SETTING UP A BULLET-PROOF SECURITY SMARTPHONE
When you have to deal with smartphones, every speech about privacy seems pointless, since the forces which attempt to do your anonymity seem too strong to be defeated. To improve your privacy, there are things you can do in the same way as on laptops and smartphones, but I will firstly cover the most important differences between the two systems. You could think that if you can secure your laptop, you can do the same with your smartphone, but there are four strong differences:
- SIM identification
- Operating-system configurability
- Mandatory google-account
- GPS triangulation
When you buy a laptop, the laptop itself is not linked to your identity. Of course, the payment method can be easily tracked to arrive to you, but let’s say for a moment you pay for the pc with bitcoins, then there’s no straightforward link to you in the pc itself. On the contrary, when you buy a smartphone, you need a SIM card to use it. The SIM card is related to your name, surname, address, and so on, in a few words, to name your identity. This is the first, apparently insuperable, problem.
If you installed a Linux-based OS on your laptop (you certainly did if you care about anonymity), you will know there’s plenty of tools to monitor your network activity, stop processes, close ports and things like these. Anyway, even if you have an android phone, which is based on a Linux kernel, you won’t have the same ease to do what you want with your terminal. In fact, while on a laptop it’s sufficient to digit “sudo” before a terminal command to gain administrative privileges, on a smartphone these privileges are “blocked” by default. This means you cannot uninstall system applications, perform a complete backup of your system’s image, change the appearance of the system, install a custom ROM, overclock your hardware, install applications which require root privileges and so on. You have no full control over your operating system, therefore, you are vulnerable.
MANDATORY GOOGLE ACCOUNT
In some way this is another thing that points directly to you. After buying a new laptop, you can install every software you want without specifying who you are to anyone. When you buy a new smartphone, you’ll be certainly asked to create a google account in order to install any app. In fact, the Play Store from which you’re allowed to install every app, is directly related to your google-account.
Telephone companies know where you are, always. In fact, in order to guarantee coverage for telephone calls, your phone connects itself to the nearest and most powerful cell tower. Thanks to GPS triangulation, the cell’s positions bring up your position. You can add also the google traffic service recently implemented, just to make you a little more paranoid. When you receive traffic alerts in which the road is coloured by yellow (moderate traffic) or red (congested traffic), you’re using information that google collects about the geo-location of every smartphone on the road. Making it easy, if google knows there are a lot of smartphones on a certain street, then you’ll see the street red on your map. This means google is tracking you, constantly, through your GPS. Google also keeps your GPS history, which means google knows where you’ve been in the past. You can disable this google services if you want, but you’ll never be able to avoid the GPS triangulation, because this is how the telephone works.
SO DO I HAVE TO BURN MY SMARTPHONE AND THROW ITS ASHES FAR FROM ME ?
If you REALLY want to stay anonymous then yes, burn it down now !! With all the considerations made, it is evident that a smartphone is a giant luminescent arrow pointing to you.
Anyway for those of you who want to have a semi-normal life using a smartphone but still worry about their privacy, there are many things you can do to improve your privacy. Hope never dies, doesn’t it ?
YOUR DEFENSE AGAINST THE SYSTEM
YOUR DEFENSE AGAINST SIM-IDENTIFICATION
- throw-away mobile phones
If you cannot avoid sim-identification, you can instead avoid to use a sim. Throw-away mobile phones became popular in the US; they are sold to you without contracts and without a sim and they are cheap (around 40 USD). You buy them, activate them through a call, consume the prepaid credit and then, of course, you throw away them. They are not smartphones, and they have only the basic capabilities like sms and phone calls. But they are completely anonymous.
- anonymous sim-cards
On the darknet markets many people can sell to you anonymous sim cards. This means that you can buy (let’s say for example) a French sim card linked to a spoofed non-real identity. I don’t know how reliable these kind of sims are but if you’re really desperate, they probably are worth a try…
YOUR DEFENSE AGAINST OPERATING-SYSTEM CONFIGURABILITY
- rooting your phone
Rooting your smartphone can require a different procedure according to different models, and it isn’t a hard challenge. Some smartphones come with great ease of rooting, while some don’t. Nexus is the one recommended by the tor-project for this kind of activities, but a lot of other smartphones support the procedure. Once you gained the root privileges, you gained a fine-grained control over your smartphone.
YOUR DEFENSE AGAINST MANDATORY GOOGLE ACCOUNT
- anonymous google-account
No one forces you to use a google-account which shows your name and surname in its email. The account will be anyway related to the ip you used for the registration and the access, but you have some possibilities to mask your ip, and we’ll talk about this later. In alternative situation, you can decide not to use the Google Play Store, so you won’t need a google-account at all.
- alternative app-stores
Fortunately, the Play Store is not the unique app-store in the world. There are many other app-stores which don’t require a registration with google. Few useful names are Amazon, F-Droid, Slideme, GetJar. I personally found F-Droid interest because is an app-store for free and open source applications that derives from Aptoide, an alternative decentralized store in which every user acts like a store. Slideme catalogues apps based on the compatibility with your device, payment method and location while GetJar is the biggest app-store, providing more than 849,036 apps for different platforms like Android, Windows Mobile, Symbian, Java ME, Blackberry.
YOUR DEFENSE AGAINST GPS TRIANGULATION
- using a phone not linked to you
Yes, this still remains the most serious problem, the GPS triangulation. But let’s think a little, while you cannot avoid GPS triangulation, you can certainly avoid to make them know that the telephone they’re tracking is yours. And here we come back to the fake sim and throw-away phone discussion.
OTHER USEFUL TOOLS
- Custom paranoid operating systems and phones
For the anonymity-minded, many “stealth” phones came to the market assuring to you a better “built-in” anonymous experience; Blackphone from SilentCircle is maybe the most famous. There are also a lot of anonymous-friendly operating systems like CopperHead OS. I generally don’t believe in “built-in” solutions, I think anonymity requires your brain’s usage, it is a process made of a lot of little actions which help you to stay anonymous, it’s not a fact of built-in tools. Anyway, for those of you who just use their brains correctly, maybe these built-in solutions can give further help. If you trust them.
Orbot is the official tor-project android’s app which allows you to use tor on your smartphone. For those who want to hide their ip, this is a must. Just push the onion button and tor will start to work on your device.
Orfox is a modified firefox browser designed to work with Orbot. Just use it while Orbot is running and you’ll have your ip masked while you’re surfing the internet.
Orwall brings further the idea of the tor usage on your smartphone. It is an app which forces every other app to connect to the internet through tor. It requires root privileges to work, and it is certainly an excellent choice to gain a better level of anonymity.
Pry-fi is an interesting app which allow you to spoof your mac-address on a public network. The mac address is the one which physically identifies your device. Spoofing it will result in totally masking your device’s physical identity inside a public network. Pry-fi has also an option that changes your mac-address periodically, so that linking the mac to you becomes nearly impossible.
- Alternative search engines
Please don’t use google, it tracks all your searches. You can instead use DuckDuckGo or Disconnect.me. DuckDuckGo’s app also supports the usage through the tor network.
You can certainly use a VPN service to encrypt all your traffic hiding it to your ISP and masking your real ip. As you can do it on your pc, you also can do it on your smartphone. Most of the VPN providers also offer their service for multiple devices, so you have to pay once to cover 4 or 5 devices.
Encrypting your telephone will add an extra layer of security. Almost every model supports the encryption of the file-system.
- Use PGP
I recommend OpenKeychain, an app that implements PGP on android.
- Use encrypted email
Take a look to useful services like ProtonMail which encrypts your emails, allows the connection through tor and implements a two-factors authentication. ProtonMail is an open source software developed by scientists from CERN and MIT and is based in Switzerland; it uses end to end encryption, it has a no-log policy and you won’t be asked for personal information. Try also to use TorBirdy, an interesting extension for Thunderbird which acts like a tor-button, establishing a connection over tor.
Smartphones are made to communicate, to share your experiences all over the world, to make your life easier and funnier. They are not made to make you anonymous. For this reason they never should be intended as secure closed systems. However, you could have a million reasons to continue using one, and at the same time worry about your privacy being violated. If this is the case, then I have good news for you: there are a lot of individuals with the same interest of you, people who develop tools to help you stay anonymous, to help you keeping your data far from corporations and governments. Remember that this tools will greatly improve your privacy but your behaviour is the first defense, you could have all the tools named in this article and still use them in a stupid manner, then you would still be vulnerable.