Guardian Rom - Secure Android OS

Discussion in 'privacy technology' started by x942, Jun 9, 2013.

  1. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Yeah since the domains aren't in our possession, they aren't pointed anywhere. We have been fighting to know what happened but our registrar keeps saying 'Only the user can release a domain' and then the contradict that by saying their was no account activity during the period of when the domains were released. The account was protected with a strong randomly generated password and two-factor so I doubt it was hacked on that end.

    Yup! Doing well. Just trying to get this out ASAP :)
     
  2. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Thanks for the follow-up and glad you are ok.

    I am starting to look at it from the perspective of buying a Nexus and security hardening it myself. I like the article by the TorProject https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
    A little outdated but it is a good start. We really need something more up to date, maybe worth documenting some of the experiences or having a security hardening android project.
     
  3. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    I would be more than happy to write a new guide on this. Somethings have changed since my last one (and the one you posted). I will write it up and post here on the forms + my website. That link isn't to out of date, but I personally believe there are some better things you can do now and it doesn't cover every use case.
     
  4. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Didnt realize that was your article. It works for Android Kit Kat but Lollipop changes quite a few things. Droidwall doesnt appear maintained either.

    I saw the following photo that convinced me silent circle wasnt what I was looking for.
     

    Attached Files:

  5. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Lollipop did change quite a bit. The guide I am writing will be far more in depth and will cover everything from an average user to more paranoid users like me. I will post the whole thing as a link, but I will also quote the parts I know you all will want and just post that in the thread so you don't have to go to another website to view it.

    Yup. Of course they are going to add Google in. No one was buying it before. How much longer before the playstore is included as well.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Good to see the project is not dead :)
    Btw, do you know if GuardianRom's hardened kernel and GRsecurity would have stopped the exploiting of the stagefright CVE's?
     
  7. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Haven't tested it but I will do so tonight for you. It should though as it appears that Android's ASLR implementation mitigated the damage on newer devices. I will do a full test and see if I can make it working against the GRSec kernel.
     
  8. guest

    guest Guest

    Is there a way besides this thread to follow the news about this ROM? twitter account or something?
     
  9. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    You can follow my website as I post updates often. However all accounts were shutdown temporarily due to us going stealth for the time being. I will update once we relaunch but for most part updates will be few and far between until then. You can also e-mail me for updates if you use GPG.
     
  10. guest

    guest Guest

    Is this your website? it doesn't work for me.
    http://www.shadowdcatconsulting.com/
     
  11. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
  12. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    What handsets do you see working the GuardianRom on in the future? Are you planning on bringing this to the new Nexus 5 coming out in October?

    My thoughts at the moment are to follow your advice and go the Cyanogenmod path with a Nexus and until GuardianRom is done security harden it myself.
     
  13. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Yeah I think the project is dead, which is unfortunate. Luckily i found another project that is coming along very nicely! Check out Mission impossible android (MIA) on github, ill post a link below. Nathan from guardian project (Not GuardainROM) is helping as well as Mike Perry from the Tor project. The project is a streamlined version of the Mike Perry hardened android writeup on the Tor blog and they have been making great progress, come check it out.

    https://github.com/mission-impossib...id#mia---mission-impossible-android-hardening
     
  14. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Our software releases will always target the Nexus devices as its easier since google releases the AOSP source tree for those devices. Anyone can port them to another device is the feel like it though. Part of the delay is working on the following issues:

    1. We want reproducible builds so people can confirm our binaries are legit and not back-doored.
    2. We are working on implementing XEN isolation still, on most devices you will be limited to Dom0 and on VM, but on mobile this is all you need really. The guest VM can run any apps you don't trust and possible even google apps for those who need them. All without having access to your sensitive data.
    3. With reproducible builds we are building out an open-source server that will allow anyone to host a server that will automatically download our source-code and compile it. This would be set by the server own as to how often it would do it, but as a default upon any knew binary release. The servers download the source-code, compile it, and as its reproducible they check the hash (SHA-256). If they match all good, if not something is up. The more servers running the better and each server will send results to the other servers so as an end user you can just visit one trusted server and see if the builds pass the checks. The more servers the better as it eliminates the threat of a rouge server claiming the binaries don't match when they do, or vice versa. You would get a break down like 20/20 servers verified the build. This should make implementing a backdoor hard as it would HAVE to be in the source-code to pass these tests. If its in the source, it will get found eventually. This part of the project is being completed after we have reproducible builds.
    4. Hardware version. We are working hard on vetting vendors for a hardware version. Our open-source modem is a ways away though. The first iteration of the phone will probably have a removable modem so you can simply remove it if you don't trust it.
    That is a great project, but we aren't dead. Things are taking longer are we are a small team and we want to ensure this is done correctly.
     
  15. ImplicitDeny

    ImplicitDeny Registered Member

    Joined:
    Sep 14, 2015
    Posts:
    1
    Since we haven't gotten a GPG key yet (and many of us wouldn't know how to effectively use it anyway), I'm assuming there's a few people on here that can verify you in their circle of trust and say that you are really you? Not intending any offense here.....
     
    Last edited by a moderator: Sep 14, 2015
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    His key, as I know it:
    Code:
    Key ID:      0xF17D45EB
    Fingerprint: 75F0 29CC 7580 2332 C0F9 9B40 AAC4 E1E8 F17D 45EB
     
  17. NotNo

    NotNo Registered Member

    Joined:
    Sep 19, 2015
    Posts:
    2
    Hi Guardianrom, mirmir and all..

    I am still waiting patiently to see this one stop shop of personal freedom and safety come to fruition.

    Still on the seat of my pants.......

    Please please please KD.............News please?

    We the few marvel at your genius ;)
     
  18. u235

    u235 Registered Member

    Joined:
    Oct 26, 2015
    Posts:
    1
    Hi. Is there any news on the guardian ROM? Im very courious to see the results. I'm currently owning a rooted Sony z1 phone with all kinds of privacy countermeasures. But that's far from ideal. I hope so, that the project isn't dead yet. The world deserves the option of an phone that can be trusted. :(
     
  19. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    It is the dilemma that I am facing.
    I could buy a Nexus and wait for guardian rom which would be ideal for my purposes. The balancing act is between privacy and security.
    Other solutions include using Knox or Android for Work Phones,Of the three solutions my preference is:
    1.) Guardion ROM (nice but not available) Privacy and Security but not available.
    2.) Knox - Addresses security but not privacy
    3) Android for Work - Less security and little privacy

    https://www.wilderssecurity.com/threads/virtual-machines-within-android.380926/
     
  20. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Copperhead OS might be of interest to people in this thread. Perhaps a new thread should be made as I haven't seen anything on it here. Been using it now for a month, also spoof MAC address's per app as well as including PAX kernal etc. Pretty cool project that is advancing nicely
     
  21. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Great to hear Mailmaiden, definitely one worth considering. I am looking at alternative options at the moment.

    I know every time I say that Guardian Rom is a dead project Kyle pops up.
     
  22. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Making something innovative always comes with un-expected challenges. I respect guardianROM's decision to go dark for the moment but wish the best for them. Security does come not easy and is heavily scrutinized; I have been making a unrelated simple system and have found many obstacles that have come up. I can only imagine a project of this magnitude being that much more difficult. I do believe this Copperhead OS is quite promising and I think it will be able to move at a quicker rate and have more sustainability.

    I admire the goals GuardianROM seeks to achieve and Kyle is a talented individual. I will keep my specific issues with the direction of GR to myself but wish the projects challenges were not clouded in a refuge of audacity with keys being lost, etc.

    -some drunk girl from the internet
     
    Last edited: Nov 22, 2015
  23. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
  24. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Agreed, thanks for the link. I am setting it up now. I'm hoping it plays nicely with multirom manager so it could be my main rom because it has the most usability. I have been using copperheadOS as a secondary rom or booting from USB-OTG with multirom manager. Im still trying to figure out how to lock my bootloader after installing multirom, it seems to not really lock.
     
  25. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Any feedback on CopperhaedOS or Secure Spaces?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.