Slashdot Mirror
Ask Slashdot: How Do You Protect Data On Android?
Gibbs-Duhem writes "It makes me very nervous that my Android phone has access to my email/AIM/G-talk/Facebook, protected only by a presumably fairly easily hacked geometric password protection scheme. Even more because simply attaching the phone to a USB port allows complete access to the internal memory and SD card regardless of whether a password is entered. I have no idea how much of that information ranging from cached emails to passwords stored in plaintext is accessible when mounting the device as a USB drive, and that worries me."
For the rest of Gibbs-Duhem's question about issues in Android security, read on below.
Gibbs-Duhem continues:"I have a lot of sensitive information in my email, including passwords for websites and confidential business/technical strategy discussions (not to mention personal emails ranging from racy emails from boyfriends to health discussions). My email and messaging client passwords are difficult to type (or even remember), so I would ideally want them saved in the device, although at least having something like a keyring password that needed to be re-entered after a time delay would make me feel better. This leaves me relying on encryption and OS level security to protect me.
I'm okay with this on my real laptop and computers as my hard disks are software encrypted and I make a habit of locking my session whenever I leave my desk. For instance, if I lost my laptop, the odds of the thief getting access to my information is minimal. However, I don't feel that this is at all true for my phone (which is frankly far more likely to be lost).
How is it that the Slashdot security pros handle this issue? Do you just not use email or the many other incredibly convenient capabilities of new Android smartphones due to the risk? Or are there specific ways in which we can guarantee (or at least greatly augment) the existing security practices?"
I'm okay with this on my real laptop and computers as my hard disks are software encrypted and I make a habit of locking my session whenever I leave my desk. For instance, if I lost my laptop, the odds of the thief getting access to my information is minimal. However, I don't feel that this is at all true for my phone (which is frankly far more likely to be lost).
How is it that the Slashdot security pros handle this issue? Do you just not use email or the many other incredibly convenient capabilities of new Android smartphones due to the risk? Or are there specific ways in which we can guarantee (or at least greatly augment) the existing security practices?"
By using a regular phone with no shit like Facebook, Twitter, Google tracking. It's not that hard.
Just suck it up and type your password each time.
you don't need to worry about leaking data through usb if you set the usb options to charge only.
This looks like exactly what you want. It warns that its in beta, though, so I'm not sure how well I would trust it. Seems like better than nothing.Says it does full encryption of the entire system, optionally your SD card, as well as optional firewall for your phone. Wouldn't rely on it without backups, but it should work. Also, you could look at a system that keeps passwords off your actual phone, like LastPass does. Not sure how well it works with Android, but I'd look into it.
Also, Honeycomb supposedly offers device-level encryption link), so if you can wait for that on phones, that'd work too.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Phones suck for that sort of thing. They also assume one user, so you can't hand your phone to your friend/daughter/colleague without wondering if they're going to phone/text/ install non-free apps etc. It would be nice if they were more like regular computers so they could log on as a guest and have largely read only access, limited access to the above etc. It would also be great if the filesystem was encrypted so if your phone was stolen it wouldn't give up its secrets quite so easily. All solved on a linux desktop... so near but so far on the phone.
How Do You Protect Data On Android?
One seven three four six seven three two one four seven six Charlie three two seven eight nine seven seven seven six four three Tango seven three two Victor seven three one one seven eight eight eight seven three two four seven six seven eight nine seven six four three seven six. Lock?
When our name is on the back of your car, we're behind you all the way!
Relax. Privacy cannot be effectively acheived when it is contrary to the design and purpose of Android.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
...don't lose your phone.
Yes, I know, there are some people who lose things all of the time, things like keys, wallets, pagers, phones...
So far in the roughly sixteen years that this could be a problem for me, I have never lost a wallet, a set of keys, a pager, or a phone. I have locked keys in the car twice, but that was within my first two or three years of driving. I lost a Gerber Model 600 multitool once, but I think someone grabbed it and it wasn't simply lost.
