de domains ( http://www.bbc.com/news/technology-25825784 ).
I've tried CalDav-sync and CardDav-sync and they're great little apps, but if you want a FOSS solution try DAVdroid and the very new Flock from F-Droid.
I really can't trust https://disconnect.me/ . ( http://www.darkreading.com/document.asp?doc_id=1251070& ) or Ghostery, both track you ( http://www.reddit.com/r/firefox/comments/1qkc2b/disconnect_vs_ghostery/ ). If you're using Firefox on PC or Android my advice is to install Adblock Edge (Adblock Plus is worse and heavy) + Self-Destructing Cookies (BetterPrivacy is also great) + NoScript. You should also consider CleanQuit.

@sancho_panzer
I knew, that Disconnect was founded by a former Google employee but didn't know he was linked to the NSA. Anyway my current FF configuration looks just as you recommended, but I additionally installed a plugin that's called FireGloves. This is especially useful if you want to make fingerprinting your browser harder. It disables or disguises trackable settings; if you'd like to every browsing session. How unique ones configuration is, can be seen here at Panopticlick.
I agree, that it's a pity some services aren't available in the most common languages. Posteo's webmailer can be changed to English, but the whole service is German. Btw you don't have to be worried about the de ccTLD, the 16m mail that were compromised earlier this year were most likely taken due a hack of a german online shop and as the most customers were germans, the majority of the mails end up with *.de. So it doesn't mean every german domain is compromised and mail provider are insecure.
As you don't speak german you could take a look at Secure-Mail, a mail service provided by the mainly german VPN Perfect Privacy. It hosts in NL and supposes to store no identifiable data and is also encrypted. I found no setting to change the language to english on Secure-mail, but I thought I've seen it once in english, maybe it canges only if your country is english-speaking.
Flock is really nice, but I stay with aCal, cause it comes with a calender other than the integrated one and I'm not dependent on the built-in one with the (also switchable) Googl sync.

Excellent thread, thank you for starting it.
Edit : I think HTTPS Everywhere by the EFF should be mentioned in a thread like this.
https://www.eff.org/https-everywhere

sancho_panzer said:
I'm sure my personal and professional life is common and boring but I want privacy with my things just like I don't want a guy next table in the coffee shop listening to my talking subjects.
Click to expand...
Click to collapse
It doesn't matter if you think you life is important enough to be watched or if it's just boring. The fact that you know you *could* be watched in every move you make, automatically changes your behaviour. It changes the way you think, it changes the way you speak and write. It influences the way you interact with others. Feeling watched makes you fear of what you do!
Opening a thread like this is a good thing to begin to overcome this fear. :good:

Good linux expert, my colleague, told me some finding, android wise.....
He has installed Android Firewall, and blocked every possible application and system modules, including kernel.
In apk log, found that all ip packets sent by android kernel are routed through some chinese ip address, regardless of theirs final destination.
After some research, turned out that this IP is used by NSA. Yes, all ip packets going out of our android phone are sniffed by NSA. Embedded in kernel.
My 2 cents here, and sorry if ot.
Cheers!
Sent from my GT-I9195 using Tapatalk

Nice thread, thanks! :good:
Some thoughts from my side:
I generally distrust every online service, especially if I don't pay for them. I think it is better to decentralise services and host them on self managed servers in families, groups of friends,... and thus basically only give data to trusted persons you know in real life.
Here are two good links that show alternatives to proprietary software/cloud services:
https://prism-break.org/en/
https://wiki.debian.org/FreedomBox/LeavingTheCloud
== SERVICES ==
Mail -
I think mails are generally difficult to self-host. So you need a good mail service. Posteo was mentioned here, another similar reliable german mail provider (with english translation) is mailbox.org. They even encrypt unencrypted incoming mails with your PGP-key before they store them.
Contacts & calendar -
Posteo and mail.org also include contact and calendar synchronisation via CalDav/CardDav. Even better: Host it by yourself.
Instant Messaging -
XMPP (Jabber) is an open decentralised protocol with lots of implementations for almost every platform. You can host it by yourself or use an existing server. There are also very good clients for Android like Conversations or Xabber
== ANDROID SYSTEM ==
Two additions:
Free Your Android! - campaign of the Free Software Foundation Europe
IMSI Catcher/Spy Detector
== APPS ==
sancho_panzer said:
Android browser - Boat (proprietary code)
Click to expand...
Click to collapse
Don't do this! Firefox for Android is also a good choice. And Orweb not to forget!
traceless said:
I use aCal from F-Droid
Click to expand...
Click to collapse
DAVdroid is also a very good FOSS CalDav/CardDav-provider that integrates with the contacts/calendar app of android. And it is under active development (in contrast to aCal)

I can only agree that using posteo.de is a must. Completely anonymous. I put cash in an envelop (didn't actually touch any of it myself ) and they opened my account no problem. Last time I checked their site alao had an English version. Feel free to pm me with translation issues. I speak both languages fluently. Also a thread like this without XPrivacy?
For those interested in tor along with afwall, I have posted instructions on getting them to work together in the afwall thread

