By Tyler W
November 21, 2022
Making Android Private
For some time I have been a significant privacy enthusiast, which may come a small surprise to some, or not at all to most. One of my significant security and privacy bug-bears is the personal tracking devices we all have attached to us. Of course, they are not officially attached to us, but may as well be an appendage; I am of course talking about our mobile phones. Such devices are the ultimate embodiment of one of my most common sayings: the price of security is inconvenience and the price of convenience is insecurity. I have long lived by the former, and have traditionally used a de-googled operating system called GrapheneOS. If you are unsure what GrapheneOS I encourage you to investigate it. I am a fan, I have been a fan since the Pixel 3A, and am currenty using GrapheneOS on the Pixel5A. The operating system is a very private one, and the best simple description I can offer you is that it turns your mobile phone back to a phone first, and everything else we expect our phones to do a distant second, if present at all.
Of course, the issue I have found with such an operating system is getting buy in from others and my clients. Phones are integral to our lives, and not just messaging and cameras, but each person has a unique application requirement or use case for their phone, and the leap to GrapheneOS is, most of the time, a bridge too far! So what would any good cybersecurity professional do in such a case? Well, it is, basically, if you cannot beat them, join them!
It is important to understand this does not mean I have deviated form my personal privacy mantra, not at all, but rather attempting to locate a solution, a happy medium, whereby Android (specifically, as iOS i by all accounts, a little more respecting of user privacy) can be used, and used as intended but with some privacy adjustments. So, I have acquired a stock Android phone that I will use as my daily driver for the foreseeable future as I attempt to lock it down to a level that does not impact it's use, and at the same time does not force me to give up my privacy concerns. Ideally, a happy resolve can be had whereby Android devices can be used for full (or near full) functionality, but also privately and securely. If this can be achieved effectively then in instances when high risk clients require a 'clean install' of their digital life the adjustments are less abrupt, and the overall feel and use of the device is not much different to what they previously used.
I will share the steps I undertake in order to secure my device to a level that I deem appropriate through our media channels at Cyberwise, hoping that you may follow along and introduce some of the solutions, tips and tricks deployed to turn the devices that we own, into devices that we also control! I encourage you to share your concerns, questions, or tips throughout the process and to send any information you may have to our dedicated journey email address of [email protected] Together, we can solve a privacy dilemma that clearly exists with such devices, as well as increasing your overall awareness of the potential personal and data leaks that can occur with these devices. With each iteration or upgrade of these devices we unknowingly and without understood consent give up more and more of our privacy, and it is time to start clawing some of this back, so we can enjoy a safer and more private mobile phone experience.