Slashdot Mirror
Ask Slashdot: How Do You Protect Data On Android?
Gibbs-Duhem writes "It makes me very nervous that my Android phone has access to my email/AIM/G-talk/Facebook, protected only by a presumably fairly easily hacked geometric password protection scheme. Even more because simply attaching the phone to a USB port allows complete access to the internal memory and SD card regardless of whether a password is entered. I have no idea how much of that information ranging from cached emails to passwords stored in plaintext is accessible when mounting the device as a USB drive, and that worries me."
For the rest of Gibbs-Duhem's question about issues in Android security, read on below.
Gibbs-Duhem continues:"I have a lot of sensitive information in my email, including passwords for websites and confidential business/technical strategy discussions (not to mention personal emails ranging from racy emails from boyfriends to health discussions). My email and messaging client passwords are difficult to type (or even remember), so I would ideally want them saved in the device, although at least having something like a keyring password that needed to be re-entered after a time delay would make me feel better. This leaves me relying on encryption and OS level security to protect me.
I'm okay with this on my real laptop and computers as my hard disks are software encrypted and I make a habit of locking my session whenever I leave my desk. For instance, if I lost my laptop, the odds of the thief getting access to my information is minimal. However, I don't feel that this is at all true for my phone (which is frankly far more likely to be lost).
How is it that the Slashdot security pros handle this issue? Do you just not use email or the many other incredibly convenient capabilities of new Android smartphones due to the risk? Or are there specific ways in which we can guarantee (or at least greatly augment) the existing security practices?"
I'm okay with this on my real laptop and computers as my hard disks are software encrypted and I make a habit of locking my session whenever I leave my desk. For instance, if I lost my laptop, the odds of the thief getting access to my information is minimal. However, I don't feel that this is at all true for my phone (which is frankly far more likely to be lost).
How is it that the Slashdot security pros handle this issue? Do you just not use email or the many other incredibly convenient capabilities of new Android smartphones due to the risk? Or are there specific ways in which we can guarantee (or at least greatly augment) the existing security practices?"
Yes but let's assume we aren't asking the question for the 0.00001% of humanity with no interest in being a part of society.
Just suck it up and type your password each time.
Yea,
and I secure my car by having a bicycle, instead.
Sure, I get wet when it rains, but I'm a so much safer.
This looks like exactly what you want. It warns that its in beta, though, so I'm not sure how well I would trust it. Seems like better than nothing.Says it does full encryption of the entire system, optionally your SD card, as well as optional firewall for your phone. Wouldn't rely on it without backups, but it should work. Also, you could look at a system that keeps passwords off your actual phone, like LastPass does. Not sure how well it works with Android, but I'd look into it.
Also, Honeycomb supposedly offers device-level encryption link), so if you can wait for that on phones, that'd work too.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Phones suck for that sort of thing. They also assume one user, so you can't hand your phone to your friend/daughter/colleague without wondering if they're going to phone/text/ install non-free apps etc. It would be nice if they were more like regular computers so they could log on as a guest and have largely read only access, limited access to the above etc. It would also be great if the filesystem was encrypted so if your phone was stolen it wouldn't give up its secrets quite so easily. All solved on a linux desktop... so near but so far on the phone.
"Even more because simply attaching the phone to a USB port allows complete access to the internal memory and SD card regardless of whether a password is entered."
I have a Nexus S with Android 2.3.4. Whenever I plug in a USB data cable, a pop-up asks me to "Turn on USB storage". This is only accessible after I enter my password. I realize he is bitching in general but with respect to this specific problem... it's a non-issue.
Those who would gain a little safety by giving up necessary not-being-molested deserve neither and will lose both.
Not necessarily I think, as these two things protect against different style attacks.
Complex passwords:
+protects against brute force attacks
Manual entry of passwords every time (as opposed to saving them in client):
+protects against loss of control of your device
Depending on the situation, it's completely plausible that a complex saved password may be the right call.
Moreover, manual entry of passwords has a big negative: weak against shoulder surfing and entry loggers, which is enhanced by the fact that this is a mobile phone and you never know who might be watching.
Can you even access the pull down the activate USB mass-storage mode when the phone is locked?
I would think it's sufficient just to disable development mode, so that ADB cannot be hooked into USB, which I think does work when the phone is locked.
If you think that 99% of people use "smart phones", you're grossly out of touch with reality. "Smart phones" are grossly expensive status symbols. The only people I know who use "smart phones" have them to impress other people. I run a multi-million dollar business just fine with a laptop and a "dumb" cell phone.
I think you are grossly out of touch with reality. A smartphone lets me do my business without having to carry the laptop around, like you are apparently doing everywhere you go. I suppose you'd also like the children to stay off your lawn?
...keep that kind of data on my Android phone to start with. That's how.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
Even more because simply attaching the phone to a USB port allows complete access to the internal memory and SD card regardless of whether a password is entered.
No, it doesn't. You get access to /sdcard (whether it corresponds to a physical SD card or not), but that's it. You don't get access (even read access) to sandboxed application and system data storage, unless your phone is rooted.
So the obvious answer is that, if you want security, don't root your phone. It should be kinda obvious that if you can do what you want with the phone via USB, so can any application running on your PC.
If you think that 99% of people use "smart phones", you're grossly out of touch with reality. "Smart phones" are grossly expensive status symbols. The only people I know who use "smart phones" have them to impress other people. I run a multi-million dollar business just fine with a laptop and a "dumb" cell phone.
In Australia in 2010, 43% of phones sales were smart phones. The prediction for 2011 is 70% of sales will be smart phones..
Smart phones are becoming the norm.
