Hello. My name is Zero.

[Zero_red_kommunist]

I live in the beautiful country of Russia, but we have a big security problem. If someone perceives the right to freedom of speech, prescribed in the Constitution of the country literally, then he may face big problems.
Hence, the decision was made to create a security build for mobile devices. First of all, smartphones.
I have a few questions for the distinguished community.
1. Can native encryption of Android smartphones be hacked?
2. {Mod edit}
3. Is it possible to protect the basic data of the SIM card from physical access, possibly using some kind of manipulation? Or make a remote SIM card? Or just scrubbing data off the surface? Or glue it tightly so that the chip will die when removed?
4. Virtualization on an android smartphone, our people are poor, not everyone can afford to buy a second device for private conversations.
5. Is it possible to download an android from a SD card, like a live CD?
6. Is it possible to effectively protect traffic from IP leaks through the torus? On stationary PCs, it turned out to be the most expedient to use Whonix, how are things going on android?
7. Is it possible to carry out all these manipulations, or do some of them be carried out without having root-rights on the device? The goal is to create an efficient and easy-to-use security build for the general public.
If you can answer at least some of the questions, I am very grateful in advance.

 

[Kenora_I]

Welcome to the XDA Forums! I would be happy to awnser your questions.

 

[Kenora_I]

1. Not likely but an experienced person in data decryption could do it, i dont know any specific details.
2. {Mod edit}
3. Some phones have the eSim feature which cannot be removed and are not a physical card.
4.some phones have dual apps and a privacy lock.
5. android x86 is a live CD version for PCs
6. Maybe an app can perform what your asking.
7. Root would be needed for no 2.

 

[razercortex]

1. Yes, it can. However, with a threat model like a nation state actor, smartphone security has almost always been subpar because your phone mostly operates with the keys in memory for convenience. This can be mitigated by shutting down the phone in high risk environments.

2. IMEI can be spoofed using XPrivacyLua

3. Just get a burner phone/prepaid SIM, that will eliminate most headaches.

4. Virtualization does exist, but for a low powered arm processor in comparison to a PC probably isn't a good idea.

5. ROMs? That's probably what you're looking for.

6. Use TOR apps if you need to reach the web, otherwise I2P apps are good for preventing your IP from the outside world.

7. Yes for most except for IMEI spoofing. Take a look at GrapheneOS and CalyxOS, they're good starting points. Also, Whonix is only good if you're not using a compromised host (ditch Windows, go for Qubes, will work best with TPM and IOMMU support + VT-X/AMD-V (virtualization extensions))

 

[Kenora_I]

Hmm welp. I'm not sure that much scrutiny would be needed but your choice..

 

[razercortex]

High stakes situations are my specialty. If they're living in a repressive regime, security and privacy are paramount. Their call though.

 

[Kenora_I]

High stakes situations are my specialty. If they're living in a repressive regime, security and privacy are paramount. Their call though.

Well when I'm in an unstable political regime, I’ll make sure to grab your advice first

 

[Zero_red_kommunist]

1. Not likely but an experienced person in data decryption could do it, i dont know any specific details.
2. {Mod edit}
3. Some phones have the eSim feature which cannot be removed and are not a physical card.
4.some phones have dual apps and a privacy lock.
5. android x86 is a live CD version for PCs
6. Maybe an app can perform what your asking.
7. Root would be needed for no 2.

1. The details are just important. The stakes are high. We had the story of Golunov, his phone could not be deciphered for a year. Or they are trying to convince us of this. However, personal experience suggests that our technology is bad.

2. Getting root is dangerous for an inexperienced user. I would like to avoid this. I will do it for myself, but whether others will be able to repeat it is a big question. You can get root using virtualization on an android. But I failed to encrypt such a system. It is very tempting: one is open, and in it the second is an encrypted container with all the necessary software and imei substitution. Perhaps even without encrypting the container, this is the solution to all problems. But it's better to learn how to encrypt it. Then the security build is suitable for weaker devices, which is important. For reference, the virtualization application is called VMOS pro. Throws a SIM card and changes imei.

3. I heard about eSim, but these are not cheap models. Well, and the question of practical applicability, is it possible to take out eSim data by pressing one button, or by a script, after receiving an SMS?

4. How is it? Open source? It is necessary that the clone of the application does not leave "tails", for example a browser.

5. Working with a PC deprives you of mobility. With pc the issue has already been resolved in the first approximation.

6. Maybe. On Windows, for example, my IP was periodically gone. Whatever I do. Solved only through Whonix.

 

[Kenora_I]

Well i had a small phone sized laptop that had bitlocker drive encryption and an encryption software for my apps and files.

I had also edited windows to disable my computer connecting to Microsofts servers.

For an untraceable portable device i liked that.
I went through a paranoia period after an incident.

 

[razercortex]

Don't use bitlocker, use veracrypt or dm-crypt on gnu/Linux, BSD is even better.

 

[Kenora_I]

Don't use bitlocker, use veracrypt or dm-crypt on gnu/Linux, BSD is even better.

Well I wanted to install kali anyway..

 

[Oswald Boelcke]

Moderator Announcement!

I've cleaned the thread form questions and replies regarding the change/edit of IMEI, what's illegal in quite a few countries.
We don't allow discussions or support in this matter.

XDA Forum Rules (excerpt):

...
9. Don't get us into trouble.

Don't post copyrighted materials or do other things which will obviously lead to legal trouble. If you wouldn't do it on your own homepage, you probably shouldn't do it here either. This does not mean that we agree with everything that the software piracy lobby try to impose on us. It simply means that you cannot break any laws here, since we'll end up dealing with the legal hassle caused by you. Please use common sense: respect the forum, its users and those that write great code.
...

 

[Kenora_I]

Moderator Announcement!

I've cleaned the thread form questions and replies regarding the change/edit of IMEI, what's illegal in quite a few countries.
We don't allow discussions or support in this matter.

XDA Forum Rules (excerpt):

Sorry about that, I honestly answered the questions.

 

[Zero_red_kommunist]

About the size of a phone? What kind of model is this?

 

[Zero_red_kommunist]

Moderator Announcement!

I've cleaned the thread form questions and replies regarding the change/edit of IMEI, what's illegal in quite a few countries.
We don't allow discussions or support in this matter.

XDA Forum Rules (excerpt):

I'm sorry, I inadvertently broke your rules. It's just that in Russia changing IMEI is legal. It's funny, but everything I said above is legal here, including criticism of the government.
It's just that we can't get on the sight, otherwise they just throw two cartridges and goodbye Ivan)
What about virtualization? I installed VMOS Pro and raised the virtual Android over the real one. In a virtual different IMEI, would it be illegal in the US? Perhaps topics about virtualization should be avoided too?

 

[Powerfrmnwldg]

Zero figgis from archer