Ask Slashdot: Android Security Practices?

Soft writes "Smartphone security recommendations seem to boil down to Windows-like practices: install an antivirus, run updates, and don't execute apps from untrusted sources. On my own computers, running Linux, I choose to only install (signed) packages from the distribution's or well-known repositories, or programs I can check and compile myself, or run them as a dedicated user — and I don't bother with an antivirus. What rules should I adopt on my soon-to-be-bought Android device? Can I use it purely with open-source apps and still make the most of it? Are Android's fine-grained permissions (accessing the network, contacts...) reliable? Can apps be trusted not to scan your files and keyboard for passwords and emails? What precautions do security-conscious Slashdotters take to keep control of their phones?"

Install a firewall

[girlintraining]

Install a firewall. Not to keep the hackers out, mind you, but to keep your data *in*. There are way too many apps that try to phone home or do things they don't need to ('live' wallpapers come to mind). Disable their network access. If an application requires network access, bring it home, set it up on your home wifi network, and run a sniffer to find out where the data goes. You don't need to know what the data is per se. Then, try blocking as much of it as you can until the application stops working. You've now found the minimum amount of access that app needs to function.

Re:Install a firewall

[mlts]

More specifically, root your Android phone (no, it will not lessen security unless you are stupid and click "allow" on any app that pops up the su dialog unless you KNOW it needs the root permission.)

Install DroidWall and allow it full su access. Then when you install a new app, make sure to allow it out, because by default, new apps are not allowed to phone anywhere. LVL is handled by another mechanism, so apps should know they are licensed even if you block them with DroidWall.

After installing DroidWall, and selecting the apps you know that need to communicate, that will provide a decent measure of protection.

Re:

[alostpacket]

It should be noted that one of the reccommended ways for devs to employ LVL DRM is to offload the returned response to the dev's own trusted server. This would require internet access. This is done because LVL is trivial to break alone and trusting the client is always insecure.

Anyways, not to sound too spammy or promotional, but for beginners to Android I've written a guide and app that they can use as a pocket reference for the permissions and something they can give to family/friends who might be le

Re:Install a firewall

[improfane]

On a phone? Are you serious? Honestly I never thought you'd ever need a firewall on a phone. If we cannot trust the software running on our phones not to be able to do malicious things, something is seriously wrong with the software architecture on phones. I always thought that the Bitfrost security architecture from OLPC was a good idea. How come this style of capabilities is not in Android?

Nokia 1661 and loving it baby. As far as I can tell, I can't put software on it!

Re:Install a firewall

[i.r.id10t]

The problem isn't that it is a phone, but rather, it is a computer with phone functionality. Would you tote around a laptop w/ no firewall or AV?

Re:

[improfane]

I think you're missing my point. It's a phone. You shouldn't have to install security software on something as trivial as a phone. Something is wrong with the API and security assumptions of the device that it is insecure by default, without security software.

Now that the cat is out of the bag, we can never put it back in. App companies have gotten used to the APIs that give them amazingly intimate personal and marketing information. Apple and Google (an advertising company) has a vested interest in allowin

Re:Install a firewall

[The Dawn Of Time]

You're missing reality - it's not a phone, it's a computer with phone software. I know that's exactly what the post you replied to said, but apparently it went right over your head.

Re:

[Joce640k]

It's sold to people as a 'phone by 'phone companies...that makes it a 'phone to most people. However you slice it, having all those computing abilities is a bad thing for security.

Re:

[Riceballsan]

"I don't think it's an issue of running untrusted executable code, the code IS trusted but it's capable of doing things the phone should never have exposed to the application. I'd like to see security enforced for every execution of an application, so when you close an application, it gives you a list of the data the application tried to access. Rather than trying to ask the user each time to accept or decline, it should be configured BEFORE execution."

You pretty much described the way the android works, w

Re:Install a firewall

[improfane]

That's the potential to access. Not the actual access. That won't scare users enough.

The software should display the data that would have been accessed with the widgets that is appropriate to the device, say a contact card or a filename and then threaten the user.

Are you sure you want to send this information to somewebsite.com over an unscrambled channel to someone in China?

• a list of your contacts as displayed in your contact list
• a recent email of your naked wife (with picture rendered)
• a map with lines between your last plotted geolocations
• the following picture captured from your webcam

It should be displayed like numerous bits of scrap data on the screen with a picture of a pipe and the pipe attached to a shady looking figure next to the planet earth on the other side of a cloud. The implication should be obvious.

Would that scare you?

Re:

[Applekid]

Well, fine then. Each app has a developer. Write to them and find out what they want to do with your phone.

They don't write back? Don't install the app.
They write back marketing fluff? Don't install the app.
They write back something you suspect is a lie? Don't install the app.
They write back something you suspect is true but you don't want them to have the permissions? Don't install the app.

My app selection criteria revolves around what's important to me. Sounds like I just itemized your criteria. No no, my

Re:

[spire3661]

The era of pocket cell PHONES is over, now is the rise of pocket computers. i realize you are trying to make point blah blah blah. I get the part about the providers slurping at the trough of personal data but bitching about having to install a firewall on a networked COMPUTER is silly.The reality is that to have expansive functionality, you need to make security compromises. This is true across the computing spectrum and security in general. Its easy as hell to lock down a computer, simply turn it off. Fo

Re:Install a firewall

[girlintraining]

I think you're missing my point. It's a phone.

They aren't missing it, they're ignoring it. What it is called isn't the issue, it's what it can do, and whether that is what the end-user wants (or not).

Re:

[thePowerOfGrayskull]

This. By default you are given generic information about the access an app will require before you install it. You must approve it in order to install it. You do not get any specific information about what the app will do with the info. Once you approve it you gain no further insight about what the access is used for or even when it's used.

OP is missing the point with the firewall suggestion. It is not reasonable that someone should have to go to tjose lengths to secure a device, especially a modern dev

Re:

[spikenerd]

AV is like installing a house-fly chasing robot. It's big and often gets in the way, but it keeps the fly population in your house small. On proprietary platforms, AV is critical because you cannot close the windows through which they enter. On open platforms, it's a stupid idea. Just close the stupid hole! Why would anyone put up with AV? It's as annoying as what it protects you from, and the days when it was a good thing have passed.

Re:

[ashidosan]

Fortunately, some of us are smart enough not to click every stupid shiny thing we see in the web, or even use operating systems extremely vulnerable to this type of attack.

any other computer

Not all operating systems are created equal, nor have the same attack surface. Not arguing against the usefulness of a firewall here, but what good is antivirus if most (of the really bad) exploits are zero-day? If you don't apply the remaining security patches, well, that's really a different issue.

Your post assumes a great degree of nai

Re:

[rickb928]

Until recently, Apple users were quite proud of the relative lack of threats to their MacBooks. This past week seems to have wiped the smirk off their faces, but that will be shortlived. Apple will plug the holes and they will go back to bliss. Reactive again.

And few Linux laptop toters bother with substantial AV. Of course, most Linux distros install a firewall, but it's relatively generic and minimal, and the users also seem ready to gloat about the seeming lack of threats. And they are not entirely

Re:

[wiggles]

That's because it's no longer a phone. It's a palmtop computer with phone functionality.

Re:

[fermat1313]

If we cannot trust the software running on our phones not to be able to do malicious things, something is seriously wrong with the software architecture on phones.

Ah, the myth of perfect security. There is no system that connects to a network that is perfectly secure. We all want open phones that will run any software we want, and we expect the OS to be able to ward off any possible attempt to compromise it. Ain't gonna happen. That's why we need firewalls, as well as software that blocks processes based on either known signatures or behavior.

Only a mathematician could believe in perfect security. Engineers, they know better.

Re:

[improfane]

I wish I could accept how easily you accept the status quo. One that only benefits big companies that harvest personal information from the clueless masses. Perfect security is impossible, I agree.

I don't want a phone that is continually monitoring my whereabouts by default or can connect to the network at the same time as accessing my data.

Should a phone be able to access my phone book AND the network at the same time?
Should a phone be able to access files on the phone AND the network at the same time? Wha

Re:

[improfane]

Writing data that cannot be executed from the internet is not as bad as accessing data and uploading it. Of course as long as it cannot be read into memory and executed.

We have HIPS because it wasn't programmed in by default. The security model in the PC world is non-existent. The phone securiy model has just repeated the same mistakes from the PC industry rather than try solve it. HIPS really do help. Capability based security and appropriate permutations would be a good start for fine grained security.

Re:

[poetmatt]

so basically you like the complete lack of control over what info we can pull from your N1661? Specifically where you are, who you've talked to, etc?

Re:

[improfane]

Do you really think your phone being an Android or an iPhone protects you? Any intelligency agency could pull whatever they could pull my phone from an Android or iPhone plus everything else. I don't doubt the remote code execution of phones.

The recent phone "hacking" scandal [wikimedia.org] in the UK which I cannot tell if it were server side (provider) or client side (phone side) demonstrates that it's not that hard.

I protect myself from myself by using a dumb phone. Not from others...

Re:

[jonbryce]

The phone hacking scandal employed default password vulnerability on people's voicemail boxes. That was server side. The default pin to access your voicemail is 0000 and most people don't change it. I disabled my voicemail many years ago.

Re:

[improfane]

You are right. I didn't read my article.

The recent phone "hacking" scandal [wikimedia.org] in the UK which I cannot tell if it were server side (provider) or client side (phone side) demonstrates that it's not that hard.

It must have been server side then. Still, an Android or iPhone is not immune to server side attacks. So using one does not make you any more secure, I'd say it makes you less secure. All I did was some googling of the victims on phones, like, victim name + "phone" or "on the phone". They just happened to be using blackberries and what appeared to be smartphones. Of course correlation != causation. I wouldn't trust RMI.

