Questions about security, privacy and anonymity in the network and under the android | [technoblabla] general security, privacy and anonymity issues



Rep: (591)
Questions about security, privacy and anonymity on the network and under the android



Since there are enough different topics for discussing software for Android security, private and anonymous surfing, but discussing general security, privacy and anonymity issues in them is increasingly considered offtopic, I think it makes sense to create a separate topic for this popular topic, where you can all these topics are free to speak and ask.
So you are welcome!

Safety
Since many tips and tools in the subject require superuser (root) rights, you should follow certain safety guidelines:
1. Try to do all the actions consciously, having previously studied the relevant materials and clarifying incomprehensible moments.
2. Make as many backups as possible. They can be done both with the help of custom recovery (TWRP, CWM, PhilZ Touch, Carliv, etc.), and with the help of applications that can backup all the firmware, as well as individual applications and data.
Relevant applications can be found in the section:
Software ->Backup.
Accordingly, it is worth taking care of safe storage of the created backups.
About security, all and different
Four Horsemen Infocalypse
Which apps and tools actually keep your messages safe?
Protection of confidential data and anonymity on the Internet PDF
prism-break- protection from global surveillance systems such as SORM, PRISM, XKeyscore and TemporaGithub
Guardian Project
https://privacytools.io/- encryption against global mass surveillanceGithub
SECURITY IN-A-BOX- tools and tactics for digital security
GitHub - ValdikSS / awesome-anti-censorship: curated list of open-source anti-censorship tools
danoctavian / awesome-anti-censorship: curated list of open-source anti-censorship tools
GitHub - StreisandEffect / streisand- Wiring, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, Sslh, Stunnel, and a Tor bridge. It also generates custom instructions for all of these services. You can be shared with friends, family members, and fellow activists.
sovereign / sovereign: email, calendar, contacts, file sync, IRC bouncer, VPN, and more.
https://ssd.eff.org/- Tips, Tools and How-tos for Safer Online Communications
How to protect Android: 10 tips for maximum security PDF
Mission Impossible: Hardening Android for Security and Privacy PDF
eBlocker- hardware and software platform
De-Googling my phone · Martin Pitt
nomoregoogle.com - a fresh collection of alternatives to the services of the technology giant
Project SAFE "I have nothing to hide"
Big data
Information Security
Information Security - Wikipedia
Personal Data Protection - Wikipedia
OPSEC for Linux users, developers and administrators
The basic model of threats to the security of personal data when they are processed in personal data information systems
Internet counterintelligence in action: create a personal information security management system
Information technology social hacking
The art of "teaching protection of information" ... while giving a ton of good-will and non-speaking words PDF
DLP
IPC
Massachusetts Institute of Technology. Lecture course # 6.858. "Security of computer systems." Nikolai Zeldovich, James Mykens. year 2014
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 1
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 2
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 3
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 1
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 2
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 3
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 1
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 2
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 3
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 1
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 2
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 3
MIT course "Computer Systems Security". Lecture 5: "Where Security Errors Come From", Part 1
MIT course "Computer Systems Security". Lecture 5: "Where Security Errors Come From", Part 2
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 1
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 2
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 3
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 1
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 2
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 3
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 1
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 2
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 3
MIT course "Computer Systems Security". Lecture 9: "Web application security", part 1
MIT course "Computer Systems Security". Lecture 9: "Web Application Security", part 2
MIT course "Computer Systems Security". Lecture 9: "Web Application Security", part 3
MIT course "Computer Systems Security". Lecture 10: "Symbolic execution", part 1
MIT course "Computer Systems Security". Lecture 10: "Symbolic execution", part 2
MIT course "Computer Systems Security". Lecture 10: "Symbolic Execution", part 3
MIT course "Computer Systems Security". Lecture 11: “Ur / Web programming language”, part 1
MIT course "Computer Systems Security". Lecture 11: “Ur / Web programming language”, part 2
MIT course "Computer Systems Security". Lecture 11: "Ur / Web programming language", part 3
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 1
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 2
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 3
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 1
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 2
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 3
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 1
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 2
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 3
MIT course "Computer Systems Security". Lecture 15: "Medical software", part 1
MIT course "Security of computer systems". Lecture 15: "Medical software", part 2
MIT course "Security of computer systems". Lecture 15: "Medical software", part 3
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 1
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 2
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 3
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 1
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 2
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 3
MIT course "Computer Systems Security". Lecture 18: "Private Internet Browsing", part 1
MIT course "Security of computer systems". Lecture 18: "Private Internet browsing", part 2
MIT course "Computer Systems Security". Lecture 18: "Private Internet Browsing", part 3
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 1 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 2 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 3 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 20: "Security of mobile phones", part 1
MIT course "Computer Systems Security". Lecture 20: “Mobile Phone Security”, part 2
MIT course "Computer Systems Security". Lecture 20: "Mobile Phone Security", part 3
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 1
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 2
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 3
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 1
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 2
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 3

Online services
Bitcoin
VPN
Auto removal
Website archiving
Mobile networks
Platforms
Search
post office
Checks
Abuse
APK
Cloudflare
DNS
IP
Sip
SSL / TLS
URL
Harmful
miscellanea
Certificates
Speed
Leaks
Vulnerabilities
Encryption

Synchronization
Social networks
Storage
Encryption

Regulations

Forum
"Free Web" | Free internet is discussed in the topic.
Amnesiagroup corner
Benga1983 corner
commandos98
DoberPC corner
Corner of elenakawai
Fahren-heit
Formobe corner
Corner IcanTellstories
JumpingJerry Corner
Corner Ruiz_Av
Tomin corner
Wernow corner
About potential threats (Post wernow # 51543260)
On threat groups (Post wernow # 51550069)
About open code (Post wernow # 51902449)
Selling information (Post wernow # 52003733)
About toolkit (Post wernow # 52015424)
About providers in android (Post wernow # 52061764)
On complete privacy and security (Post wernow # 53580616)
About F-Droid, messengers and priorities (Post wernow # 59144989)
About F-Droid and open source (Post wernow # 59151363)
About Fingerprint (Post wernow # 61458449)
About biometrics (Post wernow # 61564247)
About wiretapping and protection from it (Post wernow # 62796218)
On leaks and anonymous networks (Post wernow # 66632070)
About file attributes (Post wernow # 66682128)
About USSD (Post wernow # 66793981)
How to take a dump via tcpdump (Post wernow # 66824767)
About the causes of problems with modules Xposed (Post wernow # 67999793)
On the priorities of threats (Post wernow # 68333815)
About UID 1000 (The Post wernow # 68613246)
On the interaction of DuckDuckGo and Yandex (Post wernow # 68635660)
About DuckDuckGo Algorithms (Post wernow # 68655630)
On the hardware protection device (Post wernow # 69275830)
On the protection of the port microUSB (Post wernow # 69281156)
About threats and liability (Post wernow # 69293509)
About threats, fictional worlds and time (Post wernow # 69309907)
On service traffic (Post wernow # 69566867)
On the infrastructure Telegram (Post wernow # 70323319)
About China (Post wernow # 73860971)
About China (Post wernow # 73863824)
About China (Post wernow # 73880680)
About messengers (Post wernow # 73969101)
About Antivirus (Post wernow # 74161934)
About China (Post wernow # 74950096)
About malware testing and emulators (Post wernow # 75074647)
About Google Data Collection (Post wernow # 76081812)
About repairing devices (Post wernow # 76537920)
About inspections in China (Post wernow # 76539879)
About device checks (Post wernow # 77754685)
On digital capitalism (Post wernow # 78044951)
About Telegram and the Future (Post wernow # 78053170)
About the registration of instant messengers in the Russian Federation (Post wernow # 78739705)
About famous cryptographers (Post wernow # 78739705)
On anonymity (Post wernow # 78927918)
About VPN (Post wernow # 79392952)
On the set and disagreement (Post wernow # 79458293)
On the hidden record and the legislation of the Russian Federation (Post wernow # 79511161)
About microcopy and data protection (Post wernow # 79670518)
About IMEI registration in the Russian Federation (Post wernow # 79852809)
On the registration of IMEI in the Russian Federation (Post wernow # 79858616)
About changing IMEI (Post wernow # 80654422)
About bookmarks in chips (Post wernow # 80781651)
About bookmarks in chips and checking them (Post wernow # 80786808)
About bookmarks in chips (Post wernow # 80817610)
About removing EXIF ​​(Post wernow # 80944444)
Analysis of EXIF ​​(Post wernow # 80973859)
yhnyhn11


Software
Compatibility Test Suite (CTS)
GApps
microG GmsCore is a FLOSS framework- framework for replacing original Google Play services
NanoDroid- implementation of Play Services Core (open source)
NOGAPPS Project
/ d / gapps- program to remove / disable Gapps (open source)
GSM
Android IMSI-Catcher Detector- identifies fake base stations (IMSI-Catcher) in GSM / UMTS networks (open source)
®Darshak- helps to detect "silent" sms, signs of phone tapping, lack of communication encryption on Samsung Galaxy S3 (GT I9300) (open source)
EAGLE Security- protection against listening in the form of determining false base stations and blocking access of applications to the camera and microphone (closed source code)
Network cell info- shows the location of cells on the map and measures the signal strength of the serving cell and neighboring cells (closed source code)
®SnoopSnitch- makes a map of attacks on devices with a Qualcomm chip (open source)
Hips
Binderfilter
Binderfilter- IPC Binder call control system in the core (open source)
Picky - an application for managing BinderFilter filters (open source)
Commandos98 corner

Donkeyguard
Donkeyguard- Xposed-module allows you to block access of applications to personal data (open source)
Protect My Privacy
Protect My Privacy- Xposed module for managing application permissions (closed source)
Post Whitestar # 68400078
Xprivacy
Xprivacy- Xposed-module that allows you to prevent the leakage of your personal data through the application, control it or replace it to choose from (open source)
XPrivacyLua
XPrivacyLua- Xposed-module for Marshmallow +, which allows you to prevent the leakage of your personal data through applications, control it or replace it with a choice (open source)
XPrivacyLua Official Site
XPrivacyLua repo
Frequently Asked Questions
Comparison with XPrivacy
Forum

Sensors
Sensor Disabler- Xposed-module that allows you to disable and change the values ​​for all sensors available in the device (open source)
Camera
Camera block- temporarily disables and blocks all camera resources and denies access to the camera for other applications (closed source code)
Disable at the kernel level (Post Dementy000 # 79737060)
Microphone
Mic block- temporarily disables and blocks access to the microphone for other applications (closed source code)
Microphone Guard Plus- protection against listening
Ultrasound


Kernel / Shell
Busybox
®BusyBox- BusyBox installer for Android (open source)
® BusyBox- application to install BusyBox (open source)
BusyBox Install (No Root)- install BusyBox on devices without root (closed source code)
®Busybox On Rails- installs BusyBox on the device, and also updates it to the current version (open source)
Entware
Logcat
Root
® Dianxinos SU- Root access control (closed source)
®Magisk - The Universal Systemless Interface- a utility that allows you to install various system applications and mods in systemless mode and hide the root from any applications and services (open source)
® SuperSU- Advanced access control for superuser rights to applications on the device that require root (closed source code)
® Superuser- a program for managing ROOT rights (open source)
® Superuser- superuser rights management (open source)
Superuser- superuser rights management (open source)
®Superuser X (L)- root-access for applications without intermediaries (closed source code)
Concealment
Rootcloak- Xposed-module that allows you to hide the presence of root for applications (open source)
®suhide- suhide utility allows you to hide the presence of ROOT on your Android device (open source)

SELinux
SELinuxModeChanger- change SELinux mode
Terminal
Android Terminal Emulator- terminal emulator (open source)
Termux- terminal emulator with an extensive collection of Linux packages (open source)

Launcher
AppAsLauncher- allows you to select any third-party program as a launcher (closed source code)
T-UI F-Droid- launcher with terminal (open source)
Linux
Linux for tablet
BOCHS for Android- OS launch for x86
Complete Linux Installer- we install Linux on Android
Debian noroot- debian emulator
GNURoot- installation on Android Wheezy, Gentoo, Fedora or Aboriginal without root rights (open source)
GNURoot Debian- launch Debian on Android devices (open source)
® Linux Deploy- automate the process of installing, configuring and running GNU / Linux distributions on the Android platform inside the chroot container (open source)
® Linux Installer- Installing Debian / Ubuntu on Android devices
PureOS

QEMU for Android- starts any OS in the img and iso image
XServer XSDL- X server for Android, which allows displaying Linux graphic applications running on an external computer or installed in the chroot Android device
Replacing Android on the desktop distribution
Recovery
update-script
Android Script Creator- a program for creating scripts (update.zip)
Update Script Generate- program for creating updater-script (update.zip) based on boot.img and system.img for any processor in which it is possible to flash system images in img format (ext2, ext3, ext4)

SafetyNet
SafetyNet Helper Sample- a simple utility to check the status of SafetyNet (open source)
Sip
Ostel Setup (Post ANPolter # 47912222)
CSipSimple- functional SIP client (open source)
Linphone Video- Internet phone using VoIP (open source)
SMS / MMS
Image SMS- sending image via SMS (open source)
Encryption
Dark SMS- exchange of encrypted SMS messages, the ability to password protect SMS messages on the phone (closed source code)
Silence- SMS / MMS application that supports encryption (open source)
The wall- application for sending and receiving SMS messages encrypted with the AES algorithm (closed source code)

Tts
SVOX Classic Text To Speech Engine- reading text with voice for other applications
Webview
Android System WebView- Android WebView system component is based on Chrome technology and allows you to view web content in applications
Bromite
Bromite- WebView implementation without WebRTC and protected from some other digital fingerprints (open source)
SystemWebView releases
Installing SystemWebView
Forum


Automators
Easer
®Easer F-Droid- automation of actions on events (connection to WiFi, Bluetooth, on time, location) (open source)
Tasker

USB
Blocking domains and ads
® AdAway- ad blocker with white and black lists support (open source)
Adblocker reborn
Adblocker reborn- Xposed-module, blocks AdView, AdActivity, receivers, services, WebView and Hosts, while not touching the hosts file itself and does not conflict with the blockers that use it (open source)

DNS6- allows you to block hosts via DNS through a local VPN service (open source)
® MinMinGuard- Xposed-module for blocking ads inside applications (open source)
PeerBlock For Android- Xposed-module that allows you to block hosts and DNS (open source)
Silent- Xposed ad-blocking module (closed source)
UnbelovedHosts- Xposed-module, blocking calls to domain names that distribute advertising (closed source code)
Browsers
Chromium
Brave
Browser Brave: Fast AdBlock- Chromium-based web browser with built-in AdBlock, tracking protection and security system (open source)
Bromite
Bromite- Chromium based browser with ad blocker and privacy protection (open source)

Firefox
Firefox- a browser from the developers of Mozilla (open source)
Firefox focus- Mozilla browser with automatic blocking of a wide range of online trackers (open source) F-Droid
Firefox GOST- Firefox fork with Russian cryptography support
Icecatmobile
Icecatmobile- fork of Firefox browser that meets the requirements of completely free software (open source)
Librefox
Librefox- additions in privacy and security to Firefox (open source)
Waterfox
Waterfox browser- browser on the engine Gecko, which continues to support the "obsolete" according to the new Mozilla policy additionsopen source)
Waterfox - The free, open and private browser
Waterfox - Wikipedia

Add-ons
Adnauseam

anonymoX

Bluhell firewall- restriction of advertising and redirects
CanvasBlocker- prohibition of browser fingerprint identification
Certainly Something (Certificate Viewer)- view certificates
Certificate Patrol- certificate management
CheckMyHTTPS- verification of the certificate of the secure connection (open source)
Decentraleyes- protection against tracking through centralized CDN
Easy image blocker- image loading control
HTTP UserAgent cleaner- increased privacy (randomly replacing the UserAgent, canvas, locale fields, blocking WebRTC, etc.), blocking ajax and requests to third-party sites and unnecessary cookies, security assessment https (TLS) connections, phishing protection
HTTPS Everywhere- replacement in addresseshttp: //onhttps: //
Mobile Password Manager- view and edit saved passwords
NoScript- blocking scripts and plug-ins, protection against XSS and Clickjacking attacks
Onion Browser Button- connect to Tor in one click
Phony- substitution of User Agent
Random Agent Spoofer- change profiles at a specified time interval
RequestPolicy Continued- control of cross-domain requests
Save / Load Prefs- export and import of Firefox settings
Self-Destructing Cookies- automatic cleaning Cookies and LocalStorage
Speed ​​Tweaks (SpeedyFox)- setting preferences for browser acceleration
Spoof Timezone- time zone change
Third-party Request Blocker (AMO)- blocking requests to third-party resources
uMatrix- firewall with blocking of scripts, frames, etc.
User-Agent Switcher- change User-Agent
wow-dpi- bypass Russian blocking without the need to use proxy, Tor, etc.

