5,606,588 Members 35,631 Now Online
XDA Developers Android and Mobile Development Forum

NSA-Droid or how I learned to stop worrying and love the encryption

Tip us?
 
0x0rbit
Old
#1  
Junior Member - OP
Thanks Meter 2
Posts: 1
Join Date: Jan 2014
Lightbulb NSA-Droid or how I learned to stop worrying and love the encryption

Hello,

why isn't there an Android-ROM like this: (my dream thoughts)


NSAdroid

1. Every outgoing packets are encrypted
2. Detects, if the other phone - its communicating with - has the same ROM, then use encryption between them (for calls, messages)
3. TOR Network integrated (with TOR Relay service / ORBOT app)
4. iptables integrated (like the DroidWall app)
5. No Google-Services (like the Replicant ROM)
6. Integrated Permissions-Manager (e.g. Decide by app installation which permission is allowed)
7. AutoBackup-Service (Features like: upload encrypted backup into a cloud service / Complete / Incremental )
8. Custom sync (to own server, data encrypted into the cloud or to the computer if usb-con established)
9. Integrated Remotecontrol (trace+whipe like Webkey app / stealth running, send phones-IP if connected in intervals to defined server)
10. Everything easy to use for non-experts that it can wide spread

Plus a basic check for Malware.

Another idea:
Two-Face-Droid
e.g. If I'm entering PIN-Code A, I see another screen, data, settings, else if I had entered PIN-Code B.
Even if the "other face" is revealed with forensic software, my data is secure/encrypted.


Your comments please.

Greetings and have a good day.
The Following 2 Users Say Thank You to 0x0rbit For This Useful Post: [ Click to Expand ]
 
pan.droid
Old
#2  
pan.droid's Avatar
Senior Member
Thanks Meter 109
Posts: 285
Join Date: Oct 2010
Because security isn't sexy enough. Everyone is too absorbed with penetrating to wrap their shi+ up. Check out:

Guardian Rom:
http://forum.xda-developers.com/show....php?t=2316300

OpenPDroid:
http://www.xda-developers.com/androi...vacy-solution/

XPrivacy:
http://forum.xda-developers.com/show....php?t=2320783

SecDroid:
http://www.xda-developers.com/androi...with-secdroid/

F-Droid:
https://f-droid.org/ (for play store alternative).

---------- Post added at 10:19 PM ---------- Previous post was at 10:17 PM ----------

Oh, left out a big one...

YubiKey:
http://www.yubico.com/products/yubik...dware/yubikey/

---------- Post added at 10:21 PM ---------- Previous post was at 10:19 PM ----------

...Anyway, it's a losing battle, but I admire your optimism=)
The Following 3 Users Say Thank You to pan.droid For This Useful Post: [ Click to Expand ]
 
Dudebowski
Old
#3  
Dudebowski's Avatar
Senior Member
Thanks Meter 123
Posts: 220
Join Date: Mar 2011
Location: Chicago
Quote:
1. Every outgoing packets are encrypted
any openVPN/openswan service would do most of the trick, but end-to-end encryption depends on the whether the server you're talking to is https-enabled.
Quote:
2. Detects, if the other phone - its communicating with - has the same ROM, then use encryption between them (for calls, messages)
CM is likely looking into improving 'android beam'. Bluetooth communication is certainly a considerable threat, I hope to see further dev'mnt here. Cyanogenmod now has WhisperPush, which is TextSecure integration (SMS/MMS end to end encryption)
Quote:
3. TOR Network integrated (with TOR Relay service / ORBOT app)
Install Orbot , secureChat, etc... set to run on boot if you want.
Quote:
4. iptables integrated (like the DroidWall app)
Install AFWall (Droidwall reborn) note that iptables binary is already installed with CM, and maybe AOSP itself.
Quote:
5. No Google-Services (like the Replicant ROM)
Disable gApps or neglect to install gApps in a CM or other custom ROM installation
Quote:
6. Integrated Permissions-Manager (e.g. Decide by app installation which permission is allowed)
CyanogenMod Privacy Manager and/or Xprivacy Xposed module
Quote:
7. AutoBackup-Service (Features like: upload encrypted backup into a cloud service / Complete / Incremental )
Cyanogenmod Developer Options -> encrypt desktop backup option
Quote:
8. Custom sync (to own server, data encrypted into the cloud or to the computer if usb-con established)
Titanium-Backup -> encrypted cloud container (such as git-annex, Dropbox with BoxCryptor, etc)
Quote:
9. Integrated Remotecontrol (trace+whipe like Webkey app / stealth running, send phones-IP if connected in intervals to defined server)
CyanogenMod Account - Device Administrator - allows remote wipe, device location. im sure they're using https for reqeuests. there are other opensource device locator services out there too.
Quote:
10. Everything easy to use for non-experts that it can wide spread
Above apps with Cyanogenmod. touch a button, function enabled. How much easier could it be?
Quote:
Plus a basic check for Malware.
Play store has 'basic' checks for malware, and gServices has a setting to 'verify apps'. It's certainly in Google's best interest to keep their environment free of malware. Spyware on the other hand... that's a semantics issue. There are numerous malware and spyware checkers out there, although most of them are only accessible from Play store. If your device isn't gPwned, you're probably already aware enough to use common sense when installing apps, particularly ones with root permissions. Apps like xPrivacy are also a major head start in keeping your device on lockdown from potential malware.

Quote:
Two-Face-Droid
CyanogenMod has a device encryption option. There's also Profiles and Users, which helps if you'd want to quickly limit functionality of your phone in a potential attack scenario, e.g. handing your phone to an acquaintance. You seem to be talking about a truecrypt-like double-system container though, which is certainly possible but rather complicated given the limited resources available to a phone/tablet device. To date I haven't seen anything exactly like that for android, though there are multi-boot developments and kexec-enabled kernels on various devices.


Some helpful info, if you haven't seen it already:
https://prism-break.org/en/categories/android/


Point I'm getting at here is... Cyanogenmod without gApps, and with a few other apps intalled is basically what you're asking for. Every app i noted above is available outside play store, via F-Droid or the developer's site. Cyanogenmod tries their best to keep things simple as possible, while integrating advanced security measures and other features not found in the AOSP base.
The Following 2 Users Say Thank You to Dudebowski For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes