Android Security App User Guide
From Guardian Project Wiki
The Guardian Project - Open-Source Mobile Security
Android Security User Guide
This document is meant to serve as a basic How-To Guide for customizing your Guardian experience - from rooting your device via recommended guides to using the suite of specific available applications. There's a reason we maintain this as a Wiki - should you fail to find the answer to your question here, don't hesitate to contribute or comment! The following channels can be quite helpful as well for Q&A:
- Online at https://guardianproject.info
- Twitter at @guardianproject
- IRC at #guardianproject on freenode
The suite of applications used by Guardian is the result of an inherently collaborative effort and we are honored and privileged to be a part of the mobile privacy movement. Special thanks to the following developers:
- The Tor Team
- Moxie & The Whispersys Team
- Thialfihar &APG
- [The K-9 Mail Tea]
The Android Open Source Project (AOSP)
The Android operating system is Google's open source software stack for for mobile devices such as cellular phones and tablet computers. Recently it has gained considerable popularity amongst consumers, rapidly gaining market share in the smartphone ecosystem previously dominated by BlackBerry and Apple's iPhone. It stands apart from these competitors by its open source nature: it is based on a Linux kernel and nearly the entire code base has been released under the Apache 2.0 license, a free software and open source license. This combination of a large, active consumer base and open software posture makes Android the perfect foundation for Guardian.
Android is meant to be a straightforward and easy-to-use operating system for its users. It operates mainly as a touch-screen interface, much like the iPhone operating system.
Alternate Firmware Distributions
Androids open source nature makes it possible to configure and compile customized firmware distributions. There are many benefits to such distributions, including more frequent updates & patches as well as performance and stabiilty improvements. One of Guardian's goals is to develop and maintain its own stable, streamlined Android firmware distribution that is strongly focused on security and privacy. Until we are able to do so, we strongly suggest using CyanogenMod, a well maintained aftermarket Android distribution focused on optimizing device performance and stability. Current Guardian Phones run a version of the latest stable CyanogenMod distribution that has been customized by Guardian to remove unnecessary functionality and streamline the user interface.
Mobile Security Applications
Orbot: Data Anonymity
Background & Introduction
Orbot is an Android
Hundreds of thousands of people around the world use Tor for a wide variety of reasons: journalists and bloggers, human rights workers, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and ordinary citizens. You should learn more about Tor and understand what Tor Warning does and does not do for you.
Connecting to the Tor Network
Orbot comes pre-configured to start at boot - which means that it will launch automatically should you reboot your device. We strongly recommend that you keep this setting in place as we've found from personal experience that it can be very easy to forget to start Orbot manually when needed. Should you need to manually connect to or disconnect from the Tor network, just follow the instructions below:
- Open the Orbot application from your Homescreen or Launcher
- If the main application icon is gray (see image below), you're currently disconnected from the Tor network. Touch the icon to begin the connection process - which usually takes a minute or two, and possibly longer if it is the first time connecting after boot
- The Orbot icon will turn yellow when connecting to the Tor network. Application log messages will be displayed below the main icon as it makes progress. If you're interested in seeing more detail about these log messages, you can access them via the main application menu -> Log
- Once the main application icon turns bright green, you're connected to the Tor network! Keep in mind that this *only* means that Orbot and any properly configured applications are now routing their traffic through Tor. See the next topic for more on application configuration.
Configure 'Torified' Applications
Since mobile applications normally use a data connection to function, their traffic can also be configured to route through Orbot to the Tor network - this is called 'transparent proxying.' Follow the steps below to update your application preferences:
- Open the Orbot application from your Homescreen or Launcher and ensure that Orbot is active (see above)
- Select the 'Settings' option from the main application menu. Ensure that 'Transparent Proxying' is enabled. Chose 'Select Apps' to manually configure which applications send their data through Tor. For example, to ensure your mobile browsing data is anonymized, be sure that the Browser app is selected. If instead you prefer all you application data to be Torified, just select the 'Tor Everything' option.
