Rootless security audit/whitelisting app for Android?

Discussion in 'other security issues & news' started by Gullible Jones, Jul 28, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    No, not an anti-EXE... A combined auditing and whitelisting app.

    See, the problem is that Android comes with lots of vulnerable, preinstalled programs and services. I want to find out which ones are known to be vulnerable, and forbid them from ever running. Not just from communicating out to networks, but from executing at all, or running in the background, or loading as shared libs, or anything they normally do.

    IOW, I want a really serious hardening tool for Android phones, that does not require root. If the media backend is vulnerable, I want to be able to make that daemon never load. If the SMS program is vulnerable, I want to make it incapable of running. Etc.

    I tried Malwarebytes, BTW, and it seems to be more or less capable of this. The problem is, it also has some antivirus rubbish built in that runs the battery down in a few hours. So I'm hoping for something a little more standalone.

    Any suggestions?
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Sigh, I misremembered about MBAM. The control it offers is not very fine grained.

    I guess I'll try to go at it with NoRoot Firewall...
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Sadly that won't work, my phone is stuck with Android 4.0 and no updates whatsoever. Thank you very much though!
     
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    In an unrooted phone NoRoot firewall will do an excellent job of blocking connections once you set it all up, but it will not kill the too many google processes which is what you want. And it's very rough to even block all the google network stuff you may want killed because they bundle together too much in one of their processes.
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Thanks @act8192.

    For now I'll stick with my dumbphone, I think; I like it better anyway. ("Do one thing, and do it well.") Too bad I'll be stuck paying this stupid cellular broadband bill for another six months or so.
     
  7. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    The discount stores around here have been selling $20 prepaid Kitkat phones. I've bought two of them. The security settings are a real hodge podge but much better than earlier android versions. I was able to disable most of the built in apps and limit permissions on some others. No way to disable any of the google apps but those of the cell provider can all be disabled. The caveat is how well the security settings work and whether they can be easily bypassed. I mostly use android phones on wifi with voip apps and I have no data plan with the cellular network. The basic phone security is acceptable to me for that purpose but I spent a few hours looking at apps in Google Play and rejected almost all of them due to the permissions they required. That included all the web browsers which required camera access among other permissions I won't accept. Most of the free apps were loaded with ads and a lot of them required permission to make inapp purchases from Google Play. I looked at a lot of security and backup apps and ended up just installing one, a hosts file editor that required no permissions at all.

    Android security is a real minefield. I was able to do the work around for the stagefright vulnerability by replacing the default sms client with Google Hangouts which gives me the option not to automatically open MMS messages. I also use a dedicated google account for the android phones so nothing else gets compromised if that account is compromised.
     
Loading...