Inside Android

One of the biggest misconceptions users migrating to the Android platform have is that they
will be sacrificing security compared to their previous flavor of smartphone OS.  This couldn't be farther from the truth.  Settle in with your favorite beverage, and follow along after the break and we'll talk about Android's security features, and what you need to know and do to keep things going smoothly.

Android's security model

WarningsThe key point in Android's design when it comes to security is the "secure sandbox."  No application by default has permission to perform any operation that would impact another application, the operating system, or the user.  This includes things like writing or reading private data (contacts, e-mails, the homescreen, etc.), network access, keeping the phone awake, or reading/writing to another applications files.

To allow an application to interfere with another application's sandbox, access private data, or perform any function not directly related to the application itself, it must explicitly declare permission for anything not provided by its own sandbox.  These permissions are declared up front before the app is installed, and can not be changed after installation.

Next time you install an app from the Market, take a minute and read to see exactly what the app can and can not do.  It will never be able to do more than what's listed.  Applications that can access data that should be private and secure let you know when they are first ran by prompting you.  Everyone who has installed a third party keyboard has seen this.

User ID's multitasking, and signed files

Android is a fully multitasking operating system, and uses the inherent Linux model of groups, users, and signature verification for executable files.  All applications have to be signed with a certificate that only the original developer has.  Ask anyone who hacks at their system -- change much of anything inside an application and you must re-sign it with some sort of experimental testing certificate.  Change enough things and you have to re-sign every app in the entire system.  Even small things like image file sizes or name, not to mention any of the apps actual functions.  The application developers each have a unique certificate, and the signature on any file is easily traced back to it's author.

Each Android application is given its own unique user ID, and its own sandbox to play in. This is generated when the app is installed, and can't be changed.  Trust me, I've tried.  Anytime an app tries to do something it doesn't have permission to do, it results in a security exception and it halts.

OK, enough geek-speak.  What does all that mean?

  • When a developer writes an application, he or she either sets up all the required permissions inside the app, or has a script that runs and asks the user to enable or disable any features.  Sometimes both.
  • The developer then uses a unique certificate to digitally sign the file.
  • When you install the app, you get to see exactly what permissions the app has, and those can never be changed.  If they are, the digital signature will no longer match, and the app will not be allowed to run.
  • If from a bug, or someone with bad intentions, an app tries to do something it's not allowed to do, it gets forced closed and the security breach is written to the log file.

So when you install an app, the application permissions listed on its market page are what it can and can't do.  Period.  End of story.

E-mail and security on Android

Lets get the big bear out of the way - Exchange.  Exchange e-mail is secure.  Doesn't matter if you're using a Palm, Windows Mobile, a BlackBerry, an iPhone, or two cans and a string. All security is configured on the server, and the clients must comply or they don't get access.  This is why Exchange support up until Android 2.1 flat out sucked.  The client did not support the most commonly used security configurations, and either the server admin changed them (unsafe!) or the user was forced to use another method to get Exchange mail. 

Thankfully, Eclair has addressed a lot of these issues and HTC has picked up most of the rest.  Exchange support isn't perfect.  It isn't as good as Windows Mobile.  But it's finally good enough for most cases.  Droid and N1 users -- if your server admin can't get you up and running on his system, think about following the path of darkness and root your phone and install a Sense ROM, or look to a third party solution like Touchdown .  There's a good chance this will get you compliant.

Any other e-mail isn't secure.  Period.  Blackberry BIS or GMail can encrypt data from the mail server to your handset or web browser, but all e-mail data between regular mail servers on the internet is sent in plain text.  The ONLY way to secure your e-mail is by using encryption or to use VPN to connect to a private network's internal mail server.  If it goes across the intertubes, anyone with a little ambition and some free black-hat style software can intercept it and see what you're sending or receiving.  Lots of people will try to say differently, and they probably even believe it, but that doesn't make it so.  If e-mail was secure in nature, there would be no draw for expensive solutions like Exchange, BES, or VPN.  The e-mail you send to your friend telling them how wasted you got during Hempfest '09, or the naughty pictures you send to your more special friends is out there for the taking.  I wish it weren't, but it is -- unless you're taking some extra precautions to make it so.

The scariest part of the whole thing is just how easy it is to intercept an e-mail and read it.  If you or I can do it, bet your last dollar that those genius kids out there can do it easier, better, and faster.  The good news is that nobody is likely to be reading your e-mail unless you give them a reason to.  Billions of messages are flying around at any one moment, and yours is just one of them unless you make it attractive somehow.

Enough doomcasting (I sooo stole that line from Keith and Dieter :P ), let's look at some ways to fill in any gaps in the security model of Android.

Jerry's Security Suite

The biggest distinction between Android and other mobile OS models known for their security **cough** Blackberry **cough** is the reliance on third-party solutions.  Android is coded to be lean and mean, but developers are given access to core components to improve or add functionality.  Handcent or Chomp SMS are great examples of this, as is Touchdown that was mentioned above.  There's no reason that developers should not be allowed to offer alternative (and possibly greatly improved!) solutions to core OS components.  After all, their app is signed by a key that is directly linked to them, and it can't be changed.  Hard to get away with monkey business when your good name is plastered all over it.

Since I'm on a security bender this week, lets look at a set off applications that will grant you a little piece of mind.  These aren't the only solutions available, and you should always explore all your options, but these are the apps that work for me and I feel very comfortable recommending them.  And the best part -- they're all 100 percent free.

OI Safe

OI Safe is a free password manager.  One of those functions that isn't built into Android, but done very well by several third party developers.  It supports AES encryption, and plugs in with other apps from OpenInternets.  Let's look at it in use.

When you first set up the app, you enter a master password, then set up entries for each password you need to keep track of.  Beats the dickens out of keeping a text file with them on your SD card.  What?  You didn't realize that everyone thinks of that?  That's the first place people will look when they're up to no good.  Then, whenever you open the app you are given the opportunity to enter the master password.

OI Safe - the Master password
the master password screen

Make it a good one.  Don't use your phone number!

When you enter it correctly, you get a list of categories.  In my example, I'm using two -- one for business, and one for personal sites.

OI Safe - categories
categories

Since my personal entry is personal, lets peek into my business category.  You get to see each entry in a list.

OI Safe - business category
serious bizness!

Press on one of them (notice I didn't say click this time James N. - old habits and all) and
it jumps up, with a handy little button as a shortcut to the website.  It also copies the password to the clipboard, ready for pasting into the appropriate place.

OI Safe - entry
entry for some goofy dork's development machine

Don't make the mistake of using the same password for everywhere and everything.  You don't have to.  Apps like OI Safe make it way too easy to manage secure passwords, and they are many desktop solutions as well.  Get OI Safe below

[Market link] | [App Brain]

OI Safe - QR code
 

LockMe Widget

LockMe Widget enables/disables the pattern lock when your phone goes to sleep with one click.  There's no app, it's only a widget.  But it's a damn good one.  Click to shut the door, lock screen is enabled.  Click to open it, and it's disabled.  Easy to tell if the pattern lock is
on or off, and super easy to change.  It doesn't look half bad either!

LockMe Widget open LockMe Widget - closed

Locked!

Lock it to me baby (OK I'm sorry. I'll stop now)

Get it below
[Market link] | [App Brain]

LockMe Widget - QR code

 

Security Guarder

Security Guarder is a firewall for your phone.  It allows you to filter unwanted calls and texts, saving both your sanity and coin.  The really nice bit is the built in default rules.  They allow for quick set up to block the blacklist, allow only the whitelist, block unknown callers and texts, allow only your contacts or a combination of these.  Fire it up, and you'll see a dashboard where you can see logs, set up your lists, set the global app settings, or change your rules.

Security Guarder
the Dashboard

The "default" rule is super customizable, and allows different settings for text or voice from the same number. 

Security Guarder - default rules
default rules

Viewing and editing your lists (both black and white) is straightforward and easy to manage.

Security Guarder - whitelist
My whitelist

One press on the rules icon in the dashboard gives you a quick settings window to override your rule set.

Security Guarder - rules
follow the rules

This is one of those apps that I can't believe is free.  Equivalent applications on other platforms can get pretty pricey.  The best thing - it just works.  No hopping on one foot or sacrificing a chicken to enable the firewall.  Grab Security Guarder below

[Market link] | [App Brain]

Security Guarder - QR code

Mobile Defense

In the developers own words, Mobile Defense is "like LoJack® for your phone."  Once installed, you have the ability to track, securely wipe, set off an alert, and get usage details all from a secure website.  Installation is easy as pie.  Install it from the Market, run it once and check your email for a link, then reboot.  The applications icon then disappears and nobody but you knows it's there.  If you're rooted, you can even install the app to the OS's system files so that even if someone searches your market history and finds it installed, they can't uninstall it easily.  Oh did I mention - it's FREE?

When you log into your account at the secure website, you get access to your precious Android device so you can tell the Police where it is, wipe any sensitive material, or even chirp out a warning that you called the fuzz and know where your baby is.  Check out the screenies below.
 

Mobile Defense - activity
the activity screen

Mobile Defense - connect to your phone
connect to your phone


Mobile Defense - map
See it on the map


Mobile Defense - actions
Ready for action

This puppy is accurate, too.  In the last pic I'm beside the house at the Grill...right where the blue dot says I am.  Thank goodness Google Maps doesn't get any better resolution in my area, or I'd have to stop taking my phone into the bathroom with me :)

Grab Mobile Defense below
[Market link] | [App Brain]

Mobile Defense - QR code

Of course, there's no substitute for common sense.  But armed with the correct knowledge, and some great free tools, Android is just as secure an operating system as any -- even one's
that tout their security feature set.

See ya next week,
Jerry
 

 
There are 19 comments

brak014 says:

I installed Wave Secure in their beta stage and got a lifetime subscription, sadly that beta has expired and you have to pay now, but i recommend it, its a great security program running on my DROID

jhay zee says:

what is a cheat of any games what?? i don't know why?

Posted via Android Central App

MOE-GUNZ says:

I will be entering into the world of Android when the EVO is released. Thanks for the rundown on some security tools.

Mobile defense looks awesome. If someone stole your phone you can defend it. Thats a great little service.

Foxman says:

Mobile Defense is only available in the US. Are there any similar apps you can use from Europe?

gbhil#AC says:

Wave secure works great. Just watch your awake time, it causes some issues with the CDMA version of the Hero.

LearJet says:

What about an antivirus solution? Is this necessary? What would you recommend? Free or paid - I just want what would be best if this is needed.

gbhil#AC says:

AV is something I haven't quite figured out yet. You don't NEED anti-virus apps for your Android phone, but they could be handy as heck to keep files infected with a Windows virus off the SD card.

As of right now, I'm relying on my Windows AV scanner to catch anything when I plug my phone in. But using a virus scanner on the phone itself couldn't hurt, and I'll probably try it next time I wipe and start over (knowing me, will be soon lol)

bydh says:

great post. I'll definitely be picking up these apps when I get my incredible next week!

andro1d says:

Thank you,
I was apprehensive about the Droid because I kept reading from "crackberries" that the Android was not a secure platform. Everyone seems to think their stuff is better than everyone elses stuff, so I was not completely surprised to find out that was not the case. Will download some of those apps ASAP.

gbhil#AC says:

Unless the BB is connected via BES, it's no more secure than any other phone. But you can;t blame the users, they only know what they are led to believe by RIM

saberry says:

Are there any products for android that can encrypt local folders and databases? I wish android would support device encryption.

gbhil#AC says:

Check out http://www.jointlogic.com/b-folders/2/android/

not full device encryption, or even full partition encryption, but it works pretty well.

Or you could load Debian on your phone and run a GPG disk lol

Execute says:

I was actually just showing my mom Mobile Defense right before reading this. This is really a helpful and accurate security tool if you phone is misplaced or stolen. It found my moms house pretty well, and the alarm/message worked flawlessly. Pretty cool that it also tells you the phones status such as what network it's connected to. The only think I would change is that when you connect to your device via the Mobile Defense website, the phone receives an SMS message that clearly displays that its from Mobile Defense. IMO, if a thief has your device and sees this, it may lead them to try to break it or "destroy the evidence", possibly destroying the chance of a successful recovery as well. I think they should hide the message as spam or something less noticeable. Despite that, Mobile Defense is a great, FREE program!

Duvi says:

Good stuff.

UncleMike says:

Great post. Mobile Defense looks interesting but, as with Wave Secure, I have reservations about giving a third party the ability to remotely wipe my device. I have NEVER lost a phone or had one stolen, and my Droid is the first phone I even bothered with the insurance on, and I only have the insurance because of potential physical damage - I'm not concerned about loss or theft.

I trust myself to keep track of my phone more than I trust a third party with remote wipe capability. Am I among the minority in this?

gbhil#AC says:

It can only be done through a secure login (ssl) with your user/pass. All the third party is doing is providing the data channel between your login and your device.

fupamobile says:

just wondering, why cant that same service be provided with a program on a desktop instead of a third party internet site? I would much rather have a local program that i am in control of over an internet site which i am not in control of. if anyone knows, pm me, cause this post is old.

mpaquette says:

What about an app to lock the screen? In other words, something more secure than a gesture lock.

mb200 says:

i was at the the verizon store looking at a new smartphone (Android) and the sales rep indicated that the phone stores both the contacts and calendar data into the (internet) cloud (e.g. on some Google site). Given that you need to "sign" the google gmail agreement to use the phone and that this agreement states that all information on the google server they have access to and may use without further consent from the user (e.g. me); does this not pose a security risk and the possibility that google will use data from the phone or distribute it to their advertisers? I dont want google or ANYONE else to see, use, or have any access to my contacts or calendar information, as well as any other data received, transmitted, or stored into my phone (e.g. call log data).

also, what prevents an app (e.g. PC tethering) from collecting data and sending it to a secondary internet address (not one that I intend to be connected to)?

what are the protections from viruses and spyware?