Security challenges for smartphones

[my1stSmartPhone]

I've been browsing the current wisdom on security best practices as well as the online info on what might be the most reasonable smartphone for the security conscious. It dawned on me that it really depends on the degree of one's paranoia. Here are the increasing levels of paranoia as I see them. If you're worried about losing the phone, or people shoulder surfing, you would use a passcode (indispensable in any case) and install apps for remote location and remote wipe. If you're worried about malware, install antimalware. If you're worried about apps stealing your personal info and/or inflicting you with ads, install permissions controllers and don't install apps indiscriminately. If you're an enterprise, you'd worry about policies for preventing loosy goosy users from bringing malware within the firewall, or making corporate info available to others while off-site. The 2nd most paranoid level is where I sit: If you worry about storing your most personal identification/authentication info on your phone, you avoid the cloud, eschew the vendor OS by going open source, and only install apps when necessary. And finally, the maximum level, if you're worried about certain national establishments (domestic or otherwise) spying on you...well, I'm not sure what people at that level do, but I've read about things with which I am unfamiliar, e.g. securing the baseband, possibly the firmware.

OK, so maybe my paranoia creeps a tiny bit into the maximum level, but only in the sense of being diligent against the possibility of spyware from nondomestic sources. It's such an opaque world that, unless one is willing to make this into a full time career, the available courses of action to users (not developers) to deal with this risk are limited. Speaking from an uninformed standpoint, perhaps a reasonable level of due diligence might be to select a phone made by a company from a country that one is comfortable with.

About the 2nd most paranoid level: I'm beginning to wonder whether it is even feasible trying to contend with perceived risk. I'm finding that it's actually harder to forgo the vendor OS than first thought -- and by vendor OS, I also mean specifically a carrier's variant of an open source OS like Android. The reason I lump that in with a vendor OS is because of the Carrier IQ issue from years back; although there may not have been ill intent, it shows that it is feasible for carriers to augment an open source OS with unwelcome "chaperon" code, and that it is in fact practiced.

Here are the challenges that I've found in trying to pro-actively contend with the 2nd most paranoid level. First, the terrain of open source alternatives is a wild west. I chose CyanogenMod (CM) because it seemed to be the most popular and (I reasoned) would be most mature. The problem, at least so far as I've guessed it to be, is that there are so many phones out there that the port of the OS to the specific phone that one owns is a hit-or-miss proposition. In my case, the images of CM for the 1st generation Moto-G were all nightlies, with no milestone versions, i.e., no verification of proper functionality. The Moto-G has a few more variants, so either the 1st gen has too small a user base or is just too "1st gen" to attract the attention that would lead to a milestone version of CM.

The 2nd challenge is related to the 1st: The recovery software to install non-native OSs (correction from "apps") also seems to be a wild west. I tried to 2 most popular, ClockworkMod and TeamWin. The first did not work and the 2nd worked sometimes. Again, there is no one on a paid staff porting these software to the multitude of phones out there, so one can only guess what forces lead to stable, robust releases for specific phones.

The 3rd challenge has to do with a lower level of paranoia, that of seemingly unreasonable permissions needed by apps. According to my tiering scheme, therefore, it doesn't fall under the 2nd most paranoid level, but it's related in that is has to with protecting your personal info. The most front-line course of action is simply to avoid apps that require permissions that you're not comfortable with, or which you can't fathom the need for. This would rule out a vast sea of apps, including those that you want. Additionally, you can inquire with the vendor about the permissions required by an app that you especially covet and/or install an app permission controller. Along the lines of the latter, CM has Privacy Guard, which would seem to be a magic bullet. It is better than nothing, but far from a magic bullet. Phone operation can break if you indiscriminately refuse permissions (especially to apps native to the OS, even though the permissions may not make sense to you). Furthermore, there are many apps on the list which are unrecognizable. This begins to look like the personal firewall situation of more than a decade ago: It is impossible for users to intelligently create permission rules without some rather deep expertise in how things work under the hood. I see an analogy with apps permission controllers.

The final challenge in contending with the 2nd most paranoid level is where I am currently at an impasse. The OS developers don't just progress the evolution of the OS; at some point, they can decide that the OS will require a different bootloader. This means that you need to download the bootloader from a 3rd party site. It's one thing to put one's faith in open source sites for software that is open to the scrutiny of a large body of users. It's another to go to a less-known site to get a low level piece of software. For example, you wouldn't get a BIOS for your PC from an unknown source (or at least, I wouldn't). So you're faced with the decision of how long to go without an OS upgrade before tossing the phone.

 

[funkylogik]

Pretty much, yeah. This is the hand we're dealt

 

[my1stSmartPhone]

Well.

That was rudely sobering (not your post wasn't rude, the sober effect was).

I was really kinda hoping that a wizened gray beard would say

"Young lad (even though I'm not that young), don't despair. It is not hopeless -- you are being overly concerned. Based on my vast and timeless experience, here are the things that matter if you target the 2nd most paranoid level, as you have tiered it up. You should select vendor ACME, phone model blah-dee-blah because ACME has every business imperative to not betray your trust. And such-and-such historical events demonstrate that their priorities are such that you can trust their OS. No need to muss around with the wild west of open source, which leaves you stranded unless you want to upgrade your bootloader from Booty Al's Free Bootlegged Bootloaders. Furthermore, since it's not a toy for you, the limited ACME apps market place should not too much of a deficiency for you as you have all the tools you need to browse documents rather than play games, watch movies, or socialize online."

Just as a focus to help me pen the parody above, I had a particular vendor in mind (which is easy to guess at), but I just don't know whether all the good things above can be said about them.

Of course, I'm being facetious about bootlegged bootloaders. I know that people donate their time to make them available. I just wanted to milk the parody. The fact is, despite such kindness of strangers, trusting unknown 3rd party sources is simply inconsistent with the model of due diligence for the security conscious.

 

[EarlyMon]

Wait.

Clockworkmod and TWRP tend to be very reliable recoveries - provided you've installed the right version for your phone.

What phone do you have?

What failures did you experience with each one?


And the first question is bound to shed light about the bootloader complaint because that's not clear either.

Do you have a first generation Moto G or other?

 

[funkylogik]

Lol ^^ here's the wisened old man with the beard

 

[my1stSmartPhone]

I do indeed have the 1st generation Moto G. I'm digging a bit back into time to recount the details, I was never able to install CM using CWM. I found a trace of the issue from a past post: http://androidforums.com/threads/windows-mtb-usb-device-driver-error-when-moto-g-running-twrp.901001. Basically, every time I booted into recovery, I saw a dead Android avatar. From web searching at that time, I recall that I was not alone in having encountered that symptom. The CWM versions I tried are:

* recovery-clockwork-6.0.4.7-falcon.img
* recovery-clockwork-touch-6.0.4.7-falcon.img

As for TWRP, it was probably unfair for me to characterize it as working sometimes. My memory of it is hazy, but it might have been bumping up against the lack of MTP USB drivers and inability to sideload CM. The versions of TWRP I tried were:

* openrecovery-twrp-2.8.3.0-xt1032.img
* openrecovery-twrp-2.8.4.0-xt1032.img

The latest apparent problem I had with upgrading CM was the need for a bootloader upgrade. To be fair, it's not so much a complaint as it is a description of the Android open source ecosystems, and challenges to the security conscious. As I said, I'm fully aware that no one is on paid staff to develop open source software.

 

[Hadron]

The "dead Android avatar" is the stock recovery, so in fact you never actually installed CWM. Don't know why, but that is why CWM didn't work for you.

I never met a ROM that requires a bootloader upgrade specifically, though that could be part of a more general firmware update that was needed (the ROM is only part of the story, and if based on a new major release you may need other stuff updating). For that type of thing people use the official firmware, but it may be repackaged to remove stuff that isn't wanted (such as the stock ROM). So that won't rely on someone actually developing a bootloader, but the techniques for updating that will be different from flashing a ROM.

 

[EarlyMon]

^ This.

 

[my1stSmartPhone]

I don't know why CWM didn't work for me either, and after enough nights trying this and that, I went with TWRP. My motivation for relating that was to explain why I view the open source alternatives as a wild west. From browsing, I found that people do run into this, and it is definitely not as hands-free as (say) a Windows update. The reasons for the show stopper will vary significantly depending on the device and the version of the software, as will the work around (if any).

As for the ROM requiring an upgrade to the bootloader, I did my due diligence instead of posting. I found someone had posted exactly the same symptoms, and the response was to look more closely at the error messages in TWRP. The messages indicated a need for a bootloader upgrade. I believe it was on the same thread that a link was provided to a site where a bootloader upgrade could be obtained. This is exactly the situation I described in my original post.

 

[my1stSmartPhone]

Given that this is the state of truly open source Android, and the movement of Google away from a truly open source system, I think it's time to plan a migration to Blackberry. It's crapshoot either way as to whether they are more trustworthy, but I have only impressions to go on at this point. The only sunk cost at this point is the Moto G, the cadillac app AkrutoSync, and most importantly, tons and tons of time.

 

[mikedt]

Android itself is truly open, but if you happen to buy a phone that's locked down and you can't do what you want with it, and you want to trust it, that's not really Androids fault, blame Motorola, Samsung, etc. or a carrier like Verizon or whatever. Have a look at devices like OnePlus One, Oppo F5, F7, FairPhone, etc.

 

[my1stSmartPhone]

Mike, I described in this thread Google's funnelling of functionality into their app. I'm not using the carrier's variant of Android. The above statement is made in the context of what has been discussed in the thread.

 

[EarlyMon]

Given that this is the state of truly open source Android, and the movement of Google away from a truly open source system...

What, seriously, are you talking about?

Google is in no way moving Android away from open source.

Mike, I described in this thread Google's funnelling of functionality into their app. I'm not using the carrier's variant of Android. The above statement is made in the context of what has been discussed in the thread.

You're not using the carrier variant of Android - you're using Motorola's version.

And you're extrapolating to infinity from a one phone data point.

As for the app that Google is funneling everything into, I've read this thread 4 times and I still have no idea what you're referring to.

Put it into one post - which app - without side topics and I'll try to follow.

I'm sorry, I'm used to helping people who spell out what the problem or problems are - honestly, this thread is more like a stream of consciousness - both recoveries suck - ok maybe I didn't use both of them - I do my due diligence instead of posting (so you trust people on the Internet without asking us what's up?) - something about carrier iq (btw, that wasn't an Android exclusive) - I needed a firmware update to support a custom rom branched FAR off of stock Android so here are my stock Android conclusions - and the pièce de resistance - now we're not dealing with open source.

If you want help understanding Android instead of the picture you're convinced about - please ask.

If you want to just rant because you put in a lot of time and have hit some frustrating points, go for it. I've done it often enough myself.

Just please tell me which it is.

 

[EarlyMon]

Referring to the first post -


Custom recoveries are not used to install non-native apps. Recovery is used to change the system codebase.

Are you asking if there are Android options directed at folks like yourself with a high sensitivity to security?

Maybe.

https://blackphone.ch/

http://m.androidcentral.com/blackphone-launches-new-phone-and-tablet-boot

 

[my1stSmartPhone]

Well, EarlyMon, you're right about the fact that I misspoke. Recoveries are used for OSs, not apps. I corrected that, so thanks. Also, I understand why you're confused by my comment about Google funnelling functionality into its app -- it is due to my mistake; I spoke about it in another forum. The basic idea is that after much web surfing, I came across some perspectives that much functionality is being shovelled into Google Apps rather than Android per se, and this is a means by which Google can reign in control over the user experience.

I understand that you prefer a very specific technical problem to solve, but I did not ask for that (though I have responded with technical details as requested). Instead, I am painting a broad picture of my experience with Android, and formulating and overall assessment of its suitability for the security conscious. If this is not the kind of thread that you like to engage in, completely understandable. I'm sure there are plenty of technically specific problems that you can help with.

Now, you may have done this in jest, but I have to point out that you severely misquoted me *and* quoted me out of context. It would not be constructive for me to respond to that, nor would it be a constructive use of time.

 

[EarlyMon]

Yeah, thanks.

Google funneling things into GAPPS to shape the user experience and therefore is turning away from open source?

Thanks for your opinion on that.

Pretty sure that I'm not quoting you incorrectly and that's how your three statements string together. And if not, it's a shame.

Thanks too for inviting me to find a thread better suited for me.

That's the most sensible thing I've read here by a long shot.

Take care!

 

[Slug]

[...] after much web surfing, I came across some perspectives that much functionality is being shovelled into Google Apps rather than Android per se, and this is a means by which Google can reign in control over the user experience.

Google have shifted much low-level functionality in recent Android versions from the core OS to the likes of Play Services, but it was done to mitigate the fact that network carriers tend to be slow in releasing updates to their branded firmware i.e. the "OS fragmentation" that users had complained about for some time.

There's a good explanation here.

 

[my1stSmartPhone]

I tried to find some of the threads I ferruted through where people expressed this opinion, but couldn't find them with the available time. However, I should be clear that that's not an opinion that I originated. It is something I agree with, though, just based on how the app took over the whole phone. It was pretty miserable trying to disable everything so that I could have my known phone back and still get to sleep for work the next day. Who knows how much I've actually succeeded.

Keep in mind that I ran into those opinions when I was searching for info security knowledge. So what I found reflects a certain defensive outlook on the whole shoveling of functionality into the app. From the article you posted, it's pretty comprehensive, seeming to take on much of the functionality of an OS. To me, that's peeling away from the open source. If you have so much power and functionality in this extra layer that isn't part of the underlying open source, the commonality of the underlying open source begins to lose its relevance. It's sort of like how we would never confuse Android with Unix, even though it came from there.

In any case, I'm still stuck with finding a successor to my almost new Android phone. I have to keep in mind that they are no longer phones or PDAs. You should go about choosing your smartphone in the same manner as you would a computer, with all the security considerations that you would give to that. Only thing is, it's much easier with a real computer because if you want compatibility with the rest of the world, there's really only one choice of an computer OS, and we are fortunate that that vendor has grown up, security-wise. If that wasn't the case, I'd seriously consider a linux machine, and the shouldering of the associated incompatibilities with the rest of the world.

 

[Slug]

From the article you posted, it's pretty comprehensive, seeming to take on much of the functionality of an OS. To me, that's peeling away from the open source.

Google's own services have always been proprietary rather than open source. This merely decouples them from the core OS to make each less dependant on the other.

if you want compatibility with the rest of the world, there's really only one choice of an computer OS

Not true, not by a long shot.

 

[my1stSmartPhone]

Google's own services have always been proprietary rather than open source. This merely decouples them from the core OS to make each less dependant on the other.

You used the word "services", while I was being more vague with the word "functionality". For example, CM 12 has many apps of which there are sexier versions in Google Apps. Are the CM 12 apps not part of the open source Android? (That's a genuine question, not a rhetorical one). If so, then that's what I meant by the OSs diverging. If not, it'd be interesting to know where they get the CM native apps from.

I'm trying to clear up to myself why this is important for the security conscious. I was relying on the open source aspect of CM as a measure of assurance that nothing too disagreeable would be in the phone (OS or native apps). No opaque proprietary suite of apps like in Google apps. I did not anticipate the need to rely on Google apps to access the app market. Sure, there's F-droid, but it's a bit of an apps backwater. Based on my online research, for example, I wanted QuMu PDF Viewer/Reader, for various reasons, so I need Google Apps to access the Play store. I had jumped onto that Google Apps bandwagon or else the smartphone would simply be frustrating to use, which raises the question of why I should have one. Goodbye to conveniences like browsing, reading, texting, and text editing.

I decided to chance it and installed Google Apps. The very fact that it took all evening to wrest back control of my phone -- that drove home exactly how far apart CM and Google's Anroid was. It seemed that the latter was never intended to operate without Google Apps. This illusion of getting a largely common Android OS, benefiting from the active evolution of Android and its thriving apps market, and relying on 3rd party variants like CM to offset the security concerns....is becoming an illusion. The more functionality is shoveled into Google Apps, the less relevant the commonality becomes.

Not true, not by a long shot.

This statement was in response to "if you want compatibility with the rest of the world, there's really only one choice of an computer OS". That perspective obviously depends on one's experience. I'm harkening back to the Solaris days, which industry abondoned in droves for Windows. Compatibility was dismal if you existed outside the Microsoft world. Work-alike-ware ameliorates that problem these days, but even today, I would certainly not assume that I could access a complex M$ Office document, file, or Outlook item without the actual Office suite. That kind of incompatibility can not only consume tremendous amounts of time, but can lead to serious misunderstandings and/or rifts. Heck, ever dragged a simple text file over MTP fom the CM file system to Windows 7? I suspect different character encodings, but you don't get the same thing editing the file on Windows as you do on the smartphone. Of course, this depends on th editor, but that just underscores the fragility of compatibility. Little things (of which there can be many) chew up tons of time. Unless the smartphone is a technology enthusiast's hobby, that's just not why people get smartphones.

 

[EarlyMon]

The Android Open Source Project (AOSP) repository is where you'll find the official source tree.

Cyanogenmod is a forked branch of Android maintained by Cyanogenmod.

CM apps are developed largely by CM contributors.

Richard Stallman established the GNU repository and defined the first open source license.

Free and open source software often includes proprietary components - always has, always will, and the licensing for the mix has been challenged repeatedly, and successfully upheld.

Free and open source calls into question the definition of terms - beginning with free, Stallman said - It's free as in speech, not free as in beer.

My colleague used the term "services" because it identifies a specific thing, and ought not have been read generically with freedom of interpretation or somehow missing your point.

Android is a family Apache/Linux distributions and what you might colloquially think of Linux are any members of the family of GNU/Linux distributions.

Your Windows 7 file compatibility issues come from the fact that you seem unaware of the fact that Android files have the same issues that exchanging Linux files with a primitive Windows operating system does and has always presented. Use WordPad, not Notepad - Notepad is little more than a graphical MS-DOS editor.

As you claim Solaris experience, I should expect that you know that, that you understand the difference between plain text *nix file line and file termination vs DOS formatting and that you know how to recognize and deal with UTF-8 character encoding as well.

You keep claiming that you need open source for security on one hand and then make contradictory statements on the other.

Cyanogenmod, Inc. has openly declared that they intend to fully branch away from Google and open their own market. That was immediately followed by an endless round of press stories about whether, how much, and how, Microsoft is investing in them now.

I don't really care if you're trolling for Cyanogenmod, Inc., Apple, Research In Motion, or Microsoft.

But you are trolling and it's enough.

/thread closed