How to use an android-based smart phones with anonymity, privacy and integrity [DRAFT]

1.Background

Current societies have increasing powers of surveillance and control over individual citizens based on digital technology. At the same time, there is a world-wide trend toward fascist systems, ie political trends which promote the concentration of wealth and power in the hands of a few. Individuals who are interested to maintain their liberal rights, ie ward off fascism and promote open, transparent democracies, should be able to maintain or re-establish their data and communication  security (“IT security”) to counterbalance the power of the system.

The following are the major aspects of IT integrity:

  • Anonymity: The individual can decide which identity to use in a specific situation. Thereby, the individual can control the collection of personal data and the re-construction of his real-world identity by merging of data. This reduces the likelihood of experiencing negative consequences caused by targeted actions by other individuals or systems.
    Example: An individual publishes a wiki page, which everybody can read (no privacy) or modify (not interity).
  • Privacy: The individual can decide which information to share with which other individual. Other individuals cannot get access to the information or the cost to get access to the information is greater than the perceived value of the information, effectively avoiding attempts to get access to the information because of a lack of motivation.
    Example: A known sender (no anonymity) shares an encrypted message (privacy) with a specified receiver, but the message is against his will re-routed to somebody else (no integrity).
  • Integrity: The individual can use technologies (hardware, software), which behave in the way which is documented in the system description or in the way the user intends to use it, ie individual’s actions have the intended effects. Other individuals cannot change the characteristics of the system in a way, which may be overt or covert to the targeted user.
    Example: An known individual (no anonymity) has published information (no privacy) on a website, and the used infrastructure (server hardware, server software, energy supply) is completely controlled by the individual and cannot be changed by any other individual (integrity).

A current smartphone violates these principles:

  • Anonymity: The smartphone has an IMEI (International Mobile Equipment Identity) [²] identifier and a phone number, which can be traced by the mobile network provider. The location data (ie location at night, location during workdays) may give away the home address or work address of the person and can be used to derive further details, eg name, family members, participation in legel or illegal public protests or acts of civil disobedience. Some mobile network providers transfer the IMEI and phone number which means that anonymous SIM cards can be associated with previous phone numbers or owners of the phone number via the IMEI identifier.
  • Privacy: A standard, commercial, android-based smartphone will have Google Mobile Services [¹]  installed. The functionality is limited without installing Google Mobile Services, especially including the Google Play Store to install new apps. Google Mobile Services will constantly share information about the user with servers and services owned by Google  in the USA. Google may be forced by USA law to handout the information to the US government.
  • Integrity: Software is constantly updated via the Google Play Store. A standard user will not be able to notice whether his smartphone has been hacked by Google or other government agencies.

The following tutorial describes how to install open-source android-based operating system on a smart phone using a pre-paid SIM card with high IT integrity:

  • Anonymity: If the phone (IMEI)  has not been used before and bought anonymously and the SIM card has been bought in a shop by cash, the identity of the phone cannot be associated with the identity of the user, unless he uses the phone at locations clearly associated with his identity (home, work).
  • Privacy: Applications with a high degree of privacy (eg end-to-end encryption) are used, eg Signal, ProtonMail, Firefox Focus/Klar, which use infrastructure in legal systems, which protext liberal rights and privacy.
  • Integrity: The operating system is protected by a Privacy Guard, which is monitoring and reporting ingoing and outgoing information (eg calls, text, messages, logs,…

Note: The following android-based smartphone operating systems without proprietary Google Mobile Servcies are available:

2. Tutorial [in progress]

Note: No warranty for correctness or completeness of the tutorial are given!

The following tutorial describes my experiences with installing the open-source, android-based Lineage OS operating system for smart phones.

The main steps are (as far as I can remember):

  1. Unlock your bootloader of your phone (Note: You are loosing warranty!)
  2. Enable Developer Options (press Settings > About > Build 7x)
  3. Enable USB Debugging Mode
  4. Install  on your PC to connect to phone
    1. Android Studio / SDK platform tools
    2. Android Debug Bridge (ADB)
    3. fastboot
  5. Install software Win Recovery Project (TWRP) on phone to install to backup current OS, wipe current OS, and install custom Android ROM image and other files
    1. Backup system
    2. Wipe system
  6. Copy ROM images (TWRP, LineageOS, selected APK files) from PC to phone via ADB
  7. Install LineageOS and firmware

The LineageOS site contains the images only for more recent smartphone models, but internet search lead me to unofficial mirror which features the matching older LineageOS images and TWRP images for older phones, which I then used. If problems arise, searching for additional help in the web, if so using your phone model and the error code, will help to solve the installation problems.

Note: Please note that there is some risk that you may download images or apps with malware from untrusted repositories.

2.1 System Configuration

  • Computer: Samsung 900NX3G with Linux Mint 19.1
  • Phone 1: Motorola G4 (with pre-installed commercial Android OS)
  • Phone 2: Samsung Galaxy Nexus (with pre-installed commercial Android OS)

2.2. Get software tools and images

  • LineageOS image [for Motorola Moto G4 (Plus)]: https://androidfilehost.com/?fid=890278863836285927
  • TWRP image: https://eu.dl.twrp.me/athene/
  • ADB and fastboot: Installation via Linux Mint/Software Manager
  • Android Studio / SDK Platform Tools: Installation via Linux Mint/Software Manager

2.3 Unlock Bootloader

# Samsung Galaxy Nexus
# BASH commands

sudo adb devices
sudo adb reboot bootloader
sudo fastboot devices
sudo fastboot oem unlock
sudo fastboot reboot

Instructions:

https://www.getdroidtips.com/how-to-unlock-bootloader-on-samsung-galaxy-phones/

2.4 Install image management software TWRP (via ADB)

This are the commands on the ADB command line I used to install TWRP:

# BASH commands:
# https://www.youtube.com/watch?v=7Dq4ChFYRP4
sudo adb devices
sudo adb reboot recovery
sudo adb devices
sudo adb reboot bootloader
sudo fastboot devices
sudo fastboot flash recovery twrp-3.2.1-0-athene.img
sudo fastboot boot twrp-3.2.1-0-athene.img

Instructions:

https://www.getdroidtips.com/install-twrp-recovery-moto-g4-moto-g4-plus/

2.5 Installation of LineageOS (via TWRP)

Instructions:

https://www.getdroidtips.com/lineage-os-16-moto-g4/

2.6 Installing useful apps

I installed the following apps to have full functionality from selected repositories [4, 5, 6, 7].

Note: You have to go to Files > SD Card > Downloads > APK file, select, “Three dot” menu > Open with > Package Installer to install a package. For some reason the package installer is not available in the menus if you go to “Downloads” via the bookmark in the browser.

Works:

  • VPN Client: NordVPN
  • Authenticator: Aegis via F-Droid
  • Browser, privacy focused:
    • Firefox Klar/Focus via F-Droid mirror (Note: set startpage.com or duckduckgo.com as search engines!)
    • Chromium/getChromium via F-Droid mirror
  • Private messaging: Signal, ProtonMail, MatterMost, GMX Mail
  • Maps: OSMAnd+
  • Repositories: F-Droid (Note: App will freeze when rotated to landscape mode and needs reinstalling, otherwise fine.)
  • Audio: Audible
  • Public Transport: UL (Uppsala län), SJ (Swedish Railway)

Does not work:

  • Mobile BankID
  • Swish (needs Mobile BankID)
  • Yalp Repository

Not installed for IT security reasons:

  • Mobile Charging: Comviq

3. Conclusions

The installation of Lineages OS takes some effort in terms of time and information search. The installed system works stable. App download and installation works smoothly for many apps, via Google Play Store mirror sites [eg 4, 5, 6], and requires just a little bit more time to find, download and install the APK files.

Problematic as a user in Sweden is that government agencies (eg forsäkringskassan) and banks rely on the “Mobile BankID” app and this app requires Google Mobile Services and a Google account. Therefore, the highly problematic issue is that an citizen in Sweden is more or less force or groomed into constantly sharing private information with Google servers (in the USA) and allowing Google to integrate personal data (e.g. name, phone number, email, location data, …). I tried replacing Google Mobile Services with open-source clones, such as microg [8, 9, 10], which can be installed and seems to work, but still does not enable “Mobile BankID”.

The reason seems to be that microg would have to fake (“spoofing“) the Google Play Store app, ie allow an app to pretend it is another app, which is by default disabled in LineageOS for security reasons.  There are more liberal Googe Mobile Services clones which allow spoofing and activate spoofing on lineage OS [Ref?], but here it depends on what you what, just an imitation of a commercial android phone or a smartphone with IT security.

see also:
Does the “Mobile BankID” app (android-based) compromise the privacy of Swedish citizens? – My letter to “datainspektionen”

Does the “Mobile BankID” app (android-based) compromise the privacy of Swedish citizens? – My letter to “datainspektionen”

References:

[¹] https://en.wikipedia.org/wiki/Google_mobile_services

[2] https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity

[3] https://lineageos.org

[4] https://f-droid.org

[5] https://www.aptoide.com

[6] https://apkpure.com

[7] https://www.apkmirror.com

[8] https://microg.org

[9] https://opengapps.org/

[10] https://lineage.microg.org

 

http://wilmarigl.de

en_USEnglish