I prefer the Android system to be: OMNI + NOGAPPS + SuperSU
Note that freecyngn & NOGAPPS author has switched to OMNI

Regarding OwnCloud: it's a great software, but you're right not to trust it when it runs on some server that is not under your control. That's why I run OwnCloud on a Raspberry Pi that is running at my home, behind my firewall. Syncing is made with CardDAV and CalDAV, and both apps use SSL. I think I can trust that one.

dvdram said:
Regarding OwnCloud: it's a great software, but you're right not to trust is when it runs on some server that is not under your control. That's why I run OwnCloud on a Raspberry Pi that is running at my home, behind my firewall. Syncing is made with CardDAV and CalDAV, and both apps use SSL. I think I can trust that one.
Click to expand...
Click to collapse
And what connection are you using? I thought about exactly the same solution, but it's nearly useless with ADSL.. (6 MBit/s down and just 60kbits upstream)

Thank you guys for your contribution on this thread.
Ultramanoid said:
I think HTTPS Everywhere by the EFF should be mentioned in a thread like this.
https://www.eff.org/https-everywhere
Click to expand...
Click to collapse
@Ultramanoid You're absolutely right I forgot to mention it, I use it with Firefox on my laptop and it's great.
dvdram said:
Opening a thread like this is a good thing to begin to overcome this fear. :good:
Click to expand...
Click to collapse
@dvdram I agree and don't understand why so much people just don't care to talk about it.
jukyO said:
Good linux expert, my colleague, told me some finding, android wise.....
He has installed Android Firewall, and blocked every possible application and system modules, including kernel.
In apk log, found that all ip packets sent by android kernel are routed through some chinese ip address, regardless of theirs final destination.
After some research, turned out that this IP is used by NSA. Yes, all ip packets going out of our android phone are sniffed by NSA. Embedded in kernel.
Click to expand...
Click to collapse
@jukyO Lookout, the real test here should be made on a clean system, just ROM and a Firewall. That's the only way you can say it's kernel coded. Some apps use kernel to send and receive packets, your alert could be related to one of these.
Another debatable subject should be SElinux. Many ROMs, like CyanogenMod, have it in enforcing mode by default. If you install another kernel, like Alucard, SElinux become permissive. Even if SElinux is considered OS we all should not forget that was developed and implemented by NSA (!).
bastei said:
Here are two good links that show alternatives to proprietary software/cloud services:
https://prism-break.org/en/
https://wiki.debian.org/FreedomBox/LeavingTheCloud
== SERVICES ==
Mail -
I think mails are generally difficult to self-host. So you need a good mail service. Posteo was mentioned here, another similar reliable german mail provider (with english translation) is mailbox.org. They even encrypt unencrypted incoming mails with your PGP-key before they store them.
Contacts & calendar -
Posteo and mail.org also include contact and calendar synchronisation via CalDav/CardDav. Even better: Host it by yourself.
Instant Messaging -
XMPP (Jabber) is an open decentralised protocol with lots of implementations for almost every platform. You can host it by yourself or use an existing server. There are also very good clients for Android like Conversations or Xabber
== ANDROID SYSTEM ==
Two additions:
Free Your Android! - campaign of the Free Software Foundation Europe
IMSI Catcher/Spy Detector
== APPS ==
Don't do this! Firefox for Android is also a good choice. And Orweb not to forget!
DAVdroid is also a very good FOSS CalDav/CardDav-provider that integrates with the contacts/calendar app of android. And it is under active development (in contrast to aCal)
Click to expand...
Click to collapse
@bastei Thanks for your useful input. I know Boat would be controversial talk but if you read my comments you'll see I'm aware about the dangers of such decision. Even so I'm convinced about the safety of it.
Firefox is my primary choice on my laptops since the earlier version 3. Even if I tried alternatives on some occasions I've always returned to Firefox security and true development power (I always use it to analyse code and test all websites I make), the only real alternative was Opera (the original one with Presto engine, not the crap they use these days).
Android Firefox is a completely different beast. It's heavy, buggy, need extras for simple tasks like automatic close and clean or user agent changing, but above all WHY THE HELL CAN'T WE MAKE FOLDERS and organise favorites at will? The only solution I found for favourites was to sync them with my PC, organise all there and sync them back. Did I mentioned the ridiculous times it FC? Maybe in the future, right now the only FOSS I could consider is Tint Browser.
an0n981 said:
Also a thread like this without XPrivacy?
For those interested in tor along with afwall, I have posted instructions on getting them to work together in the afwall thread
Click to expand...
Click to collapse
@an0n981 XPrivacy and Xposed could be all we need IF they were OSS. The other problem are the inevitable lags introduced by these layers.
I've tested several configurations on my phones and tablets over the time but ultimately my OP describes my options at this moment. This subject isn't closed and will never be, there aren't perfect security systems, and that's the purpose of this thread, I'm sure the OP will be changed on some occasions. Please keep suggesting alternatives and solutions, your contribution will be greatly appreciated.
aelmahmoudy said:
I prefer the Android system to be: OMNI + NOGAPPS + SuperSU
Note that freecyngn & NOGAPPS author has switched to OMNI
Click to expand...
Click to collapse
@aelmahmoudy OMNI is a valid CM alternative, developed and maintained by well know Xda developers. Unfortunately I don't really like the excessive cleanliness and limitations. The only way I could advise it would be complemented with Xposed+XPrivacy+GravityBox, besides NOGAPPS and SuperSU.
I can't talk for them but I believe @MaR-V-iN and many other ditched CM after the group became comercial oriented, the inclusion of analytical and proprietary code didn't helped either. CM it's still the base for lots of ROMs and I'm still convinced it's the best for me, provided that are VM snapshots and thoroughly cleaned and modded like mentioned on my OP.

sancho_panzer said:
...
@an0n981 XPrivacy and Xposed could be all we need IF they were OSS. The other problem are the inevitable lags introduced by these layers...
Click to expand...
Click to collapse
Both are 100% open source, just not distributed through F-Droid. You can compile them yourself, source is on GitHub. Security software will always add some lag.

an0n981 said:
Both are 100% open source, just not distributed through F-Droid. You can compile them yourself, source is on GitHub. Security software will always add some lag.
Click to expand...
Click to collapse
You're absolutely right, my mistake. Still when I used them my system felt somehow lagging.

:delete:
err on the side of kindness

traceless said:
And what connection are you using? I thought about exactly the same solution, but it's nearly useless with ADSL.. (6 MBit/s down and just 60kbits upstream)
Click to expand...
Click to collapse
I admit I have a bit more speed than you, but it depends on what you want to use OwnCloud for. I use it only for syncing calendars and contacts, and for that few bits of information even your speed is more than enough, although you should consider to do the first time syncing over WiFi. Later, when you add contacts and calendar entries, you won't notice much disadvantage.
Of course, if you want to sync pictures and movies, that speed will not be enough. But do you really need that? Is it not much more efficient to copy pictures and photos via USB cable, when you're at home? Do you really need to sync them while on the road?
That is what you need to ask yourself. Like I said: contacts and meetings are very small pieces of information, less than a text message. A 60k download (from your phone's point of view) is more than enough for that.

dvdram said:
I admit I have a bit more speed than you, but it depends on what you want to use OwnCloud for. I use it only for syncing calendars and contacts, and for that few bits of information even your speed is more than enough, although you should consider to do the first time syncing over WiFi. Later, when you add contacts and calendar entries, you won't notice much disadvantage.
Of course, if you want to sync pictures and movies, that speed will not be enough. But do you really need that? Is it not much more efficient to copy pictures and photos via USB cable, when you're at home? Do you really need to sync them while on the road?
That is what you need to ask yourself. Like I said: contacts and meetings are very small pieces of information, less than a text message. A 60k download (from your phone's point of view) is more than enough for that.
Click to expand...
Click to collapse
Thanks. Firstly I wanted to use it for an alternative to Dropbox but then I found out the Cal- and CardDAV support. And you're totally right with syncing after first initialisation. Maybe I get an RPi later and try this one and also the owncloud feed reader [emoji2]
Any idea how to use the FF sync of owncloud, since FF only supports upgrading old accs to the new mozilla ones but personally I'd prefer the old way.
Greetz

[GUIDE] Paranoid Security For Android.

