Android Privacy Tips
Elio Grieco
7-August-2023
Android Privacy Tips
“Communication diminishes automony.” –Whit Diffie
Where
A talk originally prepared for the SWCSF August 7th, 2023 meeting Pegasus and Privacy.
Slides available at:
https://eliogrieco.com/android-privacy-tips/
Android Privacy Tips
While the fight against military grade spyware is long and slow, there are some relatively simple steps that can be taken to improve your privacy and harden your Android phone against more modest threats.
Why aren’t we covering Apple?
With Apple, you get what you get. They are extremely hostile to user control of both device hardware and software.
If their threat model is adequate for you, they are a good choice. If not, go elsewhere.
Limitations
- Cellphones need to know where you are
- Cellphones transmit wireless signals, they are by their nature RF beacons
- Going without a cellphone can make you more conspicuious in some cases
- If you use location based services or common apps, don’t expect much privacy
Threats
We’ll cover what you can protect and the limits of said protection for:
- the network
- location data
- eavesdropping
- permissions
- permissions that are more dangerous than they seem e.g. the accelerometer
- a few side channels
Basics
- Screen lock
- password vs biometrics (4th vs 5th amendment)
- Firewall
- Browser
- Browser Plugins
- Browser Settings
- Password Manager
Going Further
As well as more permanent solutions:
- physical blocking
- privacy front-ends
- chaffing (data pools)
- open source hardware and software to prevent or slow enshittification
Futility
- USSD Unstructured Supplementary Service Data codes
- PNO (Preferred Network Offload)
- OTA Updates
- SS7
- Baseband OS
- Too much weirdness
- Side channels
- Non-device tracking
Legislative and Market Solutions
What can we do?
- Vote for privacy conscious politicians
- Fund EFF, EPIC, and other pro-privacy organizations
- Read Techdirt and other indipendent privacy watchdog orgs
- Boycott products with invasive data collection and poor privacy practices (yes, this is most of them)
- Use ad blockers
- Strip tracking links and Chaff ad networks
Limits
- Legislative and market solutions are very slow, technology moves fast.
- Some legislators and most companies have motives against your best interests.
Resources
- thgtoa: The comprehensive guide for online anonymity and OpSec
- macOS-Security-and-Privacy-Guide: Guide to securing and improving privacy on macOS
- privacy-tools: Suggestions and Discussions for PrivacyTools.io
- privacyguides.org: Protect your data against global mass surveillance programs.
- privacy-respecting: Curated List of Privacy Respecting Services and Software
- privacytests.org: Source code for privacytests.org. Includes browser testing code and site rendering.
- protect-your-privacy: Privacy resources for the layperson. Highlights resources, tools, VPNs, search engines, articles, books, and dark patterns.
- awesome-privacy: 💡Limiting personal data leaks on the internet
- awesome-privacy-papers: Machine/deep learning papers that address the topic of privacy in visual data.
- DeepPrivacy: DeepPrivacy: A Generative Adversarial Network for Face Anonymization
- privacypossum: Privacy Possum makes tracking you less profitable
Articles
Separate file…