Android Security

Here are some tips for keeping your Android phone or tablet safe. As you may know, the Android phone platform is not very secure. It can be hacked/compromised through a variety of methods which I will get into through subsequent posts.

Is an iPhone safer? Out of the box, yes. But the advantage with the Android OS is that there are many security programs in the Google Play Store. There are many options not available in the walled garden we call the Apple iTunes App Store.  iPhones are still subject to hacking, fishing, wifi and http spoofing, etc.

Use a Virtual Private Network (VPN)

A Virtual Private Network (VPN) is a secure connection to a remote server that allows you to hide your IP address. This is beneficial for a variety of reasons. Region-restricted websites can be reached, your location and personal IP is masked from spies and trackers, bypass internet censorship for users outside of the United States (and U.S. residents who are on restricted WiFi access) and for downloading files over Bit Torrent.

Most VPN connections are made on a mobile platform through an app. It is usually easy to use – a simple click of a virtual button/switch and you are off the races. Make sure you add a bookmark in your browser to check your IP address to verify that you are really masking your IP address.

Most security-minded tech users are well aware of this first line of defense. There are many VPN options, most of which are pay-to-use, including Private Internet Access (PIA), KeepSolid, PureVPN, and IPVanish. I encourage you to look into all the options and consider that you do get what you pay for. Avoid “free” options as you are likely to be looking at a faulty service that may sell your data, show ads and create a false sense of security.  Personally, I use Private Internet Access VPN, which does not store logs of your use, works on your PC, Mac, iPhone, and Android platforms. There’s even a linux Ubuntu option. The service at the time of this post is $6.95/mo and $39.95/yr, which is divides out to $3.33/mo.

TOR

What is TOR?

I can’t explain it better than Wikipedia:

Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name “The Onion Router”.^[8][9] Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays^[10] to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”.^[11] Tor’s use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.

Tor is often used without VPN but I encourage you to use it with VPN. While Tor was seen as uncrackable, both governments and bad actors have discovered ways to unmask your Tor connection. This has scared many away from Tor, but rest assured that if you use an underlying VPN and aren’t up to devious/criminal behavior, you are likely safe to use Tor as a valuable privacy/security tool. If you are unmasked, the VPN will still show your VPN IP address. Here’s my humorous way of looking at it: Orbot is like pants, VPN is like underwear.

How do you use it with Android?

Using Tor is a two step app process. Download Orbot and Orfox from the Google Play Store. Both are free apps and were created by the Tor Project. Once downloaded, you will want to click on Orbot first which will create your Tor connection. Click start once in and the app will let you know if you are connected. This app will encrypt your internet traffic and will work with other Android apps, including Twitter, chat apps, web surfing, etc. Next you will want to open your Orfox app, which is a version of Firefox created by the Tor Project that will make sure  your web communications are routed through your Tor proxy connection. Use this rather than Chrome, Firefox and your default web browser for private browsing. It is generally frowned up to log into bank accounts and other accounts that can compromise your personal security. If you need to check your bank account, do so with your real IP before you log into VPN and Orbot.

Noscript and HTTPS Everywhere

Once you are in your Orfox browser, you will see links to “noscript” and “https everywhere.” You will want to install these Firefox add-ons. Orfox will by design block the installation and will ask you if you want to proceed. Noscript is open source software that blocks JavaScript, Java, Flash and other plugins from untrustworthy sources from running and hijacking your Android device. Https everywhere will attempt to force all website connections on Orfox to connect with https, which creates an encrypted connection between your android device and the destination.

D-Vasive Pro by John McAfee

John McAfee, the notorious creator of McAfee Anti-virus, legendary internet security pioneer and expert created this $5 app on the Google Play Store that blocks bad actors from accessing your bluetooth, wifi, camera, and microphone. If something attempts to open a connection to these things, the app will prompt you. If you want to use the wifi or camera, you can override the software as needed. Very valuable tool in a day when these things can be remotely activated to spy on you in real time! Highly recommended app.