Julian - this is an excellent and concise quickstart guide to Android security -- have you considered posting it into https://github.com/opensafermobile/materials ? Those materials which were posted on the http://safermobile.org/ site (which is now offline), but they're beginning to show their age.
Jon On Saturday, July 13, 2013 10:30 AM, Julian Oliver wrote: > ..on Sat, Jul 13, 2013 at 03:13:41PM +0200, Jerzy Łogiewa wrote: >> Hello! >> >> If I want Android phone and have it be most secure, how to do it? >> Is there some guide with steps? >> >> Like this: >> >> 1- Buy some handset such as X, Y 2- Re-flash to Z firmware 3- >> Change P settings to J ... 4- Install OrBot, RedPhone, and so on >> >> What is recommended here by experts? >> >> PS: I am willing to have device ONLY for secure communications. > > Disclaimer: while some journalists/people call me an expert I've > never, ever named myself as such! > > Firstly, smartphones are a huge risk if you're really concerned > about your security. Nonetheless, here's a start: > > You can install CyanogenMod - and not install the Google suite - > for a pleasant and largely Google-free experience. To be safer, > don't install a nightly build. Take out the SIM card. Flash > CyanogenMod using the simple instructions for your device on their > website. Encrypt the file-system once the device is installed. Set > up a 6-or-more line swipe pattern without visual feedback (and keep > your screen clean!). Disable developer mode and MTP browsing, until > you need it. Connect the device to a wireless network you control. > Install DroidWall (or similar open source firewall) and lock down > any unknown and/or promiscuous processes (vastly less with > CyanogenMod than Android). Don't use Google Play. Download and > install OopenVPN client and tunnel to your favourite trusted > OpenVPN server. Put on OrBot and run the OrWeb Tor browser. Edit > your exit nodes to those that suit. Install Firefox and requisite > extensions that protect against cookie tracking etc. Use StartPage > instead of Google as your default search engine. Don't install any > random games or other software. If you need something like a PDF > reader, be sure it's open source and the APK you download checksums > out (SHA256). > > I've done the above, more or less, with my last two Android phones. > My SIII is especially good to work with. I've audited it on the > wire and I trust working with it so far. How you use it is another > thing. If you rarely need to make calls over the cellular network > then use Airplane Mode until you need to call - that'll get you off > the grid where cell provider location tracking/logging is > concerned. Better still, don't use a SIM card at all and > tunnel/ZRTP VoIP with something like RedPhone. > > Cheers, > -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
