Big Data - gathering personal data in a large scale - anybody has heard of it - anybody was at least one time a victim of data gathering of this kind. Especially when using Smartphone Apps in connection with social networking and media.
Be careful regarding messenger services such as WhatsApp, Signal, Telegram, et cetera! The end-to-end encryption does not prevent others who have the number of a user from finding out the IP by messages for example, which offers the possibility of localizing the location (IP geolocation). In addition, these software products often have internal automatic update functions which could be used to inject malicious software if the operating system is poorly secured. The same applies to VNC software (software to control devices remotely which we would compare to mainstream fellowships of Sub7 a.c.). If those are secured poorly or, as mentioned above, providing ultimate backdoors (which are officially used for "updates"), users may already have lost.
There are several easy steps to follow to make your smartphone less leaking private/personal data:
- Use VPN Connection for your Internet Connections.
- Always encrypt your connections to social web- and media services like Facebook/Twitter/etc. by SSL - There are Apps like HTTPS Everywhere which ensure using HTTPS if possible. Note: Many Webserver still use the RC4 cipher - This is not very safe because most browsers will drop back to the lower ciphers available. Check with : https://www.ssllabs.com/ssltest/analyze.html
- Android Users having Jelly Bean (<= Android 4.1.1) installed need to update their operating system. Jelly Bean >=4.1.2 or KitKat 4.4 are nor vulnerable to the Hearbleed Bug. I recommend changing any password for accounts used with a vulnerable device. Take care you are using different passwords for each account.
- While playing games you should deactivate any Data Connection (Offline-/Airplane-Mode). Most games donot need any internet connections. Btw you will get rid of adds(-tracking) and save CPU-cycles so you will recognize a performance increase.
- Deactivate Mobile Data Connections, GPS, Geolocation and WLAN, etc. and activate manually if needed.
- Most Android Versions authenticate Apps as safe if the data files contained within the APK(Install Package) file are signed by a random self-signed(created) certificate. This means you should be aware of RATs(Remote Access Tool) which could be shipped within some APK downloaded from some third party website(weblinks,etc.) or underground app store. To check for RATS there are no 100% proof root kit hunters available. The only way to check for a RAT is to monitor your network traffic and proccesses running at the device. To monitor your device's connections you need setup some computer as WLAN Access Point, set it up as a Router and connect your device to it. For a live impression of all established connections while using apps, social media, etc. you need to use Wireshark @ your Router to dump and analyze the packages sent and received by your device.
- Android : The hidden folder .face contains all pictures which are suitable for biometric identification (more or less - the algorithmn seems to be not very good). This could be used to identify possible users of the phone and related persons.
- Get rid of the smart phone or just keep it for multimedia and wlan internet connections without a sim card and make sure to use encrypted VPN. If you choose to keep it you could flash your phone from time to time with a secure and clean os image just to be sure. You can never protect such embbed systems 100%.Posted at 2014-04-27 20:28:36 ( updated at 2020-08-20 17:15:44 by cr4sh )