Say I wanted to have the most secure Sony Xperia Z Ultra possible (without "too much" sacrifice of useability).
In the context of this thread I define security as broadly anything barring network anonymity ie. hiding your device public IP address.
So I want security from network attackers (eg. drive-by download, WiFi attacks), physical device attackers (eg. customs searching devices for IP violations ... no really, that's about to become a thing apparently, GF and/or mistresses) .
How would you do it?
Could you please use sections of
Code:
firmware
phone settings
app settings
behavior
because I want to curate the best answers from users in this post for the good of the forum.
My thoughts so far are:
Firmware:
Root is disabled
Bootloader should be locked.
^^ These I'm not sure about - see if we don't have root then we don't have iptable firewall and hosts level server blocking.
One recovery should be used
Honestly I'm not sure which ROM is more secure than another but I'm assuming the latest and greatest is more secure so that would be MM atm. No idea if Sony is more secure than another flavour of ZU Android.
Phone settings:
Developer options off
Sideload apps off
Do not connect to unknown WiFi
NFC Off by default
Bluetooth Off by default
PIN unlock required
Auto-lock ON
App settings: (this includes apps you should have/not have and their settings)
I figure every additional app that I don't use is a needless attack surface so start with no apps at all - uninstall everything. Only install what you use ... for which you need root unless the ROM is premade like this.
Firewall app (Netguard no-root Firewall, DroidWall if we have root)
Adblock (if we have root)
AV - honestly most mobile AV seems pathetic at being secure and not acting like malware (notifications, popup windows etc) but Avast at least seems to not hog resources.
-Auto update every app
User behaviour:
NEVER:
-install apps from anywhere other than Google Play. Or possibly FDroid
-let another person use your device
I'd like to hear your suggestions, critique and everything else, cheers!
So you're not gonna install from other than google play, then what ad blocker are you going to use? Where is adblocker connecting to?
You're talking about still having a lot of apps connecting through servers that you don't control.
morestupidemailnames said:
You're talking about still having a lot of apps connecting through servers that you don't control.
Click to expand...
Click to collapse
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
panyan said:
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
Click to expand...
Click to collapse
Exactly my point.
The op is a long winded question that leaves you with more questions.
Probably why there's been such a landslide of security tips here
Related
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Here you go:
http://www.appbrain.com/app/droidwall-android-firewall/com.googlecode.droidwall.free
MrGibbage said:
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Click to expand...
Click to collapse
1. There's already a couple adblock apps like Adfree which block a lot of stuff.
2. If you read the permissions for the apps you CHOOSE to download, then you'll know exactly what access to data they'll have. If you don't like that PaperToss wants access to your device ID, then just don't install PaperToss.
And of course, such an app would undoubtedly cause more issues than the perception of "security" it would provide, since you'd probably not be able to use half the apps anymore. Or they'd stop being ad-supported, and would begin to charge instead.
From the article:
Google requires Android apps to notify users, before they download the app, of the data sources the app intends to access. Possible sources include the phone's camera, memory, contact list, and more than 100 others. If users don't like what a particular app wants to access, they can choose not to install the app, Google says.
Click to expand...
Click to collapse
Just read the app permissions. That tells you almost everything you need to know.
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
All free apps will collect some information .... so they know what ads to aim your way ..... so they can make money ... Every one does this .... on your computer its the same as your cookies .... and only the really paranoid will set their browser cookies settings to "ultimate :block all cookies "...
Here's the difference, android openness will allow others to research and publish their findings, un like others that are closed and will not allow research, and if anyway is found to get the research. done the publication will be deleted from the web ......
The openness is why you see soooooo many articles on this issue over n over, none of them mentioning that the paid versions of these apps don't collect any thing .....
How much personal information are you planning on storing in the paper toss game?
Consider this in your answer, android system runs apps in sand box mode meaning, one app cannot access another without YOUR permission, or if an app is infected with malware, that malware will only operate in that app, unlike your windows machine where it would have a free for all .....
ferhanmm said:
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
That's my point. That would be a legitimate need for access to the phone state. However, granting that permission also gives the app permission to make phone phone calls. I still think the apps need to be more specific about the permissions they need.
The bottom line is, these phones are great, they can run all kinds of awesome software, but the people writing the software need to make a living too. If someone really wants to prevent their phone from sending out personal information, then they should not install any software, and maybe shouldn't even be using the phone at all. But I still see a need for a firewall app (possibly DroidWall, as mentioned above) to help us prevent this type of thing from happening.
A permissions firewall would be much more interesting and useful in my opinion.
Being able to block a certain thing like "read contact data" for all apps and only permit access with a white list would be very useful to me.
With the introduction of Android 4.2, we now have native multi-user support. This is a great feature for those of us who have multiple people using one device, but I'd like to go one further:
What about those of us who want to enable a 'guest' account, so anyone can use our tablets?
What I'd like to see is an app/script I could install to the root account that would:
A) Lock the guest account out of settings (including "App Info" from the recents menu)
B) Disable rebooting into recovery and bootloader for the guest account
C) Disable USB Debugging and force WiFi on for the guest account (to prevent modifying and preserve anti-theft measures)
D) Allow the root user to configure a list of apps [on the guest account] whose data will be erased each time the guest account is logged in/unlocked (like facebook, chrome, twitter, instagram, etc)
E) Allow the root user to select apps (like the Play Store, GMail, or anything else that uses Android's native Google accounts) which can be password/pin locked to avoid Android native accounts (anything that adds to "Accounts" in settings) being added to the profile, or at least the ability to remove them at each login.
I'd be willing to pay for an app/script like this, and I can't be alone...
Jay Aristide said:
With the introduction of Android 4.2, we now have native multi-user support. This is a great feature for those of us who have multiple people using one device, but I'd like to go one further:
What about those of us who want to enable a 'guest' account, so anyone can use our tablets?
What I'd like to see is an app/script I could install to the root account that would:
A) Lock the guest account out of settings (including "App Info" from the recents menu)
B) Disable rebooting into recovery and bootloader for the guest account
C) Disable USB Debugging and force WiFi on for the guest account (to prevent modifying and preserve anti-theft measures)
D) Allow the root user to configure a list of apps [on the guest account] whose data will be erased each time the guest account is logged in/unlocked (like facebook, chrome, twitter, instagram, etc)
E) Allow the root user to select apps (like the Play Store, GMail, or anything else that uses Android's native Google accounts) which can be password/pin locked to avoid Android native accounts (anything that adds to "Accounts" in settings) being added to the profile, or at least the ability to remove them at each login.
I'd be willing to pay for an app/script like this, and I can't be alone...
Click to expand...
Click to collapse
I also thought that but i wish Google did this.
A. might be doable i will look into after core is done.(see below)
B. requires rom modification
C. may be doable but require root, turning wifi on is possible and automatically turning on if turned off is
D. I have auto enabling installed apps working, auto erase may be possible, Manuel is
E. wont be an issue cause you dont need to sign in with gapps, possible to disable but requires root
at this point i have the ability to enable any app installed on the primary user on a secondary user, all without root give me a few days to flesh out an app
aaronpoweruser said:
A. might be doable i will look into after core is done.(see below)
B. requires rom modification
C. may be doable but require root, turning wifi on is possible and automatically turning on if turned off is
D. I have auto enabling installed apps working, auto erase may be possible, Manuel is
E. wont be an issue cause you dont need to sign in with gapps, possible to disable but requires root
at this point i have the ability to enable any app installed on the primary user on a secondary user, all without root give me a few days to flesh out an app
Click to expand...
Click to collapse
You know...
If you cooked all of this into PA, it would be a) the *only* rom in existance with a true guest account, and b) a feature that would actually bring a wider audience and realm of attention to PA...
ok, started on an app turns out it needs root, thought about it but its going to be a stand alone app for all users, might be paid tho.
aaronpoweruser said:
ok, started on an app turns out it needs root, thought about it but its going to be a stand alone app for all users, might be paid tho.
Click to expand...
Click to collapse
Given the level of control over apps and data it would need to create a true guest environment, I figured it would be root only. If you need an alpha/beta teater, I'll happily volunteer
Jay Aristide said:
Given the level of control over apps and data it would need to create a true guest environment, I figured it would be root only. If you need an alpha/beta teater, I'll happily volunteer
Click to expand...
Click to collapse
this is an amazing idea, im up for alpha/beta testing as well.
Alpha/beta tester
I am looking for something like this as well, and will happily alpha/beta test it.
My plan is to modify permissions for almost every app on my phone including system apps.
There will be 2 categories:
1. Apps that need to be able to phone home (Internet access, I guess).
(For those I want to block access to all my personal information / data.)
2. Apps that don't need to phone home.
(For those I just want to make sure the apps can't leak my data/information.)
Now let's say I want to prevent an app from accessing the Internet:
Is it enough to just tap the according check box? Because some of the 'functions' listed under that category don't get a check mark by default. Which of these functions do actually make sending/receiving data over the Internet possible?
I'm not an Android developer, so I don't know what all the 'functions' can potentially do/expose. What is your advice for people like me? Should I just disable all functions under a category that I want to restrict and see if it works? Or am I truly expected to become an Android developer and understand every single class member listed in the app? It would be nice to have a short explanation and assessment for each function.
I’ve seen on the billing from my cellphone provider, that the Note 4 makes approximately 3-5 times in a month a mobile data connection without my permission.
How is it possible to figure out the reason of this bad behaviour? (I use MIUI Global 8.2 Stable 8.2.10.0, and I want to use this Android 6 based MIUI Version furthermore). Maybe this is a huge bug in MIUI, or is it possible that this is caused by an App? But which one?
Anyway I’ve disabled the setting “Allow background data” for apps to prevent the use of mobile data when I’m not using them. But this setting is not enough to prevent the mobile data connection buildup of the Note 4X.
mi_eu said:
I’ve seen on the billing from my cellphone provider, that the Note 4 makes approximately 3-5 times in a month a mobile data connection without my permission.
How is it possible to figure out the reason of this bad behaviour? (I use MIUI Global 8.2 Stable 8.2.10.0, and I want to use this Android 6 based MIUI Version furthermore). Maybe this is a huge bug in MIUI, or is it possible that this is caused by an App? But which one?
Anyway I’ve disabled the setting “Allow background data” for apps to prevent the use of mobile data when I’m not using them. But this setting is not enough to prevent the mobile data connection buildup of the Note 4X.
Click to expand...
Click to collapse
Have you ever heard the phrase "ET phone home"? See for example: https://www.reddit.com/r/androidapp..._apps_desperately_try_to_phone_home_how_do_i/
That is why I will never use a MIUI ROM that has not had all the "phone home" functionality removed. There are XDA threads for the Redmi Note 2 that are devoted to (among other things) doing this - see e.g., https://forum.xda-developers.com/redmi-note-2/development/b-skinny-pro-t3347906
It is getting increasingly difficult to remove all the phone home functionality, hence why I will never use MIUI.
Firewall app Netguard (no root) will let you check and, at least to a certain extent, control things like this.
Some "calling home" behavior is obviously necessary for proper functioning of android (Google account) and MIUI (Mi account).
cobben said:
Firewall app Netguard (no root) will let you check and, at least to a certain extent, control things like this.
Some "calling home" behavior is obviously necessary for proper functioning of android (Google account) and MIUI (Mi account).
Click to expand...
Click to collapse
I think, if a mobile data connection is not enabled by the user, it should stay in this mode until the user enables it.
The Device and the manufacturer are not allowed to do self decisions. Who pays me the permanent mobile data traffic? Xiaomi? Sure not.
I fear that a firewall doesn't help. The firewall is able to prevent network data traffic e.g. for an app. But for my understanding a firewall can't prevent a system app independently to open and close a new mobile data line - unless I'm mistaken.
mi_eu said:
I think, if a mobile data connection is not enabled by the user, it should stay in this mode until the user enables it.