F (L) OSS Browser
Privacy browser
Tor
Fire.onion (Browser + Tor)- anonymous web browser (open source)
Orfox
Orfox: Tor Browser for Android- a secure browser for Android based on Mozilla Firefox (open source)
Tor browser

TORnado (Browser + TOR)- anonymous web browser (closed source)

Notes
Note Crypt Pro- creation of encrypted (AES 128 bits, CBC, PKCS5Padding, random IV, PBKDF2WithHmacSHA1) tag database with support for tags (open source)
Swift notes- work with text files, encryption, setting a password, sending (closed source code)
Calls
Lock
Root Call SMS Manager- manager of blocking incoming and outgoing calls and SMS (closed source code)

Calendars
Calendar Calendar F-Droid- simple calendar with additional CalDAV synchronization, recurring events and reminders (open source)
Business calendar- functional calendar (closed source code)
Cameras
Bacon camera- camera with manual settings for devices that do not support Camera2Api (closed source code)
Open camera- multifunctional camera (open source)
Simple camera- multifunctional camera (open source)
Cards
Keyboards
The best keyboard for Android -savagemessiahzine.com
AnySoftKeyboard
AnySoftKeyboard- virtual keyboard with support for multiple languages ​​(open source)
Hacker's Keyboard
Hacker's Keyboard- A full 5-row keyboard with Tab / Esc / Ctrl keys with a separate number block (open source)
Jbak keyboard
Jbak keyboard- a beautiful and fast keyboard with a bunch of settings and features (open sourceNow closed)
Jbak2 keyboard
Jbak2 keyboard- a safe professional beautiful and fast keyboard, with a bunch of settings and features, without access to the Internet (open source)
Multiling O Keyboard
Simple keyboard
Simple keyboard- customizable keyboard with minimal resolutions (open source)

Contacts
Open contacts- creation and use of a separate contact database (open source)
SA Contacts- export phonebook contacts to Excel and vice versa (closed source code)
Save contacts to txt- allows you to save selected contacts downloaded from the phone book as a text file in TXT format, which can be sent by email (closed source code)
Simple contacts- creation and use of a separate contact database (open source)
VCF
VCF Contacts
VCF Contacts- opens .vcf files in the form of a phone book and allows you to add, delete, edit contacts, make calls (closed source code)
On the potential leak (Lent okomand # 69542431)


Messengers
Messenger Comparison - Wikipedia
Comparison of instant messengers - Wikreality
Comparison of instant messaging clients - Wikipedia
Comparison of LAN messengers - Wikipedia
Digital Communications Protocols
SECURE MESSAGING APPS COMPARISON
Tails - mobile messaging
True Private Messaging: 7 Apps to Encrypt Your Chats PDF
Crypto-resistant androids. Why encryption in Signal, WhatsApp, Telegram and Viber will not protect your correspondence from hacking PDF
Encrypt correctly! Why messengers do not protect the secret of your correspondence
Encrypt correctly! Choose an instant messenger for secure and private correspondence.
Encrypt correctly! Choose an instant messenger for secure and private correspondence.
Actor
Actor- centralized messenger (there is an email registration) based on the MTProto v2 protocol (open source)
Bitseal
Bitseal- decentralized transmission of encrypted messages to another subscriber or many subscribers (open source)
Bleep
Bleep (alpha)- decentralized messenger (there is a registration by email or anonymously) (closed source code)
Briar
Briar- messenger that works on the basis of secure Tor networks, as well as Wi-Fi and Bluetooth (open source)
Briar Beta - Open Source - News
Briar - Darknet Messenger ... Or Good News From The Dark Dungeon Mesh Networks
Chat.onion
Chat.onion- decentralized messenger based on the Tor network (anonymous registration) (open source)
Delta chat
Delta chat- centralized instant messenger with end-to-end encryption using the selected mail domain as the server (open source)
Delta chat
Delta makes chatting better
Contribute
Dib2Qm
Dib2Qm- IMAP and QuickMSG-based email messaging (open source)
Eleet
Eleet Private Messenger- private messenger (registration by phone number or anonymously) (closed source code)
Choosing a secure messenger for android devices: Eleet Private Messenger
Jitsi
Jitsi - Wikipedia- Internet telephony and instant messaging system
Jitsi (open source)
Jitsi meet (open source)
Jingle
Kontalk
Kontalk- client-server messenger (registration by phone number) based on XMPP (open source)
Nextcloud talk
Nextcloud talk- the extension of the Nextcloud platform, allowing you to make protected audio and video calls, as well as exchange text messages (open source)
Nextcloud talk
QuickMSG
QuickMSG- mail client with PGP support (open source)
RetroShare
RetroShare- a decentralized messenger based on the platform of the same name (open source)
Ring
Ring- decentralized messenger with e2e encryption (anonymous registration) (open source)
Ring (program) - Wikipedia
Riot
Riot- decentralized messenger (anonymous registration) (open source)
Safeum
Safeum- encrypted multimedia messenger (there is an email registration) (closed source code)
Signalal
Silent phone
Silent phone- paid instant messenger (anonymous registration) with encryption of audio and video calls and text messages (open source)
Signal-Server source code
Surespot
Surespot- client-server instant messenger (anonymous registration) for secure exchange of text messages, photos and voice notes for up to 10 seconds (open source)
Has secure IM app Surespot been compromised by the feds?
Telegram
Telegram F-Droid- client-server messenger (registration by phone number) based on the MTProto protocol (open source client, closed source server code)
Plus Messenger- unofficial client for Telegram (open source client)
MTProto - Wikipedia
Documentation

Proxy
Telegram Open Network (TON)

Security issues Telegram
Callback to Telegram developers
Is Telegram Safe? Or as I was looking for a bookmark in MTProto
Potential Android Telegram Vulnerability
Telegram attack for 2 ^ 64 operations, and why the supervillain doesn't need it
About the intricacies of privacy in the Telegram Bots API: "this is not a bug, this is a feature"
Why two-factor authentication in Telegram does not work
How to hack Telegram and WhatsApp: special services are not needed
Telegram entered in the register of information dissemination organizers
Telegram itself adds someone else's contacts? This is the norm
Telegram will ask for a passport
Why Telegram Passport is No End to End
Vulnerability in Telegram can compromise secret chats.
We reveal the numbers of Telegram users
Telegram messenger merges metadata to everyone
Telegram was unsafe
Iranian company intercepted all Telegram traffic
Telegram accused of storing messages in unencrypted form
Telegram will still share user data with special services.
"Media Factory" Eugene Prigogine constantly talks about the vulnerability of the telegram. Is it all scary?
Telegram Security Analysis PDF
Telegram, AKA “Stand back, we have Math PhDs!”
About the "safest" telegram
Comparison with Signal (Post neonedrid # 73388860)
About location tracking (Post Aeronliru # 68454877)
Company

Threema
Tox
Antox- decentralized messenger (anonymous registration) for confidential communication (open source)
TRIfA- tox client in active development (open source)
Tok - Encrypted Messenger- Exchange messages and files through encryption and without a centralized server with support for group chats. (open source)
Whatsapp
Wire
XMPP
Chatsecure

Conversations- XMPP client with encryption support and Android HIG design (open source)
Freelab messenger- XMPP client, fork Conversations (closed source)
IM + All-in-One Mobile Messenger- supports all popular instant messaging services: Facebook, ICQ, VKontakte, Mail.Ru Agent, Classmates. Gadu-Gadu, RenRen, mig33, SINA Weibo, Fetion and Jabber (closed source)
Jasmine im- IM client for quick and easy communication, ICQ, QIP, VK, Jabber, etc. (closed source)
Pix-Art Messenger F-Droid- fork of a well-known XMPP Conversations client with additional features (open source)
Sj im- XMPP client that supports automatic encryption of PGP (OTR) messages (closed source code)
Zom Mobile Messenger- XMPP client, focused on simplicity and security (open source)
Xabber- universal Jabber client (open source)

