Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ________.__ _______ __
- / _____/| |__ \ _ \ _______/ |_ ___________
- / \ ___| | \/ /_\ \ / ___/\ __\/ __ \_ __ \
- \ \_\ \ Y \ \_/ \\___ \ | | \ ___/| | \/
- \______ /___| /\_____ /____ > |__| \___ >__|
- \/ \/ \/ \/ \/
- .::Android Security Hardening::.
- =================================
- /This guide was created to help you to securely configure your Android device to stop spying and eavesdropping from various companies and government agencies. I hope this guide helps you along the path to becoming truly Anonymous. Enjoy!
- .::[Rooting]::.
- =================
- /It is strongly suggested that you root your device ASAP because it will give you plenty of awesome things like modifying system files, installing pirated apps, running any other mobile OS [Like CynogenMod], running root privilege apps, spoofing IMEI, ESN and MEID IDs and much more.
- /To root your device you will need the devices system drivers and a pre-made root kit. There are plenty of ways to root your android. I suggest you head over to http://forum.xda-developers.com.
- .::[Security Hardening]::.
- ============================
- /First, you need to enable Developer Options on your device if you haven't done so already. To do this go into
- -> Settings -> About Device -> Tap Build Number or Kernel Version OR Baseband Version. Its different for every Android OS.
- Settings -> Lock Screen -> Pattern/PIN -> ON
- Settings -> Security -> Device Encryption -> ON
- Settings -> Security -> SD Card Encryption -> ON
- Settings -> Security -> Unknown Sources -> OFF
- Settings -> Security -> Passwords Visible -> OFF
- Settings -> Desktop Backup Password -> ON
- Settings -> Security -> Password -> USB Debugging -> OFF
- Settings -> Developer Options -> Do Not Keep Activities -> ON
- Settings -> Developer Options -> Limit Background Processes -> At Most 2 Processes
- Settings -> My Device -> Power Saving Mode -> ON
- Settings -> My Device -> Voice Control -> OFF
- Settings -> Accessibility -> Google Subtitles [CC] -> OFF
- Settings -> Accessibility -> Samsung Subtitles [CC] -> OFF
- Settings -> Date and Time -> Automatic Date and Time -> OFF
- .::[Network Hardening]::.
- ===========================
- /Make sure you check these off, prevents location tracking and bluetooth MITM attacks and spoofs location in apps.
- Settings -> Connections -> Bluetooth -> OFF
- Settings -> Connections -> NFC -> OFF
- Settings -> Connections -> S Beam -> OFF
- Settings -> Connections -> Nearby Devices -> OFF
- Settings -> Connections -> Screen Mirroring -> OFF
- Settings -> Connections -> Tethering and Mobile Hotspot -> OFF
- Settings -> Accounts & Sync -> OFF
- Settings -> Location Services -> OFF
- Settings -> My Device -> Smart Screen -> OFF
- Settings -> Developer Options -> Allow Mock Locations -> ON
- /It is highly recommended that you run a VPN service on your device, as it will guarantee anonymous communication. You can configure VPN access by adding its certificates to the root [/] filesystem of the device. Either internal storage or SD Card. If your device does not have VPN configuration you can use the OpenVPN apps to do this.
- .::[Applications]::.
- =====================
- /These applications will need to be configured after installation.
- /The ones marked with "**" are essential for privacy and security. Also note some apps listed here MUST be configured! I added a "Configuration" section under the apps that need to be.
- **SuperSU
- Download: https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en
- Description: SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root. SuperSU has been built from the ground up to counter a number of problems with other Superuser access management tools.
- **DroidWall
- Download: https://code.google.com/p/droidwall/
- Description: Blocks all incoming and outgoing packets from your apps.
- Configuration: Be sure to disable all system applications and other applications that may eat up your network bandwidth speed.
- Enable Root Browser, RomToolBox, Wireless Tether, DroidWall, Busy Box, SuperSU and any other relevant Application.
- **Root Explorer
- Download: https://code.google.com/p/p500/downloads/detail?name=Root%20Explorer%20%282.19%29.apk
- Description: Accesses your devices root system files.
- **OpenVPN
- Link: https://play.google.com/store/apps/details?id=de.blinkt.openvpn
- Description: OpenVPN is a client software to connect to an OpenVPN server and not a free VPN software.