Re:

[bryan1945]

I have some Nokia xxxx phone. I can install software on it, but it's a real pain in the ass (I did it to turn off the Web, GPS and PTT buttons.). Like you said- it's a damn phone. Unlike most /.ers, I don't want a phone/computer/lawnmower. I want to call my wife, not trade stocks while watching a baseball game and playing Angry Birds on a phone.

Re:

[mlts]

It is a Linux kernel, but the userland is very different. Root is there, but apps have their own UIDs, and almost all the UNIX command lines are links from busybox [1]. To prove this, try getting gcc to work natively on Android.

It really can't be run like a Ubuntu box -- users by default don't even have root access on almost all Android devices. Instead, you have to be careful on the app level.

[1]: Busybox is (IMHO) one of the few programs that just is pure awesomeness in its functionality.

Re:

[improfane]

The rest of the world says no, we shouldn't have to manage the security of a phone. It's a burden that the technological world has failed to recognise.

All my cellphones have been connected to the network (GSM or whatever). It's not the 'being networked' that's the problem. Nor is it code execution. My Nokia 3410 could run Java applications. Internet access was something that the phone ased me for.

Why is my Nokia 3410 more secure than Android?

Re:Install a firewall

[Jeremiah Cornelius]

Agreed. When "signed apps" are little different than trojans to steal your PII and report on your activities, the definition of security moves away from one of "penetration and exploitation" towards "scope of trust and violation".

As to the original article.posting, with its naive POV regarding security? What does your posture do for you, when exploitation and abuse are built into signed apps - or signed apps consume and interpret code from untrusted, arbitrary sources? Flash, Acrobat and any AJAX capable browser are all wide-open to abuse, on any given 0-day.

Re:

[molnarcs]

I think firewall is a bit overkill. My advice would be to just use normally. I do. I DON'T install apps from shady sources, I just use the official Market. I have a few dozen apps installed, and I clicked through the permission screen mindlessly, yes. Why? Almost every app needs network access, after some time I got bored reading through the list of permission they require. BUT - the apps I install are well established apps with overwhelmingly positive reviews (based on a large number of reviewers). That's

Re:

[nschubach]

I think firewall is a bit overkill. My advice would be to just use normally. I do. I DON'T install apps from shady sources, I just use the official Market. I have a few dozen apps installed, and I clicked through the permission screen mindlessly, yes. Why? Almost every app needs network access, after some time I got bored reading through the list of permission they require. BUT - the apps I install are well established apps with overwhelmingly positive reviews (based on a large number of reviewers). That's basically it - just use common sense.

The problem is, 99% (woo, fictional stats) of the people that voted that app a 5 star app did the same thing. Nobody pays attention to what they are giving access to. They only care what the app tells them it's doing. (I'm a background switcher and I need access to your contacts so I can display them on the background and full internet access for ads!). They do not care that it's sending their contact information to a central server of spammers.

Re:

[TheCRAIGGERS]

Install a firewall. Not to keep the hackers out, mind you, but to keep your data *in*. There are way too many apps that try to phone home or do things they don't need to ('live' wallpapers come to mind).

Bah! Screw that. Maybe I'm too idealist, but if I'm looking at an wallpaper (for example) and the security permissions require net access, SD card access, and access to your bookmarks, I just don't install it. There are two main reasons for this:

First and foremost, the app is obviously shady, if not outright malicious. I don't want it on my device at all.
Secondly, and no offense here, but you are trusting a firewall / antivirus program to protect you from stupidity. There is no replacement for some com

Re:

[nschubach]

Also, a majority of the phone users are not geeks with finely tuned BS meters or the ability to tell what the access even means.

Re:

[TheCRAIGGERS]

Also, a majority of the phone users are not geeks with finely tuned BS meters or the ability to tell what the access even means.

True. But this is 'Ask Slashdot'. This isn't some soccer mom trying to figure out her new "Android iPhone", this is (presumably) an at-least fairly tech-savvy geek asking his or her peers what they recommend. We're not talking about the majority of phone users here.

Re:

[TheCRAIGGERS]

An image is what, a few KB? That could easily be packaged with the original download.

If you are looking at an app that can download other wallpapers as a service, then sure, I agree with you. But if you do a search for wallpaper in the Android marketplace, most of what you see are packages with one, maybe two wallpapers- not a service. Also, I don't see an explanation of why it would need access to my bookmarks.

Regardless, I only used wallpapers as an example, and yes you can probably poke some holes on

Re:

[godrik]

I am a new android user. And I wondered about security as well.
You said things like "Disable their network access" or "try blocking as much of it as you can until the application stops working". But is there any system level permission that can be set per app ? Anyway to say per app yes or no for the network ? or maybe allow access to some directories but not to other ones? A lot of applications are requesting GPS localisation, is it possible to configure fake coordinates?

Re:

[nschubach]

Some of them are non-obvious or too lenient.

SD Card access springs to mind. Google considers all data on the SD card public... I, however, do not think my SD card is free range and wish there was a way to limit apps to just their folder. (Well, I know there is a way [symlinks in app path on local memory to directories on sdcard], but Android does not do it.)

Some apps (I have a friend who did this) will check the built in functionality to determine if you have a firewall app and refuse to run unless you bu

Security on Android

[Anonymous Coward]

Only thing I can think of is to read details on the app, for example why would a notepad app need access to the internet or my contacts.
Another thing is to install only apps from Google or "Good known sources".

Re:

[nschubach]

Well, the notepad app could say it needed the Internet access for ads and the contact information for the quick contact paste feature.

Re:

[rickb928]

AKNotepad syncs to catch.com. It's a feature. So it uses Internet access.

And it's in the Market.

There is no substitute for you actually knowing what the app does, and evaluating the permissions to see if they are appropriate, in your view, to what the app states is its feature set.

You were saying?

A smart phone is just a computer.

[Kenja]

A smart phone is a computer like any other and should be treated as such. Trust mobile apps as much as you would trust desktop applications. Do not install unknown software from unfamiliar sources and in general be as vigilant as you are with your Windows, Linux, OS X system. If you are paranoid enough, there are firewall and app activity scanners out there. But perhaps you dont trust them either. In which case, write your own apps. Its not hard for even the inexperienced with the app-builder tools.

Re:

[tepples]

Should a platform restrict operations in favor of security for such an audience? Yes, it should.

But why should a platform restrict running even "Hello World"?

Re:

[pixelpusher220]

There is some truth in this assertion at the technical level, meanwhile, as a consumer device, it is not a computer.

How does it's intended use have any bearing on what it *actually* is?

Re:

[clang_jangle]

Should people care about viruses and identity theft on phones? No, they should not. Should a platform restrict operations in favor of security for such an audience? Yes, it should.

Except that there tends to be an inversely proportional relationship between "power and flexibility" and "lockdown", so it comes down to individual choice. Yes, the average techphobic user will not do as well with Android as with an iPhone. BTW WP7 is too new to call, but the history of utterly screwing users over on any kind of d

Permissions aren't 'fine grained'

[c0d3g33k]

The problem with Android is that the permissions aren't in fact "fine grained" (though they might seem so to the 'TL;DR' generation). They are relatively course-grained with respect to what modern applications might require. Any non-trivial app will require permissions from the available pool that can be abused by malicious developers. The user has to fall back on trust when installing any non-trivial app.

Android needs something more like a sandbox environment for each application and a reasonable system where the user is asked for permission before accessing sensitive information.

Android permissions == FAIL, at least from a personal privacy and security perspective.

Re:

[ShavedOrangutan]

Every app requires full permissions, for no useful reason. Why a stopwatch wants access to my calls and read/write on the SD card, I don't know, and the choices are to either accept it or don't use the app. This is seriously broken. I don't even look in the Android Market anymore because it's just too much risk to install anything. It's actually worse than Windows, where at least I know where the software is coming from.

Re:Permissions aren't 'fine grained'

[Reapman]

EVERY App? I doubt this, in fact as an App Developer I know this isn't true. Adding permissions to your app is something you opt in - if a developer is so lazy he opts in every single perimssion then I wouldn't trust that app.

I've decided against installing apps that require permissions I don't want, and have quite a few apps that I've trusted onto my phone.

Google is providing you the ability to, at least, get an idea as to what your getting into. Something like the iPhone doesn't give this, and I'm not sure if Blackberry does or not. Could it be improved? VERY. Is it better then nothing? VERY.

How is this broken? Because an App Developer has some crazy permissions? I'd call that working - you know what it's asking for and you choose not to install it. How is it better then Windows? Do you know if your Windows Stop Watch app is talking to your Contacts stored in Outlook or Thunderbird?

Re:

[c0d3g33k]

Any non-trivial app requires permissions to one or more of the following:

- Your location (coarse or fine grained)
- Full network capabilities
- Call status
- Your personal contacts
- Account information

And the big kahuna:

- Your SD card

Putatively for storage of application data, settings etc. But as far as I know, there is no mechanism to prevent an app from accessing ANY other information on the SD card once granted access. And just about every app requires read/write access to the SD card. Let the data-mini

Re:

[Zumbs]

- Your SD card

Putatively for storage of application data, settings etc.

There are other options for storing application settings and data that does not require access to SD cards. Internal Storage [android.com] is one. Unless the app needs to save a lot of data, there is no reason to require access to the SD card.

Re:

[hedwards]

One of the problems is that some ad software that free apps use seems to need to spy on people in order to work. You can opt not to install that software but the marketplace lacks transparency when it comes to what the app is actually doing with that permission. And I'm not aware of any way of keeping an eye on apps to make sure that they aren't doing anything nefarious with the permissions. Trust but verify ought to be the way with apps that you've decided to trust.

Additionally, some functionality like pla

Re:

[rickb928]

"One of the problems is that ALL ad software that free apps use "

There, let's get it right, ok? So far, ALL ad methods I've seen need to talk to their overlords to serve up what they think I will respond to. they act in futility, but I'm not going to tell them that.

Re:

[hedwards]

That's not true, there are degrees, some need to do that to serve ads, others don't. Some require tracking the individual by GPS and other means and others don't.

