IOCipher is the antidote to “Man-in-the-Disk” attack

Recently, at DEFCON 2018, researchers at Check Point announced a new kind of attack made possible by the way many Android apps are implemented. In summary, developers use the shared external storage space in an unsafe manner, by not taking into consideration that other apps also have read and write access to the same space. A malicious app can modify data used by another app, as a vector for compromising that app, causing it to be compromised or crash. [Read More]

Our “Wind” project is a Mozilla-NSF challenge finalist!

For the last few years, we’ve been working on the Wind network concept, as a nearby, local, off-grid companion, or alternative, to the Web. This year, we decided to participate in the Wireless Innovation Challenge, sponsored by Mozilla and the National Science Foundation. Today, it was announced that we are a finalist in, as they put it, “A Science Fair with $1.6 Million in Prizes”. Watch the video below to learn more about Wind, or jump right over to the Wind project page. [Read More]

Orbot: Over 20 Million Served, Ready for the Next Billion

We recently published the latest release of Orbot (16.0.2!), and as usual, we make it available via Google Play, as well F-Droid, and through direct download on our website. Whether we like it or not, Google keeps tracks of things like total installs and active installs (i.e. not uninstalled), and reports on that for us through their dashboard. While publishing this release, we noticed a milestone that made us a bit proud… so pardon this humblebrag. [Read More]

Orbot v16: a whole new look, and easier to use!

Orbot: Tor for Android has a new release (tag and changelog), with a major update to the user experience and interface. This is the 16th major release of Orbot, since it was launched in late 2009. The main screen of the app now looks quite different, with all the major features and functions exposed for easy access. We have also added a new onboarding setup wizard for first time users, that assists with configuring connections to the Tor network for users in places where Tor itself is blocked. [Read More]

Haven: Building the Most Secure Baby Monitor Ever?

About eight months ago, friends at the Freedom of the Press Foundation reached out to us, to see if we were interested in prototyping an idea they had been batting around. They knew that from projects like CameraV and ProofMode, that we knew how to tap into the sensors on smartphones to do interesting things. They also knew we could connect devices together using encrypted messaging and onion routing, through our work on ChatSecure and Tor (Orbot! [Read More]

Building a Signing Server

The Android APK signing model sets the expectation that the signing key will be the same for the entire lifetime of the app. That can be seen in the recommended lifetype of an Android signing key: 20+ years. On top of that, it is difficult to migrate an app to a new key. Since the signing key is an essential part to preventing APKs from impersonating another, Android signing keys must be kept safe for the entire life of the app. [Read More]

No more “Root” features in Orbot… use Orfox & VPN instead!

Since I first announced the available of Orbot: Tor for Android about 8 years ago (wow!), myself and others have been working on various methods in which to make the capabilities of Tor available through the operating system. This post is to announce that as of the next, imminent release, Orbot v15.5, we will no longer be supporting the Root-required “Transproxy” method. This is due to many reasons. First, it turns out that allowing applications to get “root” access on your device seems like a good idea, it can also be seen as huge security hole. [Read More]

Ostel.co is permanently offline

We are sad to announce that the Ostel service is officially discontinued and permanently offline. While Guardian Project had a hand in its conception and initial implementation, the actual operation of the service was spun out long ago to be run by a new venture a member of our original team. They have kept Ostel running free of charge for many years of reliable service, but at this point it seems, they have decided they can no longer do so. [Read More]

Repomaker Usability Trainers Worldwide, June 2017

Repomaker Usability, Trainers Worldwide Study Prepared by Carrie Winfrey and Tiffany Robertson, Okthanks, in partnership with F-Droid and Guardian Project OK Thanks – Guardian Project For more information, contact carrie@okthanks.com. Purpose The purpose of this study was to understand the following things. Are users able to complete basic tasks including, creating a repo, adding apps from other repos, removing apps, editing app details, and creating a second repo? [Read More]