Table Of Contents
~ Introduction
~ Basic Stuff
Applications
~ Vpn's
~ Antivirus
~ FindmyPhone apps
~ mySecureMail
~ 1Password
~ Signal
~ AppLock
~ Snoopsnitch
~ AFwall+
Firefox Addons
~ Bluhell Firewall
~ CanvasBlocker
~ Clean Links
~ Decentraleyes
~ Disable WebRTC
~ HTTPS everywhere
~ Privacy Badger
~ Procon Latte Content Filter
~ Self Destructing Cookies
// Optional
~ Less Spam please
~ AdBlock Plus
~ Less Spam please
Secure Mail Providers
~ Proton Mail
~ Lavabit
~ HushMail
~ vfemail
A Tad To Paranoid
~ Ipkungfu
~ Snort
Disclaimer I Am Not responsible for the end of the world, your device, your lives or anything else that goes wrong. This is a guide to be more secure on Android.
Introduction
Hello!
This is an attempt to help users who are either very tech savvy or not. While this is a guide and I imagine some might disagree, I will take into consideration complaints or suggestions and I will adjust the post accordingly.
If you know of any apps that are not on my list please inform me I will be happy to adjust the post. (please explain why the app is useful and provide the name of it) while it mostlikly very possible to find everything in this post by searching the web, It might take some time to collate everything so I decided to make a post and put everything down into text.
The point of this guide is to provide several ways to secure your device. You don't need to use it all you can simply cherry pick what you want or use bits.
This is a suggestion Guide if anything. So naturally you can adjust the bellow to your needs.
Finally I'm no security Pro. I am a crazy man who has made himself overly paranoid after some years of learning white hat hacking. If you find something a bit to ridiculous or over the top just ignore it. Nor is it designed to scare you. Just help
Basic Stuff
Lock screen
The first line of defense! This is very basic but often overlooked. A pin/password/pattern are all great! While alternative lock screens might look good, there security is questionable. As one can get around it if they can make your system run on system apps only. While I know little about it market lockscreens and their security. Perhaps it be possible using an app such as Link2SD to make it a system app. Adding better security?
Fingerprint is secureish, but security concerns about fingerprint harvesting is a reason I don't use it. Good security system includes keeping your screen clean and buttons.
Don't like yucky screens.
Sim Lock
Enable Lock SIM card, found under:
Code:
Settings -> Personal -> Security -> Set up SIM card lock.
Simply put this will mean after turning your phone on you'll need to put in a pin to ring anyone.
Device Encryption
Pretty basic. Encrypt your data. You life. Encryption for everyone!!!
Code:
Settings -> Personal -> Security -> Encryption.
Nfc
TURN IT OFF UNLESS YOU NEED IT ON!!!
My dislike of contactless is well founded, I know a few people who have been done by countless swipe hacks. £10 taken out 6 or 8 times poor people. While some NFC or pay apps can only be used with a passcode or fingerprint which adds more security, general rule is having it turned of. Saves battery too so... Ye
Software Updates
To be fair most of the resident xdaers are well up-to-date with security patches. As most of you run roms. With security updates in them. So keep your self updated!
Applications
VPN's
Virtual private networks, aren't only useful for hackers trying to stay hidden but useful for normal people to hide their ips from the evil-doers of the world. While Vpn's are not 100% mainly because there is a gap between connection to the VPN. They are great on the hole.
Open VPN (Both Connect and for Android)
Play Store Link
This is an app that allows you to connect to the various Vpn's, while most are paid a few are free (see Note). Majority of sites explain how to connect to their VPN others aren't as simple this app also means you can make your own VPN and connect to it. Some useful guides exist below for making your own VPN:
VPN server on Android
tutorial on making and hosting your own VPN
Note: WARNING, while some VPN with a free service and pay for upgrades tend to be trust worthy some fully freemium ones are questionable. Some have been branded honeypots and although you may not worry about being logged it might still bring in some privacy concerns.
Free/Upgrade/Payfor VPNs
VyrpVPN
Playstore link
Possibly the fastest and most reliable, doesn’t share your data with anyone, and only keeps logs of IP addresses, connection times, and bytes used for 30 days. It offers 50 server locations spread across the globe, support for 256-bit encryption, and uses Chameleon, which hides the fact you are using a VPN service. It's a little pricey. But I'd always advise going for by yearly in any VPN it always works out cheaper. But there is a free option with a limited usage limit.
Tunnel bear VPN
Playstore link
I use this one personally. While it might not be the fastest it's very versatile easy to use no fiddly bits, and also its excellent value for money with it clocking in around £30 quid a year for up to 5 Devices, TunnelBear doesn't track what you do online, no logy logy of your IP, and won't whore out your data with them third-party peps. It also supports 256-bit encryption. So woo! Also has a free 500m monthly limit as well if you want to try it out.
NordVPN
Playstore Link
Possibly the most well established VPN. Some SERIOUS Encryption under the hood and they log absolutely nothing as well. Again yearly Plan is a lot cheaper. And possibly cheapest one. All rounder really also the account has a .ovpn file which is required by open VPN app.
Express VPN
Playstore Link
The service allows you to have two symoltanious connections which, I don't know, might be useful to you. They have good customer service though and pretty good connection. No logging and pretty well priced. With a 30-day back guarantee.
IPvanish
Playstore Link
They take no logging seriously! And have a solid encryption and a good price scheme. There's not much to say about this one. It's very good though.
The above are ones I personally or people I know have used, they are by no means in order. There are a number of ones that available do a good search! Always do research. Find good deals and make sure you are always secure.
Antivirus
It's still a bit of a question if you really need an Antivirus on Android. I personally say it's useful as a tool box. Most provide find my phone and so on.
Avira
Playstore Link
Test Results here:Av-Test
A great app, not too intrusive. Really useful and fairly simple to use.
Lookout
Playstore Link
I use this one personally with conjunction with another. Has theft protection and a number of other features that need an upgrade
Avast
Playstore Link
Test results here:Av-test
I use this one as well. It's a great service and very useful. Wifi scanning, call blocking and a number of other features.
