Jump to content

How Do You Secure Your Android Phone?


Recommended Posts

Ok, we've all seen Darren and Kos go after Android. My question is, how do you tech users protect your phone while out and about...while keeping high tech usability? I'm going to list my setup and I'd like to see where you guys see vulnerability. I know it will be worse than a stock phone, but how bad?

Galaxy Nexus running a custom AOSP based ROM (Rasbean Jelly 4.2.1). Franco kernel. Rooted, with SuperSU and Busybox installed. TWRP Custom Recovery. Bootloader locked, but unlockable within OS with BootUnlocker App. JB encryption enabled with a 16 character, full ASCII, non-dictionary password using every character type. Pre-boot password changed with EncPassChanger App, to 35 characters, same as above. Debug off. All Developer Options off. All permissions removed from adb in system/bin on the phone.

I wish Darren would go over protection as well as exploitation, more.


Edited by PaulyD
Link to comment
Share on other sites

Q - How Do You Secure Your Android Phone

A - Pull the battery, and throw it in the river.

There are SO many Android phones and variations of interfaces, software, hardware, its not a one answer question. Each device has its own flaws, and each version of Android does as well, so there is no one quick fix.

Sorry to be so sarcastic, but Android phoned in general, not just the software, but even the hardware manufacturers, rush for competition of market share so much, that none of them are secured. One of the reasons I still use my non-wifi, POS, CDMA black berry. Not that it can't be hacked, but I don't run or install anything on it. Only thing I use it for is email, text, and talk, and the rest I have pretty much disabled, including GPS, bluetooth, apps, etc.

Link to comment
Share on other sites

  • 2 weeks later...


Sounds like you've done just about everything an end-user can do to protect themselves except run a firewall. Being rooted, you could benefit from AFWall+ or one of the other iptables-based firewalls. I knew I had been pwned when the rules I kept trying to apply wouldn't stick and were allowing certain apps unlimited access no matter what I did. You'll also be protecting yourself from leakage from ad-based apps and google privacy rape. Remember that encryption is only helping you in the case you lose your phone, it's not going to prevent bad apps from reading your data (especially since you are rooted). Personally I would hate dealing with such a long complicated boot pw. If only my yubikey would work in my droid.. ugh.

The best defense is not having the most popular phone, running a stock ROM. *cough stupidgalaxys3ididntneedanyway*. I want to get an old school beater clamshell burner phone for my phone calls and texts. something with no browser, bluetooth, wifi or fun.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...