The Device and the manufacturer are not allowed to do self decisions. Who pays me the permanent mobile data traffic? Xiaomi? Sure not.
I fear that a firewall doesn't help. The firewall is able to prevent network data traffic e.g. for an app. But for my understanding a firewall can't prevent a system app independently to open and close a new mobile data line - unless I'm mistaken.
Click to expand...
Click to collapse
Yes, I think I have actually noticed some "unexplainable" traffic on a few occasions, bypassing the firewall, with mobil data enabled, but the firewall supposedly shutting off all traffic.
But as it does not have any particular importance for me personally, I haven't spent any time looking into it.
But if you do not even have mobile data enabled, then nothing should get through at all - I assume?
This is really strange that data is enabled by a system app, and the first I've ever heard of it happening. Are you SURE it is MIUI using your data and not a rogue app or malware (are you rooted and/or do you use pirated apps or APK's from random places)?
MIUI built in security app is perfectly capable of measuring the data usage per app, and also total data usage. You can use the built-in firewall to block any app - user or system - from accessing data.
The restriction here is that you cannot block a system app from WiFi, not without a third party mod to the Security APK (a guy on en.miui.com forums has instructions for this, bit you need to be good with smali). I will eventually release a generic patch for this once my patching tool is ready for a public alpha.
But I digress.
MIUI security app should tell you. If MIUI is using data without permissions and you can demonstrate that it is definitely an MIUI process and not something *you* put on, I would think it is definitely a bug. They will NOT want their stuff costing you data without permission!
DarthJabba9 said:
Have you ever heard the phrase "ET phone home"? See for example: https://www.reddit.com/r/androidapp..._apps_desperately_try_to_phone_home_how_do_i/
That is why I will never use a MIUI ROM that has not had all the "phone home" functionality removed. There are XDA threads for the Redmi Note 2 that are devoted to (among other things) doing this - see e.g., https://forum.xda-developers.com/redmi-note-2/development/b-skinny-pro-t3347906
It is getting increasingly difficult to remove all the phone home functionality, hence why I will never use MIUI.
Click to expand...
Click to collapse
It's called anonymous telemetry, dude. Yes there is a lot of it in MIUI, but this is just the way of the world these days. If you don't like it, go and use a non-branded device with AOSP and no Google services at all. Not everyone is this paranoid, most of us are fine with revealing *anonymous* data to help improve product experience.
I guarantee you that XDA are collecting data about your PC and browser and your location for statistical and security reasons.
Sent from my Redmi Note 4 using Tapatalk
CosmicDan said:
most of us are fine with revealing *anonymous* data to help improve product experience.
Click to expand...
Click to collapse
So am I - when it is entirely my choice and decision and I have control over whether or not it happens.
It is good to know that some people are so trusting, and are certain that all those communications with servers in China are all about anonymous data.
CosmicDan said:
I guarantee you that XDA are collecting data about your PC and browser and your location for statistical and security reasons.
Click to expand...
Click to collapse
Yes - if they can drill through VPNs.
If you were that paranoid you'd know that a VPN doesn't make you untraceable. Even using Tor browser with all its hardening doesn't guarantee privacy...
It's not that some "some people are so trusting", but rather that some people have faith in companies not being stupid enough to break international laws - especially on an OS like Android where it's very easy for security experts to find this stuff.
There was once a scare about Xiaomi data collection years ago, but it has since been debunked as anonymous. Yes it might annoying that the collection is opt-out, but it's certainly not forced.
Your case is isolated - I have no such data use without my permission and I've never seen anybody else report it in all my years of being an MIUI power user.
Unless you're using the China ROM of course, which would be silly....
Back to the matter at hand, have you checked in Security > Data Usage the stats? And have you blocked everything in the system tab of the firewall from using data?
One last question. Do you have an MMS APN setup? Because it could just be a heartbeat to your provider.
Sent from my Redmi Note 4 using Tapatalk
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?