If you buy a smartphone or a tablet (which is basically the same) nowadays and start using it, you are sending out tons of data about what you type, where you are, etc. while most of the time being unable to block, control or even notice any of these data transfers. At the same time, this is vastly contributing to the effort of turning you into a uniquely identifiable individual – transparent for industry, commerce, or who else might be interested 1984-style.
A quick way to take a peek at what data your android device is sending to whom could be using your local wireless network while monitoring all traffic from the android device passing the router (e.g. by BPF filtering “host 10.10.23.42”).
To overcome this inacceptable pity, you are free to root your phone and install a custom operating system (or rather a modification of the stock android). The steps I undertook to transform my device into a rather acceptable (and not bugging-me) device were – amongst others – :
- Flash Clockworkmod Recovery
- Optional: Create backup of (mostly) stock firmware
- Flash Cyanogenmod 11
- Install (some of) Google Apps
- Create backup of CM11 firmware (repeat this after “milestones”)
- Save all the backups on at least one different storage media
- disable everything you do not need (NFC, Bluetooth, autosync features, …)
When it comes to COMSEC/OPSEC, you have quite some options. In general, it is better to use F-Droid than Google Play.
- Advanced Task Killer
- APG (together w/ K9Mail and only via VPN)
- ChatSecure (Jabber + OTR)
- HTTPS Everywhere for Android/Firefox
- Owncloud (as in YOU OWN that cloud)
- think twice before installing an app
- store sensitive data GPG encrypted
Always try to use servers that you – or friends/ppl who you trust – own, control and monitor (e.g. VPN, Mail, Cloud/Hosting. etc.) so that you have an additional layer of security.
A message to the ppl behind Cyanogenmod: Thank you, I have been running your customized android O/S for many years successfully on:
- Google G1
- HTC Desire
- Samsung Galaxy S3 LTE
- Samsung Galaxy S4 LTE+