Skip to content

RENANZG/My-Mobile

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

📱🦊🔒 Android Mobile 🔒🦊📱

"No matter who you are, every day of your life, you're sitting in a database just ready to be looked at." (Edward Snowden)


Hardening References

• Guardian Project
• Guardian Project - GitHub
• Whonix - Mobile Devices Privacy and Security
• Whonix - Mobile Operating System Comparison
• Whonix - Avoid (Mobile) Phone Verification (Use only with caution)
• Android - Kernel Hardening
• Google - Android CIS Benchmark
• OWASP - Mobile Application Security
• MITRE ATT&CK - Mobile Techniques
• DoD Cyber Exchange - Security Technical Implementation Guides (STIGs)
• Mission Improbable: Hardening Android for Security And Privacy
• EncroChat - Wikipedia
• HOW TO DEFEND YOURSELF AGAINST THE POWERFUL NEW NSO SPYWARE ATTACKS DISCOVERED AROUND THE WORLD
• NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains


Custom ROMs

Other custom ROMs:

  • AICP (Android Ice Cold Project) - A feature-packed custom ROM for various Android devices.
  • AOSiP (Android Open Source illusion Project) - Custom ROM based on AOSP with rich features.
  • AOSP Extended - Based on AOSP with added features and customizations.
  • ArrowOS - A lightweight ROM focused on performance and efficiency.
  • BlissROMs - A ROM that combines stability, features, and customization.
  • crDroid - A custom ROM focused on speed, stability, and customization.
  • Derpfest - A feature-packed custom ROM with a focus on user experience.
  • Dirty Unicorns - A customizable ROM built on AOSP.
  • Droid On Time (DOT OS) - A custom Android ROM that focuses on performance and stability.
  • /e/ OS - A privacy-focused custom ROM based on Android.
  • Evolution X - A ROM based on AOSP with additional enhancements.
  • AOSP Extended - AOSP-based ROM with additional features and customization.
  • Pixel Experience - A custom ROM that provides a clean and stock Pixel experience.
  • ResurrectionRemix - Combines features from various ROMs.
  • Havoc-OS - A custom ROM with a ton of features and tweaks for enhanced user experience.
  • LineageOS - A popular and open-source custom ROM built on Android.
  • OmniROM - A community-driven custom ROM offering many features.
  • Paranoid Android - A custom ROM focusing on minimalism and efficiency.
  • Pixel Experience Plus - An extended version of Pixel Experience with additional features.
  • Resurrection Remix - A popular ROM combining features from many other ROMs.
  • SamMobile - Offers firmware for Samsung devices, useful for custom ROM installations.
  • Corvus OS - A gaming-centric custom ROM with tweaks for performance.
  • Havoc OS - A feature-rich ROM with extensive customization.
  • Project Sakura - A custom ROM that focuses on simplicity and stability.
  • RevengeOS - A simple and stable custom ROM.
  • Superior OS - Lightweight and optimized for performance.
  • Syberia OS - An AOSP-based ROM offering balance between features and stability.
  • TheUnlockr: Android ROMs - A collection of various Android custom ROMs.
  • Xiaomi Firmware Updater - Offers firmware updates for Xiaomi devices.

${\color{Red}\textbf{WARNING! BACKDOORS EVERYWHERE!}}$

Backdoors Everywhere

 Did Apple Create This Backdoor for the NSA? Leaked: The Feds Can See Your Notifications
Phone Surveillance Exposed The Spy in Your Phone | Al Jazeera World

Mobile security

Mobile (in)security: Avoid use mobile devices, consider using a Faraday Bag. The GSM network is highly traceable; even a turned-off cell phone is no longer safe.

A Faraday bag is a simple, portable enclosure that blocks electromagnetic fields, preventing electronic devices inside from sending or receiving signals. It's useful for protecting your devices from tracking, hacking, or unwanted communication. Below is a step-by-step guide to making your own Faraday bag.

Make & Test DIY Faraday bag for key FOB, RFID card, Passport - STOP Keyless car theft & more DIY Faraday Bag Do Faraday Bags Really Work? Check out these testing results!
Materials Needed
  • Aluminum foil (heavy-duty preferred)
    • Alternative: Copper or nickel mesh, which offers enhanced shielding and durability.
    • Alternative: Conductive metallic fabric or Faraday fabric for a more durable and flexible bag.
  • Plastic Ziploc bag or other durable, sealable plastic bag
    • Alternative: Mylar bag or any other airtight, non-conductive pouch for better sealing.
  • Duct tape or conductive tape (for reinforcement and sealing edges)
    • Alternative: Aluminum or copper tape for a more secure, conductive seal.
  • Scissors (for cutting foil or fabric)
  • Optional: Velcro strips or zip ties (for creating a reusable closure)

Your cell phone is a walking spy, whether in your pocket or in the bathroom...

Technology Decentralization Anonymity Resilience Accessibility Speed Challenges
GSM (Traditional Mobile Networks) Low Low Low (easily surveilled, controlled) High (widely accessible) High Susceptible to government surveillance and control, requires centralized infrastructure.
Private GSM Networks Medium Medium Medium (localized, difficult to monitor) Low (requires setup and maintenance) High Limited range, regulatory challenges, expensive setup.
Satellite Phones Medium Medium Medium (can bypass local networks but still traceable) Low (expensive, regulatory restrictions in some areas) Medium High cost, signal blockage issues, legal restrictions in certain countries.
LoRa Networks High Medium High (independent of traditional infrastructure) Low (requires specific hardware) Low Limited bandwidth, short range without mesh network, specialized hardware needed.
Mesh Networks High Medium High (difficult to censor/control) Low to Medium (dependent on community adoption) Medium Requires widespread adoption, potential for limited range without sufficient nodes.
Tor (The Onion Router) High High Medium (can bypass censorship but still dependent on the Internet) Medium (requires technical knowledge) Low Weak end point, slow speeds, requires Internet access, subject to state attempts at blocking.
Amateur Radio (Ham Radio) High Low to Medium High (operates independently of state networks) Low (requires license, specialized equipment) Low to Medium Requires technical knowledge, legal restrictions, potential for interference.

Basic Security Tips and Recommendations:

For intermediate security, it's no military-grade security.

  • Consider using a Faraday Bag.
  • Be aware of the physical security of your device; if it's seized, immediate access may be possible with Cellebrite despite all protections.
  • Keep your device's operating system and apps up to date to mitigate known vulnerabilities.
  • Use full-disk encryption to protect data at rest. Both iOS and Android offer this feature.
  • Enable a strong, alphanumeric password rather than a simple PIN or pattern.
  • Consider using a secondary device for sensitive communication that you do not use for other activities.
  • Consider using encrypted messaging apps like Session, Simplex or Signal, which offer end-to-end encryption.
  • Use a VPN (Virtual Private Network) to obscure your online activities from ISPs and other intermediaries. Your data could be collect by data brokers and selled to government.
  • Disable Wi-Fi, Bluetooth, and GPS when not in use to reduce tracking risks.
  • Regularly check app permissions to ensure no unauthorized access to your location or microphe.

Cellebrite UFED

Identifying or Defeating Some Exploits

Cellebrite's UFED (Universal Forensic Extraction Device) is a powerful tool used by governments to extract data from mobile devices bypassing security features. Understanding the vulnerabilities it exploits can help in securing your devices against such intrusions.

• LockUp: A Repository on GitHub

Additional References:


BURNER PHONES

The GSM network is highly traceable, even a turned-off cell phone is no longer safe.

  • Avoid Reusing SIM Cards or Devices:
    • Always use a new SIM card and a new device for each communication session. This prevents the possibility of linking different activities together through the same hardware or SIM.
  • Avoid Carrying Different Devices Together:
    • Never carry your burner phone along with your primary phone or other devices. If you do, the devices can be correlated through proximity tracking or geolocation data.
  • Avoid Creating Physical Associations Between Different Devices:
    • Use different locations when using different devices. Do not use a burner phone in places you frequently visit or where your primary phone is usually active. This prevents linking the burner to your personal identity.
  • Avoid Calling or Being Called by the Same Contacts on Different Devices:
    • Make sure that your burner phone is used to contact individuals who do not have your primary phone number. This helps avoid linking different devices through shared contacts.
  • Use Cash or Anonymous Payment Methods:
    • Purchase burner phones and SIM cards with cash or through anonymous payment methods. Avoid using credit cards or any payment method that can be traced back to you.
  • Buy Devices Far from Home:
    • Purchase your burner phone and SIM card from locations far from where you live or frequently visit. Avoid places with surveillance cameras that could capture your purchase.
  • Disable GPS and Location Services:
    • Turn off all location services, GPS, and Wi-Fi on the burner phone to reduce the risk of location tracking. If possible, disable or remove the GPS hardware entirely.
  • Avoid Storing Personal Information:
    • Do not store any personal information, contacts, or messages on the burner phone. Use it strictly for the intended temporary purpose and dispose of it afterward.
  • Use Encrypted Communication Apps:
    • When communicating through a burner phone, use encrypted messaging apps like Signal, Session, SimpleX, or Telegram. Be cautious as some apps may still leak metadata.
  • Be Aware of IMSI Catchers:
    • Avoid areas known to have heavy surveillance or where IMSI catchers (devices that mimic cell towers to intercept communications) might be deployed. These can be used to track and intercept burner phone communications.
  • Practice Good Operational Security (OpSec):
    • Develop and maintain strict OpSec habits, such as only turning on the burner phone when necessary, and never using it at home or work. Dispose of the phone after use in a secure manner, such as by dismantling and destroying it.
  • Remove or Disable Microphones and Cameras:
    • Consider physically removing or disabling the phone’s microphones and cameras to prevent audio and video surveillance. Many phones have multiple microphones, often one near the speaker and one near the bottom of the device. These components can be removed or disabled, but doing so may affect the phone's functionality.
  • Dispose of the Phone Securely:
    • After the phone has served its purpose, dispose of it in a way that ensures it cannot be traced back to you. This may involve physically destroying the device or disposing of it in a location far from where you live or work.

Additional References:


CRYPTOPHONES

Cryptophones are specialized mobile devices designed to provide secure communication through encryption. One notable example is the Encrochat case, where criminals used highly encrypted phones.

https://www.vice.com/en/tag/encrypted-phones/

Tips and Recommendations:

  • Choose cryptophones that have been vetted by reputable cybersecurity experts for potential backdoors or vulnerabilities.
  • Be cautious of the supply chain when purchasing a cryptophone; only buy from trusted vendors.
  • Regularly update the cryptophone's software to protect against newly discovered vulnerabilities.
  • Consider using separate devices for sensitive communication and daily tasks to minimize exposure.
  • Always assume that encrypted communication could eventually be decrypted, so limit the sharing of highly sensitive information.

References:


Android Root (Jailbreak)

Root Forums & Communities

XDA Forums - The largest and most popular Android development community.
RootzWiki Forums - Community forums for Android rooting and custom ROMs.
Android Central Forums - General Android discussions, including root.
Android Forums - Dedicated sections for rooting various Android devices.
Reddit: r/androidroot - A Reddit community for Android rooting topics.

Rooting Tools & Resources

Magisk - The leading tool for Android root, offering a systemless rooting method.
TWRP (Team Win Recovery Project) - A custom recovery solution that enables flashing custom ROMs and other modifications.
Android Debloater - A tool to remove bloatware from your Android device without root.
PHONEDB - A database of ROMs and updates for Android devices.

Custom ROMs

Pixel Experience - A custom ROM that provides a clean and stock Pixel experience.
Droid On Time (DOT OS) - A custom Android ROM that focuses on performance and stability.
TheUnlockr: Android ROMs - A collection of various Android custom ROMs.
SamMobile - Offers firmware for Samsung devices, useful for custom ROM installations.

Samsung Resources

XDA: Samsung Phones - Dedicated sub-forums for Samsung devices on XDA.
Odin for Samsung - Odin is a tool used to flash firmware onto Samsung devices.
Frija - A Samsung firmware download tool that simplifies the process of downloading official firmware.
SamFirm - A legacy tool used to download Samsung stock firmware.

Xiaomi (MIUI or POCO) Resources

XDA: Xiaomi/MIUI Devices - XDA sub-forum for Xiaomi and MIUI devices.
Xiaomi.eu Community - A community for Xiaomi users, known for custom MIUI ROMs.
MIUI Globe ROM - Custom MIUI ROMs with additional features and optimizations.
MIUI ROM - A platform providing MIUI ROMs, themes, and updates.

Realme Resources

XDA: Realme Devices - Dedicated sub-forum for Realme devices on XDA.
Realme Community - Official Realme forums for discussions, troubleshooting, and updates.
Realme Firmware - A website offering official Realme firmware for various devices.
GetDroidTips: Realme - Tutorials, firmware, and rooting guides for Realme devices.
Realme Bootloader Unlock Guide (XDA) - Guide to unlocking the bootloader on Realme devices.
Realme Official Bootloader Unlock Instructions - Official bootloader unlocking procedure from Realme.
Realme Software Update Page - Official Realme support page for software updates.
CyanogenMods: Realme - Custom ROMs and mods for Realme devices.

Motorola Resources

XDA: Motorola Phones - Sub-forum for Motorola devices on XDA.
Motorola Firmware Center - A repository for Motorola stock firmware.
Motorola Bootloader Unlocking Guide (XDA) - Guide for unlocking Motorola bootloaders.
Motorola Official Bootloader Unlock - Motorola’s official guide to unlocking the bootloader.

LG Resources

https://xdaforums.com/c/lg.12042/


MOBILE STORE

  • F-Droid - A trusted repository for open-source Android apps.
  • IzzyOnDroid - An additional F-Droid repository with curated apps.
  • DivestOS - A privacy-focused mobile operating system with its own F-Droid repository.
  • Aurora Store - A privacy-respecting alternative to the Google Play Store.

Note: For more on secure Android app stores, see Privacy Guides.


MOBILE SECURITY APPS

For intermediate security, it's not military-grade security, but it adds important layers of protection.

Sandboxes

  • Shelter - An app for isolating and running apps in a separate sandbox.
  • Insular - A fork of Shelter, providing a way to isolate apps from accessing sensitive data.

Emergency

  • Wasted - Send distress signals when you’re in danger.
  • Ripple - A distress signal app for activists and journalists.
  • Find My Device (FMD) - Locate your Android device in case of theft or loss.

Sanitizers

  • Extirpater - Securely wipe sensitive data from your device.
  • RandomFileMaker - Create random files to overwrite and sanitize data.
  • WipeFiles - A file-shredding tool for securely deleting files.

Track Trackers

  • Exodus - Scan apps for embedded trackers and privacy threats.
  • Rethink-App - Firewall and DNS-over-HTTPS protection to block trackers.

Passwords

  • KeePassDX - A powerful password manager supporting KeePass databases.
  • Proton Pass - A secure password manager from the makers of ProtonMail.
  • Aegis - A 2FA (two-factor authentication) manager for securing logins.
  • Yubico - Secure authentication for YubiKey users.

Cryptography

Anon Web

  • InviZible - An all-in-one tool that combines Tor, DNSCrypt, and I2P for anonymous browsing.
  • Orbot - Use Tor to browse the web anonymously on your Android device.

Keyboards

Others



Instant Messaging Communication

Communicate with friends and family as if you're in a war room.

War Room

Session
SimpleX
Signal

Secure Messaging and Instant Messaging

Chat Apps

Secure messaging and instant messaging comparison: Session, SimpleX, Signal, and Telegram

Feature Session SimpleX Signal Telegram
Protocol Type LibP2P Custom (Double Ratchet) Signal Protocol (Double Ratchet) MTProto
Primary Use Case Anonymous, decentralized messaging Privacy-focused messaging Privacy-focused messaging General messaging, media sharing
Encryption End-to-end encryption (default) End-to-end encryption (default) End-to-end encryption (default) Client-server encryption (default), End-to-end encryption (Secret Chats)
Decentralization Fully decentralized (no central servers) Decentralized communication nodes Centralized servers Centralized servers
Identity Management Anonymous (no phone number or email required) Username-based (no phone number required) Phone number-based Phone number-based
Message Persistence Client-side only (no cloud storage) Client-side only (no cloud storage) Client-side only (optional backup) Cloud storage (optional local storage)
Group Chats Supported Supported Up to 1,000 members Up to 200,000 members
File Sharing Limited to client-side capacity Limited to client-side capacity Supports files up to 100MB Supports large files (up to 2GB)
Metadata Protection Strong (no central server metadata storage) Strong (no central server metadata storage) Strong (minimizes metadata collection) Limited (metadata stored on servers)
Open Source Fully open-source Fully open-source Fully open-source Partially (client is open-source, server is proprietary)
Cross-Platform Availability iOS, Android, Windows, macOS, Linux iOS, Android, Linux, Web iOS, Android, Windows, macOS, Linux iOS, Android, Windows, macOS, Linux, Web
License GPLv3 AGPLv3 GPLv3 Custom (Telegram license)

Communication Protocols

Matrix (Protocol)
XMPP

Comparison of Secure Communication Protocols

Protocol Protocol Type Primary Use Case Architecture Scalability Message Format Security Features Offline Support Quality of Service Supported Clients Extensibility License
Matrix Decentralized Messaging Real-time Messaging Decentralized High JSON End-to-End Encryption (E2EE), Cross-device Sync Yes Medium (depends on network quality) Web, Mobile, Desktop Highly Extensible Apache License 2.0
Signal Protocol Secure Messaging Private Communication Centralized Medium Protobuf Forward Secrecy, Deniable Authentication, E2EE Yes (for queued messages) High Mobile, Desktop Limited Extensibility GPLv3
XMPP with OMEMO Instant Messaging Messaging and Presence Decentralized High XML End-to-End Encryption (OMEMO), Multi-device Support Yes Medium Web, Mobile, Desktop Moderate Extensibility GPL
MQTT with TLS Lightweight Messaging IoT Messaging Centralized High Binary TLS for data encryption No High (QoS levels 0, 1, 2) IoT Devices, Mobile, Desktop Extensible OASIS Standard
CoAP with DTLS IoT Protocol Resource-Constrained Devices Centralized Medium Binary (CBOR) DTLS for secure communication No Medium IoT Devices Moderate Extensibility IETF Standard
AMQP with TLS Message-Oriented Middleware Reliable Messaging Decentralized High Binary TLS for secure message transmission No High Web, Mobile, IoT Extensible Apache License 2.0
LwM2M with DTLS Device Management IoT Device Management Centralized Medium TLV, JSON, CBOR DTLS for secure device communication No Medium IoT Devices Moderate Extensibility OMA License
RTP with SRTP Real-Time Media Audio/Video Streaming Centralized High RTP SRTP for media encryption and authentication No Real-time Web, Mobile Low Extensibility IETF Standard
SIP with SIPS Session Initiation Protocol VoIP Communication Centralized Medium Text-based SIPS (TLS) for secure signaling No Medium Web, Mobile, Desktop Moderate Extensibility Various (RFC)
WebRTC Peer-to-Peer Communication Audio/Video Communication P2P High RTP/RTCP DTLS for data, SRTP for media encryption No Real-time Web, Mobile Low Extensibility Various (BSD, MIT)

Others

Phone Numbers

Phone Services

SMS Verifiers


Telegram

Telegram Security Wiki

Telegram Privacy Policy

Be cautious of impersonators. Always verify Telegram bios as scammers may leave their own nickname blank. Beware of fake notifications about logins, phishing links, and fake bots that may DM you first. Check official Telegram news and tips channels.

“No regular Telegram chats (1:1 or group) are end-to-end encrypted. Only secret chats are E2E encrypted.”

Recommended Settings:

  • Phone Number → Who can see my phone number: Nobody
  • Phone Number → Who can find me by my number: My Contacts
  • Last Seen and Online → Who can see my timestamp: Nobody
  • Profile Photo → Who can see my profile photo: My Contacts
  • Calls → Who can call me: My Contacts (or Nobody)
  • Calls → Peer-to-peer: My Contacts (or Nobody to avoid exposing your IP)
  • When starting a call, verify the emojis at the top-right corner with the other person to prevent MitM attacks.
  • Forwarded Messages → Who can add a link to my account: My Contacts
  • Groups and Channels → Who can add me: My Contacts
  • Disable sticker loop animations. Animated stickers are a security risk.
  • Disable auto-downloading (Wi-Fi and cellular): Privacy and Security → Data Settings
  • Set up 2FA (cloud password)
  • Disable P2P calls and secret chats if you don’t want to expose your IP address.
  • Disable link and image previews in secret chats: Privacy and Security settings
  • Disable autoplay GIFs: Learn more
  • Never activate or DM any Telegram bot. Only use public chat bots via commands.
  • When opening PDFs (e.g., CVs), use Dangerzone or Google Drive's preview mode.
  • Monitor active sessions and terminate inactive ones. Be wary of session stealers.
  • If you receive a login alert, verify it through the official Telegram notification and news channels. Scammers may impersonate these to steal your account.
  • Check out this Telegram security guide.
  • Learn more about Telegram limitations: GitHub Project | Crowdin Translation

Discord

Basic Security Tips:

  • Use a randomly generated password. Use password managers like KeePassXC or BitWarden to generate and store your passwords. Learn more.
  • Enable two-factor authentication (2FA) in User Settings. Discord supports apps like Aegis or Authy (disable multi-device for better security).
  • Configure privacy settings under Privacy and Safety. Choose whether to allow direct messages from server members. Note: some servers with Captcha or verification bots may require DMs to be open.
  • In Privacy and Safety, set who can add you as a friend. For higher security, you can restrict friend requests to only server members or no one.
  • Use a VPN. Alternatively, rent a VPS and set up your own open-source VPN server. Learn more.

Common Discord Scam Example:

  • A scammer selects a victim from a Discord channel.
  • The scammer creates a fake account impersonating the target.
  • He begins causing trouble in the channel, leading to a ban.
  • Using Discord Nitro tricks, the scammer fools moderators into banning the real target's account.
  • After the ban, the scammer creates a fake discussion image showing the moderators banning the target.
  • Pretending to be a moderator, the scammer contacts the target via DM, offering to help reverse the ban.
  • The scammer creates urgency and asks the target to prove innocence by joining a Discord call.
  • He instructs the target to open Discord Developer Tools and reveal their Discord token, giving full access to the account.
  • The scammer then takes control of the target’s account, potentially causing damage to the victim or their organization.



Other Apps

Simple Apps

  • Simple Dialer - A handy phone call manager with a phonebook, number blocking, and multi-SIM support.
  • Simple Contacts - A premium app for contact management with no ads, supporting groups and favorites.
  • Simple Calculator - A calculator for your quick calculations.
  • Simple Calendar - Be notified of important moments in your life.
  • Simple Clock - A combination of a clock, alarm, stopwatch, and timer.

File Manager

  • Amaze File Manager
  • Material Files
  • Ghost Commander

Browsers

Personalization

  • Neo-Launcher
  • Lawnchair 2 - Continuation of Lawnchair 1; Pixel features; fork of Launcher3.
  • Lawndesk - Fork of Lawnchair V2; app-drawer-free launcher.
  • Librechair - Degoogled; fork of Lawnchair V2 & Launcher3.
  • LawnChair 12 - Continuation of LawnChair V2 with support for QuickSwitch and more. Includes simple design, themed icons, and wallpaper-based theming.

Email

Navigation

Cameras

Streaming

  • NewPipe - Lightweight Google-free YouTube client.
  • LibreTube - An alternative YouTube front-end for Android.

Media Players

Office

Advertisement Blocking

  • AdAway - Ad blocker for Android using the hosts file (root permission recommended).
  • Blokada - Ad blocker for Android using the VPN API.
  • DNSfilter - Ad blocker for Android using a VPN, supports hosts files.
  • DNS66 - Blocks advertisements by intercepting DNS requests using the VPN layer.
  • NetGuard - Simple and advanced ways to block internet access (no root required).
  • RethinkDNS + Firewall - DNS over HTTPS/Tor/DNSCrypt client, firewall, and connection tracker.


Social Media

Social Media Platforms

  • Mastodon
  • Nitter - Alternative to Twitter.
  • Diaspora - Alternative to Facebook.
  • Nostr
  • Lemmy
  • Kbin
  • Saidit.net


Others

Back to Top ⬆