Android Security App User Guide

From Guardian Project Wiki

Jump to: navigation, search

Contents

The Guardian Project - Open-Source Mobile Security

Android Security User Guide

Introduction

This document is meant to serve as a basic How-To Guide for customizing your Guardian experience - from rooting your device via recommended guides to using the suite of specific available applications. There's a reason we maintain this as a Wiki - should you fail to find the answer to your question here, don't hesitate to contribute or comment! The following channels can be quite helpful as well for Q&A: 

Acknowledgments

The suite of applications used by Guardian is the result of an inherently collaborative effort and we are honored and privileged to be a part of the mobile privacy movement. Special thanks to the following developers:

The Android Open Source Project (AOSP)

Overview

The Android operating system is Google's open source software stack for for mobile devices such as cellular phones and tablet computers. Recently it has gained considerable popularity amongst consumers, rapidly gaining market share in the smartphone ecosystem previously dominated by BlackBerry and Apple's iPhone. It stands apart from these competitors by its open source nature: it is based on a Linux kernel and nearly the entire code base has been released under the Apache 2.0 license, a free software and open source license. This combination of a large, active consumer base and open software posture makes Android the perfect foundation for Guardian.

Android is meant to be a straightforward and easy-to-use operating system for its users. It operates mainly as a touch-screen interface, much like the iPhone operating system.

Alternate Firmware Distributions

Androids open source nature makes it possible to configure and compile customized firmware distributions. There are many benefits to such distributions, including more frequent updates & patches as well as performance and stabiilty improvements. One of Guardian's goals is to develop and maintain its own stable, streamlined Android firmware distribution that is strongly focused on security and privacy. Until we are able to do so, we strongly suggest using CyanogenMod, a well maintained aftermarket Android distribution focused on optimizing device performance and stability. Current Guardian Phones run a version of the latest stable CyanogenMod distribution that has been customized by Guardian to remove unnecessary functionality and streamline the user interface.

Mobile Security Applications

Overview

The following GPS Tracking section will cover the basics of the applications that we normally install GPS Tracker on secure Guardian handheld devices, including walkthroughs of the most commonly used features & functionality.

Orbot: Data Anonymity

Background & Introduction

Orbot is an Android GPS Tracker Mobil application that brings anonymity to your mobile data connection by allowing you to access the Tor network from your GPS Tracking Kapal mobile device. Tor is free software and an open network that helps you defend yourself against traffic analysis, a form of surveillance that can allow someone to learn what sites you visit - as well as your physical location - by watching your Internet connection. Tor anonymizes your traffic by bouncing your communications around a distributed network of relays run by volunteers all around the world.

Hundreds of thousands of people around the world use Tor for a wide variety of reasons: journalists and bloggers, human rights workers, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and ordinary citizens. You should learn more about Tor and understand what Tor Warning does and does not do for you.

Connecting to the Tor Network

Orbot comes pre-configured to start at boot - which means that it will launch automatically should you reboot your device. We strongly recommend that you keep this setting in place as we've found from personal experience that it can be very easy to forget to start Orbot manually when needed. Should you need to manually connect to or disconnect from the Tor network, just follow the instructions below: 

  1. Open the Orbot application from your Homescreen or Launcher
  2. If the main application icon is gray (see image below), you're currently disconnected from the Tor network. Touch the icon to begin the connection process - which usually takes a minute or two, and possibly longer if it is the first time connecting after boot
    Orbot - Deactive
  3. The Orbot icon will turn yellow when connecting to the Tor network. Application log messages will be displayed below the main icon as it makes progress. If you're interested in seeing more detail about these log messages, you can access them via the main application menu -> Log
    Orbot - Activating
  4. Once the main application icon turns bright green, you're connected to the Tor network! Keep in mind that this *only* means that Orbot and any properly configured applications are now routing their traffic through Tor. See the next topic for more on application configuration.
    Orbot - Active
Configure 'Torified' Applications

Since mobile applications normally use a data connection to function, their traffic can also be configured to route through Orbot to the Tor network - this is called 'transparent proxying.' Follow the steps below to update your application preferences:

  1. Open the Orbot application from your Homescreen or Launcher and ensure that Orbot is active (see above)
  2. Select the 'Settings' option from the main application menu. Ensure that 'Transparent Proxying' is enabled. Chose 'Select Apps' to manually configure which applications send their data through Tor. For example, to ensure your mobile browsing data is anonymized, be sure that the Browser app is selected. If instead you prefer all you application data to be Torified, just select the 'Tor Everything' option.
Orbot - Settings
Orbot - App Selector
Confirming Tor Mobile Browsing

The Tor Project hosts a handy page that lets you verify whether or not your browser data is being routed through Tor. You can launch straight to this page from the Orbot app by selecting Menu->Check:

  1. Open the Orbot application from your Homescreen or Launcher. Ensure that Orbot is active and that your Browser is configured to route its traffic through Tor (see above).
  2. Select the 'Check' option from the application menu, which will launch a Browser window automatically to https://check.torproject.org.
Orbot - Check

You should see front-and-center a notification that you are using Tor. If you don't, first try stopping & starting Orbot - if this doesn't make a difference, it's time to get into more serious troubleshooting.

K-9 & APG: Encrypted Email

Background / Introduction

K-9 Mail is an open source email client for Android mobile devices that has a number of advantages over the built-in email application included with Android, including the following:

APG (Android Privacy Guard) brings OpenPGP encryption to Android mobile devices. Together with K-9 Mail it lets you send and receive encrypted and secure email!

What You Need

An email address - and that's it. The set-up process for K-9 mail is extremely straightforward and should work for nearly all email accounts, with the exception of Exchange accounts, of which support is only great for Microsoft Exchange 2003 with "basic authentication". For Exchange set-up, check K-9's wiki posting here.

If you're interested in setting up K-9 Mail for encrypted email, you'll also need a valid GPG keypair stored on your mobile device SD card. For an in-depth How-To guide on this topic (along with a background on secure email), check out the Guardian Project Blog posting here.

TextSecure: Encrypted SMS / MMS

Background / Introduction

TextSecure is a drop-in replacement for the standard text messaging application, allowing you to send and receive text messages as you normally would. All text messages sent or received with TextSecure are stored in an encrypted database on your mobile device and SMS / MMS messages are encrypted during transmission when communicating with someone else also using TextSecure.

What You Need

Whenever possible, you should use TextSecure instead of the stock Messaging application to maximize security. You'll need a good passphrase to encrypt your messages as well as the ability to recognize when conversations are encrypted or not.

Setting / Changing Your Passphrase
  1. When you first open the TextSecure Application from your Home Screen or Launcher, you'll be greeted with the following dialog:
    TextSecure - Welcome
  2. If you ever care to change your passphrase, simply select the 'Change passphrase' menu option and follow the prompts:
    TextSecure - Change Passphrase
Initiating a Secure SMS / MMS Session

Note: Both sender and recipient must be running TextSecure in order to create a secure and encrypted session.

  1. Open the TextSecure Application from your Home Screen or Launcher, select 'Initiate key exchange' from the menu and enter your contact's mobile number in the 'To:' field
    TextSecure - Initiating Key Exchange
  2. You should see a new conversation thread appear in your TextSecure home screen with the text 'Sent key exchange message'. Select this thread and you should see the following message.
    TextSecure - Key Sent
  3. It's up to your recipient to take the next step. They should receive a new text message prompting them to 'click to process' your sent key. Once they do so, you will receive their unique key exchange message, which you must also click to process.
    TextSecure - Key Received
  4. Complete the key exchange process in the subsequent prompt
    TextSecure - Complete Key Exchange
  5. You'll see a padlock icon adjacent to all further messages with this contact.
    TextSecure - Secure Session 1
    TextSecure - Secure Session 2
  6. If you're in close proximity to your recipient you can optionally choose to verify your secure session. Just select 'Verify Secure Session' from the conversation thread menu and follow the prompt instructions.

Mapdroyd: Offline Maps Access

Background / Introduction

MapDroyd provides a built-in remote map browser for Android mobile devices that is much like Google Maps. The big difference being that MapDroyd lets you download and store maps locally on your device so you can access them without a data connection. In addition, MayDroyd provides much more detailed maps of International territories.

What You Need

While in an area with a good data connection (we recommend WiFi coverage), you should access Mapdroyd and download the set of mapps you wish to store locally on your device.

Personal tools
Namespaces
Variants
Actions
Navigation
Projects
Toolbox