What is your Mobile security setup these days?

Hi Rasheed,

I have been using ProtonVPN on both Android and Windows 10 for about a year. I started out with the free versions and then decided to upgrade. I like this VPN a lot.

JPC

 

Thanks will check it out. This is something that Android should make clear.

To clarify, if you login to stuff like Facebook and Instagram, can a hacker sniff passwords via WIFI even if those apps use HTTPS?

Thanks for the tip. I don't really use WIFI a lot, so protection for 10 GB is enough. I do not use any VPN for my desktop and laptop since I only use them at home.

 

Assuming FB/IG uses HSTS (w/ preloaded list), no they can't unless you use old browser which has vuln or they somehow know 0-day exploit of TLS. But I think there're still small risk tho, as phishing is easier in mobile where TLS icon and url bar is less recognizable, and the owner of malicious AP can spoof DNS.

[EDIT:] I've found a real example of the attack I concerned.

 

The use of a VPN should not be limited to mobile devices. A VPN installed on desktops and laptops will hide your true IP address with all the advantages that that brings. I suggest you do a bit of digging around here on Wilders and the web to find out more.

 

To clarify, I'm talking about the Facebook and Instagram apps. From what I understood, on a free WIFI network, people might be able to intercept login data. So that's why I became interested in using a VPN.

To clarify, I don't really care about hiding my browsing activities from my ISP. So on my cable and 4G network, no VPN is needed. I'm also not willing to sacrifice speed, although hiding my true IP from websites would be a nice bonus. It makes you a bit harder to track.

 

Assuming (1) FB/IG do everything right (2) You only care FB/IG logon, meaning you either confirmed all other (background) connection are properly secured or don't include sensitive info, or just ignore them, then you'll be safe. But if I were you, I'd care both. People tend to believe such big names must do things properly, but then how IG stored user pwds in non-salted MD5 (terrible practice next to plaintext) which caused massive damage?
But to be fair, if they use https adversary needs active attack (if contrast to http) so the risk is lower even w/out HSTS.

 

Yes, it's probably best to use a VPN, I wouldn't rely on app security. To clarify, I don't use any browser on my smartphone, I only use apps for websites and services that I really need. Mobile browsing is a pain to me.

 

Eset Premium
AdGuard / Firewall enabled
LastPass
IVPN

 

Bitdefender Mobile Security & Antivirus (Beta)
Ivacy VPN

 

Avast Ultimate

 

My new (Samsung) phone has prompted me to turn on "Security - powered by McAfee". Would that be a trial or do they have a free version?

I already have Norton as it is included with my subscription + Blackfog Privacy.

No, I am not considering enabling "Security" as well, just curious.

Thanks.

 

Huawei P 30 Lite
Android 10
Software updates - Automatic
Account security - Protected by 2-Step Verification
Screen Lock - Protected by 6-digit PIN
Biometric Unlock -Fingerprint(s) and Facial recognition
Notifications - Hide sensitive information when locked
Google Play Protect - Activated
SIM card lock - Activated

Private DNS:

• With Opera it is redundant or even deleterious because some web sites become unreachable or not working, if I could choose AdGuard DNS

Real-time protection:

• Huawei Avast AV built-in

Email client:

• BlueMail for my OAuth2 accounts
• K-9 Mail
• Aruba PEC

Opera:

• Search Engine DuckDuckGo
• Data saving - on
• Cookie on - Except third parties
• Pop-up blocker - on
• Close tabs + clear History and Data on exit
• Content filtering:- Opera build-in adblocking and anti-tracking
• Opera's anti-Phishing and Malware functionality is working:

P.S.

It is interesting to note that Opera's anti-phishing reporting is managed by external suppliers.
In the 2 images from AMTSO and PhishThanks

 

that explain a lot of issues on such devices. *

or TypeApp, same vendor, same software, same bugs

is part of Adguard Premium, its worth any dime.

the problem for any antivirus is that google has set more restrictions this or last year concerning access to some phone services - vendors who wanted to be kept in store had to accept this but lost functionality. pity. due the connection to virustotal any vendor is using nearly the same database, boil the same water. my chosen solution is sophos intercept x.

* that's really bad that major phone manufacturer deliver bloated phone, in special now the chines groups. and you are not able to disable nor uninstall most of it. like any system this spread the attacking base of devices.

 

Avast AV works perfectly on my device.
Disabling system apps is also very simple, for example it is more difficult in Xiaomi devices.

In fact, among many system apps I have disabled Chrome.

P.S. You will notice that for BlueMail I have entered a specification.

 

I did, because K9 is very outdated, it's simple, but that's all. Some people changed to FairMail which is much newer and under development, but at least it needs a registration fee for some features I use for free in TypeApp (well, BlueMail = 100% TypeApp in its free features).

I don't have doubt, but anytime I enter the store for searching new apps i also read comments with issues on full featured (like Huawei) phones without any clue on developer side where other users with other hardware don't have issues. And in most cases those newer bloated phones are causing issues, not the older ones. Android 9 is not fully supported from all devs, Android X even lesser. Google Pixel series as one of the less or none bloated devices, or one with Android One.

 

https://github.com/k9mail/k-9/releases/tag/5.725


K9 has many advantages over other email clients.
For example, it allows you to configure an email account without the need to have an output server different from other accounts.

 

Thank you, I never got there, official app status in store is 5.600 and from 2018. What I still miss when reading the changes is a tiny mail/spam filter like TypeApp/BlueMail has. And it should be able to notify for updates because that builds are not in store.

 

We in Italy have a proverb.
"You can't have everything from life".

Now my wife's pizza....... is waiting for me.
Even today my region, with the Anti-Covid law, is still in the red belt.
Many jobs have been closed for 3 weeks.
And then with the curfew at 22:00 and the impossibility to leave the municipality of residence, travel becomes almost impossible.

Good evening to all of you.

 

Installed, try to create POP3 account, not possible, deleted. Sorry. The "manual" button when creating an account is not available (greyed out) and i consider this as a critical bug as it worked in 5.600.

 

See in the issues,POP3 support is deprecated, if I am not mistaken.
However, open a new issue.
But to the developer, not to this poor fisherman.

 

I read this rather negative post re Android One recently:
https://www.androidcentral.com/nokias-failure-final-nail-coffin-android-one

Hmm ... Android One is one of the first things I look for, because I can't stand bloatware on any Android phone!
I really hope the project doesn't die, or is at least replaced with something equivalent.
I just bought a 'mid range' Nokia 5.3 (5.4 out shortly) and am more than happy with it ... after jumping in the pool with with my ageing (but still fine, Android One) Xiaomi Mi A1 .
It is still Android 10 though - not 11, but with most recent security updates.

Else Google Pixel 4a may be an option now ...

 

Eset
IVPN
1 Password

Vivaldi browser for ad's & trackers

 

What do you people think about the SS7 attack, it's old;ish but still unsolved, correct ? The hacker only have to know you phone number to attack you.

 

Sophos Intercept X for Mobile (free).
AdGuard for Android (lifetime).

 

Yes, SS7 will probably never be secured. For communication you can try going with end-to-end encryption app like Signal.