Editing Android Hardening

From Bibliotheca Anonoma

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== First Disclaimers ==
* Proprietary vs Open Source Code - While Open Source Code is not necessarily more secure than proprietary code, one thing is clear: You as a user can't know whether proprietary code is secure, because unless you sign a Non-Disclosure Agreement, all you can do is to trust the promises of the developer/manufacturer. In addition, proprietary code is obsolete the moment the manufacturer abandons it: open source code can at least be updated by volunteers afterwards.
* Driver Backdoors - Unfortunately, most ARM devices use proprietary drivers which not only hold the system back from updated Linux kernels, but also could hide backdoors within.
* ARM Trustzone - Even without a baseband, this piece of proprietary system inside every modern ARM smartphone can be a threat.
* Hardware Backdoors - If a high level hostile actor (a government or a corporation) gets direct hardware access to your device through various means, don't expect your protections to hold up for long.
This is why you should avoid smartphones entirely if you are under scrutiny from a powerful targeted threat, from a government to even a wealthy corporation or hacking group.
== Before you start ==
== Before you start ==


Line 36: Line 27:


If none of the above apply to you, you're still at threat of random attack events, whereby an attacker from anywhere on the internet obtains or hijacks your machine, identity, or accounts after achieving an exploit in your network, device, or service provider.
If none of the above apply to you, you're still at threat of random attack events, whereby an attacker from anywhere on the internet obtains or hijacks your machine, identity, or accounts after achieving an exploit in your network, device, or service provider.
== Devices to Use ==
There are three levels of classification that we abide by for information, as inspired by US Government information protocols.
* Top Secret - Grave danger to your person, your livelihood, or that of your friends and family.
** Public/private keypairs - HTTPS certificates, SSH/GPG signing and authentication keys, cryptocurrency wallets
* Secret - Possibility of harm to your person, your livelihood, or that of your friends and family. Generally, information that the government knows (such as financial information) is considered Secret rather than Top Secret.
** Your location, your address.
** Account passwords.
* Confidential - Embarassment, deanonymization, or possible risks to your person, your livelihood, or that of your friends and family.
** Contact information, usernames
** Unfortunately, if your personal data has been publicly leaked online, consider it only confidential.
Due to the prior possibility of backdoors, you should not consider smartphones to be suitable for Top Secret information. If you have no other choice (such as an emergency situation), try to mitigate your risks by sharing data only through means and services your adversary might not have or be able to compromise in time.
=== Top Secret ===
* Devices: Open Source Hardware only: Libreboot laptops, Beagleboard, Raspberry Pi without VGA Blob.
** No smartphones are allowed. The proprietary baseband and unlocked bootloader could have unlimited access to your RAM and your storage.
** They're not going to be the best devices ever, and maybe not even the ones you use each day, but at least they're something you can trust.
* Operating Systems: G. Reproducible builds if at all possible.
* Networking: Onion Networks, i2p or Tor (hidden services only!!!)
=== Secret ===
* Chat: Encrypted chat and email.
* Networking: HTTPS encryption
=== Confidential ===
* Chat: Normal chat and email.
* Networking: HTTPS encryption


[[Category:Draft]]
[[Category:Draft]]
Please note that all contributions to Bibliotheca Anonoma are considered to be released under the Creative Commons Attribution-ShareAlike (see Bibliotheca Anonoma:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!
Cancel Editing help (opens in new window)