Guardian Rom - Secure Android OS

Discussion in 'privacy technology' started by x942, Jun 9, 2013.

  1. x942

    x942 Guest

    Okay so the updates as promised:

    We are at the 90% point with GuardianRom. We have ported everything over to 5.0 (lollipop) on both the Nexus 5 and Nexus 6 EXCEPT hiddenOS. HiddenOS is working but buggy. We have also added in the following apps and features:

    • SOS Button - This is similar to the old intheclear app. It basically allows you to customize a few presets like who to call or text. Shutdown or wipe the phone, send your GPS location or not, etc. If wipe is enabled it wipes the phone 3 times with random data to prevent recovery.
    • Geo-Fencing - This app will be released in F-Droid and the playstore as well. It allows you to set locations as Green, yellow, or Red zones. Green - This is for your home or another trusted place. Places lockscreen time out to a longer amount, enables WiFi and bluetooth, Disables Dead-Mans switch. Yellow Zone - Enable Dead-Mans switch, lockscreen timeout to 30 seconds, WiFi off. RedZone - Phone powered off immediately OR Wiped optionally. All areas are considered Yellow until changed. You are able to customize all events too. Similar to Tasker or other automation apps you can decide what happens in each zones. RedZone can be places like Police Stations, Airports, anything outside of your city, etc. Basically RED = Known hostile zone.
    • Dead-Mans Switch - Once enabled in settings this feature turns on two options. 1) Duress password. Entering the duress password will either reboot the phone or optionally wipe it. 2) You can set a timer. If you don't enter you PIN in every 'X' number of minutes or hours the phone will automatically shutdown or again optionally wipe itself. This can also be used to trigger an SOS and alert friends or family.
    • Encrypted Calls - We have built our own servers to handle calling and no longer use OSTel. You can use your own server instead if you prefer. Uses same dialer as non-encrypted calls, WARNS user if the call is insecure though.
    • Encrypted SMS - We are building our Encrypted SMS app. This will go over standard SMS channels and NOT need data or Google's push servers at all.
    • Encrypted E-Mail - We are building an E-mail client with GPG built in.
    • File level encryption - Originally GuardianRom only encrypted data with FDE. This is great but if someone has access to the phone and can bypass the lockscreen its useless. To Fix this we now encrypt ALL incoming messages (E-Mails and SMS), Browser history, user downloads folder, and optionally contacts and call logs with an RSA-4096 bit key that is generated on first setup. The key is encrypted with your lockscreen password, when your phone is locked the private key is removed from RAM securely (3-pass wipe). All data that is encrypted with the public key and can only be read after the lock screen password is entered and the private key is decrypted.
    • LockDown Mode - LockDown mode can be activate at any time and is the default when booting into the HiddenOS. LockDown Mode disables all networking modules (WiFi,3G,BT,NFC) until YOU enable them. It also forces secure communications ONLY - Encrypted calls, SMS, and TOR or a VPN. If it isn't encrypted it doesn't leave the phone in this mode. LockDown mode also disable installing of 3rd party apps.
    • Encryption Options - We are working on adding in support for TwoFish and Serpent. Options for choosing how many PBKDF2 iterations you want to do, and if you want CBC or XTS mode. XTS is recommended. These options will only be shown if you enter advanced settings.
    Now for the bad news. As of two days ago GuardianRom has run out of funds. The donations we received from our backers and supporters have gotten us this far. We are so close to completing GuardianRom but we need help. Currently the remainder of the project is on hold until we can raise enough funds. The funds will be used to finish off the software version, get more test units in to test other devices, and to start work on the GuardianPhone. YES - GuardianPhone is ALMOST a thing. It will have a removable 3G Modem so you can be sure it isn't spying on anything. It will be tamper resistant as well.

    I know everyone here is excited about GuardianRom AND GuardianPhone. All we need is for you to help spread the word. Every Dollar donated helps the project as well. Once we receive the donations we should be able to release by June 2015.
     
  2. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    What is the target for the funding?
    Are you planning to launch a kickstarter?
     
  3. x942

    x942 Guest

    In order to be able to build our own GuardianPhone we need to hit the target of $100,000. The majority of that will go the manufacturer as part of a contract to get the prototypes made as well as the first batch of phones. The rest will pay the developers, keep the servers and lights running, and cover any other costs we have missed.

    We are NOT doing kickstarter. We are running crowd funding on our website though. We are accepting donations via CC/Debit card and Bitcoin. If you donate using bitcoin e-mail us with the BC Address you used so we can send your perk to you. If you prefer to stay completely anonymous that is okay to, but you won't get a perk as they need to be sent in the mail. You can also use our GPG keys to send it to us securely.
     
  4. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Just donated! Do you think GuardianPhone will include a TPM chip? I was going over Mike Perry's hardening android blog post and saw he talked about that.
     
  5. x942

    x942 Guest

    We are
    We are looking into it. We would like to use a TPM at the very least to have a hardware counter to prevent online brute-force attacks and enforce wiping of the phone after 10 wrong password attempts (or any user set number of invalid attempts). Thank you for the donation! I will take a look at Mike Perrys blog post :)
     
  6. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Just donated as well, I dont think that I will need the phone but wanted to support your work.

    Good luck with the project.
     
  7. x942

    x942 Guest

    Thanks for the donation! It helps alot :)
     
  8. JackReacher

    JackReacher Registered Member

    Joined:
    Mar 17, 2012
    Posts:
    67
    Location:
    South of the North Pole
    Glad to hear GuardianROM is coming along. I have a few questions.

    Why build your own texting app as opposed to integrating Textsecure which would allow secure SMS by default between all GuardianROM, TextSecure, and Cyanogenmod users (10 million plus I think)?

    What was the thinking behind switching From OSTel to your own servers?

    What are your thoughts on using Redphone? I have had a better experience using Redphone than OSTel/CSIPSIMPLE
     
  9. x942

    x942 Guest

    A few reasons:

    1. Moxie won't let us. I have asked multiple times.
    2. Text Secure relies on GCM (Google Cloud Messaging) which needs the play store to be installed
    3. Text Secure REQUIRES data for sending encrypted messages (Or at least it will soon)
    4. We would prefer to build our own solution that will be fully open-source and if you want you can use Encrypted SMS or Data for messaging, as well as setup your own internal server. Which is good for those that would prefer a setup where they control the server. I have it setup on my LAN right now. This means I have to VPN home and then connect. Using this I can talk with my family securely and ENSURE there is no trail anywhere. It is also encrypted twice in my setup VPN -> LAN -> SSL -> Server before you even count the end-to-end crypto.
    Now if Moxie is okay we would be open to making our app compatible like they did with CyanogenMod. I would like to say I have a ton of respect for him though even if we have different views on how it should all work.

    The idea is two-fold:

    1. By using our servers you don't have to trust another party. Only one party. This makes it easier for some people who don't know a whole lot about security.
    2. We are going to charge a small fee to support the project. THERE WILL BE A FREE VERSION!! The free version will just limit the number of minutes per month but the paid version will give you more and support the project.
    Now with that said, our server is just a simple SIP server, so you can still use the OSTel app OR you can use our app to connect to OSTel or ANY OTHER VOIP/SIP provider. We aren't locking you in. Just trying to make it easier for the average user and bring in some funds. OStel and the GuardianProject are amazing. They inspired me to do this so feel free to trust them as well/instead of me ( always do research before trusting anyone).

    Redphone works great. Only issue is AFAIK you can't use your own server or any server but theirs. Which means if Whispersys is forced to close down redphone stops working and is dead. By using OStel you can switch to any SIP provider and still use ZRTP if they do shutdown.
     
  10. JackReacher

    JackReacher Registered Member

    Joined:
    Mar 17, 2012
    Posts:
    67
    Location:
    South of the North Pole
    Thank you so much for the well thought out response. This clears up a lot of my concerns and questions. Strange that Moxie won't let GuardianROM build an app that is interoperable with Textsecure. Would you mind shedding some light on why he will not work with GuardianROM on this. End to End encrypted messaging is only relevant if people can actually use it so it would be nice if all the solutions played nice together.
     
  11. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    https://act.eff.org/action/jailbreaking-is-not-a-crime
    "Millions of people jailbreak the phones and tablets they own, in order to run the software they want on their own terms. Whether it's to cut out annoying bloatware, install the latest security fixes, change the home screen, or just to use it in a way the manufacturer hasn't considered, jailbreaking is an important part of how we interact with our devices. But the Copyright Office and Librarian of Congress could cast its future into jeopardy in just a few short months."
     