If I was the kind of person who lost stuff often, I would either not have a smartphone or I would find a way to tether it to my person. There are all kinds of retractable tethers, from the old-school cable kind that custodial keyrings use, to fancy whiz-bang kinds like photographers use for rangefinders and light meters.
If you do lose your phone, I'd think that contacting the phone company and getting the service turned off would be first priority, which should sever links between the phone and the account anyway.
Do not look into laser with remaining eye.
Those who would gain a little safety by giving up necessary not-being-molested deserve neither and will lose both.
Keeping passwords in email is dumb - even if you run the email server. If you do not run the email server, you are being negligent.
Start using a password manager. The DB is encrypted with AES or some other known, strong, industry standard method. KeePass is available on Android - it sorta sucks when compared to Linux and Windows versions which support auto-type, but it is still better than email. Why don't you just store all your passwords in a passwords.txt text file on your desktop. That would be better than in email. At least then you could encrypt it with a really, really long passphrase for a ZIP file.
If you want the DB to be cross platform, you probably need to stay with the v1.x line of KeePass. There are "portable apps" versions for lots of platforms too.
Use a password manager already, but be certain to mirror your password DB file to lots of places - even drop it into your email. It is encrypted after all.
Take your phone, run it over with a truck. Then set it (the phone, not the truck) on fire. Then throw the ashes in a glass block. Then launch the glass block into the sun.
Not necessarily I think, as these two things protect against different style attacks.
Complex passwords:
+protects against brute force attacks
Manual entry of passwords every time (as opposed to saving them in client):
+protects against loss of control of your device
Depending on the situation, it's completely plausible that a complex saved password may be the right call.
Moreover, manual entry of passwords has a big negative: weak against shoulder surfing and entry loggers, which is enhanced by the fact that this is a mobile phone and you never know who might be watching.
Your phone may be fragmented, but my phone only has a bit of a dead spot in the upper left corner of the screen because I dropped it about 45 minutes ago. Nothing's fallen off it yet though.
But seriously, you're either grossly uninformed, a rabid fanboy parroting talking points, have never used an Android device for more than a few minutes, or just a weak troll. Fragmentation is largely irrelevant when you have a developer community like the folks at XDA working on pretty much any android device they can get their hands on. I count 94 devices being actively supported in that forum, many with tens of thousands of posts.
Even if you can come up with a dozen real-world, legitimate reasons that "fragmentation" ought to matter to me (I've heard exactly zero so far), I'd still choose it over your iPhone's walled garden any day.
I'm not a pro, so I use a BlackBerry because I haven't read about BlackBerry phones having all these various issues.
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
...keep that kind of data on my Android phone to start with. That's how.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
Be happy. Seriously. No one is interested in your Facebook page or your emails unless you've done something very, very bad.
Even more because simply attaching the phone to a USB port allows complete access to the internal memory and SD card regardless of whether a password is entered.
No, it doesn't. You get access to /sdcard (whether it corresponds to a physical SD card or not), but that's it. You don't get access (even read access) to sandboxed application and system data storage, unless your phone is rooted.
So the obvious answer is that, if you want security, don't root your phone. It should be kinda obvious that if you can do what you want with the phone via USB, so can any application running on your PC.
First you encrypt the sensitive bits on the android (ie passwords) with a master key.
Then you store the master key on an external server.
When you check your email the phone automatically sends the encrypted password to the server, gets back a decrypted password, and uses that to check your email. So there's no loss in convenience.
But if you lose your phone you can de-authorize it at the server level so the phone can no longer access the passwords and other encrypted data that was stored on it. This also means you'll be able to see which passwords were compromised (ie, accessed after you lost the phone, and before you de-authorized it).
It's not a perfect system but I think it would give decent security, no idea if anyone has done it of course.
I stole this Sig
On my G1, with either the stock firmware or cyanogen mod, I have to turn on mobile storage before the sd card and such are mountable through the USB. So, at least in my case, the pattern lock is effective for blocking USB access also (at least as effective as is it at locking anything else). Is this different for other firmware/models?
On the other hand, If I had the physical access, I could just yank the battery and plug the SD card into my laptop. So for that reason, I wouldn't rely on the pattern lock to secure anything sensitive anyways, regardless of how strong/weak it is. It's really only good for keeping somewhat honest people from digging through your text message history and such.
I usually equip them with laser weaponry or rocket launchers. If someone manages to disable them enough to render them unable to defend themselves, the data is usually pretty slagged too.
FWIW, the Droid 3 has full device encryption (Android 2.3.4). You can encrypt the whole phone, or just the internal memory card & SD card. It also has a time-lock password/pin/pattern that kicks in after 1-20 minutes (configurable). I was very surprised after upgrading from a Droid 1, which has basically no device protection what so ever...
There is a megabyte worth of firmware on your phone on a chip that has access to your camera, the mikes, the flash, virtually everything
on a device such as an "Sprint EVO 4g".
This device has two cores on a SOC, the general application ARM11 core you know about that runs a linux kernel and then there is another ARM9 core that
runs Qualcomm's AMSS software which is a CDMA2000 stack. This radio core has the same access like the general application core
to the camera and the mikes, in fact there is support for the camera in AMSS (aka "multimedia extensions").
The radio is my main worry right now. I've already gotten rid of the smithmicro device management software and all the other HTC agents in the
android environment but I'm seeing that the kernel(!) is maintaining http connections to sprintpcs.net servers. These I address with iptables right
now. The cameras both the front facing (!) camera and the camera in back are taped over by the way I suggest you do the same.
My impression is this thing is a turd of a mobile tracking bug and I'm thoroughly disgusted with it and the scum that is pushing it.
FYI on Qualcomm AMSS (Advanced Mobile Subscriber Software): http://avs234.net/docs/cpu/qualcomm/80-VH700-1_B_AMSS_Overview.pdf
Doesn't the iPhone suffer from pretty much the same problems as well? Moving to iPhone as the troll suggests solves nothing, and may even make the problem worse.
Nope. Encryption + Remote Wipe + Local Wipe on too many failed password attempts (see "Safe and Secure by Design" and "Ready for Business" on this page). Not even in the same universe as far as security goes...
Do you do that on your laptop? Most people freak out about their phones but are perfectly okay not encrypting data on their other devices. people are weak and make mistakes. Unless you want to play James Bond for a living get a life and move along.
Get a web developer
Surely, you jest. You should know better than to ever expect anything you post on facebook to be secure, ever.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
This sounds like a pretty nice and simple idea to me.
The extra amount of traffic does not matter, just a few bytes for the passwords and the delay does not really matter. Additionally that helps you if someone stole your phone as you could easily add some information about the current location.
One loophole is that you have to disable access/decryption instantly after your phone is missing, otherwise interception of the traffic would give the attacker the unencrypted password.
Put data on a modern "smartphone" of any kind and you can expect everybody halfway competent to get all data on it. That includes thiefs, the police, customs etc.. Believing anything else is just foolish.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Yeah, about that...
Granted, it'll stop John Q. Idiot from getting your data, but if you actually care about data encryption/safety in the first place, John Q. Idiot probably isn't the person you're afraid of. In the real world, there are very few people who need truly secure phones considering that the majority of the data on them is their calendar reminding them to pick up their daughter from school, their contacts list and Angry Birds. A good number of people who claim they want that security generally think what they have on their phone is more important than it really is (or they don't want their wives/girlfriends to find out about the affair they're having.) Only a slim number of people actually need that much security on their phones... and they, wisely, use Blackberries.