Re:

[rickb928]

Let me get this straight; some ad software doesn't need to contact the ad servers?

Re:

[Reapman]

Not to sound cruel but I think your doing it wrong. I made a Hello World app that didn't require to do that - just because you wrote the app wrong and don't know how to modify the manifest XML file to set the permissions you need isn't Android's fault.

Not going to install anything anymore? So I assume you don't install applications on your computer either? Did you check if the last program you installed wanted to see your contacts in Outlook / favorite email program? Did you check if it would access iPh

Re:

[Reapman]

The default permissions ARE empty. As your seemingly not aware of how permissions work in Android, you need to add each permission to your applications Manifest XML. If you don't want a permission in there you don't put it in. By default none of my applications had any permissions since I would have had to add them at some point. Every permission in them I added.

I can write code that creates an infinite loop - is that the OS's fault? No, it's my fault for writing lousy code. If your code asks for perm

Re:

[Reapman]

I did create a new project, 100% fresh, using Eclipse. No permissions are in there by default. Even if you WERE right I have no idea what your trying to prove - sorry. The Android OS is not based on a single tutorial. Android allows you to see what permissions any application needs - something I'm not aware of ANY other OS doing. It's NOT perfect, I'd love to have more fine grained control, but to call it insecure and you won't install ANY SINGLE applications on your phone, well, that's your problem th

Re:

[Reapman]

If that's the case, kudo's to Blackberry! Hopefully Android will implement some of that - as I said Android could use some improvement and that sounds like an improvement.

Re:Permissions aren't 'fine grained'

[nabsltd]

Why a stopwatch wants access to my calls and read/write on the SD card, I don't know,

Many apps that need access to "phone calls" are doing so to be good resource users, and to follow some Android UI conventions.

Knowing if you are talking on the phone or not allows the app to change its behavior to not bother you, use less CPU cycles, etc. And, this sort of thing is why there are so many complaints about the overly-broad permission groups on Android...you can't know the "in-call state" without being given permission to "phone calls".

Re:

[AmbushBug]

...you can't know the "in-call state" without being given permission to "phone calls".

I don't think this is true. The permissions for phone state are called "Read phone state and identity" and they don't allow you make phone calls, as far as I know. That said, the internet access permission is too coarse - its basically all or nothing. It would be nice if apps had to list the domains they are going to connect to or something...

Re:

[Zumbs]

Whenever the focus of an activity is changed, an event is called that can be used by the application to change its behavior. If an application use multiple activities, all you have to do is to keep track of which of the activities of the application have focus, and set the behavior of the application correspondingly. For a lot of applications this is enough to play nice, and there is no explicit need to get access to call state.

Re:

[rickb928]

stopwatch might want access to phone state so it can choose how to alert you to an alarm, a common feature in stopwatches. Or just to decide how to give you the 'tick tock' - speaker, earpiece, or phone audio... It might want to play nice and not beep all over your call in progress, or scare your callers.

Read/write to SD to save results of timings? Some people like saving the results of timing their software load times, or epic 5k run.

Perhaps you need to write your own stopwatch.apk that just.does.stopwat

Re:

[dragonturtle69]

Every app requires full permissions, for no useful reason. Why a stopwatch wants access to my calls and read/write on the SD card, I don't know, and the choices are to either accept it or don't use the app. This is seriously broken. I don't even look in the Android Market anymore because it's just too much risk to install anything. It's actually worse than Windows, where at least I know where the software is coming from.

Are you serious? Any monkey could write a shareware clock application, that harvests whatever data and then sends it wherever, and your PC OS wouldn't do anything to notify you.

Pandora was recently rejected by me, because it wanted to use my contact list. You do have a choice besides being owned.

Which stopwatch application anyway?

Re:

[im_thatoneguy]

Well not only that but you can never be fine grained enough for the user to understand.

If your app saves data to the cloud then it needs the ability to "Copy files to remote servers".

That's either a trojan or the app operating correctly. No way to tell without per-file transaction confirmations. "I'm about to move a temp.dat to the cloud. Ok?" And even then. "Wait, what's in temp.dat?" And so on and so forth.

The only difference between a malicious network aware application and a good one is what data

Re:

[improfane]

I think getting the users to understand and not just accept mindlessly (like Windows UAC and Facebook Applications) is the hardest part. It's a social problem. The permission message must be clear and almost threatening. It should show the data that is being displayed. I replied to someone else about this with the same view [slashdot.org] as you :-).

Re:

[c0d3g33k]

No. What I was saying is that Android permissions aren't all that fine-grained and are seriously broken if protecting the user is the goal. What I didn't say is that they should be redesigned if personal security and personal privacy are a priority. I'm saying that now.

You, on the other hand seem to be implying that Blackberry is better for some unspecified reason. Since you obviously don't live in a Middle-eastern country where Blackberry caved and allowed personal communications of BB users to be moni

Re:

[clang_jangle]

Since you obviously don't live in a Middle-eastern country where Blackberry caved and allowed personal communications of BB users to be monitored. So what was your point again?

That is profoundly ignorant. Yes, RIM caved -- unlike Google, Apple, and everyone else who didn't have to cave because they never withheld the private data governments demand. Look it up, since you won't believe me and then stop the FUD.

Re:

[c0d3g33k]

And they can all be enforced server-side to protect users from their own mistakes.

Very nice for multinational corporations who want to protect their trade secrets and monitor employee communications and can afford a BES. Not so nice for an individual who wants a personal device that respects their security and privacy. How does a private BB user enforce server-side permissions exactly? I don't recall seeing a free BES offered with my Blackberry mobile plan.

Your arguments are irrelevant to the current discussion and obsolete since RIM made concessions to allow monitoring of communicati

Lookout

[Rary]

At the very least, install Lookout [mylookout.com].

Multiple devices

[rwa2]

I have one relatively cheap Android smartphone (HTC Slide), which I pretty much install a minimum of useful apps upon.

My second device is a Viewsonic G-Tablet (running TnT-Lite v4), which is a cheap (~$320 these days) but high-spec device. I use it for "playing" with apps and flash sites (some of them shady). Its main purpose is to let me to play with high-end apps and games while keeping me from doing anything too dangerous with my phone :-P

Custom OS updates come out for the latter quite often, so I'm us

Driod slogan v1.1

[starglider29a]

"When there's no limit to what Droid gets, there's no limit to what Droid does^H^H^H^H can do to you."

Take these for what they are worth...

[mlts]

Take these for what they are worth, but here are my security practices:

1: Install DroidWall and use that to lock down everything except the apps you do want going out.

2: Use TouchDown or a discrete app for secure Exchange email. This allows you to keep contacts separate from the rest of the device, and the app can keep the contacts encrypted. If it is work E-mail, it is good to keep it separated anyway.

3: Consider a PIN protecting app for #2 above, as well as your terminal, settings, and su app.

4: Use Titanium Backup with the encryption feature and store on Dropbox. If you look at TB, you will find that the way it does encryption using RSA keys is pretty well designed, so storing backups of apps on DB can be done securely.

5: Get a utility (I use WaveSecure out of habit, but there are others) that will lock the phone if the SIM card is changed, airplane mode is put on, and even allow one to remotely wipe the device and SD card. I'd like a utility that would give the ability to wipe the device and SD card if the phone has not seen Net access in "x" amount of time, similar to what BlackberryOS provides.

6: Look at reviews before buying apps.

7: Look at what the app asks for security permissions. If a notepad app wants access to your contacts, phone, SMS, or perhaps even pops up the su dialog, get rid of it ASAP.

8: If you use nandroid, consider some type of file encryption. This sucks when restoring a ROM image, but there are ways around that (decrypting the image while the SD card is mounted via USB, using a temporary ROM image with no data for decrypting, etc.)

9: Use AdBlock with Dolphin Browser. Ad rotation services are a noted source of malware.

10: Use known ROMs. The ROM ecosystem has been astoundingly clean for now, but it is only a matter of time before blackhats start adding their own "functionality" and putting ROMs on xda-developers and other sites.

11: Consider PIN protecting your SIM card. This way, when you do a remote erase, the thief might have a clean phone, but won't have free access to bandwidth, SMS, or calling capabilities.

12: Consider a "stuffbak" sticker. If the phone is found, at least there is a small chance it might get back to you, as opposed to 0 chance without it.

13: Keep backups. This way, if you do lose your phone, you can get another Android phone, fire up Titanium Backup, log onto DropBox, type in your decryption key, and restore your apps with their saved data.

14: Bug Google for them to put volume encryption (LUKS) into Android, so it can be used on the SD cards.

Re:

[c0d3g33k]

All good advice, except I don't think Dropbox is an absolute requirement, since you can store the same data on a personal computer or thumbdrive. Unless you live in an area where random search-and-seizures occur with regularity. But then your screwed in many other ways, so your phone security is trivial in comparison.

If there's anything that demands more suspicion than the mobile ecosystem, it's the cloud. Keep your most sensitive personal information away from there. Seriously.

Re:

[mlts]

If you have good front end encryption [1] with a solid implementation, it shouldn't matter if you store your files on a public FTP server. DB has been discussed about security, but this is mitigated almost completely by proper encryption.

Of course, this doesn't prevent big names from either using a (theoretical weakness) in the algorithm, or resort to rubber hose decryption, but if done right with encryption, and a suitably long passphrase (TC states 20+ characters), storing data on the cloud can be made r

Re:

[rickb928]

"7: Look at what the app asks for security permissions. If a notepad app wants access to your contacts, phone, SMS, or perhaps even pops up the su dialog, get rid of it ASAP."

So, I gather you will avoid AKNotepad, even though it declared the requested permision for an actual feature?

Re:

[DigitalCrackPipe]

In regards to #7, what is the SU dialog? My app got a few comments about requesting SU or trying to get root access, but it doesn't. Nor do the permissions allow anything like that. I'm really interested to know what exactly they are talking about, so I can track down the source of the problem. I suspect that it only applies to rooted devices, but I'd like to verify.

Re:

[mlts]

It only applies to rooted devices. The su mechanism consists of two items:

The binary, natively compiled from ARM.

The app, which is a Dalvik VM.

When a program invokes the su binary, it checks to see if the app is allowed or denied access without prompting, if denied, just denies it, moves on. If neither denied or allowed is listed, it prompts the user to allow or deny the app, as well as save the decision. If the user allows it, or if the app is listed as being allowed without prompting, the program gets

Re:

[Anonymous Psychopath]

If the file is strongly encrypted, who cares where it is? Brute-force is always a possibility, I suppose, but I doubt anyone wants your phone data badly enough to do that sort of thing. And if they do, don't use Dropbox.

Re:

[tepples]

It is when you encrypt the backup file before sending it to Dropbox.

Re:

[mlts]

The Cyanogen people have a lot to lose if their ROMs are found to be corrupt. Same with a lot of other top tier ROM "cooks". However, it wouldn't take much for someone to upload a bongoed ROM. That is why its good to see if someone updates a ROM and what people think of the package. Of course, this isn't a 100% guide, but better than nothing.

As always, you can just root the phone without changing ROMs.

Re:

[jonwil]

Find a friend or workmate and borrow their phone for the call.
Go into a carrier store and report it (and get a new SIM card and possibly a new phone at the same time).
Find another phone somewhere you can use.

fork the droid

[anwyn]

We need to put standard GNU/Linux on our pads and phones. Not some OS only kludge with Linux OS but proprietary app space. Down with stores! Up with free repositories! Google can not use patents to block this because Google is member of OIN! And if Google left OIN it would be hit by the proprietary vampires!

What kind of weird environment is it when you can not run native apps on your own hardware? Only some bad imitation of Java applets!

If Google tried trivialization, they would find manufactures alread

Sounds like windows

[thetoadwarrior]

Seriously, anti-virus for your mobile? I think I will go with iphone once I'm done with my Android phone even if I have to pay out the ass I'm not running fucking anti-virus on my phone.

Re:

[prgrmr]

if you download mp3's to your phone (via amazon, google, or anything else) you'll want an anti-virus scan of them. If you share wallpaper, ring tones, photos, or anything else with anyone else, you'll want to scan that stuff to. If you connect your phone to your desktop, laptop, tablet, or anything else--whether that other device and an anti-virus program on it or not--you'll want to know that your phone is clean. And don't assume that an iphone is the answer. If may not be the target of a virus (yet) bu

Re:

[thetoadwarrior]

Any electronic device that connects to a network in theory is but Android does seem to be becoming the dregs of mobile phones pretty quickly.

Use common sense.

[alt236_ftw]

Use common sense:

1. Don't root unless you REALLY need to.
2. If you are rooted, don't give root rights to an application unless you know what it is supposed to do AND you trust it to do just that.
3. Install a firewall.
4. Don't install applications from vendors you don't trust, or know little about.
5. Read the reviews of an application. See what people complain about.
6. Don't install applications which ask for rights that make little sense in context (a calculator which asks for access to the network and cont

Re:

[nschubach]

Use common sense:

5. Read the reviews of an application. See what people complain about.
6. Don't install applications which ask for rights that make little sense in context (a calculator which asks for access to the network and contacts for example).
7. If unsure about some permissions, check the developer's website to see if there is a good explanation. If not, contact the developer directly and ask.
8. If you suddenly find an app for free which you thought it was pay-only, check to see if it is cloned. If so, don't install it as it might be tampered.
9. Check if the developer of an application matches who you know it should be. If not don't install it as it might be tampered.

I can see 5, and 6... that makes sense for most people. But the rest of these make having an app store pointless. If you need to go outside the phone environment to find out why someone asked for a particular permission.

What good is compiling here?

[G3ckoG33k]

Soft wrote: "On my own computers, running Linux, I choose to only install (signed) packages from the distribution's or well-known repositories, or programs I can check and compile myself, or run them as a dedicated user — and I don't bother with an antivirus."

Seriously, what good are programs you can check and compile yourself?! If the program with 25,000 lines of contain a piece of "virus", how would you know?!

Re:

[G3ckoG33k]

Thanks! True, I forgot that there are "others" too. :)

It sounds to me like you already know the answer..

[gravis777]

install an antivirus, run updates, and don't execute apps from untrusted sources.

That pretty much takes care of a majority of your issues. Read other user reviews. If you feel the Android Marketplace is too laxed, try the Amazon marketplace. And if you decide to root your phone, pay attention to which apps you are giving root permission to. I mean, you are a Linux user after all, you should understand simple security.

