Hardening Android Privacy/Security

I want a hardened android device. Noticing a few other crazy tin foil hat wearers frequent this forum I want to know what you all think.

So I have a new phone on the way… up too this point in my life, I have had beater phones that I didn’t put much thought into. I’m a pretty paranoid tin foil hat wearer, so the main thing I wanted in a phone would be peace of mind on a privacy and security perspective, however I’m also fairly performance minded which has caused more issue than necessary. When I first started looking at phones, I was pretty set on getting a google pixel, mostly to use CopperheadOS. However due to the price of the Google pixel for its specs (especially since I don’t really care about a camera), I decided on getting a Blackberry DTEK 60. The main reason for going for this phone over other alternatives, is its support for fully verified boot. So this brings me to my own self made dilemma. I would prefer to use a secure open source environment on the device, so that would ideally mean using a custom ROM (like replicant or something) and enhanced security settings. As you can imagine Copperhead OS, or the Tor Mission Improbable Project would be the perfect environment, but because they don’t support the DTEK 60, I don’t know if that will be possible. So far I haven’t found any documentation on running copperhead on unsupported devices, I also haven’t found much documentation on the DTEK 60’s OEM key (for verified boot), which may end up being problematic. I might even just have to resort to just using the existing OS in order for it to work, but that would mean having to work around the existing proprietary software and google integration on the device, which is less than ideal. This will be my first time actually doing anything with the android platform, and I’m pretty excited to break things. My phone will arrive the second week in January so I still have plenty of time to think far too much about this.

SO, should I just use Blackberry’s OS? Tune replicant/cyanogenmod to be more secure? Try to get CopperheadOS to work? Was it stupid to get a DTEK60 and put myself in this position in the first place? Should I just take of my tinfoil hat and except Google and friends as our new overlord?

Any Ideas are welcome, and I would appreciate hearing your own solutions to the privacy/security dilemma on android. :slight_smile:

1 Like

I don't think unlocking the bootloader is impossible to work around as a security measure so I don't think that's a real problem for your security. That said I would install an AOSP based ROM that doesen't have any automatic update infrastructure behind it (like Cyanogenmod) because usually those back end things have some bug reports and stuff (for example on Cyanogenmod you can decide whether you want to send those reports or not but I wouldn't trust a checkbox like that). Than use the file system encryption, don't install any Gapps, enable root only when you know you're going to need it, try to keep up with the security updates by Google, use some kind of protection to unlock the phone, mock your IMEI, MAC address and phone details with some root apps, use a VPN, keep the USB debug disabled (enable only if you need it and disable it immediatly after) and that's all I can think of as of right now.

1 Like

I might crash soon (cause its 6AM lol) but I'll be checking back later

So I'm not super familiar with the situation of encryption on android, but it looks like the key is presented on boot to decrypt the entire disk? So would there be a way to tie your lock screen to be a key for certain encrypted directories? or if there would be a way to make the phone turn off after a couple failed password attempts?