It's not exactly hard to just change your passwords in the event your phone gets stolen and they have access to saved banking information (WHY DO YOU HAVE THAT SAVED ON A PHONE?!), Paypal information (more plausible) or Apple Store/Android Market information.
Nobody cares what the CAPTCHA for your post was.
Nope. Encryption + Remote Wipe + Local Wipe on too many failed password attempts (see "Safe and Secure by Design" and "Ready for Business" on this page [apple.com]). Not even in the same universe as far as security goes...
See, I don't get all the people in this thread saying Android devices are "horrible" and "not even in the same universe as far as security." I have an Android phone from Motorola. It's billed by T-Mobile as one of their lower-end, entry-level smartphones, as opposed to a "teh awesomeness" phone. Nonetheless, my phone can encrypt the data on the device and the SD card, and it comes bundled with a (free) service from Motorola that not only lets you remote wipe your data, but will tell you where your phone is via GPS. It doesn't do the wipe on failed password attempts, but I wouldn't enable that anyway -- I'd hate to be fumbling with my phone trying to unlock it when I'm drunk and accidentally wipe all the data. So what security universe is my cheapie Android phone in?
Breakfast served all day!
I keep my phone with me. I never get drunk enough that I'm likely to leave my phone in a bar. I do a belt check whenever I leave a hotel room. My phone charger is on my desk in full view so I'm not likely to forget it in the charger.
Keeping your phone near you is at least 80% of security. No tool will absolutely guarantee you won't lose your data if you lose your phone. So first and foremost, don't lose your phone.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
For linking your Google account to your phone, turn on two-factor authentication. You can't actually use two-factor authentication to add your Google account to the phone, so you get the option to set up an application-specific password. Though nothing stops someone from reusing this password to access your mail, you can revoke this password at any time without affecting the rest of your application-specific passwords or your main Google account password. If your phone is lost, get to the nearest computer and revoke the phone password. Then if the thief does manage to extract your password, it's useless.
For the rest... well, the advice in the other comments seems to be about the best you can do.
Any used Blackberry form Ebay, unlocked for $ 2, set encryption on, password tries to 3, store word documents password protected on internal memory.
Effect:
- All content on device is encrypted.
- Any attempt to enter device password wrong 3 x wipes device - erases all content.
There is no way to 100% secure data on smartphones (Android/iPhone/Blackberry) against government level investigations. In fact, there is no way to 100% secure data against mere professional snoopers, both on the data extraction front, and on the wireless snooping front. In case you didn't realize, the philosophy of smartphones is to communicate and exchange data on as many fronts as possible. It is also designed to pack as many sensors to get data on you (microphone, GPS, camera...). Its form factor is also designed to make you take it anywhere you go, meaning you will bring it into all sorts of unsecured environments where losing it is easy. It is designed to be lost or stolen easily be being small and light. The sooner you can accept this, the sooner you will become happier. If you are not a spy, just use the cheapest Nokia phone and use codewords for both text messages and the address book. Also secure it with a chain to yourself. If you are a spy, or paranoid like some Russian businessmen I have met, not only do you use a cheapo Nokia phone, but also make sure to take out the battery everytime in a business meeting. And even then, there are modified phones with internal batteries to record you and broadcast it. Good luck.
Honeycomb 3.1 has the option to encrypt the whole filesystem. It failed initially on my Transformer, but I read somewhere that they fixed it. :)
I don't know what that means for access via USB to the SD card, but if you device has been turned off, the filesystem can't be accessed until you type the encryption password.
It's not the magic bullet, but it's an extra step
I'll Start. In Starfleet Federation, android Data protects you.
I'm totally screwed if I lose my phone. I handle my phone security like I do my data backups. I'll worry about once it's too late.
Android already supports an encrypted data storage API, but it is up to the individule App authors to implement it. At first only PayPal seemed to do this correctly but the other Major apps like Chase seem to do this now after public attention was drawn to their storing plain-text. You can also disable USB auto-mount (I'm wondering who your OEM is that auto-mount is enabled to begin with, are you sure this is the phones behavior?) You also aren't forced to use the visual lock screen either! You can use a pin-code or 3rd party software. Remote wipe software is also available and is a standard feature of Motorola's Blur Android. You can protect your Google account by activating two factor authentication, that way the phone gets its own unique password that can be deactivated and doesn't store the true password for Google. In the end physical access means ownage though.
I bought a brand new HTC Inspire for the beautiful display and big screen...Fucked up POS lasted me 4 days and went bad. They replaced it. That one lasted 10 days and went bad they replaced it, that one lasted 2 months, AT&T told me to kiss their ass so I through it through their window, had my iPhone turned back one...and life is good...I use the damn thing as a phone -- not as a 3 inch computer, Not as a micro email machine, not as a umbilical cord to keep me constantly wired to the grid...I unplug, go take a fucking photo, take a walk and don't worry about it. I have enough security hardware and tools monitoring the traffic on my personal network to let me know and to shut the whole thing down if anything to hinky starts happening....Hell I have more sniffing and monitoring happening than most businesses have. So I spend more time thinking of ways I can make companies that write bad software pay for the liability they have (*read Cem Kanner and Pels "Bad Software" title before you blast me on this and think about it... if more ppl would do this more companies would NOT subscribe to the thought of for x lines of code y number of bugs is acceptable! -- That is BULLSHIT! Its either right or its fucking wrong!).....I was headhunted from college by IBM to be their Global Deployment Manager - WANG Labs hired me away from IBM...I got sick of trying to put Microshit on PPL's desktops, be a tech, help desk teacher, and manager, so I quit, decided to go work for Microshit....Figured "Hey -- I know what it's like to try to use this crap in the field. maybe I can help em get it right ---- WOOOOOOOOW was I wrong (but god damn was it fun watching Balmer fume and throw things -- my office was directly across the hall from where he always held his meetings!!)........Nearly got fired at least twice a year for arguing with PM's that only care about shipping and getting paid...So you see until we get ride of the Microsofts, the PM and marketing asswads that only care about getting paid and make everything open source. Security will never happen, Nobody will be able to actually protect their data...They will only be able to give themselves a false sense of well being because some marketing bozo convinced them with a lot of pretty photos, jazzy slogans and wordy promises that by using their tool or their device or their software package, your protected....
It is impossible for a man to learn what he thinks he already knows
It seems that, while android can be encrypted, it's typically irrelevant since the system is always on. To deal with that, could you run a second environment? I see it's common to run linux chrooted on android. Could you do something similar, except the second environment is encrypted when not running? This way, quick but unsecure information is immediately available. Sensitive information is slower to access but is secured?
And so that you didn't have to regularly encrypt/decrypt the secure environment, could you use a bluetooth dongle to authenticate as well as signal when the environment should remain decrypted? When it's near, the unsecure environment knows to keep the secure environment decrypted. When the bluetooth system disassociates, the unsecure environment encrypts the secure environment. When the bluetooth dongle comes back, you push a button on the dongle and it provides the decryption key to the unsecure environment.
I do security
I'm glad someone mentioned Autowipe. It's free, and it's awesome.
There are options to wipe your phone and SD card via a password sent by text, too many incorrect unlock attempts, someone sticking their SIM card in the phone, etc.
If I ever lose my phone or it's stolen, one text message from me to my phone and the whole thing is wiped.
Hosting and Domain name coupons
The majority of android devices don't allow you to simply access the usb storage of them. You must be using a Motorola device. I thoroughly recommend using a Google branded device in the future. The Nexus S for example doesn't have removable storage and can only be connected through USB if you have the password or USB debugging mode was already enabled. Beyond that Google keeps their software up-to-date therefor mitigating any type of exploits. As well if you decide to root the device it force wipes the data already on it before allowing you access to the device.