Confirming Tor Mobile Browsing
The Tor Project hosts a handy page that lets you verify whether or not your browser data is being routed through Tor. You can launch straight to this page from the Orbot app by selecting Menu->Check:
- Open the Orbot application from your Homescreen or Launcher. Ensure that Orbot is active and that your Browser is configured to route its traffic through Tor (see above).
- Select the 'Check' option from the application menu, which will launch a Browser window automatically to https://check.torproject.org.
You should see front-and-center a notification that you are using Tor. If you don't, first try stopping & starting Orbot - if this doesn't make a difference, it's time to get into more serious troubleshooting.
K-9 & APG: Encrypted Email
Background / Introduction
K-9 Mail is an open source email client for Android mobile devices that has a number of advantages over the built-in email application included with Android, including the following:
- Faster delivery for non-gmail accounts (push IMAP)
- Greater control of polling features means better battery life
- Integration with APG for OpenPGP-enabled secure email
- Attachment saving
- Multiple identities
- Handy shortcuts
- Per-account notification
- Many performance enhancements
APG (Android Privacy Guard) brings OpenPGP encryption to Android mobile devices. Together with K-9 Mail it lets you send and receive encrypted and secure email!
What You Need
An email address - and that's it. The set-up process for K-9 mail is extremely straightforward and should work for nearly all email accounts, with the exception of Exchange accounts, of which support is only great for Microsoft Exchange 2003 with "basic authentication". For Exchange set-up, check K-9's wiki posting here.
If you're interested in setting up K-9 Mail for encrypted email, you'll also need a valid GPG keypair stored on your mobile device SD card. For an in-depth How-To guide on this topic (along with a background on secure email), check out the Guardian Project Blog posting here.
TextSecure: Encrypted SMS / MMS
Background / Introduction
TextSecure is a drop-in replacement for the standard text messaging application, allowing you to send and receive text messages as you normally would. All text messages sent or received with TextSecure are stored in an encrypted database on your mobile device and SMS / MMS messages are encrypted during transmission when communicating with someone else also using TextSecure.
What You Need
Whenever possible, you should use TextSecure instead of the stock Messaging application to maximize security. You'll need a good passphrase to encrypt your messages as well as the ability to recognize when conversations are encrypted or not.
Setting / Changing Your Passphrase
- When you first open the TextSecure Application from your Home Screen or Launcher, you'll be greeted with the following dialog:
- If you ever care to change your passphrase, simply select the 'Change passphrase' menu option and follow the prompts:
Initiating a Secure SMS / MMS Session
Note: Both sender and recipient must be running TextSecure in order to create a secure and encrypted session.
- Open the TextSecure Application from your Home Screen or Launcher, select 'Initiate key exchange' from the menu and enter your contact's mobile number in the 'To:' field
- You should see a new conversation thread appear in your TextSecure home screen with the text 'Sent key exchange message'. Select this thread and you should see the following message.
- It's up to your recipient to take the next step. They should receive a new text message prompting them to 'click to process' your sent key. Once they do so, you will receive their unique key exchange message, which you must also click to process.
- Complete the key exchange process in the subsequent prompt
- You'll see a padlock icon adjacent to all further messages with this contact.
- If you're in close proximity to your recipient you can optionally choose to verify your secure session. Just select 'Verify Secure Session' from the conversation thread menu and follow the prompt instructions.
Mapdroyd: Offline Maps Access
Background / Introduction
MapDroyd provides a built-in remote map browser for Android mobile devices that is much like Google Maps. The big difference being that MapDroyd lets you download and store maps locally on your device so you can access them without a data connection. In addition, MayDroyd provides much more detailed maps of International territories.
What You Need
While in an area with a good data connection (we recommend WiFi coverage), you should access Mapdroyd and download the set of mapps you wish to store locally on your device.