Sharing your location privately

Facebook location sharing embeds the location in every single message, providing a detailed log to the recipient, Facebook, and anyone Facebook shares that data with One handy feature that many smartphones give us is the ability to easily share our exact position with other people. You can see this feature in a lot of apps. Google Maps lets you click “Share” and send a URL via any method you have available. [Read More]

CipherKit updates: IOCipher and CacheWord

We’ve been on a big kick recently, updating the newest members of our CipherKit family of frameworks: IOCipher and CacheWord. There also are is a little news about the original CipherKit framework: SQLCipher-for-Android. IOCipher v0.2 IOCipher is a library for storing files in an encrypted virtual disk. It’s API is the exact same as java.io for working with files, and it does not need root access. That makes it the sibling of SQLCipher-for-Android, both are native Android APIs that wrap the SQLCipher database. [Read More]

Introducing TrustedIntents for Android

Following up on our research on secure Intent interactions, we are now announcing the first working version of the TrustedIntents library for Android. It provides methods for checking any Intent for whether the sending and receiving app matches a specified set of trusted app providers. It does this by “pinning” to the signing certificate of the APKs. The developer includes this “pin” in the app, which includes the signing certificate to trust, then TrustedIntents checks Intents against the configured certificate pins. [Read More]

New Official Guardian Project app repo for FDroid!

We now have an official FDroid app repository that is available via three separate methods, to guarantee access to a trusted distribution channel throughout the world! To start with, you must have FDroid installed. Right now, I recommend using the latest test release since it has support for Tor and .onion addresses (earlier versions should work for non-onion addresses): https://f-droid.org/repo/org.fdroid.fdroid_710.apk In order to add this repo to your FDroid config, you can either click directly on these links on your devices and FDroid will recognize them, or you can click on them on your desktop, and you will be presented with a QR Code to scan. [Read More]

Our first deterministic build: Lil’ Debi 0.4.7

We just released Lil’ Debi 0.4.7 into the Play Store and f-droid.org. It is not really different than the 0.4.6 release except in has a new, important property: the APK contents can be reproduced on other machines to the extent that the APK signature can be swapped between the official build and builds that other people have made from source, and this will still be installable. This is known as a “deterministic build” or “reproducible build”: the build process is deterministic, meaning it runs the same way each time, and that results in an APK that is reproducible by others using only the source code. [Read More]

Automatic, private distribution of our test builds

One thing we are very lucky to have is a good community of people willing to test out unfinished builds of our software. That is a very valuable contribution to the process of developing usable, secure apps. So we want to make this process as easy as possible while keeping it as secure and private as possible. To that end, we have set up an FDroid repository of apps generated from the test builds that our build server generates automatically every time we publish new code. [Read More]

Security in a thumb drive: the promise and pain of hardware security modules, take one!

Hardware Security Modules (aka Smartcards, chipcards, etc) provide a secure way to store and use cryptographic keys, while actually making the whole process a bit easier. In theory, one USB thumb drive like thing could manage all of the crypto keys you use in a way that makes them much harder to steal. That is the promise. The reality is that the world of Hardware Security Modules (HSMs) is a massive, scary minefield of endless technical gotchas, byzantine standards (PKCS#11! [Read More]

Improving trust and flexibility in interactions between Android apps

Activity1 sending an Intent that either Activity2 or Activity3 can handle. Android provides a flexible system of messaging between apps in the form of `Intent`s. It also provides the framework for reusing large chunks of apps based on the `Activity` class. `Intent`s are the messages that make the requests, and `Activity`s are the basic chunk of functionality in an app, including its interface. This combination allows apps to reuse large chunks of functionality while keeping the user experience seamless and fluent. [Read More]

Integrating Crypto Identities with Android

ver the past couple of years, Android has included a central database for managing information about people, it is known as the ContactsContract (that’s a mouthful). Android then provides the People app and reusable interface chunks to choose contacts that work with all the information in the ContactsContract database. Any time that you are adding an account in the Settings app, you are setting up this integration. You can see it with Google services, Skype, Facebook, and many more. [Read More]

Getting keys into your keyring with Gnu Privacy Guard for Android

Now that you can have a full GnuPG on your Android device with Gnu Privacy Guard for Android, the next step is getting keys you need onto your device and included in Gnu Privacy Guard. We have tried to make it as easy as possible without compromising privacy, and have implemented a few approaches, while working on others. There are a few ways to get this done right now. Gnu Privacy Guard registered itself with Android as a handler of all the standard OpenPGP MIME types (application/pgp-keys, application/pgp-encrypted, application/pgp-signature), as well as all of the OpenPGP and GnuPG file extensions (. [Read More]

