How to tell if your android has been compromised

[jdj604]

I have two questions revolving around the same scenario... Your screen locked phone has fallen into the hands of a tech savvy friend of a friend who supposedly knows a thing or two about hacking phones. There's the system screenlock and a different pattern for the seal screen lock which protects system settings, email, text messages, but not much else. Said friend of a friend may have your phone for 24 hours or longer without you knowing where it is or what's being done with it.

question #1
How vulnerable is your phone to being totally accessible to them, as in access to settings and data stored on the SIM, on the phone, and on the micro SD? Are the screen locks just minimal security to stop your average Joe, but still vulnerable to being bypassed? I'm not asking how, as I don't want to know or see what that information should spread; I'm just asking how possible it is.

question #2
Upon retrieving your phone, if it is possible that it has been compromised, and it appears just as you remember it at a glance, is there any way of looking more closely to determine if any data has been accessed, programs installed (I know spy apps can run in "stealth" mode, I just don't know how stealth stealth is), or even something simple like a time stamp log of times the phone has powered on/off?

A simple example of some of that kind of information that would be retrievable with windows you can check a file's date last modified/accessed/created - or better yet, you can see what a program was last accessed in add/remove programs. I'm sure there's much more useful & detailed information than that but that's all I can think of off hand or know of with windows. What's something like that but for android, if there is such a thing? What evidence would be left by someone who compromised your phone that they had compromised your phone?

In said hypothetical scenario, one could always do a hard reset upon retrieving their phone which I'm guessing would minimize the risks of any ongoing security problems (but not undo the damage that had been done in an unwelcome user accessing information that they weren't meant to) but I'm particularly interested in whether or not one could find out if anything had been done at all and how they could do so.

 

[Harry2]

To Q1:
Have a look about the security of screen pattern lock ...
http://www.net-security.org/secworld.php?id=12601

SIM, if you have a password then the SIM is locked when three false inputs.

SD card, no encryption. It can put on a PC and read.
ICS has an encryption but I don't know about.

Harry

 

[jdj604]

So anything on my SD card can be accessed or modified... contacts may be on it, pictures, notes, but what about SMS? and that doesn't put your sync'd email accounts at any risk, does it? What is ICS?

and more importantly, accessing the SD card with a PC or connecting the phone to a PC wouldn't allow access to install apps or change settings without having the unlock pattern google account username/password, would it?

 

[jefboyardee]

What is ICS?

Are you referring to:

Android 4.0 (Ice Cream Sandwich) is the latest version of the Android platform for phones, tablets, and more.

 

[Hadron]

SMS will be stored in phone memory, so unless you have used an app to back them up to SD the card won't give this hypothetical "friend of a friend" access to your messages.

If a file on the card is modified it's easy to tell: any file manager (or the command "ls -l" in a terminal emulator) will show the modification date.

Spotting files that have been read but unmodified is harder. On a linux system the command "ls -ltru" will list the files in the current directory ordered by when they were last accessed (most recent at the end of the list - that's what the "r" does) and showing the date/time of that access. Whether that works on android (which may depend on other stuff, such as busybox) I can't check, since I've run my phone flat for the first time in months. But if you can mount your card on a linux system (including a live CD or virtual machine) that command will tell you.

Edit: and no, they can't install apps just from having access to your card - they need to get into your Android system to do that.

 

[chanchan05]

The FBI can't open the pattern screen lock. Doubt your friend could. They are suing Google to give them their suspect's Google details. LOL. The only access anyone can have to a pattern locked phone is the SIM and memory card.

 

[Hadron]

The FBI can't open the pattern screen lock. Doubt your friend could.

Depends how clean you keep your screen - a track on the grease marks can give a big clue! Wipe your screen if you want to keep it secure

 

[FJR1300]

There are apps that let you lock your phone remotely and/or wipe the phone and the sd card remotely if you lose it. Haven't tried any of them so I can't attest as to how well they work. I have the free avast virus checker which also has the remote capabilities, just haven't used that part of it.

 

[jdj604]

thank you all for your answers... I didn't think I could gain much more respect for google but I'm glad to hear the screen lock is actually worth something (more so than a minor obstacle) and in this situation I wouldn't worry too much about tracks on my filthy screen because both screen lock patterns on my phone use all 9 dots and one of them is pretty crazy with a lot of backtracking across the center which would make it hard to follow on it's own - but one of them gets into my phone (including contacts and notes but I don't think there's much else) and the other gets into everything else, only if you have the first one too. Whichever of the two I swiped most recently would muck up the tracks of the one before that as they're quite different, and without access to what both pattern are needed for access to, I wouldn't have much to worry about.

Good thing I have two nine digit screen lock patterns, and that Android security is actually rather good by the sounds of it, or my paranoia would drive me insane.

Does being on Froyo and not ICS put me at greater risk?

 

[chanchan05]

Depends how clean you keep your screen - a track on the grease marks can give a big clue! Wipe your screen if you want to keep it secure

I use a matte finish screen protector. No fingerprints and less grease marks.

Besides, grease marks will only be a problem if you open your phone and do nothing from time to time. Chances are that you'll obliterate the unlock marks when you type and other stuff. But then its true that a wise approach is you'd better keep the screen clean.

 

[jdj604]

There are apps that let you lock your phone remotely and/or wipe the phone and the sd card remotely if you lose it. Haven't tried any of them so I can't attest as to how well they work. I have the free avast virus checker which also has the remote capabilities, just haven't used that part of it.

I have seekdroid installed and I registered an account but I never bothered to try using it or confirm that it was working. It hangs on contacting device when I try to do anything with my phone from the website and they tell me I should have my phone in hand to resolve the problem. I should have made sure it was working before I needed it, that's the point. I got it for situations exactly like the one I'm in now and the hypothetical one I was asking these questions about; the least I could have done was give it a test run sometime during the months that I had it installed before my phone went on an adventure without me. Being able to see it's location, format it, etc. right now would be fantastic!

 

[FJR1300]

I have seekdroid installed and I registered an account but I never bothered to try using it or confirm that it was working. It hangs on contacting device when I try to do anything with my phone from the website and they tell me I should have my phone in hand to resolve the problem. I should have made sure it was working before I needed it, that's the point. I got it for situations exactly like the one I'm in now and the hypothetical one I was asking these questions about; the least I could have done was give it a test run sometime during the months that I had it installed before my phone went on an adventure without me. Being able to see it's location, format it, etc. right now would be fantastic!

Yep, I thought of doing a dry run too, but I'm apprehensive in that locking the phone remotely might leave me unable to unlock it or unintentionally wipe the phone. Since I've never lost a phone, I just didn't bother, sorry to hear about your predicament.