Android protection

Discussion in 'all things UNIX' started by Kees1958, Jun 17, 2012.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Just bought an Asus transformer 300 (tablet with keyboard to use as net book) for business use (12-14 hours of battery life, so great for business travel)

    Did not root it, locked the log-on with password, locked system settings with applocker, same for google apps store applet. System settings allows installs from aps store only. It is still possible to browse to the Android Apps webpage. So there is still an open door to install programs without entering a password.

    I do not want to root this tablet/net-book, is there any option to block internet traffic to Android Apps webpage?

    Thx

    To admins: may be time to add an android section in all things unix (or maybe a seperate tablet/smart phone section, after all it is 2012)

    Kees1958
     
  2. x942

    x942 Guest

    I'll try to help as best as I can here. I am going to do two break downs for overall security in Android. One without root access and one with root access so you and others can decide which route to take. The short answer is there is no firewall or IP Tables access without Root sadly.

    =================================================
    Stock Android/No Root
    =================================================

    Applications:

    - Where's My Droid: Locate missing phone via text message & remote wipe if needed. FREE
    - Lookout Security: Anit-virus & Real Time GPS tracking if phone is lost/stolen FREE
    - Plan B - Locate phone after it's lost if there was no app installed on it. FREE

    Android Features:

    - Enable Password: Preferably use a PIN or ASCII Password with the max length (16 chars) and symbols etc.

    Code:
    SETTINGS ---> SECURITY ----> LOCK/PASSWORD 
    - Enable Encryption: This encrypts /data partition where all user data is stored + application settings + account information with AES-128 BIT encryption in CBC mode. You can optionally encrypt the SD Card if present as well. This setting is normally located in:

    Code:
    SETTINGS ---> SECURITY ----> ENCRYPT DEVICE
    - Change the timeout of the screen to the shortest time you can handle. Shorter = more secure but less convenient.

    - Disable installing from unknown sources: Prevents 'drive-bys' and 'malware' from being installed easily. Most "malware" in the playstore is easy to spot and not as dangerous as some of the stuff floating around on shady sites. You could leave this on and be perfectly fine to as you are prompted before an install can happen.

    - Disable Debug mode: Prevents an attacker from access logs (dmesg & Logcat) and tampering with the file system.

    *Some tablets such as the Samsung Galaxy Tab have a built in Firewall this should be enabled as well*

    ===============================================
    With Root
    ===============================================

    Applications:
    - DroidWall: Firewall for Android, GUI Frontend for IPTables. FREE
    - LBE Privacy Guard: Selectively revoke permissions from apps (like GPS, ability to read SMS, etc.) FREE
    - Pdroid: Similar to LBE Privacy Guard. This one is more powerful, can spoof information such as IMEI and Phone #, more reliable but requires custom ROM to be compiled to support it. FREE
    - Super User Pro/Super Su Pro: Both give the option to require a pin before allowing SU to run the application as root. PAID


    TIPS:
    - If you are running CyanogenMOD or some derivatives you can use there built in permission controls to restrict permissions but this setting is a little flaky compared to PDriod or LBE.
    - If you are going to root I HIGHLY recommend grabbing the pro version or either super user or super SU (which ever is installed on your ROM) and set a PIN to be required in order to elevate an app to root privileges. This can prevent most attacks against the rooted device.
    - With root access you can use apps to lock down the system even further (I.E Avast! allows you to disable debugging mode completely and access to settings if the device is stolen). You can also limit google's own apps if you don't trust them (either by removing them or "freezing" them with something like titanium backup).
    - The non-root information applies to root as well (like Encryption and such).

    Sadly the only way to use a firewall is by rooting. The new versions of Cyanogen Mod now have the ability to disable SU though. So you can enable it and configure IP Tables and disable it afterwards in settings so nothing can use it.
     
    Last edited by a moderator: Jun 18, 2012
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Thx am testing some anti theft options also
     
  4. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    I wonder if it's possible to edit the hosts file and redirect Android Apps Market.

    By the way, did you test installing from that website, perhaps that is not possible.
     
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Not sure of what "Android Apps" is. What I have is now called "Play Store", previous name was google Market.

    @wilbertnl
    Yes, you can install from the website.
    Yes, mvps hosts from Windows can be used so long as only line feeds remain. The AdAway (by Shurman) application can be used since it does the same thing by updating hosts from several sources. But it requires rooting to get admin rights which are then granted by Superuser (mine is free).
    However, it'll not answer the question posed in this thread, IMO.

    @Kees1958,
    Once married to google, divorce not possible. At least on my android 3.2 tablet(Toshiba Thrive)
    You might want to root it, else you'll miss the gems like in the screenie below

    superuser.png
     
    Last edited: Jun 22, 2012
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Settled for webrootsecure anywhere free, after testing some free anti theft/anti virus software. Just went for this freebie because some shields can be shut down (only checking when I install programs).

    What took me more time to find out

    1. Delete key is missing on keyboard of ASUS transformer

    The SHIFT BACKSPACE functions as delete key (soft key)


    2. Easy selection of text

    a) Position cursor
    b) Press the LEFT MOUSE KEY (of the mouse pad) and SHIFT key
    c) Position to the last letter with mouse pad (while keeping the combo of keys pressed)
    d) use Ctrl C Ctrl X, Ctrl V to copy, cut, paste text easily

    Regards Kees
     
  7. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi act8192
    May be reference to AppBrain Market

    Google Play was previously called Android Market. :D


    Take Care
    TheQuest :cool:
     
    Last edited: Jun 24, 2012
  8. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Android apps is intended as more generic, Amazon.com also offers apps as does getjar.com.
     
Loading...
Thread Status:
Not open for further replies.