- **OpenVPN Installer
- Download: https://play.google.com/store/apps/details?id=de.schaeuffelhut.android.openvpn.installer
- Description: OpenVPN Installer will try to install OpenVPN [2.1.1] in /system/xbin or /system/bin. Your mileage might vary depending on your device.
- **OpenVPN Settings
- Download: https://play.google.com/store/apps/details?id=de.schaeuffelhut.android.openvpn
- Description: UI similar to Wi-Fi settings; Restart tunnel when connectivity changes [e.g. from wifi to 3G]; Start on boot; Passphrase; DNS; Script-Security; Write and View Log File; Open Source [GPLv3].
- **OpenVPN Connect
- Download: https://play.google.com/store/apps/details?id=net.openvpn.openvpn
- Description: OpenVPN Connect is the official full-featured Android VPN client for the OpenVPN Access Server, Private Tunnel VPN and OpenVPN community.
- Wireless Tether
- Download: https://code.google.com/p/android-wifi-tether/
- Description: This program enables tethering via wifi for rooted devices.
- **Call Control
- Download: https://play.google.com/store/apps/details?id=com.flexaspect.android.everycallcontrol
- Description: Call Control is full featured call blocker that's super easy to use and is a trusted call blocker by more than 10M users to block unwanted calls and texts. Calls are blocked silently without you ever knowing someone called.
- **RomToolBox
- Download: https://play.google.com/store/apps/details?id=com.jrummy.liberty.toolbox
- Description: ROM Toolbox combines all the great root apps into one monster app with a beautiful and easy to use interface. ROM Toolbox has every tool you need to make your Android device fast and customized to your liking.
- **BusyBox
- Download: https://play.google.com/store/apps/details?id=stericson.busybox
- Description: This is the only installer that is ad free and requires no internet permission.
- **NoBloat
- Link: https://play.google.com/store/apps/details?id=com.tvkdevelopment.nobloatfree
- Description: NoBloat lets you delete unwanted apps that come per-installed with your device.
- **ORBot
- Download: https://play.google.com/store/apps/details?id=org.torproject.android
- Description: Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world.
- **RedPhone
- Download: https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone&hl=en
- Description: This application will encrypt your voice calls if both users are is running it.
- F-Droid
- Download: https://f-droid.org/
- Description: F-Droid is an installable catalog of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
- Aptiode
- Download: http://m.aptoide.com/installer?lang=EN
- Description: A free market place to download pirated and cracked apps.
- **Xabber
- Download: https://f-droid.org/repository/browse/?fdfilter=xabber&fdid=com.xabber.androiddev
- Description: Xabber is a full Java implementation of XMPP, and supports both OTR and Tor. Its UI is a bit more streamlined than Guardian Project's ChatSecure, and it does not make use of any native code components (which are more vulnerable to code execution exploits than pure Java code). Unfortunately, this means it lacks some of ChatSecure's nicer features, such as push-to-talk voice and file transfer.
- Configuration: Go into settings and check the following.
- Notifications -> Message text in Notifications -> Off (notifications can be read by other apps!)
- Accounts -> Integration into system accounts -> Off
- Accounts -> Store message history -> Don't Store
- Security -> Store History -> Off
- Security -> Check Server Certificate
- Chat -> Show Typing Notifications -> Off
- Connection Settings -> Auto-away -> disabled
- Connection Settings -> Extended away when idle -> Disabled
- Keep Wifi Awake -> On
- Prevent sleep Mode -> On
- **Offline Calender
- Download: https://f-droid.org/repository/browse/?fdfilter=offline%20calendar&fdid=org.sufficientlysecure.localcalendar
- Description: Offline Calendar is a hack to allow you to create a fake local Google account that does not sync to Google. This allows you to use the Calendar App without risk of leaking your activities to Google.
- **K-9 Mail
- Download: https://f-droid.org/repository/browse/?fdid=com.fsck.k9
- Description: E-mail client supporting multiple accounts, POP3, IMAP and Push IMAP. Can do encryption if APG and/or OpenKeychain is installed depending on the version. Settings and account configurations can be exported so that they can be imported easily if you are switching packages/signatures: a file manager will need to be already installed to achieve this.
- **APG
- Download: https://f-droid.org/repository/browse/?fdid=org.thialfihar.android.apg
- Description: APG is a port of OpenPGP for Android. Use it to encrypt and decrypt files, and in conjunction with K-9 Mail, to seamlessly add support for encrypting and decrypting emails, as well as adding and verifying digital signatures.
