Tech Tools for Activism

Mobile Phone Security and Android Apps

In this chapter you will learn;

  • Some background info on mobile phones and security
  • How to send encrypted SMS messages on an Android phone
  • How to set up a VPN on an Android phone to allow safer browsing

Mobile phones are effective tools for organising and increasingly for documenting protest and political activism. While this is very exciting, the technology shouldn't be embraced blindly. The following information drawn from the Guardian Project website and Basic Internet Security book outlines some of the risks of mobile use and ways to overcome these threats. 

 

Security issues with mobile phones

Physical security - A phone can be confiscated or stolen. If you are an activist, your address book and past SMS messages might be of special interest and/ or incriminating: it can be used just to gain knowledge of your network or for further social engineering. As a minimum safety measure you should always enable some kind of password protection on your phone (not just on your SIM card).

Voice - Although the voice on a GSM (mobile phone) channel is encrypted, this encryption was hacked some time ago and is not considered safe any more. Furthermore, if you do not trust the network(s) you are using it has never been safe.

SMS  - Text messages are sent in plain text over the network, so they are also not considered secure, additionally they are not securely stored at your device, so anyone with access to it will be able to read them. If you are using an Android based phone read the section on 'Secure Text Messaging'

Smartphones - Smartphones are quite new, and unfortunately most advanced (and even some basic) ways of securing that are available on normal computers are not available on smartphones. They pose additional risk since you are also using them for things like agendas, and personal note taking. There are a considerable number of malware apps on the market which are passing your personal data to other companies. Check if your app's can be trusted.

Prepaid sim cards - In some countries you are still able to use prepaid locally bought SIMcards without identifying yourself. Beware that your phone also has a unique identifier (known as the IMEI number) so switching SIM cards will will not guarantee to protect your privacy.

Useful Android Apps

The FDroid Repository is a catalogue of FOSS applications for the Android platform. Their website is a great first port of call if you are looking at installing some tools for your phone - http://f-droid.org/

Orbot: Anonymous Web Browsing
Orbot brings the capabilities of Tor to Android. Tor uses Onion Routing to provide access to network services that may be blocked, censored or monitored, while also protecting the identity of the user requesting those resources.

Orweb: a browser with increased privacy
Orweb is a privacy enhanced web browser that supports proxies. When used with Orbot, Orweb protects against network analysis, blocks cookies, keeps no local browsing history, and disables Flash to keep you safe.

Gibberbot: Private and Secure Instant Messaging
Gibberbot is a full featured instant messaging application integrated with the “Off the Record” encrypted chat protocol. Our app is built on Google’s open-source Talk app and modified to support the Jabber XMPP protocol.

ObscuraCam: Secure Smart Camera
A secure camera app that can obscure, encrypt or destroy pixels within an image. This project is in partnership with WITNESS.org, a human rights video advocacy and training organization.


Proxy Mobile Add-On
Firefox for Android Add-on which exposes HTTP and SOCKS proxy settings through a new options menu. This enables the user to connect with Tor through Orbot, as well as any network proxy service.

Data Wipe (“Poison Pill”)
Often individuals working as advocates and organizers can be detained by authorities in order to to gain access to information, leaving the data they are carrying unprotected and easily compromised.

K-9 and APG: Encrypted E-mail
K-9 Mail is an open-source app based on Android’s built-in Email app. The project is focused on making it easy to manage multiple accounts and large volumes of email, as well supporting OpenPGP encryption using Android Privacy Guard.

CSipSimple: Encrypted Voice Over IP (VOIP)
CSipSimple is a free and open source SIP client for Android that provides end-to-end encryption using ZRTP. It’s compatibility with desktop SIP clients such as jitsi makes it an ideal solution for secure voice calls on android phones.

TextSecure: Short Messaging Service (SMS)
TextSecure, developed by Whisper Systems, provides a robust encrypted text messaging solution, but it is only compatible with other TextSecure users.


Setting up a VPN on an Android Phone

VPNs were mentioned in the section on browsing the internet safely. For instructions to set up a VPN on an android phone see here - https://imc.li/mwkpi

What next?

  • Try setting up encrypted email on your phone with K-7
  • Why not organise a mobile phone cryptoparty? A gathering where you test and skill share the use of some of these tools