AVL
Playstore Link
This is a bear bones app just for maleware scanning. Great app. Easy to use.
Sophos
Playstore Link
Test results here:av-test
Very solid app. Useful to have to protect you. Simple app. Business level protection.
The above list is from apps I my self have used and can recommend. As always there is a large variety. Search away, check tests on independent labs. And decided for your self.
Findmyphone Apps
Loosing your phone is concerning, a lost phone could fall in hands of a nice person. But then it could end up in an evil doers hand thus wiping of data is fundamental! The following apps are highly recommended and well rated.
Android Device Manager
Cerberus
Prey
mySecureMail
Playstore link
Unlimited amount of email accounts in one encrypted secure place. Password protected and Free!
1Password
Playstore Link
Having various passwords can be confusing, while the actual security of them is questionable after all having passwords saved on your phone might be concerning. But with high encryption and good security keeps all your information safe and secure!
Signal
Playstore Link
It provides end-to-end encryption to secure all communications and the app can also verify the identity of who people are messaging, as well as the what channels they are using! A really secure app, with concerns mounting about how private you really are this app is very good for security.
Applock
Playstore Link
Lock all your important apps from being prayed on. Does what it says on tin.
SnoopSnitch
Playstore Link
This only works on some phones! Be careful. It's basically a IMSI catcher.
There is another one here which in my opinion is a fantastic app and deserves support! XDA IMSI catcher
An IMSI Catcher is a great peace of kit warning against fake base stations. Or trying to scan your network.
AFwall+
PlayStore Link
A front end app that means you can set what apps are allowed to use Internet.
//While there is no support yet for Nougut for xposed: But for those running below The app XPrivacy is a must have! Really good security focused app.
Firefox Addons
But I use Chrome/Opera/<Insert other browser here>, I use Firefox on my phone, the reason being is because of the extension side. While I am aware opera has this addon ability, I will be using Firefox Addons only. Also Chrome has no extension support for mobile yet? Oh well munches out on RAM anyway.
These Addons are mirrored on Opera, if you prefer Opera, I'm sure you can find the same addon or one that works similar.
Bluhell Firewall
Addons Link
Lightweight Ad-Blocker and Tracking/Privacy Protector.
CanvasBlocker
Addons Link
Blocks the JS-API for modifying to prevent Canvas-Fingerprinting
CleanLinks
Addons Link
Converts obfuscated or nested links to genuine clean links.
Decentraleyes
Addons LinkThe aim of this add-on is to cut-out the middleman by providing lightning speed delivery of local (bundled) files to improve online privacy.
Disable WebRTC
Addons Link
WebRTC leaks your actual IP addresses from behind your VPN, by default.
HTTPS Everywhere
Addons Link
enabling HTTPS encryption automatically on sites that are known to support it
Privacy Badger
Addons Link
Better Privacy stops ads and invisible trackers
Pro Latte Content Filter
Addons Link
Block sites containing pornography, or any other kind of material, based on simple keyword lists.
Self Destructing Cookies
Addons link
BOOM!! GOES THE COOKIES.
//Optional
Less spam, please
Addons Link
Disposable Emails. Great for them pesky sites that ask for emails the spam you with rubbish
Ad Block plus
Addons Link
Does what it says on the tin. There are Addons that block pages from saying you have an ad blocker.
Secure Mail Providers
Why more people don't use secure encryption emails is beyond me sometimes. But regardless it's something I'd strongly recommend! Tell your friends too, and family! Get your dog on them. While there are a number available the following are ones I've used or still continue to use!
Proton Mail
Lavabit.com
hushmail.com/
vfemail.net/
Proton Mail is the main one I use anymore. It's an excellent app and great service with double log in and encryption. Like your emails in a double safe. Do note! If you forget your password, it will turn your emails into plonk and be completely useless.
Thank you for reading this post! I really appreciate it, I put this together just so people can be helped there is no one place. My hope is to turn this into quite a buzzing post, I'd like to constantly update it having it a great go to resource for your needs. Give me a thanks for my hard work if you think it's deserved
Warning: The following is not for Amateurs or new to XDA, you MUST be running a LinuxGNU interface! This is extra security usually set on PCs, and may work depending on your interface.
A Tad too Paranoid
Ipkungfu
Open up your terminal running in your Linux IDE.
Input :
Code:
sudo apt-get install ipkungfu
Next we need to configure the file there are two ways to do this way 1 you can configure in the terminal with "Nano" :
Code:
sudo nano /etc/ipkungfu/ipkungfu.conf
Or move it to SD card, open with your favorite text editor then move back like so:
Code:
mv /etc/ipkungfu/ipkungfu.conf /sdcard
Then to move back:
Code:
mv /sdcard/ipkungfu.conf /etc/ipkungfu
Once you have got the config file open you want to un comment and adjust accordingly to your needs. Here is an example of what you can change:
Code:
# IP Range of your internal network. Use "127.0.0.1"
# for a standalone machine. Default is a reasonable
# guess.
LOCAL_NET="192.168.1.0/255.255.255.0"
-------
Code:
# Set this to 0 for a standalone machine, or 1 for
# a gateway device to share an Internet connection.
# Default is 1.
GATEWAY=0
-------
Code:
# Temporarily block future connection attempts from an
# IP that hits these ports (If module is present) FORBIDDEN_PORTS="135 137 139"
-------
Code:
# Drop all ping packets?
# Set to 1 for yes, 0 for no. Default is no.
BLOCK_PINGS=1
-------
Code:
# What to do with 'probably malicious' packets
#SUSPECT="REJECT"
SUSPECT="DROP"
-------
Code:
# What to do with obviously invalid traffic
# This is also the action for FORBIDDEN_PORTS
#KNOWN_BAD="REJECT"
KNOWN_BAD="DROP"
-------
Code:
# What to do with port scans
#PORT_SCAN="REJECT"
PORT_SCAN="DROP"
These are just a suggestion, adjust to your needs!
Once you've done and moved back or saved the nano, (to save use ctrl+X) everything should be done. Now type in:
Code:
sudo ipkungfu
Jump on over to shields Up and see something Coolio. Hopefully.
Snort
This is intrusion detection, have a look at seeing who's been at your door, this is a basic configuration. To set this up. We simply type:
Code:
sudo apt-get install snort
Once that's done type:
Code:
snort -D
All done, you can view live packets like so:
Code:
sudo snort
Or view logs:
Code:
sudo nano /var/log/snort/alert
~ More May be added soon
~ Give us a thanks please