FWIW, the Droid 3 has full device encryption (Android 2.3.4). You can encrypt the whole phone, or just the internal memory card & SD card. It also has a time-lock password/pin/pattern that kicks in after 1-20 minutes (configurable). I was very surprised after upgrading from a Droid 1, which has basically no device protection what so ever...
Yeah, tried that.... fail. Maybe your android is better, but vpn support varies wildly from model to model, and forget remote desktop or vnc - It isn't worth the frustration. I got a motorola droid with a hardware keyboard thinking "at least I can use the command line", but the key mapping really isn't appropriate for vi or anything serious in the shell. Sure it is nice to have access to email and the ability to remote in, but I have found many times where it was so frustrating I just said "forget it, I'm wasting my time" and got out the laptop. Anyhow, what I am saying is YMMV.
Get a web developer
Take your phone, run it over with a truck. Then set it (the phone, not the truck) on fire. Then throw the ashes in a glass block. Then launch the glass block into the sun.
And so you think that isn't susceptible to an extraterrestrial-in-the-middle attack?
Why couldn't they just store a hash?
What would be the point of that?
"Smart phones" are grossly expensive status symbols.
Thems new-fangled smartphones are just for them there kids that want to look "cool" with their myface, their twizzler and their spacebook. I don't want no smarphones on my lawn!
Yes, but how do you keep your stuff secure after you plug it into a computer, give it to an enemy, give apps permission to view your email/sdcard/facebook/twitter/texts/etc? I mean, with a system like this that just "lets" users give away their data, I don't see how anyone can ever consider using it!
Put data on a modern "smartphone" of any kind and you can expect everybody halfway competent to get all data on it. That includes thiefs, the police, customs etc.. Believing anything else is just foolish.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Nope. Encryption + Remote Wipe + Local Wipe on too many failed password attempts (see "Safe and Secure by Design" and "Ready for Business" on this page [apple.com]). Not even in the same universe as far as security goes...
See, I don't get all the people in this thread saying Android devices are "horrible" and "not even in the same universe as far as security." I have an Android phone from Motorola. It's billed by T-Mobile as one of their lower-end, entry-level smartphones, as opposed to a "teh awesomeness" phone. Nonetheless, my phone can encrypt the data on the device and the SD card, and it comes bundled with a (free) service from Motorola that not only lets you remote wipe your data, but will tell you where your phone is via GPS. It doesn't do the wipe on failed password attempts, but I wouldn't enable that anyway -- I'd hate to be fumbling with my phone trying to unlock it when I'm drunk and accidentally wipe all the data. So what security universe is my cheapie Android phone in?
Breakfast served all day!
I keep my phone with me. I never get drunk enough that I'm likely to leave my phone in a bar. I do a belt check whenever I leave a hotel room. My phone charger is on my desk in full view so I'm not likely to forget it in the charger.
Keeping your phone near you is at least 80% of security. No tool will absolutely guarantee you won't lose your data if you lose your phone. So first and foremost, don't lose your phone.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
For linking your Google account to your phone, turn on two-factor authentication. You can't actually use two-factor authentication to add your Google account to the phone, so you get the option to set up an application-specific password. Though nothing stops someone from reusing this password to access your mail, you can revoke this password at any time without affecting the rest of your application-specific passwords or your main Google account password. If your phone is lost, get to the nearest computer and revoke the phone password. Then if the thief does manage to extract your password, it's useless.
For the rest... well, the advice in the other comments seems to be about the best you can do.
Any used Blackberry form Ebay, unlocked for $ 2, set encryption on, password tries to 3, store word documents password protected on internal memory.
Effect:
- All content on device is encrypted.
- Any attempt to enter device password wrong 3 x wipes device - erases all content.
There is no way to 100% secure data on smartphones (Android/iPhone/Blackberry) against government level investigations. In fact, there is no way to 100% secure data against mere professional snoopers, both on the data extraction front, and on the wireless snooping front. In case you didn't realize, the philosophy of smartphones is to communicate and exchange data on as many fronts as possible. It is also designed to pack as many sensors to get data on you (microphone, GPS, camera...). Its form factor is also designed to make you take it anywhere you go, meaning you will bring it into all sorts of unsecured environments where losing it is easy. It is designed to be lost or stolen easily be being small and light. The sooner you can accept this, the sooner you will become happier. If you are not a spy, just use the cheapest Nokia phone and use codewords for both text messages and the address book. Also secure it with a chain to yourself. If you are a spy, or paranoid like some Russian businessmen I have met, not only do you use a cheapo Nokia phone, but also make sure to take out the battery everytime in a business meeting. And even then, there are modified phones with internal batteries to record you and broadcast it. Good luck.
I'm totally screwed if I lose my phone. I handle my phone security like I do my data backups. I'll worry about once it's too late.
If they can plug in a USB cable, they can take the SD card out. That was my point.
If they can't do either of those things, that means they don't have your phone and there's no worry.
I don't think you understand. iOS has a keychain (just like OS X, upon which it's based). The keychain is an encrypted file that contains things likes passwords.
But that only keeps you safe if your storage media is somehow stolen. Given that the media is soldered into the phone, that's an unlikely scenario.
The only way to access the password database on Androind (and I presume iOS) is to be root. If you're root, you've got access to the procedure for decrypting passwords.
Therefore, what's the point of obscuring the passwords?
Nick
Because Google's business model is to create a panopticon, and monetise th einformation they collect about their subscribers.
In short, you are inventory, not a customer. This is the Google imperitive. If you wish to paly on their field, you must understand their motivation. It is not to advance humanity, or "be cool", or any other fantasy.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell