Hardening your Android Device : Few Essentials

1.   Android is the most popular mobile platform in the world, with a wide variety of applications, including many applications that aid in communications security, censorship circumvention, and activist organization. Moreover, the core of the Android platform is Open Source, auditable, and modifiable by anyone. Unfortunately though, mobile devices in general and Android devices in particular have not been designed with privacy in mind. In fact, they've seemingly been designed with nearly the opposite goal: to make it easy for third parties, telecommunications companies, sophisticated state-sized adversaries, and even random hackers to extract all manner of personal information from the user. This includes the full content of personal communications with business partners and loved ones. Worse still, by default, the user is given very little in the way of control or even informed consent about what information is being collected and how.

 

2.  This presentation brings out few basic steps that every android phone user should configure to harden his/her device.Although the list is not completely exhaustive but it brings out basic necessities as expected from any smart user.

 

Officially Keylogged : Welcome to Microsoft Windows 10 Preview

1.   Though an avid loyalist of Linux for last about a decade,I always keep a tag of what’s happening in the world of Windows......and recently when Windows 10 preview was launched I started reading various reviews pan web....and I came across this startling and surprisingly criminal revelation regarding inbuilt key logging in the OS available for download.See the screen shot below straight from the Microsoft and you read it for your self highlighted...  

(Click to Enlarge)

2.     This is actually too much in the name of Data Collection wave by various companies as a genuine and legal move putting across mostly naive users at complete risk since anyone is hardly interested in reading the Terms & Conditions of any application.A google search on this gives surprising concerns as bought out by various reviewers across as seen below :

(Click to Enlarge)

3.   Few interesting statements below from Terms and Conditions :

"Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage."


"We may collect information about your device and applications and use it for purposes such as determining or improving compatibility" and "use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing."
The killer statement says, "If you open a file, we may collect information about the file, the application used to open the file, and how long it takes any use [of] it for purposes such as improving performance, or [if you] enter text, we may collect typed characters, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features."

4.     Thanks Microsoft :-)

Your ANDROID APPLICATIONS : Mining your profile

1.    It is common for us to hear a company promoting its phone or tablet showcasing that lakhs of android applications are available for free...and the poor(???) customer generally falls for it...so he buys the device and immediately starts exploiting the world of millions of applications on the net and the Google play store...now off course Google just does not upload a application for download once the up loader does his part of the formalities and registration...it checks under its set of QRs if the application is ok from the point of being malicious in nature or not but that does not always works....so many times android applications even in the Google play-store have been found to be suspected...now lets keep suspected apart...does the typical user even checks the terms and conditions of any application before installing?...the blind rule is JUST ACCEPT IT!!!and this goes against the user...this allows invasion to privacy...why should a company ask to access your phone contacts..your location..your system settings...your configuration settings before it allows to install it application on your device...BUT NO ONE THINKS ABOUT THIS!!!!

Back in February of this year, Google announced it was hardening its stance on Android security, unveiling an app-scanner (codenamed Bouncer) to weed out malware uploaded to Android Market (now Google Play) through automatic scanning. Since then, Google has taken more steps to protect Android users: it acquired VirusTotal back in September and in Android 4.2 Jelly Bean introduced an optional app verification feature that enables users to identify dangerous and potentially-dangerous apps on their devices, even if they downloaded them from the Web or got them from an app store other than Google Play.

How have Google’s efforts to combat Android malware been working out? Perhaps not so well. Security researchers were quickly able to analyze how Bouncer operated and find easy ways to circumvent Google Play’s automated scanning — techniques publicly available now to malware authors if they hadn’t managed to think of them on their own. Further, Xuxian Jiang of North Carolina State University has published an assessment of Jelly Bean’s app verification capability. The results? Google’s app verification service identified just over 15 percent of malware samples thrown at it from the Android Malware Genome Project

Source : http://www.digitaltrends.com/mobile/who-can-fight-android-malware-not-google/

2.     Mobile malware is lately becoming a organised crime with complex sophistication in terms of tracking back....and this makes the attack surface for the hacker and the black hats more big and the user more vulnerable at the same time....The most common victim is the one who looks for free applications in various heads of education...technology and not to forget the games section which is a big hit among-st all...the users love the games for which he has to pay nothing and the attacker gets a lot of attack surface to play around...and then the DO IT YOUR SELF TOOLS again add to the attack surface.

WHAT CAN YOU DO TO AVOID THIS?

- Keep your android updated: Now in this case most of the devices till 4.2.1 may not support upgrades..but then you have to keep your fingers crossed!!!

- Refrain from android applications other then google play store.STill you have to be careful...wherever possible read the Terms and Conditions before installing

-  Avoid public open wifi connections

-  Limit your greed to free applications.You may google about the application on google before you install it on your device.

"Terms & Conditions Apply" : Bon Voyage to your Privacy

1.   How many of you actually read the complete word set of "Terms and Conditions" of an application like Chrome browser ,Facebook or some thing like WhatsApp,Truecaller etc.....m sure no one hardly has time for that....ok...just for info please read the excerpt below :

Google's terms of service, for instance, clocks in at 1,711 words, according to an AFP count, not including a separate 2,382-word privacy policy that is still about 1,000 words shorter than the Google Chrome browser policy

Facebook's terms of service clocks in at 4525 words....(I did a word count with a libre office)

WhatsApp terms of service clocks in at 6549 words....(I did a word count with a libre office for this too :-)

2.    So at the above rate for a typical Internet user who installs the regular OS,Word ,PDF,VLC, it would take about 200 hours the equivalent of about one full month of work a year to fully read all the terms and conditions attached to his or her favorite websites.Will any person on earth do it?Now think over the fact that why would a company legally bind every user with thousand of words of legal agreement...what could be the motive...the motive of any company on the web is not just to save its own credibility and ass but the real motive is mining data...that's why most of it is free...why would chrome be free or for that matter why so many applications are free?...I am not trying to demean the OPENSOURCE community here who are doing a great job and I am a strict FOSS for that matter...but I would like to focus on other applications like WhatsApp,Truecaller...and so many uncountable Android,Gaba,Windows mobile applications etc....

3.   A simple click by you on Accepting the Terms and Conditions of the the application company allows your consent to online lives being archived, shared with third parties or passed on to government agencies without notice....and that's a very very serious privacy breach today when we know that in another about 4-5 years to come when our digital dependence would be like never before...this can mean havoc....for example a school student who has a home computer based on pirated or for this matter even genuine OS with loads of software's with separate set of terms and conditions.....will have his/her literally whole life profile including his FB posts,his/her preferences,his phone calls,his phone contacts,audio recordings,photographs,his/her secrets of life and anything that can be his/her privacy attribute known to the third parties with whom he has no concern...and these third parties will have their ways and means to effect his/her life in so many ways then....!!!!!