Turn Your Device Into an App Store

As we’ve touched upon in previous blog posts  the Google Play model of application distribution has some disadvantages. Google does not make the Play store universally available, instead limiting availability to a subset of countries. Using the Play store to install apps necessitates both sharing personal information with Google and enabling Google to remotely remove apps from your device (colloquially referred to as having a ‘kill switch’). Using the Play store also requires a functional data connection (wifi or otherwise) to allow apps to be downloaded. [Read More]

Setting up your own app store with F-Droid

(_This blog post as now been cooked into an updated HOWTO_) The Google Play Store for Android is not available in all parts of the world, US law restricts its use in certain countries like Iran, and many countries block access to the Play Store, like China. Also, the Google Play Store tracks all user actions, reporting back to Google what apps have been installed and also run on the phone. [Read More]

Modernizing Expectations for the Nouveau Secure Mobile Messaging Movement

The tl;dr of this lengthy (tho entertaining and immensely important!) post is this: Stopping with “We support OTR” or “We support PGP” is not enough anymore. There are at least seven, if not more, very important security features that any app claiming to provide secure messaging must implement as soon as possible, to truly safeguard a user’s communication content, metadata and identity. Note: The names “Gibberbot” and “ChatSecure” are used interchangeabley below, as we are in the midst of an app rebrand. [Read More]

The Only Way to Visit Strongbox on a Phone

The New Yorker magazine just launched Strongbox, a whistleblower submission system that’s hosted on a hidden website. There’s only one way to access the hidden site on a phone or tablet, and that’s with our Orweb app. Here’s a simple breakdown of how to do securely and anonymously blow the whistle, explained in an interactive tutorial: Visit guardianproject.info/howto/strongbox for an interactive tutorial on using Strongbox on your phone. The website exists as a hidden site on what is widely known as the darknet, since you are going there hidden or “in the dark. [Read More]

GnuPG for Android progress: we have an command line app!

This alpha release of our command-line developer tool brings GnuPG to Android for the first time! GNU Privacy Guard Command-Line (gpgcli) gives you command line access to the entire GnuPG suite of encryption software. GPG is GNU’s tool for end-to-end secure communication and encrypted data storage. This trusted protocol is the free software alternative to PGP. GnuPG 2.1 is the new modularized version of GnuPG that now supports OpenPGP and S/MIME. [Read More]

IOCipher beta: easy encrypted file storage for your Android app

At long last, we are proud to announce the first beta release of IOCipher, an easy framework for providing virtual encrypted disks for Android apps. does not require root or any special permissions at all the API is a drop-in replacement for the standard java.io.File API, so if you have ever worked with files in Java, you already know how to use IOCipher works easiest in an app that stores all files in IOCipher, but using standard java. [Read More]

report on IOCipher beta dev sprint

We are just wrapping up an intensive dev sprint on IOCipher in order to get the first real beta release out, and it has been a wonderfully productive session on many levels! Before we started this, we had a proof-of-concept project that was crashy and ridiculously slow. We’re talking crashes every 100 or so transactions and 9 minutes to write 2 megs. Abel and I were plodding thru the bugs, trying to find the motivation to dive into the hard problems in the guts of some of the more arcane parts of the code. [Read More]

Proposal for Secure Connection Notification on Android

A major problem of mobile applications being increasingly used over web-based applications, is that there is no standard established for notifying the user of the state of security on the network connection. With a web browser, the evolution of the “lock” icon when an HTTPS connection is made, has been one that evolved originally out of Netscape’s first implementation, to an adhoc, defact industry-standard way of letting the user know if their connection is secure. [Read More]

IOCipher lives! encrypted virtual file system for Android

Nathan and I just got the first complete test of IOCipher working in the IOCipherServer/SpotSync app. We created a filesystem sqlite.db file, then mounted it and got all the files via HTTP. In the test suite, I have lots of operations all running fine and encrypting! The core idea here is a java.io API replacement that transparently writes to an encrypted store. So for the most part, just change your import statements from: [Read More]

Mobile mesh in a real world test

Nathan, Mark, Lee, and I tried some OLSR mesh testing during the May Day protests and marches. We were able to get 4 devices to associate and mesh together, but not without some trials and travails. Two pairs of devices setup two separate BSSIDs, so were on separate networks. We turned them all off, then associated them one at a time, and then they all got onto the same BSSID and olsrd started doing its thing. [Read More]