Secure Alternatives to Android
In my previous post I discussed the flurry of Android vulnerabilities which have come to light over the last year or so. TowelRoot, Fake ID, Android Installer Hijacking, Stagefright, and Certifi-gate have been publicly announced. Some of them have been around in Android for years. Creating patches for your Android devices is a long complex path, if any are available to you at all. Even when a bevy of patches are delivered it seems the patches need patches.
The vulnerabilities are public now, and the patches are slow to come. The cybercriminals have the details of the vulnerabilities, and are certainly working on exploiting them. What’s a security-concerned organization or individual to do? There are some options available. If you want to reduce the possibility of your Android devices of being hacked soon, I would recommend taking a look at one or more of these.
The Blackphone was created by a private company, Silent Circle. Silent Circle which was originally founded in the U.S. but soon relocated to Switzerland, presumably for a more favorable privacy environment from a legal protections perspective. A good move and a good message to customers. The Blackphone runs a highly customized implementation of Android they call Silent OS. Silent OS is designed for secure and private use, accommodating both personal and business usage. Silent OS is only available on the Blackphone, which is proprietary hardware. A new version, Blackphone 2, is scheduled for release this month.
The Blackphone provides encrypted audio and video calling. The encryption keys are destroyed after each call is terminated, and never exist on a central server – only on the devices. It also offers secure messaging and file transfers, with a time-delay self-destruct option for messages you send. Straight out of Charlie’s Angels. They also include protections from insecure WiFi networks.
For enterprises, the Blackphone integrates with Google’s Android for Work program, and is compatible with popular MDM solutions. It also offers “Spaces” on the device which the enterprise controls, not the user.
But here’s the best part: A 72 hour patching SLA. You can’t get that from, well, anyone really. All the vulnerabilties the cybercriminals know about are already patched on Blackphone. The U.S. military uses Blackphone, and at least one major oil company.
If the phone is too big of a jump to start with, try the phone & text apps they have for Android and iOS.
Israeli-based Kaymera Technologies also creates a security-centric solution, Kaymera 360º. The company uses off the shelf hardware from Samsung, expanding to LG and others by year-end. They re-flash the device with their customized version of Android. This gives the phone secure voice, messaging, email, web, and data connections. They also claim that data-at-rest is protected, but I’m not clear on how that differs from native device encryption.
They also add a number of management capabilities for organizational control. Keymera 360º is targeted at organizations who need to provide secure capabilities to their employees – maybe personal protection agencies, investigators, lawyers, military, and the like.
Boeing “The Black”
Aerospace and Defense giant Boeing has developed their own secure phone offeringas well. There’s little information out there on details. It seems that it may even be a one-off custom-build based on the needs of your particular mission. Boeing worked with BlackBerry to help develop the device, and it does interface with BES 12 for management purposes. It also has a self-destruct feature which will delete everything on the device if any tampering is detected. They claim they have deployed it, but mum’s the word on where or with whom.
If replacing hardware, or having custom hardware built for you isn’t what you had in mind, here are some software approaches.
CyanogenMod is a customized version of Android which you flash onto your own smartphone. As long as it is one of the supported or unofficially ported devices anyway. The compatible device list is fairly extensive. Releases are more frequent for some devices than others, but probably more frequent than what you’ll see from your carrier.
The focus of CyanogenMod isn’t really security. It’s about UI tweaking, and unlocking features and performance which you aren’t getting in your watered-down retail build. But the builds do include bug fixes and security enhancements, so you’re probably safer than with what came on the phone.
Here’s an example. In Android 4.3, Google allowed you to control the individual access rights for each app you install. In Android 4.4.2, Google removed this control. You now have to install an app and accept whatever rights it wants all as a bundle. I know I’ve refused to install plenty of apps based on the fact that they ask for permissions they don’t need to do their job. A news reader doesn’t need access to my camera, a web browser doesn’t need to know about my telephone status or contacts. You can’t turn these off, you just have to hope you can find another app which doesn’t overreach like that. CyanogenMod added that capability back in – you can control the individual permissions for apps.
The list of features in CyanogenMod is impressive but fairly well hidden, so here’s a link if you’re interested.
Replicant is a customization of CyanogenMod (which in turn is a customization of Android) which you can re-flash onto your existing Android device. The list of supported devices for Replicant isn’t as extensive as it for CyanogenMod, and includes primarily Nexus and Galaxy models.
Replicant’s foci are “privacy” and “free.” Legally, parts of CyanogenMod include third-party software which must be licensed. Replicant either replaces these libraries or avoids them, replacing their functionality with something free. There is a good discussion of privacy and security issues in mobile devices on their site. Their security focus seems to be in removing opportunities for software to spy on the user, and creating greater logical isolation between the various components in the device. They don’t seem to have created layers of new privacy software to add in.
SE for Android
Here’s a mysterious option I ran across, Security Enhancements (SE) for AndroidTM. This is presented as a more secure build for Android, brought to you by your friends at the NSA. The name, the website, and the lack of media coverage all give a very sterile, government, almost Men in Black feel. Although someone’s been posting slides, presumably from presentations over the last 4 years.
If you would like to install the NSA’s operating system enhancements on your device for them, you can download Android, then get their enhancements from Github and create your own build. This one’s not for me, and not just because it’s build-your-own.
Secure Calling and Messaging Apps
If you’re not ready to buy new hardware, or root & reflash your own with a new OS, you might start out just trying some secure calling and messaging apps. The problem is that while they do solve a problem, they really don’t solve the problem of the underlying OS being vulnerable. They rely on the OS as-it-is to provide the services they need to accomplish their tasks. So while your calls and messages may be secure, you are still vulnerable to Stagefright and the rest of the lot that hackers are working on exploiting right now.
CSIPSimple is another popular app for secure calling. It’s a little more techie-driven than smoothly polished, but still allows for secure calls and offers settings for tweaking performance.
For text messaging, I like the apps offered by Silent Circle and available separate from the Blackphone, but they’re not free. Open Whisper Systems, the makers of the Redphone calling app, also make secure messaging apps for Android and iOS, both of which get good reviews.
Just search for secure calling and messaging apps in the Google Play store and you’ll find a number of options. Just remember: caveat emptor.
App, OS, or Hardware?
If you decide you don’t have the wallet for new hardware, or the stomach for reflashing your device, you might find installing an app will solve your concerns. But remember, anyone – you, I, some start-up based in who-knows-where, or even cybercriminals – can make an app which claims to provide secure calling. If you haven’t isolated your phone from your modem, such as with Replicant, it can just use your regular phone and tell you it’s secure. And if you aren’t using CyanogenMod, you’ll have to allow the app all the permissions it wants unilaterally. That means it can gain access all kinds of data it really don’t need to be accessing. An app is your weakest protection. A replacement OS is better. But starting with the hardware is best. My advice: Just go sign up for a new Blackphone 2. It’s the most comprehensive solution, and it’s patched fast. It’s no more money than a new Galaxy, you just don’t get the marketing discounts from Samsung and T-Mobile.