Android Privacy Tools Questions

I'm mainly interested in "full device encryption" and "file shredding".


Full Device Encryption:

- it seems WhisperCore was purchased and it's download pulled from the web. Any users here that can give us a review and know anything about it's future?

- any other apps like this??

- i've read that ICS may have it built -in. Is this true


File Shredding:

- has anyone tested the various file/free space overwrite tools available on the market for their ability to make files non recoverable?

- do any change file names before shredding??

- know of any computer programs like "Eraser" that are planning to make compatible with Android

Thanks!

 

WhisperCore was bought by twiter and nothing has happened so far sadly. TextSecure is the only thing available and it was opensourced (Awesome!). I have been in contact with the guardian project and they are in talks with Twitter and whispersys to open source the whole suite. No time on it though.

I can't find any way of doing it except setting up LUKS/Cryptsetup manually. But you need root and a kernel that supports it. ICS does have "Full" Disk Encryption but with some flaws:

1) It's only 128BIT AES not 256BIT
2) Password is limited to 16 Chars. w/no spaces.
3) Only encrypts your user data and not the system partition (hence no true Full Disk encryption- it should encrypt everything but /boot).
4)Same password used for Pre-boot as Lock screen - This is annoying. WC had two different passwords, one for booting (encryption) and one for lock screen (which could be a pattern or pin. They even had "anti-smudging" built in).

I have been, for a while now, trying to design a custom rom to replace WC. It will have:

-SELinux
-Selective Permissions
-TextSecure built in
-Firewall
-AES 256BIT LUKS encryption
-Two Separate passwords
-Anti-smudging screens
-Ability to enable or disable root on the fly
-Ability to enable or disable the market on the fly

Haven't gotten far as I'm not the best at modifying the kernel. (if anyone want's to help PM me).

There are a few in the Android market. However I would just pull the SDCard out and use your computer to wipe it. For internal memory perform a couple rest's and flash a new rom.

 

The only "sorta" flaw you mentioned is the same password, which is more of a convenience issue.

128bit AES is strong enough (in fact it's faster than 256 and virtually just as strong. http://www.usbcrypt.com/128-vs-256-bit-encryption/)

16 characters = uncrackable assuming it's using bcrypt or pbkdf2 (more likely.) Take whatever "howsecureismypassword" says for your 8 character password and multiply that by about a thousand and that's more like pbkdf2.

Why does it matter if your OS is encrypted? I guess I can see this being an issue... maybe. eh. It's not like TrueCrypt where you want plausible deniability/ you want to hide everything. Everyone knows you're running Android, there aren't any hidden volumes on there. I can see very very specific situations where you might want it (to prevent tampering with the OS in such a way that a keylogger could potentially be installed) but idk. If you aren't rooted they would have to root it to do this and bypass the hardware key protection that's built into Android.

I baked some ROMs for the Eris for a while but got bored of it.

 

A couple of things:
1) Why use 128Bit when their is no noticeable difference in using 256Bit? 256bit is orders of magnitude stronger. Sure neither will get cracked anytime soon but still why limit it? At least give a choice between the two.

2) Because if the system isn't encrypted I can simply use ADB and push malware into the system. i've done it to demonstrate why it's a bad idea. Sure it's not going to leak data but it makes the attackers job easier. In the demo I pushed a keyboard replacement that logged everything typed and sent it to a remote server. I wouldn't trust the not being rooted part. I mean remember GingerBreak and rageagainstthecage?
The first is just an APK the other only needs ADB. Not saying they would work in this case but just pointing out if you can ADB you can get access to compromise the system.
At least with a lock bootloader it wipes the phone when you try to replace it, so without special tools you can't replace it and keep data intact.

3) Sure 16 is good. But once again I want the choice to use longer passwords. I just don't see why they have to limit you. This is the one point I do fully agree with though, it's not the biggest deal, the rest I wish were fixed.

EDIT: Not trying to argue. Just giving my reasoning behind it.

 

1) The benefits of using 256bit are essentially nonexistent as we can't crack either. The benefit of using 128bit is that it's computationally much quicker - you're dealing with phones, these are not powerful computers and Android is already a somewhat heavy OS. ~40% performance hit in decryption when moving to AES 256bit.

2) I will definitely concede that encrypting the OS is probably a good idea. I was thinking of stock machines, which are hardware locked. The fact that this is a ROM means that recovery/ root access and ADB can already be used without the attacker needing to root it themselves.

3) I agree. The limit is lame. For GMail I use a 22 character password (the reason being that GMail is a website and therefor I can not verify exactly how they are encrypting and what password hashing methods they use.)

I've looked it up and Android ICS does use pbkdf2. You could use 8 lower case letters and it would take one of those fancy cloud cracking computers to get into it (even then it would probably be pretty difficult considering how slow it is.) A strong 16 character password would be millions of years more than that.

I like the idea of a hardened ROM though with full disk encryption + SELinux. Would you be implementing profiles for common apps or leaving that to the user?

 

1) Okay let me rephrase it lol. I agree with what you are saying. Yes since neither will be cracked the are equal as strong in that reasoning. However I think AES256 is important because of the fact the majority of users need standards that are approved by the Government or other bodies. In that case 128Bit won't help these users and they are by far the majority of users.

2) Agreed there

3)I believe google uses SHA 512 but I don't remember where I read that. I use what ever the max length is as I use keepass to store passwords I don't care if they are impossible to remember. On a phone 30 Chars. is what I used with WC.

You are correct. It would be next to impossible to crack a 16 Char. password with pbkdf2. SELinux right now I have implemented with all the stock apps that could be "compromised" easily (Web browser, Text Messaging, NFC Tag Reader, Flash (if installed manually), and email). I would add more based on request.

 

I run WhisperCore and thankfully, other than the 'have to pop the battery if you get the pass wrong' bug (which *could* be a feature, LOL), it works perfectly.

Unfortunately, I didn't save the full download installer. It would be awesome if someone could host the installers for the 3 OS'...and be able to get the file hashes from Moxie or Stuart. I'm not a 'phone guy' though so sticking with a Nexus S and 2.3.5 won't be a problem...I'll probably have it for years.

I don't worry about wiping, as the whole phone in encrypted.

I wish they'd come back...friggen Twitter...

PD

 

I have the Windows installers still. Do you know how to flash via adb and fastboot? If so i can extract the firmware images from the exe and shoot them your way. I was looking at the installer and all it is is a bundled adb, fastboot, installer wrapper + script, and firmware images. Now I have those image files I plan on taking a look and seeing if I can port anything to ICS. If I can (and re-do it from scratch) I will GPL it.

 

Interesting Stuff

Without access to stable full device encryption, "File/Free Space Wiping" takes on added importance!

I had some free time last evening to mess around with a few market apps and here are my findings.

File Recovery Apps:

Hexamob Recovery Lite *root*(free)
Undelete for Root Users (free)

File/Free Space Wiping Apps:

SHREDroid (free)
File Shredder (free)

Undelete For Root found a few files (images, opera mobile cache) but failed to restore a single file. Hexamob however, found a "ton" and managed to restore about 10 files of which 5 still worked (images, podcast mp3's). My guess is the other 5 and the rest of those that couldn't restore were already overwritten by the OS.

Rebooted and ran SHREDroid (free space) and then re-ran Hexamob. Most of the same ten restored but failed to open except for 1 stubborn image file (still intact).

Tested Hexamob with a few fresh "normal" deleted files and it restored them fine. Then shredded these with File Shredder and restored again with Hexamob. Image files were useless but an mp4 file still worked

I'm going to retest this again later today using all freshly deleted files and will post my results later. What bothered me through this entire process is "all" files still had the file name, file type and size intact, even after multiple shreddings

I also plan to hook up my device and use "Eraser" to go over the free space and then retest with Hexamob.

If you wish to test these yourself or have previously tested these or another app, please post your results.

 

Good test, thanks for taking the time. The Eraser test will be interesting. Try BC Wipe if you can (the trial will do 1 pass psuedo, but that is considered enough on modern hardware).

PD

 

Round 2 Complete

Firstly, on my device, i took 9 new files (3 images, 3 mp3's and 3 mp4's) and shredded them with File Shredder. I then ran Hexamob Recovery Lite and recovered all 9 files. File names, type and size were still intact but trying to open the 9 files all produces "errors". So File Shredder did it's job but just wish all the file information was removed!

I then hooked up the device to a computer and used Eraser to overwrite the free space on the storage areas (internal & external) simply using "1 pass psuedo" and once completed, ran Hexamob Recovery Lite to see the results. There was absolutely nothing left - no file names - nothing!

I sure wish SHREDroid and File Shredder did this

 

A good combo would be using ICS Encryption (at least until whispercore is back) AND shredding data. If you are going to sell your phone at some point I would also reflash it completely and shred the SDCard with your computer and something like eraser.

 

Thanks mate, good to know!

PD