- OSMAnd~
- Download: https://f-droid.org/repository/browse/?fdfilter=osmand&fdid=net.osmand.plus
- Description: A free offline mapping tool. While the UI is a little clunky, it does support voice navigation and driving directions, and is a handy, private alternative to Google Maps.
- VLC
- Download: https://f-droid.org/repository/browse/?fdfilter=vlc&fdid=org.videolan.vlc
- Description: Video and audio player that supports a wide range of formats, for both local and remote playback.
- **Firefox
- Download: https://f-droid.org/repository/browse/?fdfilter=firefox&fdid=org.mozilla.firefox
- Description: Better browser then Chrome and the built in android browser.
- Configuration: Go into Firefox settings and disable the following:
- Settings -> Sync -> OFF
- Settings -> Mozilla -> Telemetry -> OFF
- Settings -> Mozilla -> Crash Reporter -> OFF
- Settings -> Mozilla -> Health Report -> OFF
- Settings -> Privacy -> Remember Passwords -> OFF
- Settings -> Privacy -> Use Master Password -> OFF
- Settings -> Privacy -> Tracking -> Do Not Track
- Settings -> Privacy -> Cookies -> Enable Cookies; Excluding 3rd Party
- Settings -> Developer Options -> Remote Debugging -> OFF
- Download NoScript, HTTPS-Everywhere, Adblock Edge. Also be sure to edit the "about:config" options withing Firefox. See my other Firefox guide for more configuration here: http://pastebin.com/fn7VHwhm
- **Launch App Ops
- Download: https://f-droid.org/repository/browse/?fdfilter=permissions&fdid=com.adstrosoftware.launchappops
- Description: In Android 4.3 there is a new activity/screen, not accessible from settings, called App Ops, where you can manage permissions for different apps. This app simply allows you to launch this activity.
- OS Monitor
- Download: https://f-droid.org/repository/browse/?fdfilter=os%20monitor&fdid=com.eolwral.osmonitor
- Description: OS Monitor is an excellent Android process and connection monitoring app, that can help you watch for CPU usage and connection attempts by your apps.
- **CCleaner
- Download: https://play.google.com/store/apps/details?id=com.piriform.ccleaner
- Description: Cleans all the useless crap that can slow your phone down such as logs, cache, empty folders and more.
- **Titanium Backup PRO
- Download: https://play.google.com/store/apps/details?id=com.keramidas.TitaniumBackup&hl=en
- Description: You can backup, restore, freeze [With pro version] your apps, data, market links. This includes all protected apps & system apps, plus external data on your SD card. You can do 0-click batch & scheduled backups. Backups will operate without closing any apps [With pro version]. You can move any app [or app data] to and from the SD card. You can browse any app's data and even query the Market to see detailed information about the apps.
- dSploit
- Download: http://m.banzai13fr.store.aptoide.com/app/market/it.evilsocket.dsploit.debug/1/4903638/dSploit
- Description: Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many TCP protocols, perform man in the middle attacks such as password sniffing [With common protocols dissection] and real time traffic manipulation and more.
- Terminal Emulator
- Download: https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=en
- Description: Access your Android's built-in Linux command line shell.
- ========================
- /After you install and configure these applications, it is recommended that you use Titanium Backup to either freeze or uninstall EVERYTHING that has to do with Google. These include:
- Google Account Manager
- Google Backup Transport
- Google Calender Sync
- Google Contacts Sync
- Google Partner Setup
- Google Play Services
- Google Play Store
- Google Search
- Google Services Framework
- Google Text-to-Speech Engine
- Google+
- LocationServices 1.0
- Doing this means you will have no Google Play Store, No syncing with your Google account, No Google Maps, No Google search, No Google Play Services, No YouTube, No Google+, No Google Contacts, Nothing Google at all. This will ensure that those asshats from Google are not tracking you, eavesdropping on your texts and calls, logging all of your metadata and so on. Also, it is VERY important that you DO NOT to install an app that uses a lot of permissions. Such as Facebook, Facebook Messenger, Twitter, Steam, Netflix and so on.
- /So there you have it! You are now running a securely hardened Android device. If you are interested in reading more about this topic head over to: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
- /Feel free to suggest any more techniques for enhancing security and I will gladly add them above!
- .-.
- ( " )
- /\_.' '._/\
- | |
- \ /
- \ /`
- .(__) /
- `.__.' @Gh0sterSec
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement