Android without Google: Take back control! (Part 1)
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
...(...)...
Regardless of these "restrictions", we want to achieve the following with our project:
✅ Complete control over your own data
✅ Independent and self-determined use of the device
✅ The decoupling from the Google eco-system
✅ The exit from the advertising machinery of the manufacturers
✅ Protection against advertising profiling
https://t.me/BlackBox_Archiv/156
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
...(...)...
Regardless of these "restrictions", we want to achieve the following with our project:
✅ Complete control over your own data
✅ Independent and self-determined use of the device
✅ The decoupling from the Google eco-system
✅ The exit from the advertising machinery of the manufacturers
✅ Protection against advertising profiling
Read the full guide🇬🇧
https://t.me/BlackBox_Archiv/156
German (original)https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Android: IMSI Leaking during GPS Positioning
First of all, the basics:
Assisted GPS (abbreviated as A-GPS) is a system that usually significantly improves the time it takes to fix a satellite-based positioning system (GPS) for the first time - so GPS positioning is accelerated. How does this work? With mobile phones, the approximate location is already known from the radio cell in which your device is registered. This approximate location is then sent via the Secure User Plane Location Protocol (SUPL) to a SUPL server, which uses this information to limit the search range for the satellite signals and thus enables fast GPS positioning. Communication with the SUPL server takes place via TCP/IP or SMS.
Android systems use such a SUPL server to accelerate GPS positioning. However, the problem is that your IMSI number is also transmitted to the SUPL server when you make a request - which would not actually be necessary from a technical point of view.
The problem: The combination of the IMSI number with the radio cell ID enables the operator of a SUPL server to uniquely identify a user as soon as the smartphone locates or limits the location via a SUPL request. The SUPL protocol is therefore actually relatively sensible, but we do not know what the operators of the SUPL servers do with this information.
With my test devices I have now tried to find out when such a SUPL request is sent. Result: Whenever your GPS is activated and an app wants to query the location. It doesn't matter which mode you have chosen:
High accuracy:
Use GPS, WLAN, Bluetooth or mobile networks to determine your location.
Energy-saving mode:
Use WLAN, Bluetooth or mobile networks to determine your position.
Device only:
Use GPS to locate.
This means: Even if you have selected the mode "Device only", a request will be sent via A-GPS or SUPL-Request. The question is now which SUPL server or operator receives the radio cell information together with the IMSI number?
This is quite different - even with LineageOS. You can find out if you open the following file (root assumed) on your Android:
supl.google.com: Google
supl.sonyericsson.com: Sony
supl.qxwz.com: SUPL Server in China
supl.nokia.com: Nokia
If your GPS is activated, a SUPL request is sent to the SUPL_HOST - but this does not happen every time. You can force it after a device restart in combination with an app that wants to determine the GPS location. Sometimes it was also necessary to deactivate the WLAN interface.
Now you have to ask yourself if a quick GPS position determination via SUPL is important to you or maybe your privacy. If it's your privacy, you'll need to make the following changes to gps.conf and then restart your device:
With tcpdump you can check directly on the device if SUPL requests are still being sent:
How SUPL Reveals My Identity And Location To Google When I Use GPS. If you can help to answer this question, please feel free to contact me via email or use the forum thread.
With a "toy" like the HackRF One, mobile phone traffic on this level could certainly be recorded.
📡 @NoGoolag
#android #IMSI #leaking #GPS #positioning #guide #kuketz
First of all, the basics:
Assisted GPS (abbreviated as A-GPS) is a system that usually significantly improves the time it takes to fix a satellite-based positioning system (GPS) for the first time - so GPS positioning is accelerated. How does this work? With mobile phones, the approximate location is already known from the radio cell in which your device is registered. This approximate location is then sent via the Secure User Plane Location Protocol (SUPL) to a SUPL server, which uses this information to limit the search range for the satellite signals and thus enables fast GPS positioning. Communication with the SUPL server takes place via TCP/IP or SMS.
Android systems use such a SUPL server to accelerate GPS positioning. However, the problem is that your IMSI number is also transmitted to the SUPL server when you make a request - which would not actually be necessary from a technical point of view.
The problem: The combination of the IMSI number with the radio cell ID enables the operator of a SUPL server to uniquely identify a user as soon as the smartphone locates or limits the location via a SUPL request. The SUPL protocol is therefore actually relatively sensible, but we do not know what the operators of the SUPL servers do with this information.
With my test devices I have now tried to find out when such a SUPL request is sent. Result: Whenever your GPS is activated and an app wants to query the location. It doesn't matter which mode you have chosen:
High accuracy:
Use GPS, WLAN, Bluetooth or mobile networks to determine your location.
Energy-saving mode:
Use WLAN, Bluetooth or mobile networks to determine your position.
Device only:
Use GPS to locate.
This means: Even if you have selected the mode "Device only", a request will be sent via A-GPS or SUPL-Request. The question is now which SUPL server or operator receives the radio cell information together with the IMSI number?
This is quite different - even with LineageOS. You can find out if you open the following file (root assumed) on your Android:
/etc/system/gps.confor
/vendor/etc/gps.confThere you can search for the following entries:
SUPL_HOST=supl.google.comPreviously identified as SUPL_HOST or operator:
SUPL_PORT=7275 (may vary)
supl.google.com: Google
supl.sonyericsson.com: Sony
supl.qxwz.com: SUPL Server in China
supl.nokia.com: Nokia
If your GPS is activated, a SUPL request is sent to the SUPL_HOST - but this does not happen every time. You can force it after a device restart in combination with an app that wants to determine the GPS location. Sometimes it was also necessary to deactivate the WLAN interface.
Now you have to ask yourself if a quick GPS position determination via SUPL is important to you or maybe your privacy. If it's your privacy, you'll need to make the following changes to gps.conf and then restart your device:
SUPL_HOST=localhost⚠️Note: It is not sufficient to comment out the lines. Then a fallback becomes active. Where the fallback information came from I could not find out yet.
SUPL_PORT=7275
With tcpdump you can check directly on the device if SUPL requests are still being sent:
tcpdump -i any -s0 port 7275Unfortunately, one question remains unanswered: Does the proprietary baseband possibly send a SUPL request on its own and bypasses the Android operating system? In any case, this is indicated by the following article:
How SUPL Reveals My Identity And Location To Google When I Use GPS. If you can help to answer this question, please feel free to contact me via email or use the forum thread.
With a "toy" like the HackRF One, mobile phone traffic on this level could certainly be recorded.
Source and more infohttps://www.kuketz-blog.de/android-imsi-leaking-bei-gps-positionsbestimmung/
📡 @NoGoolag
#android #IMSI #leaking #GPS #positioning #guide #kuketz
🇬🇧 Pi-hole, Unbound & Hyperlocal: No Advertising - Maximum Independence
1. introduction
The Internet is decentralized - at least that's what I want. Many small networked units and you can get something anywhere, depending on what you need. But we are increasingly struggling with ever larger, central entities with dominating and monopolistic positions. They accumulate more and more data, which can be very dangerous to say the least. On the Kuketz blog and in the Kuketz forum there is already a lot of information on how to protect yourself against this. One possibility is to use a trustworthy name server or DNS server. This is a first step, but it still remains a sore point.
All places that we contact on the Internet (websites, e-mail, online games, etc.) only get to see a small summary of us. The name server, however, receives every contact request we send to the Internet (apart from Tor) - from a trustworthy operator or not. In the following, we want to get rid of this central place and make ourselves a bit freer and the Internet a bit more decentralized.
🇩🇪 Pi-hole, Unbound & Hyperlocal: Keine Werbung – Größtmögliche Unabhängigkeit
1. Einführung
Das Internet ist dezentral – zumindest wünsche ich mir das. Viele kleine vernetzte Einheiten und man kann sich überall etwas holen, je nachdem, was man gerade braucht. Doch wir haben zunehmend mit immer größer werdenden, zentralen Entitäten mit Vormacht- und Monopolstellung zu kämpfen. Diese kumulieren immer mehr Daten, was gelinde gesagt sehr gefährlich werden kann. Auf dem Kuketz-Blog und im Kuketz-Forum gibt es schon viele Informationen dazu, wie man sich dagegen schützen kann. Eine Möglichkeit ist, einen vertrauenswürdigen Nameserver oder DNS-Server zu verwenden. Das ist ein erster Schritt, jedoch bleibt es weiterhin ein wunder Punkt.
Alle Stellen, die wir im Internet kontaktieren (Webseiten, E-Mail, Online-Spiele etc.), bekommen immer nur einen kleineren Abriss von uns zu sehen. Der Nameserver jedoch bekommt jegliche Kontaktanfrage mit, die wir ins Internet absetzen (mal von Tor abgesehen) – vertrauenswürdiger Betreiber hin oder her. Wir wollen uns im Folgenden nun auch dieser zentralen Stelle entledigen und uns ein Stück freier und das Internet ein Stück dezentraler machen.
The complete manual (German) can be found here: https://www.kuketz-blog.de/pi-hole-unbound-hyperlocal-keine-werbung-groesstmoegliche-unabhaengigkeit/
#manual #guide #pihole #unbound #hyperlocal #kuketz
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
1. introduction
The Internet is decentralized - at least that's what I want. Many small networked units and you can get something anywhere, depending on what you need. But we are increasingly struggling with ever larger, central entities with dominating and monopolistic positions. They accumulate more and more data, which can be very dangerous to say the least. On the Kuketz blog and in the Kuketz forum there is already a lot of information on how to protect yourself against this. One possibility is to use a trustworthy name server or DNS server. This is a first step, but it still remains a sore point.
All places that we contact on the Internet (websites, e-mail, online games, etc.) only get to see a small summary of us. The name server, however, receives every contact request we send to the Internet (apart from Tor) - from a trustworthy operator or not. In the following, we want to get rid of this central place and make ourselves a bit freer and the Internet a bit more decentralized.
🇩🇪 Pi-hole, Unbound & Hyperlocal: Keine Werbung – Größtmögliche Unabhängigkeit
1. Einführung
Das Internet ist dezentral – zumindest wünsche ich mir das. Viele kleine vernetzte Einheiten und man kann sich überall etwas holen, je nachdem, was man gerade braucht. Doch wir haben zunehmend mit immer größer werdenden, zentralen Entitäten mit Vormacht- und Monopolstellung zu kämpfen. Diese kumulieren immer mehr Daten, was gelinde gesagt sehr gefährlich werden kann. Auf dem Kuketz-Blog und im Kuketz-Forum gibt es schon viele Informationen dazu, wie man sich dagegen schützen kann. Eine Möglichkeit ist, einen vertrauenswürdigen Nameserver oder DNS-Server zu verwenden. Das ist ein erster Schritt, jedoch bleibt es weiterhin ein wunder Punkt.
Alle Stellen, die wir im Internet kontaktieren (Webseiten, E-Mail, Online-Spiele etc.), bekommen immer nur einen kleineren Abriss von uns zu sehen. Der Nameserver jedoch bekommt jegliche Kontaktanfrage mit, die wir ins Internet absetzen (mal von Tor abgesehen) – vertrauenswürdiger Betreiber hin oder her. Wir wollen uns im Folgenden nun auch dieser zentralen Stelle entledigen und uns ein Stück freier und das Internet ein Stück dezentraler machen.
The complete manual (German) can be found here: https://www.kuketz-blog.de/pi-hole-unbound-hyperlocal-keine-werbung-groesstmoegliche-unabhaengigkeit/
#manual #guide #pihole #unbound #hyperlocal #kuketz
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
www.kuketz-blog.de
Pi-hole, Unbound & Hyperlocal: Keine Werbung – Größtmögliche Unabhängigkeit
Mit dem Pi-hole, Unbound & Hyperlocal zur größtmöglichen, werbefreien Unabhängigkeit in der DNS-Welt.
LineageOS - Take back control! Part2
1. release from the embrace
With the article series "Take back control!" you as a user should regain control over your Android device or your data step by step. A first step towards independence is the change of the manufacturer's own Android system. This will not only get rid of the manufacturer's bloatware, like pre-installed apps and services, but will also free us from Google's close embrace.
We manage this liberation with the free Android operating system LineageOS - a modification of Google's Android and the direct successor of the successful CyanogenMod. With such a custom ROM or alternative system we disconnect ourselves from the manufacturer's own Android systems. The use of LineageOS should bring us one step closer to our goal of regaining data dominance on the Android.
Read the full article (part1) in english:
https://t.me/BlackBox_Archiv/156
Read the full article (part2) in english:
https://t.me/BlackBox_Archiv/273
Source and more infos / read in german:
https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
https://www.kuketz-blog.de/lineageos-take-back-control-teil2/
#android #NoGoogle #LineageOS #guide #part1 #part2 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. release from the embrace
With the article series "Take back control!" you as a user should regain control over your Android device or your data step by step. A first step towards independence is the change of the manufacturer's own Android system. This will not only get rid of the manufacturer's bloatware, like pre-installed apps and services, but will also free us from Google's close embrace.
We manage this liberation with the free Android operating system LineageOS - a modification of Google's Android and the direct successor of the successful CyanogenMod. With such a custom ROM or alternative system we disconnect ourselves from the manufacturer's own Android systems. The use of LineageOS should bring us one step closer to our goal of regaining data dominance on the Android.
Read the full article (part1) in english:
https://t.me/BlackBox_Archiv/156
Read the full article (part2) in english:
https://t.me/BlackBox_Archiv/273
Source and more infos / read in german:
https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
https://www.kuketz-blog.de/lineageos-take-back-control-teil2/
#android #NoGoogle #LineageOS #guide #part1 #part2 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Firefox Lockbox: Android App with Adjust-Tracker
Immediately after the start a lot of information is sent to the analysis company Adjust (headquarters San Francisco, USA) [app.adjust.com]...(...)
The privacy statement linked in the app refers to Firefox. There I don't find any information about Firefox Lockbox or which data the app shares when with which third party.
Furthermore, telemetry data is sent to Mozilla [incoming.telemetry.mozilla.org]:...(...)
By now Mozilla should actually know that tracking or the transmission of telemetry data is not well received by the more data protection-sensitive target group. In addition, the above-mentioned data is transmitted before consent is given to the data protection declaration.
https://www.kuketz-blog.de/firefox-lockbox-android-app-mit-adjust-tracker/
#android #app #firefox #LockBox #adjust #tracker #kuketz #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Immediately after the start a lot of information is sent to the analysis company Adjust (headquarters San Francisco, USA) [app.adjust.com]...(...)
The privacy statement linked in the app refers to Firefox. There I don't find any information about Firefox Lockbox or which data the app shares when with which third party.
Furthermore, telemetry data is sent to Mozilla [incoming.telemetry.mozilla.org]:...(...)
By now Mozilla should actually know that tracking or the transmission of telemetry data is not well received by the more data protection-sensitive target group. In addition, the above-mentioned data is transmitted before consent is given to the data protection declaration.
https://www.kuketz-blog.de/firefox-lockbox-android-app-mit-adjust-tracker/
#android #app #firefox #LockBox #adjust #tracker #kuketz #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
AFWall+: Digital Door Controller - Take back control! (Part 4)
1. firewall
In the last part of the article series "Take back control! we got root rights on our Android system with the help of Magisk. This step was necessary because apps like AFWall+ and AdAway require root rights. https://www.kuketz-blog.de/magisk-bei-der-macht-von-root-take-back-control-teil3/
At this point, we should remember that switching to an alternative operating system like LineageOS does not necessarily protect us from the unwanted outflow of sensitive data. Rather, further adjustments are needed so that we can use the Android smartphone "self-determined". An important component of our defense strategy is the use of a firewall to control the Android's data traffic. Originally, firewalls were primarily intended to protect us from "dangers" from outside. However, this primary purpose of firewalls has changed more and more. Firewalls on client systems now increasingly serve to monitor and control outgoing data connections.
Various firewall solutions exist for Android - but only two are worth mentioning: NetGuard and AFWall+. In this article I present the installation and configuration of AFWall+.
2nd AFWall+
AFWall+ is a front-end for the firewall iptables known from the GNU/Linux world. It enables control over which app or system service should have access to the data network via 2G/3G/LTE/5G, roaming, WiFi or VPN. In my opinion it is an essential part of any rooted Android device to control the unwanted outflow of information.
AFWall+ is relatively easy to use in its basic functionality, as long as you have understood the concept of a firewall. It becomes complicated only with special use cases, which are represented by CustomScripts. If you are looking for a user-friendly alternative to AFWall+ or if you cannot / do not want to root your device, you should take a look at NetGuard.
https://www.kuketz-blog.de/afwall-digitaler-tuervorsteher-take-back-control-teil4/
Read the full guides in english:
(Part1: https://t.me/BlackBox_Archiv/156)
(Part2: https://t.me/BlackBox_Archiv/273)
(Part3: https://t.me/BlackBox_Archiv/322)
#android #NoGoogle #guide #part1 #part2 #part4 #AFWall #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. firewall
In the last part of the article series "Take back control! we got root rights on our Android system with the help of Magisk. This step was necessary because apps like AFWall+ and AdAway require root rights. https://www.kuketz-blog.de/magisk-bei-der-macht-von-root-take-back-control-teil3/
At this point, we should remember that switching to an alternative operating system like LineageOS does not necessarily protect us from the unwanted outflow of sensitive data. Rather, further adjustments are needed so that we can use the Android smartphone "self-determined". An important component of our defense strategy is the use of a firewall to control the Android's data traffic. Originally, firewalls were primarily intended to protect us from "dangers" from outside. However, this primary purpose of firewalls has changed more and more. Firewalls on client systems now increasingly serve to monitor and control outgoing data connections.
Various firewall solutions exist for Android - but only two are worth mentioning: NetGuard and AFWall+. In this article I present the installation and configuration of AFWall+.
2nd AFWall+
AFWall+ is a front-end for the firewall iptables known from the GNU/Linux world. It enables control over which app or system service should have access to the data network via 2G/3G/LTE/5G, roaming, WiFi or VPN. In my opinion it is an essential part of any rooted Android device to control the unwanted outflow of information.
AFWall+ is relatively easy to use in its basic functionality, as long as you have understood the concept of a firewall. It becomes complicated only with special use cases, which are represented by CustomScripts. If you are looking for a user-friendly alternative to AFWall+ or if you cannot / do not want to root your device, you should take a look at NetGuard.
Source and more infos / read in german
https://www.kuketz-blog.de/afwall-digitaler-tuervorsteher-take-back-control-teil4/
Read the full guides in english:
(Part1: https://t.me/BlackBox_Archiv/156)
(Part2: https://t.me/BlackBox_Archiv/273)
(Part3: https://t.me/BlackBox_Archiv/322)
#android #NoGoogle #guide #part1 #part2 #part4 #AFWall #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Android (Pie): Configure DNS over TLS (DoT)
From version 9.x (Pie) Android supports the DNS over TLS (DoT) protocol. This means: All DNS requests and answers are transmitted via a TLS secured connection, which is established between your Android and a DNS server. In contrast to unsecured DNS queries via UDP port 53, DoT protects against spying out DNS queries and man-in-the-middle attacks. DoT therefore improves both privacy and security.
Activation of DoT under Android 9:
✅ Open the system settings and navigate to "Network & Internet" -> "Advanced" -> "Private DNS".
✅ Choose "hostname of the private DNS provider".
✅ In the field below, enter the address of the DNS server that supports DoT.
Example:
With
IP:
AFWall+: To make DoT work in combination with AFWall+ you have to allow "(root) - Apps running as root".
Blokada: Only from version 4.x Blokada will support DoT.
NetGuard: Also NetGuard does not support DoT yet.
Note:
This is a global setting and applies to all network interfaces (WLAN, mobile, VPN, etc.). If, for example, you are on the road in your provider's mobile network, you will normally be assigned DNS servers by your provider, which will then answer the DNS queries. If you activate DoT, however, the DNS requests will be processed via the DNS server you have selected - the provider DNS servers will be overwritten.
#Android #Pie #DNS #DoT #TLS #Guide #Kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
From version 9.x (Pie) Android supports the DNS over TLS (DoT) protocol. This means: All DNS requests and answers are transmitted via a TLS secured connection, which is established between your Android and a DNS server. In contrast to unsecured DNS queries via UDP port 53, DoT protects against spying out DNS queries and man-in-the-middle attacks. DoT therefore improves both privacy and security.
Activation of DoT under Android 9:
✅ Open the system settings and navigate to "Network & Internet" -> "Advanced" -> "Private DNS".
✅ Choose "hostname of the private DNS provider".
✅ In the field below, enter the address of the DNS server that supports DoT.
Example:
dismail.com: fdns1.dismail.com
Then all DNS requests sent by your system will be transmitted via TLS-encrypted connection to the selected DNS server and answered.With
dnsleaktest.com you can check if the selected DoT server is used. Go to the page and tap Standard Test - if you have chosen the dismail.de DoT server you should see the result:IP:
80.241.218.68
Hostname: dismail.de
Interaction with AFWall+, Blokada and NetGuard:AFWall+: To make DoT work in combination with AFWall+ you have to allow "(root) - Apps running as root".
Blokada: Only from version 4.x Blokada will support DoT.
NetGuard: Also NetGuard does not support DoT yet.
Note:
This is a global setting and applies to all network interfaces (WLAN, mobile, VPN, etc.). If, for example, you are on the road in your provider's mobile network, you will normally be assigned DNS servers by your provider, which will then answer the DNS queries. If you activate DoT, however, the DNS requests will be processed via the DNS server you have selected - the provider DNS servers will be overwritten.
Source and more Info (read in German):https://www.kuketz-blog.de/android-pie-dns-over-tls-dot-einstellen/
#Android #Pie #DNS #DoT #TLS #Guide #Kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Android Captive Portal Check: 204-HTTP response from
Android sends a request for verification to the address
If you block this request to Google via AFWall+ or anywhere else on your network, a small cross will appear in the WLAN icon in the Android menu bar. Depending on the Android version, you will also see a message saying that there is no Internet available. Especially data protection-conscious users don't want to send a "ping" to Google every time they go online. There is now a solution for this for all users with root access on their devices.
English translation (full guide):
https://t.me/BlackBox_Archiv/337
Source and more info (german):
https://www.kuketz-blog.de/android-captive-portal-check-204-http-antwort-von-captiveportal-kuketz-de/
#android #captiveportal #check #HTTP #guide #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
captiveportal.kuketz.de
Each time your Android device connects to a WLAN, the system performs a Captive Portal Check. Android wants to ensure that your device has not only received an IP address from the access point, but that it can also actually reach destinations on the Internet.Android sends a request for verification to the address
connectivitycheck.gstatic.com. If the request is successful or answered with the HTTP response code 204, access to the Internet is available. With this request, the system transmits information to Google about the IP address of the connection, the time of Internet access and which browser is currently being used.If you block this request to Google via AFWall+ or anywhere else on your network, a small cross will appear in the WLAN icon in the Android menu bar. Depending on the Android version, you will also see a message saying that there is no Internet available. Especially data protection-conscious users don't want to send a "ping" to Google every time they go online. There is now a solution for this for all users with root access on their devices.
English translation (full guide):
https://t.me/BlackBox_Archiv/337
Source and more info (german):
https://www.kuketz-blog.de/android-captive-portal-check-204-http-antwort-von-captiveportal-kuketz-de/
#android #captiveportal #check #HTTP #guide #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Brave: Browser with its own advertising concept
I often hear the question why I don't recommend the Brave Browser and why I don't participate in the Brave Rewards program. First of all, the browser is based on Chrome - that's enough for me to avoid it as much as possible. Browsers based on Chrome are usually closely linked to Google services. As a user who is sensitive to data protection, I am happy to do without it.
I also find the "advertising concept" unconvincing. The integrated advertising blocker initially prevents advertising from being displayed. Brave then fades in its own advertising, which in the opinion of the developers is "less harmful" and does not make the user traceable on the Internet. For advertising, a fee is to be paid to the user as well as to the advertiser in the form of Basic Attention Tokens (BAT).
Currently, the browser can be operated completely free of advertising - i.e. even without advertising that displays Brave. In the future, this model may be adapted. Who decides then against the Ad Replacement, that must deactivate the integrated advertising blocker. Inevitably this means: In Brave, the user is either shown advertising from the respective website or advertising via the "Ad Replacement" concept. Unlike other browsers, the user cannot completely suppress advertising, for example via Adblocker plug-ins such as uBlock Origin. Whether this will be implemented in this way, however, is still speculation.
Final conclusion: Not recommended
https://www.kuketz-blog.de/brave-browser-mit-eigenem-werbekonzept/
📡 @NoGoolag
#brave #browser #advertising #kuketz
I often hear the question why I don't recommend the Brave Browser and why I don't participate in the Brave Rewards program. First of all, the browser is based on Chrome - that's enough for me to avoid it as much as possible. Browsers based on Chrome are usually closely linked to Google services. As a user who is sensitive to data protection, I am happy to do without it.
I also find the "advertising concept" unconvincing. The integrated advertising blocker initially prevents advertising from being displayed. Brave then fades in its own advertising, which in the opinion of the developers is "less harmful" and does not make the user traceable on the Internet. For advertising, a fee is to be paid to the user as well as to the advertiser in the form of Basic Attention Tokens (BAT).
Currently, the browser can be operated completely free of advertising - i.e. even without advertising that displays Brave. In the future, this model may be adapted. Who decides then against the Ad Replacement, that must deactivate the integrated advertising blocker. Inevitably this means: In Brave, the user is either shown advertising from the respective website or advertising via the "Ad Replacement" concept. Unlike other browsers, the user cannot completely suppress advertising, for example via Adblocker plug-ins such as uBlock Origin. Whether this will be implemented in this way, however, is still speculation.
Final conclusion: Not recommended
Source:
https://www.kuketz-blog.de/brave-browser-mit-eigenem-werbekonzept/
📡 @NoGoolag
#brave #browser #advertising #kuketz
Kuketz IT-Security Blog
Brave: Browser mit eigenem Werbekonzept
Ich erhalte oftmals die Frage, weshalb ich den Brave-Browser nicht empfehle und wieso ich nicht am Brave-Rewards-Programm teilnehme.
F-Droid: Free and Open Source Apps - Take back control! (Part 5)
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
Translation (english):
https://t.me/BlackBox_Archiv/357
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
Translation (english):
https://t.me/BlackBox_Archiv/357
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
AdAway: Advertising and tracking blocker - Take back control! (Part 6)
1. data collection frenzy
In the last part of the article series I introduced you to the F-Droid Store, where you can get free and open source apps that don't track you or display advertisements. A general recommendation of the article series "Take back control! is therefore:
💡Get apps only from the F-Droid Store.
However, this advice cannot always be put into practice 1:1. Many users are still dependent on apps from the Play Store or cannot find a viable alternative in the F-Droid Store. Unfortunately, apps from the Google Play Store are not exactly known for their data economy - but rather the opposite. Most apps from the Google Play Store contain third-party software components that display advertisements to the user or track his activity every step of the way. As a normal user, however, you don't have any insight into the app or can't "see" from the outside whether this poses a risk to security and privacy.
Since the apps from the Play Store are often accompanied by a "loss of control", I will introduce you to the AdAway app from the F-Droid Store in this article. With this app, the loss of control can be minimized by putting a stop to the delivery of (harmful) advertising and the outflow of personal data to dubious third-party providers.
2nd AdAway
AdAway is an open source advertising and tracking blocker for Android, which was originally developed by Dominik Schürmann - currently AdAway is developed by Bruce Bujon. Based on filter lists, connections to advertising and tracking networks are redirected to the local device IP address. This redirection prevents the reloading of advertisements or the transmission of (sensitive) data to third parties.
By the way, AdAway cannot be found in the Play Store because Google no longer allows ad blockers - they simply violate Google's business model. Or to put it another way: Google will not tolerate an app that effectively protects your privacy and security by preventing the reloading of (harmful) advertisements and the outflow of personal data.
Source (🇩🇪) and more info:
https://www.kuketz-blog.de/adaway-werbe-und-trackingblocker-take-back-control-teil6/
Read english translation on TG:
https://t.me/BlackBox_Archiv/376
📡 @NoGoolag 📡 @BlackBox
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #AdAway #kuketz
1. data collection frenzy
In the last part of the article series I introduced you to the F-Droid Store, where you can get free and open source apps that don't track you or display advertisements. A general recommendation of the article series "Take back control! is therefore:
💡Get apps only from the F-Droid Store.
However, this advice cannot always be put into practice 1:1. Many users are still dependent on apps from the Play Store or cannot find a viable alternative in the F-Droid Store. Unfortunately, apps from the Google Play Store are not exactly known for their data economy - but rather the opposite. Most apps from the Google Play Store contain third-party software components that display advertisements to the user or track his activity every step of the way. As a normal user, however, you don't have any insight into the app or can't "see" from the outside whether this poses a risk to security and privacy.
Since the apps from the Play Store are often accompanied by a "loss of control", I will introduce you to the AdAway app from the F-Droid Store in this article. With this app, the loss of control can be minimized by putting a stop to the delivery of (harmful) advertising and the outflow of personal data to dubious third-party providers.
2nd AdAway
AdAway is an open source advertising and tracking blocker for Android, which was originally developed by Dominik Schürmann - currently AdAway is developed by Bruce Bujon. Based on filter lists, connections to advertising and tracking networks are redirected to the local device IP address. This redirection prevents the reloading of advertisements or the transmission of (sensitive) data to third parties.
By the way, AdAway cannot be found in the Play Store because Google no longer allows ad blockers - they simply violate Google's business model. Or to put it another way: Google will not tolerate an app that effectively protects your privacy and security by preventing the reloading of (harmful) advertisements and the outflow of personal data.
Source (🇩🇪) and more info:
https://www.kuketz-blog.de/adaway-werbe-und-trackingblocker-take-back-control-teil6/
Read english translation on TG:
https://t.me/BlackBox_Archiv/376
📡 @NoGoolag 📡 @BlackBox
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #AdAway #kuketz
Two keys for all eventualities - Nitrokey (Part1)
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands. At the same time, the number of data breaches is rising steadily - hardly a week goes by without at least one database of stolen accounts (user name and password) appearing somewhere on the Internet. In the worst case, the provider concerned did not protect the user passwords used or only inadequately protected them with a (cryptographic) hash function that was considered insecure.
Too often secret information falls into the wrong hands and the checking system cannot recognize whether Hildegard Müller is actually Hildegard Müller or whether her account data is being misused by a third party. A remedy against account misuse is to check additional properties or information via two-factor authentication (2FA), which is also controlled by so-called security tokens.
Security tokens or USB security sticks (Security Keys), however, offer other functions in addition to the 2FA that can contribute to increasing (personal) security. Among other things, the private key for e-mail or hard disk encryption can be securely stored on the stick. Such and other application scenarios are presented in the article series "Nitrokey" using the Nitrokey as an example.
2nd Nitrokey
Nitrokey is an open-source USB stick that enables secure encryption and signing of data, among other things. Depending on the Nitrokey version, such a USB stick supports different application scenarios:
👉🏼 S/MIME email and disk encryption (X.509, PKCS#11)
👉🏼 OpenPGP/GnuPG Email Encryption
👉🏼 Login or authentication via two-factor authentication
👉🏼 One-Time-Password (English)
👉🏼 Universal Second Factor (U2F) via FIDO-Standard
👉🏼 Integrated password manager
👉🏼 Encrypted storage space on the USB stick (+Hidden Volumes)
👉🏼 Possibility to update the firmware
The Nitrokey variants also differed in the supported cryptosystems, key lengths and Co..:
👉🏼 RSA key lengths from 1024 - 4096 bits
👉🏼 ECC key length from 192 - 521 bit
👉🏼 Number of key pairs that can be stored on the stick 3 / 38
👉🏼 Elliptical curve algorithms NIST P, Brainpool, Curve25519 and SECG/Koblitz
⚠️ Advice:
Only the Nitrokey Start controls the elliptical curve Curve25519, which is one of the SaveCurves - the only curve where the choice of curve is completely transparent and therefore back doors can practically be excluded.
English translation:
https://t.me/BlackBox_Archiv/404
Source and more info (german):
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands. At the same time, the number of data breaches is rising steadily - hardly a week goes by without at least one database of stolen accounts (user name and password) appearing somewhere on the Internet. In the worst case, the provider concerned did not protect the user passwords used or only inadequately protected them with a (cryptographic) hash function that was considered insecure.
Too often secret information falls into the wrong hands and the checking system cannot recognize whether Hildegard Müller is actually Hildegard Müller or whether her account data is being misused by a third party. A remedy against account misuse is to check additional properties or information via two-factor authentication (2FA), which is also controlled by so-called security tokens.
Security tokens or USB security sticks (Security Keys), however, offer other functions in addition to the 2FA that can contribute to increasing (personal) security. Among other things, the private key for e-mail or hard disk encryption can be securely stored on the stick. Such and other application scenarios are presented in the article series "Nitrokey" using the Nitrokey as an example.
2nd Nitrokey
Nitrokey is an open-source USB stick that enables secure encryption and signing of data, among other things. Depending on the Nitrokey version, such a USB stick supports different application scenarios:
👉🏼 S/MIME email and disk encryption (X.509, PKCS#11)
👉🏼 OpenPGP/GnuPG Email Encryption
👉🏼 Login or authentication via two-factor authentication
👉🏼 One-Time-Password (English)
👉🏼 Universal Second Factor (U2F) via FIDO-Standard
👉🏼 Integrated password manager
👉🏼 Encrypted storage space on the USB stick (+Hidden Volumes)
👉🏼 Possibility to update the firmware
The Nitrokey variants also differed in the supported cryptosystems, key lengths and Co..:
👉🏼 RSA key lengths from 1024 - 4096 bits
👉🏼 ECC key length from 192 - 521 bit
👉🏼 Number of key pairs that can be stored on the stick 3 / 38
👉🏼 Elliptical curve algorithms NIST P, Brainpool, Curve25519 and SECG/Koblitz
⚠️ Advice:
Only the Nitrokey Start controls the elliptical curve Curve25519, which is one of the SaveCurves - the only curve where the choice of curve is completely transparent and therefore back doors can practically be excluded.
English translation:
https://t.me/BlackBox_Archiv/404
Source and more info (german):
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
GnuPG Key Generation and Smartcard Transfer - Nitrokey (Part 1 and 2)
1. key material
Depending on the version, a Nitrokey supports different application scenarios. In this article of the article series "Nitrokey" I describe the commissioning of a Nitrokey under GNU/Linux and the following GnuPG key generation. An (RSA) key pair is a basic requirement for the two application scenarios OpenPGP/GnuPG e-mail encryption and OpenSSH public key authentication.
The procedure described for creating a (RSA) key pair and then transferring it to the smart card of the Nitrokey should also be transferable to other security tokens such as the YubiKey.
Full English translation Nitrokey (part 1):
https://t.me/BlackBox_Archiv/404
Full English translation Nitrokey (part 2):
https://t.me/BlackBox_Archiv/415
Source and more info (German):
Part 1:
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
Source and more info (German):
Part 2:
https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1 #part2
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. key material
Depending on the version, a Nitrokey supports different application scenarios. In this article of the article series "Nitrokey" I describe the commissioning of a Nitrokey under GNU/Linux and the following GnuPG key generation. An (RSA) key pair is a basic requirement for the two application scenarios OpenPGP/GnuPG e-mail encryption and OpenSSH public key authentication.
The procedure described for creating a (RSA) key pair and then transferring it to the smart card of the Nitrokey should also be transferable to other security tokens such as the YubiKey.
Full English translation Nitrokey (part 1):
https://t.me/BlackBox_Archiv/404
Full English translation Nitrokey (part 2):
https://t.me/BlackBox_Archiv/415
Source and more info (German):
Part 1:
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
Source and more info (German):
Part 2:
https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1 #part2
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Telegram
BlackBox (Security) Archiv
Two keys for all eventualities - Nitrokey (Part1)
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands.…
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands.…
Forwarded from BlackBox (Security) Archiv
How Banks Make Online Banking Insecure Through Apps
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (🇩🇪):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (🇩🇪):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Komoot: Facebook goes also on tour
The App Review Week starts with the Android app Komoot (version 9.16.2) - a navigation app for cyclists and hikers. Let's start with the network connections that Komoot establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after starting the app, the app contacts Facebook. Among other things, the following information is transmitted [graph.facebook.com]:
👉🏼 Read the fully translated article:
https://rwtxt.lelux.fi/blackbox/pstrongkomoot-facebook-goes-also-on-tourstrong
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/komoot-facebook-geht-mit-auf-tour/
#komoot #navigation #app #review #kuketz #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
The App Review Week starts with the Android app Komoot (version 9.16.2) - a navigation app for cyclists and hikers. Let's start with the network connections that Komoot establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after starting the app, the app contacts Facebook. Among other things, the following information is transmitted [graph.facebook.com]:
Google Advertising ID: advertiser_id = c3639f11-626a-4692-9574-6a0f632e1ea3
Whether Ad-Tracking is enabled / allowed: advertisertrackingenabled = true
One identifier: anon_id = XZce953baa-18a8-42e0-82ad-2d1b3866fe63
Whether app tracking is enabled / allowed: applicationtrackingenabled = true
Further information:Package name of the app: de.komoot.android
Version number of the app: 9.16.2
Android version number: 7.1.2
Device model: Redmi Note 4
Country code: de_DE
Time zone: CEST, Europe/Berlin
Display resolution: 1080×1920
❗️ How critical the integration of Facebook building blocks (SDKs) are with regard to privacy still doesn't seem to have penetrated the app developers - simply irresponsible. The mere transmission of the Google Advertising ID is basically enough for Facebook to establish a link between Facebook users and the data transmitted. The reason: The Facebok app (if installed) also reads the Google Advertising ID. Facebook then has an identifier that they can assign to a person exactly.👉🏼 Read the fully translated article:
https://rwtxt.lelux.fi/blackbox/pstrongkomoot-facebook-goes-also-on-tourstrong
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/komoot-facebook-geht-mit-auf-tour/
#komoot #navigation #app #review #kuketz #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Shelter: Isolate Big Brother apps - Take back control! (Part 7)
1. Big Data
The collection, processing and analysis of as much information as possible is Big Data’s core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series “Take back control!” wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
💡 This article is part of a series of articles:
✅ Android without Google: Take back control! Part 1
✅ LineageOS - Take back control! Part2
✅ Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
✅ AFWall+: Digital Door Controller - Take back control! Part 4
✅ F-Droid: Free and Open Source Apps - Take back control! Part 5
✅ AdAway: Advertising and tracking blocker - Take back control! Part 6
✅ Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. Big Data
The collection, processing and analysis of as much information as possible is Big Data’s core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series “Take back control!” wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
💡 This article is part of a series of articles:
✅ Android without Google: Take back control! Part 1
✅ LineageOS - Take back control! Part2
✅ Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
✅ AFWall+: Digital Door Controller - Take back control! Part 4
✅ F-Droid: Free and Open Source Apps - Take back control! Part 5
✅ AdAway: Advertising and tracking blocker - Take back control! Part 6
✅ Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Messenger Matrix (German / English)
The following matrix provides an overview of the different (technical) features of various messengers. Click on the matrix to open a larger view - the current status is noted at the top left
👉🏼 English:
https://www.messenger-matrix.de/messenger-matrix-en.html
👉🏼 German:
https://www.messenger-matrix.de/messenger-matrix.html
#security #privacy #sustainability #messenger #kuketz
📡 @nogoolag 📡 @blackbox_archiv
The following matrix provides an overview of the different (technical) features of various messengers. Click on the matrix to open a larger view - the current status is noted at the top left
👉🏼 English:
https://www.messenger-matrix.de/messenger-matrix-en.html
👉🏼 German:
https://www.messenger-matrix.de/messenger-matrix.html
#security #privacy #sustainability #messenger #kuketz
📡 @nogoolag 📡 @blackbox_archiv