Android Privacy Guide, 2017 EditionCategory: misc
A 6 Minute Read
28 Jan 2016
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
Note: This guide was originally the 2016 guide, but I have reviewed and updated it for 2017 as well.
Smartphones are now at the epicenter of many modern privacy debates. Whether it be the 59 US police agencies spying on phones with Stingray devices, corporations like Symphony boasting about their extensive analytics (tracking) capabilities, or consumer companions like ShopAdvisor trying to coax you into swiping your credit card based on your spatial location in retail outlets, there is certainly no shortage of actors trying to pry crumbs of data from our smartphones.
Some of these tracking mechanisms are impossible to avoid, short of turning off your phone or stashing it into a faraday bag, simply because of the technology's architecture. Yet, there remain a number of steps that can be taken to reduce the amount of private information that is being siphoned off your smartphone.
The most basic aspects of Android privacy are also, perhaps, the most important. Fortunately, they're also very simple behavioral adjustments that anyone can make. For example, always read what permissions an app requests before installing the app. Does a calculator really need access to your microphone, files, and hardware identifiers? Probably not, so look for a different one. If you are on the most recent version of Android then you will have some more control over which permissions apps can have, so make sure to use it. Also, don't install porn apps. Really, just don't. They're essentially malware waiting to be installed.
Another simple change is to add a lock screen with a pin to your phone. Surprisingly, one in three Android users don't use lock screen pins, leaving their phones vulnerable to anyone who wants to pick it up and peruse through it. If you're one of those one-in-three, then drop everything and add one now.
Alternatively, if your phone features a fingerprint reader, I'd highly recommend turning this on. Sure, your hand could be cut off and used to unlock your phone, but it is far more likely that someone would watch as you enter your pin/pattern before stealing your phone. A fingerprint scanner, of course, eliminates this threat.
In a Twitter poll that I sent out when writing this guide, installing Signal was the clear number one choice for Android privacy in 2016. Designed by Moxie Marlinspike's Open Whisper Systems, Signal is a combination of what were previously two separate apps: TextSecure and Redphone. Cryptographer Matt Green once described the quality of Redphone's code by saying, "I literally discovered a line of drool running down my face". Its newer, younger brother is hardly different.
What Signal provides is strongly encrypted text messaging and calling, each of which has what is known as Perfect Forward Secrecy, or PFS. PFS essentially means that if someone, say the NSA, somehow obtains your encryption keys, all your previous conversations will remain secure. Contrast this with systems such as PGP, where stolen keys means exposing every conversation ever encrypted with those keys, and we instantly see how important PFS is in modern cryptography. Additionally, not only does Signal keep your conversations confidential, but it also allows you to authenticate who you're having that conversation with, and does so easily using a simple QR code. All of this is done with almost zero friction, meaning that there's no technical gobbledegook or hoops you have to jump through to obtain privacy; Signal does it all for you. Of course, all of this encryption will only work with other Signal users, so make sure to get your friends off of WhatsApp and on to Signal. If they refuse, however, don't worry, Signal will still send them messages, they just won't be encrypted.
Between its immaculate code quality, the strength of its cryptography, and the ease of use, it's not only me recommending it, it's Edward Snowden.
Full Disk Encryption
Historically, fully encrypting your Android device wasn't always the smoothest process. Today, however, full disk encryption (FDE) on Android is a fairly easy process, and most phones are fast enough that the encryption overhead is barely noticeable.
The benefits of FDE for mobile phones are many, with the most immediate benefit being that all of your data are protected if your phone is lost or stolen. This isn't the same as a lock screen. While a lock screen will inhibit a thief from using the phone, it won't protect all your photos, videos, files, messages, and keys from being easily lifted off the device. This is where FDE kicks in, as so long as you use a strong password, a thief will have no access to any of your personal data.
While every phone is different, the usual way to encrypt an Android device is to first back up important data, and plug the phone into a charger. Next, go to the Settings menu, then Security, and then scroll down and look for "Encrypt Phone". This will take a while, and during the process you don't want to disturb the phone at all, but the end result will be a far more secure device.
Orbot & Orfox (Tor)
If you don't know about the benefits of Tor, then I'd highly recommend reading my Tor vs VPN article. If, on the other hand, you know all about the wonderful magic that is Tor, you know why having it on Android would be a huge benefit to privacy. Not only does it stop snoopers on public WiFi from sniffing your traffic, but it provides you anonymity when browsing the web. Fortunately, Android has two apps that will allow you to carry Tor with you everywhere you go. These are Orbot, which connects you to the Tor network, and Orfox, which is a modified version of Firefox similar to the regular Tor Browser. Unlike Tor on the desktop, however, Orbot allows you to create a VPN connection on the device and route all the traffic from all your apps through Tor, providing what is commonly called 'transparent torrification'. You may want to use this option cautiously, however, as some apps may send things like hardware identifiers unencrypted, meaning that Tor exit relays could deanonymize you and steal important and confidential data. If in doubt, stick to Orfox.
A Secured Firefox
The main problems with running Orbot on Android are the extra battery drain, and the data overhead that results from using Tor. As of 2012, this overhead was around 160MB per month in terms of just keeping Orbot connected 24/7, nevermind the 38% extra data consumption on web traffic. For those with small phone plans, running Orbot/Orfox only when the anonymity of Tor is really needed might be the best option. For casual browsing, installing Firefox along with a few privacy-preserving add-ons is a more affordable alternative to constantly running Orbot.
Given the limited horsepower of most mobile phones, keeping mobile browsers lightweight is a higher priority than on the desktop. Therefore, I'd recommend installing a limited number of add-ons. Personally, I only deploy two: uBlock Origin and HTTPS-Everywhere.
uBlock Origin is an extremely lightweight adblocker with a number of ad/tracking block-lists to choose from. The reason installing an adblocker is so important is that not only does it block most tracking scripts, such as Google Analytics, but it also blocks the increasing amount of malware that is being embedded into advertisements. The result is that by simply loading a webpage with ads on it, you risk being infected. Thus, I'd recommend putting an adblocker on whatever browser you use, whether you believe in online advertising or not.
After installing uBlock Origin make sure to go to 'about:addons', and tap on uBlock Origin. From here, you can access the Dashboard, which will allow you to do a bit of customization, including turning on more block-lists by going to the '3rd party filters' tab. I'd recommend turning on all the Malware domain lists, as well as all the MultiPurpose lists at a bare minimum.
The second add-on, HTTPS-Everywhere, requires much less setup. Simply install the add-on, and you're done. What it will do for you is make sure that whenever HTTPS-Everywhere knows that a website offers encryption (https), your browser will use it. It also prevents you from being downgraded from an encrypted site to the unencrypted version, which often happens when links throughout the site point to the unencrypted (http) alternative. If you're unsure of why you'd want to encrypt your web traffic, then give my HTTPS-Everywhere tutorial a read.
All in all, if you start regulating the apps you install, add a pin to your lockscreen, install Signal, Orbot/Orfox, and a few Firefox addons, you may not have perfect Android privacy, but you'll at least be out of the ditch.