Oh, and I suggest that if you are going to buy an Android phone, check and see if its supported by CM7 - http://www.cyanogenmod.com/ [cyanogenmod.com] Talk about a lifesaver - my Android ph

Android Security Practices

[privateerlabs]

1. Use caution when installing software! Remember that the Android market place does not vouch for the security/integrity of the apps. To my knowledge, minimal analysis is performed on apps, but nothing that provides any real security guarantee to the mobile user. There is no guarantee that the app you are installing is not malicious in nature, or chuck full of software vulnerabilities. Many of the legitimate apps in the marketplace are rapidly developed by individuals with little or no secure coding background. Also I highly recommend you only install apps from publishers you trust and make sure you read the user comments. If the app has a few thousand reviews and rates at 4 stars this would often indicate added legitimacy.

2. When installing apps be cautious of the permissions requested. The READ_PHONE_STATE permission permits access to sensitive device specific values that would normally be an invasion of privacy to supply. The problem arises when developers use a function called GetDeviceId() to get a unique ID for the mobile device that is later used for user account correlation on third-party services. The correct way to do this is to use Settings.Secure.ANDROID_ID. Google has a blog describing this issue in depth:
http://ask.slashdot.org/story/11/05/20/188228/Ask-Slashdot-Android-Security-Practices [slashdot.org]
Be very cautious with apps that ask to read/write SMS messages, read/write contacts, and place calls. Malware frequently uses these to pilfer unsuspecting users.

3. Careful when jail breaking your phone. If you jailbreak your phone you are opening yourself up to more serious compromise. Ask yourself, if all you have to do is run "su" from a jail broken command shell, why can't a malicious app do the same and run as root? SuperUser.apk is a popular alternative to traditional dirty jail breaking. It attempts to guarantee that the user is active in the Android UI by prompting the user without a dialog asking if the privilege elevation should be allowed. Remember that you are allowing that particular app to escalate privilege from now on. If you allow "sh" to escalate to root then an app may be able to simply run the shell "sh" and then escalate from there.

4. Firewalls are an option and will add another layer to the phone security, especially when connected to Wi-Fi access. Currently there aren't many remote attacks to listening services on the Android phone, but I wouldn't be surprised if we start seeing them with more frequency as more hackers started riding the wave.

5. Disable services you are not currently using. For example; if you are not using Wi-Fi, then disable it until you need it. Same goes for Bluetooth.

6. Remove unused apps. Many apps expose themselves to compromise by examining incoming text messages, integrating with mime/file types, etc. Go through your installed app lists and remove anything you don't use.

7. Android security products are starting to appear on the market (shameless plug). Rather than blindly recommend ours I would rather recommend you search the Android Market for "security", "antivirus", "malware", and the similar criterion. Read the reviews and find something that will scan your apps prior to install.

-Riley Hassell
CEO,Founder | Privateer Labs
email: riley@privateerlabs.net
Website: http://www.privateerlabs.net/ [privateerlabs.net]

Re:

[geekoid]

Thanks mom.

Write your own apps

[bl8n8r]

Seriously. The android SDK is free, Eclipse is free. There's no monetary risk involved to experiement and see if you like doing it.

I screwed around with it for a month off-and-on doing all the tutorial programs on developer.android.com and by the time I was done, it made a lot more sense. I made extensive use of stackoverflow.com too. Good resource there.

If developing isn't for you, there are indeed open source style apps out there. A little bit of googling can find out if they are legit, or if the sou

simple

[geekoid]

seek out and kill Sarah Connor

Security apps just placebo?

[Willbur]

This may be betraying my ignorance, but I thought that the basic security model behind android held that one app couldn't see another app's code or private data. The sdcard is general storage, so all apps with sdcard permissions can see everything on the card, but mostly what is stored on the sdcard is not security critical anyway. Another caveat is that if you've rooted your phone then you're adult enough to look after yourself.

So, how is a virus scanner supposed to work? It will never be able to see an

My Android security measure

[Phil Urich]

Maemo.

...but no, seriously, using as open-source of an OS as possible is the way I go, and having plenty of data (about what programs are running, about the networking data, etc).Knowing what your system is doing is the first and most important line of defence (contrast it against all those people whose Windows boxes are "running so slow...guess it's time to upgrade", we've all met those folks).

That being said, if you're on a far less free-as-in-speech OS (you freedom-hater!), you can indeed still try

Re:

[Phil Urich]

Arghhhh I wrote "too" instead of "to" at the end there. Proof that no matter how secure your phone may be, it's never going to be secure against typos.

Not all devices come with Android Market

[tepples]

Check out the android market and do a few searches for what you need.

Unless your device didn't come with Android Market. A lot of Android-powered devices, especially Wi-Fi-only devices, run the AOSP version of Android instead of the OHA version. AOSP Android-powered tablets tend to come with AppsLib, and the user can install the APKs for SlideME Application Manager and Amazon Appstore, but Google doesn't officially offer Android Market for download as an APK.

Re:

[cos(0)]

AV is a resource-intensive crutch for those who don't know how to correctly manage their systems.

Re:

[improfane]

I bet I could install malware on your computer if you sat me in front of a logged in user.

I won't touch the hardware, just use it.

Re:

[cos(0)]

On a computer with latest Windows Updates? I'd pay to see it.