How Do You Secure Your Android Phone?

[PaulyD]

Ok, we've all seen Darren and Kos go after Android. My question is, how do you tech users protect your phone while out and about...while keeping high tech usability? I'm going to list my setup and I'd like to see where you guys see vulnerability. I know it will be worse than a stock phone, but how bad?

Galaxy Nexus running a custom AOSP based ROM (Rasbean Jelly 4.2.1). Franco kernel. Rooted, with SuperSU and Busybox installed. TWRP Custom Recovery. Bootloader locked, but unlockable within OS with BootUnlocker App. JB encryption enabled with a 16 character, full ASCII, non-dictionary password using every character type. Pre-boot password changed with EncPassChanger App, to 35 characters, same as above. Debug off. All Developer Options off. All permissions removed from adb in system/bin on the phone.

I wish Darren would go over protection as well as exploitation, more.

Thanks!

Edited March 1, 2013 by PaulyD

[digip]

Q - How Do You Secure Your Android Phone

A - Pull the battery, and throw it in the river.

There are SO many Android phones and variations of interfaces, software, hardware, its not a one answer question. Each device has its own flaws, and each version of Android does as well, so there is no one quick fix.

Sorry to be so sarcastic, but Android phoned in general, not just the software, but even the hardware manufacturers, rush for competition of market share so much, that none of them are secured. One of the reasons I still use my non-wifi, POS, CDMA black berry. Not that it can't be hacked, but I don't run or install anything on it. Only thing I use it for is email, text, and talk, and the rest I have pretty much disabled, including GPS, bluetooth, apps, etc.

[tarxvf]

Custom ROM, default encryption.... so not much.

[ibuildgrits]

Check this out. Its pretty slick.

The SEAndroid project

This would be a great base to build upon.

Edited March 11, 2013 by ibuildgrits

[barry99705]

I keep mine in my pocket.

[shutin]

PaulyD,

Sounds like you've done just about everything an end-user can do to protect themselves except run a firewall. Being rooted, you could benefit from AFWall+ or one of the other iptables-based firewalls. I knew I had been pwned when the rules I kept trying to apply wouldn't stick and were allowing certain apps unlimited access no matter what I did. You'll also be protecting yourself from leakage from ad-based apps and google privacy rape. Remember that encryption is only helping you in the case you lose your phone, it's not going to prevent bad apps from reading your data (especially since you are rooted). Personally I would hate dealing with such a long complicated boot pw. If only my yubikey would work in my droid.. ugh.

The best defense is not having the most popular phone, running a stock ROM. *cough stupidgalaxys3ididntneedanyway*. I want to get an old school beater clamshell burner phone for my phone calls and texts. something with no browser, bluetooth, wifi or fun.