Android Privacy Guide

Can we trust them?

Let's talk about...

Thanks for your attention!

Contact me!

• Why choose Android?
• Encrypted storage
• Encrypted communication
• Privacy-aware searching
• Anonymization techniques
• Other privacy recommendations

Encrypted storage

Full disk encryption

• Android >=3.0 supports native full disk encryption
• other alternatives are Luks encryption, Cryptonite
• encrypt your root filesystem including all your external SD cards and your Titanium backups!

Application-specific encryption

• at least AES256 storage for your sensitive information (credit card numbers, credentials, private keys, etc)
• B-Folders, KeePassDroid, NoteCipher

Why choose Android when you care about your privacy

Why Yes:

Anonymization techniques

Outgoing connection / browsing anonymization

• It is open source - easily and completely auditable what is crucial for security (iOS, Blackberry, Windows Mobile are proprietary closed-source platforms) - you know there isn't anything hidden that might violate your privacy (e.g. Carrier IQ)
• There is a "privacy-aware" Android distribution - Cyanogenmod that has removed any Google spying functionality, incognito mode, torification etc.
• It supports all advanced Linux security features (e.g. SELinux, Truecrypt full disk encryption, etc.)

• based on Tor, torification of all outgoing connections from smartphone is possible
• Orbot and Orweb v2, AdBlockPlus Firefox plugin

Face obscure

Payment transactions

• iOS marketplace is more conservative, it may contain less malware/trojans

Why Not:

• ObscuraCam

• based on Bitcoins
• Bitcoin Wallet

Android Privacy Guide

Encrypted communication I.

Use trustworthy software

IPSEC VPNs

NCP VPN client, Droid VPN, Tigervpns VPN, VPNCilla, strongSwan VPN client

Other privacy recommendations

Privacy-aware searching

• Always check application's permission during installation
• Use applications from official Android Market only
• Use antivirus and firewall (DroidWall), Network Log

Avoid using social networks

SSL VPNs

OpenVPN

Use DuckDuckgo.com instead of Google!

SSH tunnels

Avoid using banking applications

• Google is not a privacy-aware search engine, it tracks everything about you!

• They have usually access to all your sensitive informations stored on your smartphone

Disable Geolocation services

• With the possibility of "remote wipe" and "remote lock"
• Secure wipe InTheClear

Use trustworthy tracking / wiping software

• If you don't use them

Encrypted communication II

Email encryption

• PGP encryption based on APG (K9 Mail, Kaiten Mail, r2mail2)
• S/MIME encryption (r2mail2)

Instant chat encryption

• based on OTR or PGP
• Gibberbot (quite unstable), IM+ Pro with OTR plugin

Voice encryption

• based on ZRTP protocol and SIP/TLS
• CSipSimple (can be used with Ostel.me), RedPhone
• Acrobits Softphone with ZRTP outgoing module (or Groundwire)

Encrypted communication III.

Encrypted SMS messages

• TextSecure (Android only)

There are some cool crypto Android applications, but they are proprietary with no source code:

• Threema
• Acrobits Softphone
• Groundwire

Conclusion

• Care about your privacy - privacy intrusions by 3rd parties (government, corporations, your competitors) will be more likely in the future
• You are already tracked (by data retention law, all social networks, Google) and can be easily monitored (by any secret or other government agencies)
• The Internet is a permanent storage - some your sensitive data may be never erased when they are leaked