  12. x942

    x942 Guest

    When I first asked about it this was before the CyanogenMod integration happened and I haven't spoken with him since. I don't want to disclose private e-mail conversations, so the just of it is we have different opinions on how things should be integrated. If he was interested we could integrate it like he did with CM. Originally we wanted to just include text secure directly but that had issues. Anyways now that Text Secure is dropping encrypted SMS I think it's better we don't ship with it but try to be compatible instead. We want people who need SMS to be able to use it. Where I live for example my cell phone bill and the average bill in the country is $80/month with only 100mb of data. We get unlimited SMS and Calls though. Data however is a rip off here. This basically makes textsecure useless once they drop encrypted SMS and I know Canada isn't the only country with this issue either.

    Yeah. Such non-sense. I am going to say this: Stick with Nexus devices. Google will always allow it because they know developers need it. I also can't see this really being enforced as a lot of OEMs allow for official unlocking bootloaders. I don't think the OEMs are going to push against jailbreaking/unlocking bootloaders as the last time they tried it back fired. Almost all the OEMs that locked their bootloaders now offer an official unlocking method.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,278
    Location:
    Outer space
    Have you though about using Pond for your messaging app?
     
  14. x942

    x942 Guest

    I haven't had a chance to play with Pond yet. It does seem like a good way to go though. I like alot of aspects of pond and I hope it takes off.
     
  15. x942

    x942 Guest

    Updates:

    • We have moved our donations over to pledgie.
    • So far we have received $1000 in donations - Thank you everyone who has donated.
    • We are working hard at adding all pledgies to pledgie so it reflects everyone who has donated.
    • You may still donate via bitcoin if you wish.
    • We have been working hard to finish the final version and we are getting closer.
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,278
    Location:
    Outer space
    Nice, I hope the crowd funding increases when the final version is available.
     
  17. x942

    x942 Guest

    I hope so too! We are working hard towards our final release. We are hoping to release it ASAP here :)
     
  18. Gilion

    Gilion Registered Member

    Joined:
    May 7, 2015
    Posts:
    3
    Hey Kyle,

    I just made a donation. Hope it helps your dream a little closer. BitCoined you.

    Keep up the great work!

    G ;)
     
  19. x942

    x942 Guest

    Thanks! It helps alot. We have been getting closer. I will post some new stuff shortly, including some work we are doing on the hardware side. We have some schematics drawn up now so awesome stuff is happening :)
     
  20. Gilion

    Gilion Registered Member

    Joined:
    May 7, 2015
    Posts:
    3
    Great news, we like awesome stuff happening.... :D

    I also wanted to maybe point you in a direction on the hardware side that you may not have considered. A cheaper alternative than the Nexus 5/6 would be a OnePlus One (One+ One)

    at 350 USD, I guess it would be a cheaper starting point than a Nexus. The downside is it has only 16 Gb & 64 Gb versions and no extra memory card slot. Anyway just a thought.
     
  21. Der_PsYcHoRiSt

    Der_PsYcHoRiSt Registered Member

    Joined:
    Jun 11, 2015
    Posts:
    1
    Hello!

    I am following your Project for about one year now and I really like the idea behind and the big steps!

    My question is more or less simple: would you be so kind and think about a porting of your ROM to HTC's M8 ? It would be awesome!! It would be FREAKING awesome if you would ask GOOGLE whether you could be a development-partner of their ARA-Smartphone to be able to port your Rom to the NEXT BIG THING in the Smartphone segment...

    "Maybe" I will donate something nice... ;)

    Cheers
     
  22. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,278
    Location:
    Outer space
    How's development going?
    Btw, do you know if GuardianRom's hardened kernel and GRsecurity would have stopped the exploiting of the stagefright CVE's?

    EDIT:
    Aah, it seems @x942's account here is disabled or something..
    EDIT2:
    shadowdcatconsulting.com and guardianrom.com are down :(
     
    Last edited: Aug 10, 2015
  23. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    i wonder whats happened , hmmm......
     
  24. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Looks like shadowcatconsulting.com is pingable just now, however, no web page rendered.

    I wonder if it is under attack by some third party?

    -- Tom
     
  25. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Id say it is safe to say the project has gone.

    Slightly disappointing if this is the case, particularly for the people who donated money to him. I think at least a communication detailing what happened would be polite.

    Shame, would have been a good OS.

    Now to find an alternative solution which at this stage is very limited.

    The potential Blackberry offering is promising as is Silent Circle or the more difficult custom modifying android myself.

    Blackberry would be good but they have given governments keys to there systems before.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.