✏ Constructive tips for improved security for the FP1(U)

This is a Wiki Post. Everybody can edit it.

OK, we all know that Android 4.2 has a number of security issues. Even if the FP team’s ambition is to provide patches at least till the end of 2016, these issues won’t be addressed instantly.

We also know that upgrading the FP1 beyond Android 4.2 (or replacing it with another OS) is nothing but a pipe dream. Yes, I know that CM is a possible option, but let’s face it: quite a few things does not work in CM, and the less ‘nerdy’ FP users will naturally refrain from replacing the default OS.

In other words, it is rather pointless to go on stating the obvious, complaining about FP’s choice of chipset &c &c. It makes more sense putting together a list of what the ordinary user can do to minimise security risks.

Add your best tips to the list which is divided into two categories:

A. Prudent behaviour (you know this already, but all the same:)

  • don’t visit dodgy websites
  • don’t click on every available link
  • don’t install apps from untrusted sources.
  • don’t allow for installation of apps from unknown sources by default
  • don’t install individual apps (.apk files) found after a random internet search, use reasonably trustworthy repositories (see below)
  • if you’ve installed Google Play Store, see to that authentification is required for app purchases.
  • turn off internet connection (wlan/mobile data) when you don’t actively use it.

B. Useful apps that can improve security

Firewalls (for blocking unwanted/unmonitored internet access)

  • AFWall+ (probably the most efficient, open source, available on F-Droid, gives you control also by black/white lists and profiles, allows you to choose between blocking wifi and mobile connection or both)
  • Avast Mobile Security (Firewall gives you basically the same firewall options as AFWall+ but apparently not 100 % efficient. Also includes anti-theft, antivirus, SMS/Call Filter, network activity log, plus checking WLAN Hotspots for security issues)

Browsers

(the stock Android browser is known to have security holes. Let the firewall block it or disable it as described by @ben and install another browser)

  • Firefox (OpenSource; be careful with addons or apps that can be installed in Firefox)
  • Fennec (Firefox version on F-Droid)
  • IceCatMobile (GNU fork of Firefox Mobile ESR (=LTS))
  • Opera
  • Dolphin
  • Orweb (aimed at security in bundle with Orbot which uses TOR network to provide more browsing privacy. Requires Orbot.)
  • Orfox (newer than Orweb and based on Fennec/Firefox. Need to add Guardian Project repo to F-Droid.)
  • Chrome

If you are ever going to use any public open WiFi, one must-have add-on for Firefox, Opera, and Chrome is HTTPS-Everywhere. (Apparently not available for Dolphin, already build-in to Orweb.)

Repositories - app stores

(No repository will ever give you 100 % safety, but these can be regarded as reasonably safe:)

  • F-Droid (only free and open source software)
  • Google Play Store (at least for well-known and wide-spread apps)
  • Amazon App Store (at least for well-known and wide-spread apps)

C. System modifications with XPosed

Because Fairphone is a rooted device you can get deeper control of your System than simple App can do. You can use this to enhance the securety of your Phone, too. To get this deep access you need to install the XPosed Framework first. This Framework covers every system call with a very own function, so if an App tryes to call a Android function the corresponding XPosed Function is called. If no XPosed-Module says someting differend XPosed simply calls the real Android function and everything workes like expected. Using this technique the Xposed modules can control almost every functionality of your Fairphone.

So the magic comes from the XPosed-Modules witch are using this technique. Because they deeply intrude your Phone and they can also damage every function of your Phone you should select them wise and only that ones you really need.

Security Modules:

  • XPrivacy: The XPrivacy module allows you to manually control every single right of every single App. If for example an App tries to to access your contacts or the internet a Dialog pops up asking you if you want to allow this. This is a little arduous, because the first start of an App often becomes a click orgy, but you get the ultimate control of your personal privacy. You can find some more detailed information about the functionality of XPrivacy at this Topic and this Youtube Videos show how to install and use the Module 1, 2.
  • BlackList: the BlackList module allows you to edit black/white lists of numbers which are enabled/disabled to call or SMS you; you can edit lists in order to filter all calls/SMSes coming from the list or coming from all numbers but the list, or block all incoming calls/SMSes at all, and so on. The Pro version allows you to disable logging in order to completely hide all informations about the events and to schedule different type of blocks.

D. Block Ads

Besides wasting bandwidth, ad servers can be exploited to serve malicious content to users, as was observed with Dogspectus (article in German: http://www.heise.de/security/meldung/Dogspectus-Erste-Android-Geraete-im-Vorbeisurfen-mit-Exploit-Kit-verseucht-3190235.html)

Add your own security tips to the list!

22 Likes