Reserved

[GUIDE] Paranoid Security For Android

Table Of Contents
~ Introduction
~ Basic Stuff
Applications
~ Vpn's
~ Antivirus
~ FindmyPhone apps
~ mySecureMail
~ 1Password
~ Signal
~ AppLock
~ Snoopsnitch
~ AFwall+
Firefox Addons
~ Bluhell Firewall
~ CanvasBlocker
~ Clean Links
~ Decentraleyes
~ Disable WebRTC
~ HTTPS everywhere
~ Privacy Badger
~ Procon Latte Content Filter
~ Self Destructing Cookies
// Optional
~ Less Spam please
~ AdBlock Plus
~ Less Spam please
Secure Mail Providers
~ Proton Mail
~ Lavabit
~ HushMail
~ vfemail
A Tad To Paranoid
~ Ipkungfu
~ Snort
Disclaimer I Am Not responsible for the end of the world, your device, your lives or anything else that goes wrong. This is a guide to be more secure on Android.
Introduction
Hello!
This is an attempt to help users who are either very tech savvy or not. While this is a guide and I imagine some might disagree, I will take into consideration complaints or suggestions and I will adjust the post accordingly.
If you know of any apps that are not on my list please inform me I will be happy to adjust the post. (please explain why the app is useful and provide the name of it) while it mostlikly very possible to find everything in this post by searching the web, It might take some time to collate everything so I decided to make a post and put everything down into text.
The point of this guide is to provide several ways to secure your device. You don't need to use it all you can simply cherry pick what you want or use bits.
This is a suggestion Guide if anything. So naturally you can adjust the bellow to your needs.
Finally I'm no security Pro. I am a crazy man who has made himself overly paranoid after some years of learning white hat hacking. If you find something a bit to ridiculous or over the top just ignore it. Nor is it designed to scare you. Just help
Basic Stuff
Lock screen
The first line of defense! This is very basic but often overlooked. A pin/password/pattern are all great! While alternative lock screens might look good, there security is questionable. As one can get around it if they can make your system run on system apps only. While I know little about it market lockscreens and their security. Perhaps it be possible using an app such as Link2SD to make it a system app. Adding better security?
Fingerprint is secureish, but security concerns about fingerprint harvesting is a reason I don't use it. Good security system includes keeping your screen clean and buttons.
Don't like yucky screens.
Sim Lock
Enable Lock SIM card, found under:
Code:
Settings -> Personal -> Security -> Set up SIM card lock.
Simply put this will mean after turning your phone on you'll need to put in a pin to ring anyone.
Device Encryption
Pretty basic. Encrypt your data. You life. Encryption for everyone!!!
Code:
Settings -> Personal -> Security -> Encryption.
Nfc
TURN IT OFF UNLESS YOU NEED IT ON!!!
My dislike of contactless is well founded, I know a few people who have been done by countless swipe hacks. £10 taken out 6 or 8 times poor people. While some NFC or pay apps can only be used with a passcode or fingerprint which adds more security, general rule is having it turned of. Saves battery too so... Ye
Software Updates
To be fair most of the resident xdaers are well up-to-date with security patches. As most of you run roms. With security updates in them. So keep your self updated!
Applications
VPN's
Virtual private networks, aren't only useful for hackers trying to stay hidden but useful for normal people to hide their ips from the evil-doers of the world. While Vpn's are not 100% mainly because there is a gap between connection to the VPN. They are great on the hole.
Open VPN (Both Connect and for Android)
Play Store Link
This is an app that allows you to connect to the various Vpn's, while most are paid a few are free (see Note). Majority of sites explain how to connect to their VPN others aren't as simple this app also means you can make your own VPN and connect to it. Some useful guides exist below for making your own VPN:
VPN server on Android
tutorial on making and hosting your own VPN
Note: WARNING, while some VPN with a free service and pay for upgrades tend to be trust worthy some fully freemium ones are questionable. Some have been branded honeypots and although you may not worry about being logged it might still bring in some privacy concerns.
Free/Upgrade/Payfor VPNs
VyrpVPN
Playstore link
Possibly the fastest and most reliable, doesn’t share your data with anyone, and only keeps logs of IP addresses, connection times, and bytes used for 30 days. It offers 50 server locations spread across the globe, support for 256-bit encryption, and uses Chameleon, which hides the fact you are using a VPN service. It's a little pricey. But I'd always advise going for by yearly in any VPN it always works out cheaper. But there is a free option with a limited usage limit.
Tunnel bear VPN
Playstore link
I use this one personally. While it might not be the fastest it's very versatile easy to use no fiddly bits, and also its excellent value for money with it clocking in around £30 quid a year for up to 5 Devices, TunnelBear doesn't track what you do online, no logy logy of your IP, and won't whore out your data with them third-party peps. It also supports 256-bit encryption. So woo! Also has a free 500m monthly limit as well if you want to try it out.
NordVPN
Playstore Link
Possibly the most well established VPN. Some SERIOUS Encryption under the hood and they log absolutely nothing as well. Again yearly Plan is a lot cheaper. And possibly cheapest one. All rounder really also the account has a .ovpn file which is required by open VPN app.
Express VPN
Playstore Link
The service allows you to have two symoltanious connections which, I don't know, might be useful to you. They have good customer service though and pretty good connection. No logging and pretty well priced. With a 30-day back guarantee.
IPvanish
Playstore Link
They take no logging seriously! And have a solid encryption and a good price scheme. There's not much to say about this one. It's very good though.
The above are ones I personally or people I know have used, they are by no means in order. There are a number of ones that available do a good search! Always do research. Find good deals and make sure you are always secure.
Antivirus
It's still a bit of a question if you really need an Antivirus on Android. I personally say it's useful as a tool box. Most provide find my phone and so on.
Avira
Playstore Link
Test Results here:Av-Test
A great app, not too intrusive. Really useful and fairly simple to use.
Lookout
Playstore Link
I use this one personally with conjunction with another. Has theft protection and a number of other features that need an upgrade
Avast
Playstore Link
Test results here:Av-test
I use this one as well. It's a great service and very useful. Wifi scanning, call blocking and a number of other features.
AVL
Playstore Link
This is a bear bones app just for maleware scanning. Great app. Easy to use.
Sophos
Playstore Link
Test results here:av-test
Very solid app. Useful to have to protect you. Simple app. Business level protection.
The above list is from apps I my self have used and can recommend. As always there is a large variety. Search away, check tests on independent labs. And decided for your self.
Findmyphone Apps
Loosing your phone is concerning, a lost phone could fall in hands of a nice person. But then it could end up in an evil doers hand thus wiping of data is fundamental! The following apps are highly recommended and well rated.
Android Device Manager
Cerberus
Prey
mySecureMail
Playstore link
Unlimited amount of email accounts in one encrypted secure place. Password protected and Free!
1Password
Playstore Link
Having various passwords can be confusing, while the actual security of them is questionable after all having passwords saved on your phone might be concerning. But with high encryption and good security keeps all your information safe and secure!
Signal
Playstore Link
It provides end-to-end encryption to secure all communications and the app can also verify the identity of who people are messaging, as well as the what channels they are using! A really secure app, with concerns mounting about how private you really are this app is very good for security.
Applock
Playstore Link
Lock all your important apps from being prayed on. Does what it says on tin.
SnoopSnitch
Playstore Link
This only works on some phones! Be careful. It's basically a IMSI catcher.
There is another one here which in my opinion is a fantastic app and deserves support! XDA IMSI catcher
An IMSI Catcher is a great peace of kit warning against fake base stations. Or trying to scan your network.
AFwall+
PlayStore Link
A front end app that means you can set what apps are allowed to use Internet.
//While there is no support yet for Nougut for xposed: But for those running below The app XPrivacy is a must have! Really good security focused app.
Firefox Addons
But I use Chrome/Opera/<Insert other browser here>, I use Firefox on my phone, the reason being is because of the extension side. While I am aware opera has this addon ability, I will be using Firefox Addons only. Also Chrome has no extension support for mobile yet? Oh well munches out on RAM anyway.
These Addons are mirrored on Opera, if you prefer Opera, I'm sure you can find the same addon or one that works similar.
Bluhell Firewall
Addons Link
Lightweight Ad-Blocker and Tracking/Privacy Protector.
CanvasBlocker
Addons Link
Blocks the JS-API for modifying to prevent Canvas-Fingerprinting
CleanLinks
Addons Link
Converts obfuscated or nested links to genuine clean links.
Decentraleyes
Addons LinkThe aim of this add-on is to cut-out the middleman by providing lightning speed delivery of local (bundled) files to improve online privacy.
Disable WebRTC
Addons Link
WebRTC leaks your actual IP addresses from behind your VPN, by default.
HTTPS Everywhere
Addons Link
enabling HTTPS encryption automatically on sites that are known to support it
Privacy Badger
Addons Link
Better Privacy stops ads and invisible trackers
Pro Latte Content Filter
Addons Link
Block sites containing pornography, or any other kind of material, based on simple keyword lists.
Self Destructing Cookies
Addons link
BOOM!! GOES THE COOKIES.
//Optional
Less spam, please
Addons Link
Disposable Emails. Great for them pesky sites that ask for emails the spam you with rubbish
Ad Block plus
Addons Link
Does what it says on the tin. There are Addons that block pages from saying you have an ad blocker.
Secure Mail Providers
Why more people don't use secure encryption emails is beyond me sometimes. But regardless it's something I'd strongly recommend! Tell your friends too, and family! Get your dog on them. While there are a number available the following are ones I've used or still continue to use!
Proton Mail
Lavabit.com
hushmail.com/
vfemail.net/
Proton Mail is the main one I use anymore. It's an excellent app and great service with double log in and encryption. Like your emails in a double safe. Do note! If you forget your password, it will turn your emails into plonk and be completely useless.
Thank you for reading this post! I really appreciate it, I put this together just so people can be helped there is no one place. My hope is to turn this into quite a buzzing post, I'd like to constantly update it having it a great go to resource for your needs. Give me a thanks for my hard work if you think it's deserved
Warning: The following is not for Amateurs or new to XDA, you MUST be running a LinuxGNU interface! This is extra security usually set on PCs, and may work depending on your interface.
A Tad too Paranoid
Ipkungfu
Open up your terminal running in your Linux IDE.
Input :
Code:
sudo apt-get install ipkungfu
Next we need to configure the file there are two ways to do this way 1 you can configure in the terminal with "Nano" :
Code:
sudo nano /etc/ipkungfu/ipkungfu.conf
Or move it to SD card, open with your favorite text editor then move back like so:
Code:
mv /etc/ipkungfu/ipkungfu.conf /sdcard
Then to move back:
Code:
mv /sdcard/ipkungfu.conf /etc/ipkungfu
Once you have got the config file open you want to un comment and adjust accordingly to your needs. Here is an example of what you can change:
Code:
# IP Range of your internal network. Use "127.0.0.1"
# for a standalone machine. Default is a reasonable
# guess.
LOCAL_NET="192.168.1.0/255.255.255.0"
-------
Code:
# Set this to 0 for a standalone machine, or 1 for
# a gateway device to share an Internet connection.
# Default is 1.
GATEWAY=0
-------
Code:
# Temporarily block future connection attempts from an
# IP that hits these ports (If module is present) FORBIDDEN_PORTS="135 137 139"
-------
Code:
# Drop all ping packets?
# Set to 1 for yes, 0 for no. Default is no.
BLOCK_PINGS=1
-------
Code:
# What to do with 'probably malicious' packets
#SUSPECT="REJECT"
SUSPECT="DROP"
-------
Code:
# What to do with obviously invalid traffic
# This is also the action for FORBIDDEN_PORTS
#KNOWN_BAD="REJECT"
KNOWN_BAD="DROP"
-------
Code:
# What to do with port scans
#PORT_SCAN="REJECT"
PORT_SCAN="DROP"
These are just a suggestion, adjust to your needs!
Once you've done and moved back or saved the nano, (to save use ctrl+X) everything should be done. Now type in:
Code:
sudo ipkungfu
Jump on over to shields Up and see something Coolio. Hopefully.
Snort
This is intrusion detection, have a look at seeing who's been at your door, this is a basic configuration. To set this up. We simply type:
Code:
sudo apt-get install snort
Once that's done type:
Code:
snort -D
All done, you can view live packets like so:
Code:
sudo snort
Or view logs:
Code:
sudo nano /var/log/snort/alert
~ More May be added soon
~ Give us a thanks please

Reserved

Please, go on.

Thanks for this guide. I now have my device encrypted. On Marshmallow it does not explicitly say that my SD Card is also encrypted (its formatted as internal storage) but according to articles out there actually it is.
Yes, I don't know why email encryption is not more widely adopted. For personal every day emails "Hi, how you doing ? Had a great day?" kind of thing maybe that's not the most sensitive info. But what if it contains a meeting place to go and pick up your child at and you are late ? Paranoid ? In today's world ? But what about actual sensitive data. I'm talking about charities that help victims of abuse. The Samaritans. Other organisations that help victims of child trafficking. I once volunteered for an organisation that helped people illegally pursued by a government run organisation. I eventually found out that they had no, I mean ZERO, ZILCH security policy yet they were holding sensitive details about individuals who were in danger. After failing to get their board of directors to change things I resigned from the organisation. So anyway back on topic ... I just checked cPanel and my host does allow "GnuPG" encryption on email. So when I've figured out how to set it up and use the appropriate app on my device (starting with list above of course) I come back here.

Awesome guide. I know this thread is a couple years old but still applies.
Anyone have any opinions or comments about Proton VPN? I see the Proton mail is on the list which I also use. Just curious about the VPN.