Tracking usage without tracking people

One thing that has become very clear over the past years is that there is a lot of value in data about people. Of course, the most well known examples these days are advertising and spy agencies, but tracking data is useful for many more things. For example, when trying to build software that is intuitive and easy to use, having real data about how people are using the software can make a massive difference when developers and designers are working on improving their software. [Read More]

fdroidserver UX Testing Report

We ran user tests of fdroidserver, the tools for developers to create and manage F-Droid repositories of apps and media. This test was set up to gather usability feedback about the tools themselves and the related documentation. These tests were put together and run by Seamus Tuohy/Prudent Innovation. Methodology Participants completed a pretest demographic/background information questionnaire. The facilitator then explained that the amount of time taken to complete the test task will be measured and that exploratory behavior within the app should take place after the tasks are completed. [Read More]

Announcing new libraries: F-Droid Update Channels

In many places in the world, it is very common to find Android apps via a multitude of sources: third party app stores, Bluetooth transfers, swapping SD cards, or directly downloaded from websites. As developers, we want to make sure that our users get secure and timely update no matter how they got our apps. We still recommend that people get apps from trusted sources like F-Droid or Google Play. [Read More]

New research report on the challenges developers face

The Guardian Project has been working with the F-Droid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments. While doing this we have started to become more aware of the challenges and risks facing software developers who build software in closed and closing spaces around the world. There are a wealth of resources available on how to support and collaborate with high-risk users. [Read More]

F-Droid User Testing, Round 2

#by Hailey Still and Carrie Winfrey **** Here we outline the User Testing process and plan for the F-Droid app store for Android. The key aims of F-Droid are to provide users with a) a comprehensive catalogue of open-source apps, as well as b) provide users with the the ability to transfer any app from their phone to someone in close physical proximity. With this User Test, we are hoping to gain insights into where the product design is successful and what aspects need to be further improved. [Read More]

F-Droid: A new UX 6 years in the making

_(post by Peter Serwylo)_ F-Droid has been a part of the Android ecosystem for over 6 years now. Since then, over 2000 apps have been built for the main repository, many great features have been added, the client has been translated into over 40 different languages, and much more. However, the F-Droid UX has never changed much from the original three tab layout: This will change with the coming release of F-Droid client v0. [Read More]

F-Droid Lubbock Report – What We Want to Know

F-Droid LBK Usability Study Report – What We Want to Know Prepared by Carrie Winfrey Preliminary Version – April 17, 2017 Introduction When planning this user test, the team outlined features and flows within the app on which we wanted feedback. From there, we created tasks for participants to complete that would access these areas, and produce insights related to our inquires. This document is organized by the tasks participants completed. [Read More]

ProofMode critiques and progress

Bruce Schneier was kind enough to post about our work on ProofMode to his blog. A decent set of comments ensued, which we have considered, measured and weighed. We posted the response below on the post, and now also here. We also received an excellent set of feedback from the Lieberbiber blog. Below are responses to the various concerns raised, and links to work completed or in progress. At a high level, securely dating files, digital notarization, easy capture of sensor metadata, among other things, are not solved problems. [Read More]

Announcing the Developer Challenges Survey

In the Guardian Project‘s current work with the FDroid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments we have started to become more aware of the challenges and risks facing software developers who build software in around the world. There are a wealth of resources available on how to support and collaborate with high-risk users. Surprisingly, we could not find any guidance on how to support and collaborate with developers where the internet is heavily monitored and/or filtered, let alone developers who might be at risk because of the software they develop. [Read More]

Build Android apps with Debian: apt install android-sdk


In Debian stretch, the upcoming new release, it is now possible to build Android apps using only packages from Debian. This will provide all of the tools needed to build an Android app targeting the “platform” android-23 using the SDK build-tools 24.0.0. Those two are the only versions of “platform” and “build-tools” currently in Debian, but it is possible to use the Google binaries by installing them into /usr/lib/android-sdk.

[Read More]

Combating “Fake News” With a Smartphone “Proof Mode”

We have been working for many years with our partners at WITNESS, a leading human rights media training and advocacy organization, to figure out how best to turn smartphone cameras into tools of empowerment for activists. While it is often enough to use the visual pixels you capture to create awareness or pressure on an issue, sometimes you want those pixels to actually be treated as evidence. This means, you want people to trust what they see, to know it hasn’t been tampered with, and to believe that it came from the time, place and person you say it came from. [Read More]