Location
Location Spoofer

Cleaning
Wipe for Android
Andro shredder- permanently delete files and SMS (closed source code)
File shredder- utility for permanently deleting files (closed source code)
IShredder 3- permanently delete files, photos, sms, contacts (closed source code)
® SD Maid - System Cleaning- cleaning "tails" for remote applications (closed source)
Undeleter- permanently delete files of some types (closed source code)
shell

Passwords
bitwarden
bitwarden- client-server password manager (open source)
Keepass
Keepass2Android
Keepass2Android- password manager (open source)
AutoFill plugin- plugin for auto-complete (open source)

KeePassDroid- password manager (open source)
Password store
Password store- password manager compatible withpass (open source)
SealNote Secure Encrypted Note
SealNote Secure Encrypted Note- notes, registration data under encryption 256-bit AES (open source)
SuperGenPass

Payment systems
post office
Fairmail
K-9
K-9 Mail- mail client (open source)
p≡p
pretty easy privacy p≡p F-Droid- mail client with OpenPGP, key exchange via p2p, key import from other clients (open source)
Protonmail
ProtonMail - Encrypted Email- Email web service with encryption support (open source web version)
ProtonMail IMAP / SMTP Bridge- ProtonMail integration with any programs that support IMAP and SMTP
TempMail
TempMail- creation of temporary mailboxes on the site temp-mail.ru (closed source code)
Tutanota
Tutanota- Email web service with encryption support (open source)

Backup
Helium- backup and synchronization, the ability to work without root using the desktop client
®oandbackup- create backup copies of applications with data (open source)
® Titanium Backup- backup applications and user data
Nandroid
Nandroid Browser- extract and use separate files from nandroid backup
® Nandroid Manager- allows you to view, explore and edit your Nandroid backups
Online Nandroid Backup * root- makes CWM / TWRP compatible backup without loading into recovery
® Orange Backup- a program to create compatible with CWM and TWRP backups and synchronization with the cloud
Repositories
App & Gamesavagemessiahzine.com- view and check for updates of applications and games laid out onsavagemessiahzine.com
APKPure App- alternative application market
Aptoide- client-server application of an alternative market
APKUpdater- can check for updates for programs on popular alternative services APKMirror and APKPure (open source)
Aurora Store
Aurora Store- search and download programs from the Google Play Store without the Google Services Framework, fork of the Yalp Store (open source)

Blackmart- alternative to applanet and the like
F-Droid
F-Droid- repository of open source software (open source)
Second Security Audit Results

Open store- the application allows developers to create their own repositories with applications for Android
Yalp Store
Yalp Store- search and download programs from the Google Play Store without the Google Services Framework (open source)

Network
Ad-hoc / Mesh
Android Intercom- calls via bluetooth and Wi-Fi in the local network
Anyfi
Anyfi- mesh network of devices via Wi-Fi
Gilga
Serval mesh

Wi-Fi talkie- voice chat, chat and file sharing without the Internet within the Wi-Fi network
MAC
macchanger

® Change My MAC- change the MAC address of your Android device (closed source)
® Pry-Fi- change the MAC address of your device (closed source code)
®Wireless Mac Address Changer- changes the MAC address of the device to any other and restores the original back (closed source code)
DNS
AndroDNS F-Droid- configure DNS queries (open source)
Daedalus- change DNS settings via VPN tunnel (open source)
DNS man- change DNS for selected Wi-Fi networks (open source)
®Override DNS- DNS change with built-in list of servers (closed source code)
Cloudflare
DNSCrypt
Tunneling
iodine- binary files for tunneling through a DNS server (open source)
AndIodine- tunneling through a DNS server using VPN Api (open source)
Element53 (DNS Tunnel)- tunneling through a DNS server (open source)

i2p
i2p- access to the anonymous I2P network
OONI
ooniprobe- a global observation network client for detecting censorship and traffic manipulation on the Internet (open source)
Proxy
Privoxy
ProxyDroid
® ProxyDroid- HTTP / SOCKS4 / SOCKS5 proxy with automatic inclusion by SSID (open source)
Shadowsocks
Shadowsocks- fast SOCKS5 proxy with traffic encryption (open source)

Ssh
Tor
Orbot
Orbot- the ability to use the Tor network for anonymous surfing (open source)
How to set up Tor in Android - turn on Orbot
orWall
orWall- firewall for use in conjunction with Orbot, may conflict with other firewalls (open source)

VNC
VMLite VNC Server- control of the Android device through the browser
VPN
The Best VPN Services
Bitmask
Bitmask- VPN and encrypted (OpenPGP) email support (open source)
Openvpn
Open VPN Connect
Open VPN Connect- OpenVPN client (closed source)
OpenVPN Connect Android FAQ
OpenVPN Client
OpenVPN Client- a client with rich capabilities (for example, with a painless TAP connection option without root) for connecting to OpenVPN (closed source code)
VPN Client Pro- a client with rich capabilities (for example, with a painless TAP connection option without root) for connecting to a VPN (closed source code)
OpenVPN for Android

Outline
Wireguard
Wireguard- client for connections to the WireGuard tunnels (open source)

WebRTC
AtrizA Conference- WebRTC based conferences
UniComm- private p2p communications based on WebRTC (open source)
Zyptonite
Zyptonite- secure decentralized p2p platform

Wi-Fi
®fqrouter2- turning the smartphone into a wi-fi repeater and not only
® WiFi TX power- WiFi power control
Wi-Fi Direct
NearShare- communication and file transfer via WiFi Direct
SuperBeam | WiFi Direct Share- wireless data transfer directly between devices (including using WiFi Direct technology)
Wi-Fi cast- transfer files via Wi-Fi using the access point built into the phone (without an external Wi-Fi router)
WiFi Shoot! WiFi Direct- wireless data transfer directly between devices (WiFi Direct technology)
Protection
®ARP guard- traffic interception / redirection protection
® Wifi Protector- detection and prevention of ARP attacks on your phone in Wi-Fi networks
Wi-Fi Privacy Police- prevents connection to unknown networks and sending a list of known networks (open source)

Monitoring
Connection list- View all available TCP device connections
Network connections- monitoring of incoming / outgoing connections
®Network Log- monitoring network connections
Tinny network monitor- monitor network connection
Pentesting
Pentesting

®AndroDumpper (WPS Connect)- check Wi-Fi router vulnerabilities
® bitShark- traffic sniffer
®CSploit- penetration testing (hacking) in a Wi-Fi network
® DroidSheep- scanning and interception of web sessions (profiles)
® DroidSniff- allows you to scan and intercept web sessions of users sitting under one wifi
® dSploit- an application for analyzing and assessing network security, searching for known vulnerabilities, real-time traffic manipulation, spoofing
® FaceNiff- scanning and interception of Internet sessions
® Intercepter-NG (ROOT)- multifunctional network sniffer
iwscan Analyzer [ROOT]- analyzer of networks 802.11 a / b / g / n / ac, Bluetooth, LTE, WCDMA, GSM
®Netcut- allows you to automatically scan the network, receive data about connected devices and, if necessary, disable them
@Network Spoofer- sniffer
®Network utilites (Test version)- a set of tools to work with the network, as well as intercept / monitor / redirect traffic within your network
Packet capture- allows you to intercept network traffic with SSL decryption
®Packet Sniffer- viewing and analyzing packages
Proxymon SSL [ROOT]- debugger of open and secure TCP connections at the data level
В® Reaver-GUI for Android- hacking wifi from devices with bcm4329 / 4330 wifi chipset
Router keygen- key generator for wi-fi routers
® Shark for Root + Shark Reader- traffic sniffer and view dumps in .pcap format
SSLUnpinning- Xposed-module that allows you to make the substitution of certificates in applications (open source)
® Wi.cap. Network sniffer- package sniffer for ROOT devices
WIBR + WIfi BRuteforce hack- generation of WEP / WPA / WPA2 keys to all Wi-Fi point
®WIFI WPS WPA TESTER (ROOT)- attempt to connect to some access points using known vulnerabilities
®WifiAccess WPS WPA WPA2- check Wi-Fi router vulnerabilities
® WiFiKill- disable "extra" users of the WiFi network
®WiFree WPS- Wi-Fi hacking (WPS PIN + Router Keygen)
®WPS connect- connect to a wireless network using the WPS protocol
®zANTI- security assessment of Wi-Fi networks
Social networks
Diaspora
dandelion *- communication in the social network Diaspora (open source)
Mastodon

Firewalls
AFWall
® AFWall +- restriction of application access to the Internet (open source, fork DroidWall)
FAQ · ukanth / afwall Wiki

® Android Firewall- firewall on Android (open source, fork DroidWall)
® DroidWall- restriction of application access to the Internet based on iptables (open source)
Lightningwall- Xposed module, firewall for installed applications (closed source)
Netguard- blocks access to applications (both user and system) access to the Internet (via wi-fi or mobile) without root (open source)
NoRoot Firewall
NoRoot Firewall- firewall that does not require root-rights (closed source code)
Firewall for Android


Signaling
Car alarm
Car alarm- determination of the alarm condition in the protected object using a microphone and / or accelerometer and signaling about it in various ways
Haven
Haven: Keep Watch- an application using various sensors (camera, microphone, gyroscope, accelerometer, light sensor) to record changes in the location of the device (open source)
Snowden introduced a mobile application for protection from surveillance
Edward Snowden has created a paranoid mobile app.

Data synchronization
BitTorrent Sync
BitTorrent® Sync- allows you to synchronize your files between different devices (closed source)
DAVdroid
DAVdroid- CalDAV / CardDAV synchronization (open source)
Folderseync
Folderseync- cloud synchronization with support for various services and protocols (closed source)
Syncthing
Syncthing- application for distributed data synchronization (open source)
Syncthing-silk- distributed synchronization of files between devices (open source)
Cloud data storage
Degoo
100 GB free space: Degoo- cloud file storage service (closed source code)
MEGA
MEGA- client for cloud Mega (closed source)
Nextcloud
- sync files with the Nextcloud server (open source)
ownCloud
ownCloud- synchronization of files with the ownCloud server (open source)


System
Notifications
Toast
Xtoast- Xposed module for managing pop-up notifications (closed source)

Runtime
ART Checker- check runtime (closed source)
Monitoring
OS Monitor- system monitoring (open source)
Simple system monitor- system monitor and task manager (closed source code)
Substitution
Android Device Changer- Xposed-module, which allows applications to change IMEI, Android Id, Serial Number, Wifi Mac, SSID, Google advertising id, Bluetooth Mac devices for applications (closed source code)
Device faker- Xposed-module that allows you to change the device to make it look like another (closed source code)
Device ID Masker- Xposed-module that allows you to replace many of the characteristics of the device (closed source code)
Phone Id Changer Pro- Xposed module that allows applications to change IMEI, Android Id, Serial Number, Wifi Mac Address, SSID (closed source code)
IMEI
®Chamelephon- IMEI change for devices on MediaTek 65XX processors (closed source)
®GhostPhone- IMEI change on MediaTek 65xx / 67xx processors (closed source code)
IMEI Changer- Xposed-module that allows you to change the IMEI device (closed source code)


Steganography
Pixelknot- allows you to hide text messages in images (open source)
Application Management
LuckyPatcher
® LuckyPatcher by ChelpuS- application manager
My Android Tools
My Android Tools- disable / enable activity, service, receiver, provider for any applications (closed source code)
Lists of disabled services / receivers / activites / providers for different applications
Per App Hacking
Per App Hacking- Xposed-module to control the behavior of applications (open source)

APK
APK Editor
ApkCrack (AETool)
ApkCrack (AETool)- tool for editing apk-files
Apktool
Apktool- decompilation, recompilation, application signature
MT Manager
® MT Manager- editing, translating, cloning, encrypting, signing and optimizing user and system (without installing frameworks) apk-files

Windows
APK-Info- view APK information (open source)

Analysis
Apk analyzer- allows you to explore applications on the device, providing a detailed report not only about installed programs, but also about uninstalled apk files
App Detective- gives the most complete array of various data on the installed APK, including their contents and online analysis
AppBrain Ad Detector- identification of potential problems of all applications installed on the device
Exodus
Inspeckage
Inspeckage- Xposed-module for dynamic analysis of installed applications (open source)

Mobile Security Framework- a platform for testing mobile applications (Android / iOS / Windows), fully automated and capable of performing static and dynamic data analysis, identifying potential problems of all applications installed on the device (open source)
Frost
®AirFrozen ~ Disabler (ROOT)- freeze (stop) applications (open source)
Cloning
App cloner- creation (without the presence of root) modified clones of some programs (closed source code)
Sandboxes
Island
Island- execution of applications in the sandbox (closed source)
Android: Island - a utility for isolating and freezing applications without root
Shelter
Shelter- running applications in the sandbox (open source)
UserControl
UserControl- execution of applications in the sandbox (closed source)
VirtualXposed
VirtualXposed- execution of applications in the sandbox with partial support for Xposed (open source)

Permissions
Android Permissions- shows the list of permissions of installed applications (open source)
App Settings
App Settings- Xposed-module for fine-tuning applications, including permission management (open source)
v1.16

App Ops
App Ops- disables selective permissions for selected applications (closed source code)
Analysis of the work (Post xynta123 # 64938074)

AppOpsX- client for Android AppOpsService (open source)
App Ops - Permission manager- application permissions management (closed source)
AppOpsXposed- Xposed-module, restoring the functionality of the App Ops system permission manager on Android 4.4.2 and higher (open source)
Permission master- Xposed module for working with application permissions (closed source)
APK
Advanced permission manager- removal of permissions from apk (closed source)
APK Permission Remover- removal of permissions from apk (closed source)
Permission Manager (re-installer apps)- provision and prohibition of application rights by reinstalling them (closed source code)

Hiding
AppHider- hiding applications (closed source)

Vulnerabilities
BlueBorne Vulnerability Scanner by Armis- check device for BlueBorne vulnerability
Bluebox Security Scanner- check device for the presence of Master-key vulnerabilities
Stagefright Detector- device scan for Stagefright vulnerability
Trustable by Bluebox- a tool for researching publicly known system vulnerabilities
VTS for Android- a tool for researching publicly known system vulnerabilities
Files
Recovery
® DiskDigger- recovery of deleted pictures, photos, videos, saving recovered files and the ability to send them to the mail
Dumpster - Recycle Bin- file basket
® Hexamob Recovery PRO- recover deleted files
Undeleter- recovery of files deleted from SD-cards and internal memory
Forum

Images
Exif
Exif_Editor- full EXIF ​​editor
ExifTool- viewing and editing the extended information of image files (closed source code)
Photo editor- a program for high-quality photo processing (viewing, changing or deleting EXIF ​​data)
Photo exif editor- allows you to view, edit and delete Exif photo data
Scrambled exif- removal of metadata from images (open source)

Media
MediaInfo- obtaining technical information from audio and video files (open source)

File sharing

Encryption
Cryptography- encryption, training and hashing tool
Cryptomator Beta (Unreleased)- encrypt files in cloud storage and access them on all your devices
Derandom- prediction of pseudo-random numbers (open source)
EDS
EDS (Encrypted Data Store)- creation and management of encrypted containers TrueCrypt, VeraCrypt, LUKS, CyberSafe (closed source code)
Android: Protecting personal data. EDS: Overview and usage example.
Encfs
® Cryptonite- data encryption on the device and in Dropbox (open source)
Encdroid- creation of encrypted folders on the device and in Dropbox
MiXplorer


® EncPassChanger- change the password of the standard encryption section / data
Luks
® LUKS Manager- creation and management of encrypted LUKS containers
Midnight murmur
Midnight murmur- encryption / decryption of files and text messages with a free design of the encryption procedure
PGP
Secrecy
Secrecy- encrypt files with AES256 (open source)
S.S.E.
Secret Space Encryptor (S.S.E Universal Encryption App)- encoder (AES, RC6, Serpent, Blowfish, Twofish, GOST-28147, Threefish (in Pro version), SHACAL-2 (in Pro version)) text and files, password manager (open source)
Encrypted for Android: Application S.S.E

Lock screens
App Lock (HI App Lock)- an application to block and protect confidential information
App Lock (Smart App Protector)- protects installed applications with a password or lock, and also prevents the screen from turning off and switching to landscape mode while applications are running from a user-defined list
CyanLockScreen- Xposed module to expand the lock screen on 4x4, 5x5 and 6x6 pixels
Cyclic Lock- Xposed-module for cycling PIN / password / pattern keys
DroidLock: Dynamic Lockscreen- screen lock, where PIN can be time, battery charge, etc.
® GravityBox- Xposed-module with the ability to shuffle PIN numbers on the lock screen
Knock Lock-App Lock Pro- functional customizable screen blocker
Knock lock- allows you to select the lock area on the display to enable the "Knock Lock" feature
Lockdown- blocking applications with various keys
Lockmod- Xposed module for customizing the lock screen on Lollipop and above
Maxlock- Xposed-module that allows you to block the launch of applications (open source)
Picture Password Lockscreen- lock screen with support for drawing points, lines and circles
PIN / Pattern Shortcuts- Xposed-module that allows you to open different applications with different PIN codes
ScreenLock - Time Password- time based lock screen
Shortcut Lock Screen Mod [MM]- Xposed module for setting lock screen shortcuts on Marshmallow
Smart lock- protection of any installed applications with a password
Smart lock screen- floating screen lock button
Timepin- lock screen with PIN based on time
Data
Locker- clearing data after exceeding the maximum number of attempts to unlock the device
Selfdestruction Unlocking- deleting folders on the memory card and clearing the device memory when the limit of incorrect attempts to unlock the screen comes (closed source code)
Wrong pin shutdown- turning off the device when exceeding the limit of screen unlock attempts (open source)

Energy saving
Tips to improve power saving devices on Android OS
Wakelock
Wakelock detector- search for the cause of the device not falling asleep

To place apk files and analyze executable files use the theme:
Android: checking and analyzing executable files and other thoughts about it

Option Caps TC

There is no curator in the subject. For questions about filling the caps, write to the topic, contact the section moderators via the buttonPictureunder the messages. How to do it right, what would you understand the first time, it is writtenhere.

Post has been editedferhad.necef - 06.08.19, 20:35
Reason for editing: "safe" FireFox + Wipe file sharing for Android Send



Rep: (591)
Equipment
Location
Phone
How do special services calculate by mobile phone PDF
How do intelligence agencies calculate on a mobile phone?
What does my mobile operator know about me?
Mobile phones for / against special services
As only 1 call from the attacker's phone to the victim in 99% identifies the offender.
Android
baseband
GSM
IMEI
IMSI
LTE
SIM
Answering machine
Wiretap
Honeycomb

Forum

Encryption / Cryptography / Steganography
Android
Openssl
Wi-Fi
Database
Pseudo Random Number Generators
Keys
Cryptanalysis
Crypto Protocol
Cryptosystems
Hybrid Cryptosystem - Wikipedia
Cryptographic Resistance - Wikipedia
Cryptosystem - Wikipedia
Plain Text - Wikipedia
The Kirkgoffs Principle - Wikipedia
Cipher - Wikipedia
Encryption - Wikipedia
Ciphertexts - Wikipedia
Decryption - Wikipedia
Cryptography and secure communication: the history of the first ciphers
Cryptographic algorithms
With keys
60 cryptoalgorithms. Part Two: Single-key Spacecraft
Asymmetrical
Symmetrical

Hashing

Procedures
Scrambling
Steganography
File systems



Creation
Documentary film
Fiction
Feature film



Post has been editedokomand - 14.01.19, 02:40



Rep: (591)
Network
How networks work: what is a switch, router, DNS, DHCP, NAT, VPN, and a dozen more necessary things | mkdev programming articles
Network Security - Wikipedia
Ad-hoc
Blockchain
Bluetooth
Captive portal
CDN
Certificate
DNS
DPI
HTTP / HTTPS
I2p
Iota
IP telephony
IPsec
MAC
Matrix
Mitm
P2P
Proxy
Sandbox
SQL
STUN
TCP / IP
Tor
VoIP
VPN
VPN - Wikipedia
What kind of VPNs are there and how do they differ PDF
PPTP vs L2TP vs OpenVPN vs SSTP
German law and VPN
VPN services comparison PDF
Don't use VPN services.
Chameleon
GoVPN
Openvpn
Parallel VPN
PureVPN
VORACLE
Wireguard
Forum

Wi-Fi
WiMAX
Www
Xss
Anonymity
Locks
Browsers
Decentralization
the Internet
Firewall
SORM
Leaks

System
Accessibility Services
Android
Adb
APK
Boot
build.prop
Compatibility Test Suite (CTS)
Content providers
DropBoxManager
Factory Reset Protection
Fingerprint
Google
Hips
ICU
Instant apps
IPC
Kernel / Shell
Keyboard
Manifest
Ota
Permissions
Project treble
Recovery
Reverse engineering
Rollback Protection
SafetyNet
Signing
Storage
USB
Webview
Xposed
Zygote
Harmful
Why is it dangerous to use smartphones (tablets) with Android OS for remote banking services?
5 most dangerous malware for Android
Is it possible to steal money from mobile banking? Part 1
Is it possible to steal money from mobile banking? Part 2
BLACK HAT conference. How to make a spy phone. Part 1
BLACK HAT conference. How to make a spy phone. Part 2
Creation of malware. A responsibility
Doctor Web discovered Trojans in the firmware of popular Android mobile devices
Acecard
Adult player
Addups
BankBot
Banker
Bankosy
Bilal bot
BothanSpy, Gyrfalcon
Brain test
Calljam
Chamois
Charger
Chrysaor
Coinminer
Cooee
Copycat
Cyber.Police
Downloader
Dresscode
Dualtoy
Dvmap
Excelliance
ExpensiveWall
Fakebank
Faketoken
Falseguide
Flash keyboard
Flocker
Ghostclicker
Ghostpush
GM Bot
Gmobi
Godless
GPlayed
Gugi
HTBENEWS
Hummer
Hummingbad
InstaAgent
Judy
Kemoge
last-browser-update
Loapi
Leakerlocker
Lockdroid
LockerPIN
Loki
Malapp
Marcher
Mazar bot
Mkero
MulDrop
Pawost
PluginPhantom
Podec
Poweroffhijack
Powersnitch
Reddrop
Remote control system
Rootnik
ROOTSTV
Simplocker
Skygofree
Slicer
SMSSender
Smsspy
SMSVova
Spy
Spydealer
Spywaller
Svpeng
Swearing
Tordow
Triada
Twitoor
Vibleaker
Viking horde
Vk
VPN
VPNFilter
WireX
Worm.Gazon
Xavier
Xiny
Ztorg

Forum

Sensors
Identification / Tracking
Best Practices for Unique Identifiers
Identifying App Installations
Is there a unique Android device ID?
You can track the user's location using advertising for as little as $ 1,000.
Presents a way to identify a user based on their favorite applications.
Researchers: Android smartphones are spying on owners
Google and Mozilla have removed from the catalogs an addon for browsers Stylish that spied on users
Exif
Google
Mic
Trackers
Ultrasound

Models
Memory
Firmware / builds / distributions
/ e /
AOSP
CopperheadOS
Cyanogenmod
eelo
Fuchsia
Kali Linux NetHunter
LineageOS
Maru os
Necuno
Neo900
Omnirom
Paranoid
postmarketOS
PureOS
Replicant
Sailfish OS
Shield OS

Vulnerabilities
The Android ecosystem contains a hidden patch gap
ARMageddon
Badkernel
Blueborne
Broadpwn
Certifi-gate
Cloak & Dagger
CORE-2015-0002
CVE-2014-6041
CVE-2015-3860
CVE-2016-0728
CVE-2016-0819
CVE-2016-2035
CVE-2016-2411
CVE-2016-2431
CVE-2016-2435
CVE-2016-3117
CVE-2016-5195
CVE-2016-5696
CVE-2017-0510
CVE-2017-6975
CVE-2018-9581
Dirty cow
Drammer
Efail
Extra field
Fake id
KRACK
Masterkey
Meltdown, Specter
Name Length Field
ObjectInputStream Serialization
PendingIntent
Portsmash
Quadrooter
Skype
Stack clash
Stagefright
Surreptitious Sharing
Task hijacking
Trustzone
Yanus

Lock screens



Post has been editedokomand - 14.01.19, 02:40



Rep: (591)
Security in android. Privacy and anonymity on the Internet. The original hat.

Since there are enough different topics for discussing software for Android security, private and anonymous surfing, but discussing general security, privacy and anonymity issues in them is increasingly considered offtopic, I think it makes sense to create a separate topic for this popular topic, where you can all these topics are free to speak and ask.
So you are welcome!

Surveys
  • Should forum users have the right to discuss the future (development vectors, shortcomings, possible changes, etc.) topics? - 156/10
  • Should forum users have the right to keep in their messages alternative versions of the header with the ability to add links to them in the main header? - 123/41

Discussion of the realities and future themes.

To place apk files and analyze executable files use the theme:
Android: checking and analyzing executable files and other thoughts about it

Alternative versions of caps
  • Forumchanin version M | A | G (undeservedly deleted)
  • ... There may be your version! ...

Safety
Since many tips and tools in the subject require superuser (root) rights, you should follow certain safety guidelines:
1. Try to do all the actions consciously, having previously studied the relevant materials and clarifying incomprehensible moments.
2. Make as many backups as possible. They can be done both with the help of custom recovery (TWRP, CWM, PhilZ Touch, Carliv, etc.), and with the help of applications that can backup all the firmware, as well as individual applications and data.
Relevant applications can be found in the section:
Software ->Backup.
Accordingly, it is worth taking care of safe storage of the created backups.

About security, all and different
Four Horsemen Infocalypse
Which apps and tools actually keep your messages safe?
Protection of confidential data and anonymity on the Internet PDF
prism-break- protection from global surveillance systems such as SORM, PRISM, XKeyscore and TemporaGithub
Guardian Project
https://privacytools.io/- encryption against global mass surveillanceGithub
SECURITY IN-A-BOX- tools and tactics for digital security
GitHub - ValdikSS / awesome-anti-censorship: curated list of open-source anti-censorship tools
danoctavian / awesome-anti-censorship: curated list of open-source anti-censorship tools
GitHub - StreisandEffect / streisand- Wiring, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, Sslh, Stunnel, and a Tor bridge. It also generates custom instructions for all of these services. You can be shared with friends, family members, and fellow activists.
sovereign / sovereign: email, calendar, contacts, file sync, IRC bouncer, VPN, and more.
https://ssd.eff.org/- Tips, Tools and How-tos for Safer Online Communications
How to protect Android: 10 tips for maximum security PDF
Mission Impossible: Hardening Android for Security and Privacy PDF
eBlocker- hardware and software platform
De-Googling my phone · Martin Pitt
nomoregoogle.com - a fresh collection of alternatives to the services of the technology giant
Project SAFE "I have nothing to hide"
Big data
Information Security
Information Security - Wikipedia
Personal Data Protection - Wikipedia
OPSEC for Linux users, developers and administrators
The basic model of threats to the security of personal data when they are processed in personal data information systems
Internet counterintelligence in action: create a personal information security management system
Information technology social hacking
The art of "teaching protection of information" ... while giving a ton of good-will and non-speaking words PDF
DLP
IPC
Massachusetts Institute of Technology. Lecture course # 6.858. "Security of computer systems." Nikolai Zeldovich, James Mykens. year 2014
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 1
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 2
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 3
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 1
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 2
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 3
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 1
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 2
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 3
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 1
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 2
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 3
MIT course "Computer Systems Security". Lecture 5: "Where Security Errors Come From", Part 1
MIT course "Computer Systems Security". Lecture 5: "Where Security Errors Come From", Part 2
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 1
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 2
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 3
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 1
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 2
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 3
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 1
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 2
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 3
MIT course "Computer Systems Security". Lecture 9: "Web application security", part 1
MIT course "Computer Systems Security". Lecture 9: "Web Application Security", part 2
MIT course "Computer Systems Security". Lecture 9: "Web Application Security", part 3
MIT course "Computer Systems Security". Lecture 10: "Symbolic execution", part 1
MIT course "Computer Systems Security". Lecture 10: "Symbolic execution", part 2
MIT course "Computer Systems Security". Lecture 10: "Symbolic Execution", part 3
MIT course "Computer Systems Security". Lecture 11: “Ur / Web programming language”, part 1
MIT course "Computer Systems Security". Lecture 11: “Ur / Web programming language”, part 2
MIT course "Computer Systems Security". Lecture 11: "Ur / Web programming language", part 3
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 1
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 2
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 3
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 1
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 2
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 3
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 1
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 2
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 3
MIT course "Computer Systems Security". Lecture 15: "Medical software", part 1
MIT course "Security of computer systems". Lecture 15: "Medical software", part 2
MIT course "Security of computer systems". Lecture 15: "Medical software", part 3
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 1
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 2
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 3
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 1
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 2
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 3
MIT course "Computer Systems Security". Lecture 18: "Private Internet Browsing", part 1
MIT course "Security of computer systems". Lecture 18: "Private Internet browsing", part 2
MIT course "Computer Systems Security". Lecture 18: "Private Internet Browsing", part 3
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 1 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 2 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 3 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 20: "Security of mobile phones", part 1
MIT course "Computer Systems Security". Lecture 20: “Mobile Phone Security”, part 2
MIT course "Computer Systems Security". Lecture 20: "Mobile Phone Security", part 3
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 1
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 2
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 3
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 1
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 2
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 3

Online services
Bitcoin
VPN
Auto removal
Website archiving
Mobile networks
Platforms
Search
post office
Checks
Abuse
APK
Cloudflare
DNS
IP
Sip
SSL / TLS
URL
Harmful
miscellanea
Certificates
Speed
Leaks
Vulnerabilities
Encryption

Synchronization
Social networks
Storage
Encryption

Regulations

Forum
"Free Web" | Free internet is discussed in the topic.
Amnesiagroup corner
Benga1983 corner
commandos98
DoberPC corner
Corner of elenakawai
Fahren-heit
Formobe corner
Corner IcanTellstories
JumpingJerry Corner
Corner Ruiz_Av
Tomin corner
Wernow corner
About potential threats (Post wernow # 51543260)
On threat groups (Post wernow # 51550069)
About open code (Post wernow # 51902449)
Selling information (Post wernow # 52003733)
About toolkit (Post wernow # 52015424)
About providers in android (Post wernow # 52061764)
On complete privacy and security (Post wernow # 53580616)
About F-Droid, messengers and priorities (Post wernow # 59144989)
About F-Droid and open source (Post wernow # 59151363)
About Fingerprint (Post wernow # 61458449)
About biometrics (Post wernow # 61564247)
About wiretapping and protection from it (Post wernow # 62796218)
On leaks and anonymous networks (Post wernow # 66632070)
About file attributes (Post wernow # 66682128)
About USSD (Post wernow # 66793981)
How to take a dump via tcpdump (Post wernow # 66824767)
About the causes of problems with modules Xposed (Post wernow # 67999793)
On the priorities of threats (Post wernow # 68333815)
About UID 1000 (The Post wernow # 68613246)
On the interaction of DuckDuckGo and Yandex (Post wernow # 68635660)
About DuckDuckGo Algorithms (Post wernow # 68655630)
On the hardware protection device (Post wernow # 69275830)
On the protection of the port microUSB (Post wernow # 69281156)
About threats and liability (Post wernow # 69293509)
About threats, fictional worlds and time (Post wernow # 69309907)
On service traffic (Post wernow # 69566867)
On the infrastructure Telegram (Post wernow # 70323319)
About China (Post wernow # 73860971)
About China (Post wernow # 73863824)
About China (Post wernow # 73880680)
About messengers (Post wernow # 73969101)
About Antivirus (Post wernow # 74161934)
About China (Post wernow # 74950096)
About malware testing and emulators (Post wernow # 75074647)
About Google Data Collection (Post wernow # 76081812)
About repairing devices (Post wernow # 76537920)
About inspections in China (Post wernow # 76539879)
About device checks (Post wernow # 77754685)
On digital capitalism (Post wernow # 78044951)
About Telegram and the Future (Post wernow # 78053170)
About the registration of instant messengers in the Russian Federation (Post wernow # 78739705)
About famous cryptographers (Post wernow # 78739705)
On anonymity (Post wernow # 78927918)
About VPN (Post wernow # 79392952)
On the set and disagreement (Post wernow # 79458293)
On the hidden record and the legislation of the Russian Federation (Post wernow # 79511161)
About microcopy and data protection (Post wernow # 79670518)
About IMEI registration in the Russian Federation (Post wernow # 79852809)
On the registration of IMEI in the Russian Federation (Post wernow # 79858616)
About changing IMEI (Post wernow # 80654422)
About bookmarks in chips (Post wernow # 80781651)
About bookmarks in chips and checking them (Post wernow # 80786808)
About bookmarks in chips (Post wernow # 80817610)
About removing EXIF ​​(Post wernow # 80944444)
Analysis of EXIF ​​(Post wernow # 80973859)
About trust (Post wernow # 81453839)
About Tor nodes (Post wernow # 81486034)
On temporary identification in a cellular mobile communication network (Post wernow # 81606808)
About voice analysis (Post wernow # 81683667)
yhnyhn11


Software
Compatibility Test Suite (CTS)
GApps
microG GmsCore is a FLOSS framework- framework for replacing original Google Play services
NanoDroid- implementation of Play Services Core (open source)
NOGAPPS Project
GSM
Android IMSI-Catcher Detector- identifies fake base stations (IMSI-Catcher) in GSM / UMTS networks (open source)
®Darshak- helps to detect "silent" sms, signs of phone tapping, lack of communication encryption on Samsung Galaxy S3 (GT I9300) (open source)
EAGLE Security- protection against listening in the form of determining false base stations and blocking access of applications to the camera and microphone (closed source code)
Network cell info- shows the location of cells on the map and measures the signal strength of the serving cell and neighboring cells (closed source code)
®SnoopSnitch- makes a map of attacks on devices with a Qualcomm chip (open source)
Hips
Binderfilter
Binderfilter- IPC Binder call control system in the core (open source)
Picky - an application for managing BinderFilter filters (open source)
Commandos98 corner

Donkeyguard
Donkeyguard- Xposed-module allows you to block access of applications to personal data (open source)
Protect My Privacy
Protect My Privacy- Xposed module for managing application permissions (closed source)
Post Whitestar # 68400078
Xprivacy
Xprivacy- Xposed-module that allows you to prevent the leakage of your personal data through the application, control it or replace it to choose from (open source)
XPrivacyLua
XPrivacyLua- Xposed-module for Marshmallow +, which allows you to prevent the leakage of your personal data through applications, control it or replace it with a choice (open source)
XPrivacyLua Official Site
XPrivacyLua repo
Frequently Asked Questions
Comparison with XPrivacy
Forum

Sensors
Sensor Disabler- Xposed-module that allows you to disable and change the values ​​for all sensors available in the device (open source)
Camera
Camera block- temporarily disables and blocks all camera resources and denies access to the camera for other applications (closed source code)
Disable at the kernel level (Post Dementy000 # 79737060)
Microphone
Mic block- temporarily disables and blocks access to the microphone for other applications (closed source code)
Microphone Guard Plus- protection against listening
Ultrasound


Kernel / Shell
Busybox
®BusyBox- BusyBox installer for Android (open source)
® BusyBox- application to install BusyBox (open source)
BusyBox Install (No Root)- install BusyBox on devices without root (closed source code)
®Busybox On Rails- installs BusyBox on the device, and also updates it to the current version (open source)
Entware
Logcat
Root
® Dianxinos SU- Root access control (closed source)
®Magisk - The Universal Systemless Interface- a utility that allows you to install various system applications and mods in systemless mode and hide the root from any applications and services (open source)
® SuperSU- Advanced access control for superuser rights to applications on the device that require root (closed source code)
® Superuser- a program for managing ROOT rights (open source)
® Superuser- superuser rights management (open source)
Superuser- superuser rights management (open source)
®Superuser X (L)- root-access for applications without intermediaries (closed source code)
Concealment
Rootcloak- Xposed-module that allows you to hide the presence of root for applications (open source)
®suhide- suhide utility allows you to hide the presence of ROOT on your Android device (open source)

SELinux
SELinuxModeChanger- change SELinux mode
Terminal
Android Terminal Emulator- terminal emulator (open source)
Termux- terminal emulator with an extensive collection of Linux packages (open source)

Launcher
AppAsLauncher- allows you to select any third-party program as a launcher (closed source code)
T-UI F-Droid- launcher with terminal (open source)
Linux
Linux for tablet
BOCHS for Android- OS launch for x86
Complete Linux Installer- we install Linux on Android
Debian noroot- debian emulator
GNURoot- installation on Android Wheezy, Gentoo, Fedora or Aboriginal without root rights (open source)
GNURoot Debian- launch Debian on Android devices (open source)
® Linux Deploy- automate the process of installing, configuring and running GNU / Linux distributions on the Android platform inside the chroot container (open source)
® Linux Installer- Installing Debian / Ubuntu on Android devices
PureOS

QEMU for Android- starts any OS in the img and iso image
XServer XSDL- X server for Android, which allows displaying Linux graphic applications running on an external computer or installed in the chroot Android device
Replacing Android on the desktop distribution
Recovery
update-script
Android Script Creator- a program for creating scripts (update.zip)
Update Script Generate- program for creating updater-script (update.zip) based on boot.img and system.img for any processor in which it is possible to flash system images in img format (ext2, ext3, ext4)

SafetyNet
SafetyNet Helper Sample- a simple utility to check the status of SafetyNet (open source)
Sip
Ostel Setup (Post ANPolter # 47912222)
CSipSimple- functional SIP client (open source)
Linphone Video- Internet phone using VoIP (open source)
SMS / MMS
Image SMS- sending image via SMS (open source)
Encryption
Dark SMS- exchange of encrypted SMS messages, the ability to password protect SMS messages on the phone (closed source code)
Silence- SMS / MMS application that supports encryption (open source)
The wall- application for sending and receiving SMS messages encrypted with the AES algorithm (closed source code)

Tts
SVOX Classic Text To Speech Engine- reading text with voice for other applications
Webview
Android System WebView- Android WebView system component is based on Chrome technology and allows you to view web content in applications
Bromite
Bromite- WebView implementation without WebRTC and protected from some other digital fingerprints (open source)
SystemWebView releases
Installing SystemWebView
Forum


Automators
Easer
®Easer F-Droid- automation of actions on events (connection to WiFi, Bluetooth, on time, location) (open source)
Tasker

USB
Blocking domains and ads
® AdAway- ad blocker with white and black lists support (open source)
Adblocker reborn
Adblocker reborn- Xposed-module, blocks AdView, AdActivity, receivers, services, WebView and Hosts, while not touching the hosts file itself and does not conflict with the blockers that use it (open source)

DNS6- allows you to block hosts via DNS through a local VPN service (open source)
® MinMinGuard- Xposed-module for blocking ads inside applications (open source)
PeerBlock For Android- Xposed-module that allows you to block hosts and DNS (open source)
Silent- Xposed ad-blocking module (closed source)
UnbelovedHosts- Xposed-module, blocking calls to domain names that distribute advertising (closed source code)
Browsers
Chromium
Brave
Browser Brave: Fast AdBlock- Chromium-based web browser with built-in AdBlock, tracking protection and security system (open source)
Bromite
Bromite- Chromium based browser with ad blocker and privacy protection (open source)

Firefox
Firefox- a browser from the developers of Mozilla (open source)
Firefox focus- Mozilla browser with automatic blocking of a wide range of online trackers (open source) F-Droid
Firefox GOST- Firefox fork with Russian cryptography support
Icecatmobile
Icecatmobile- fork of Firefox browser that meets the requirements of completely free software (open source)
Librefox
Librefox- additions in privacy and security to Firefox (open source)
Waterfox
Waterfox browser- browser on the engine Gecko, which continues to support the "obsolete" according to the new Mozilla policy additionsopen source)
Waterfox - The free, open and private browser
Waterfox - Wikipedia

Add-ons
Adnauseam

anonymoX

Bluhell firewall- restriction of advertising and redirects
CanvasBlocker- prohibition of browser fingerprint identification
Certainly Something (Certificate Viewer)- view certificates
Certificate Patrol- certificate management
CheckMyHTTPS- verification of the certificate of the secure connection (open source)
Decentraleyes- protection against tracking through centralized CDN
Easy image blocker- image loading control
HTTP UserAgent cleaner- increased privacy (randomly replacing the UserAgent, canvas, locale fields, blocking WebRTC, etc.), blocking ajax and requests to third-party sites and unnecessary cookies, security assessment https (TLS) connections, phishing protection
HTTPS Everywhere- replacement in addresseshttp: //onhttps: //
Mobile Password Manager- view and edit saved passwords
NoScript- blocking scripts and plug-ins, protection against XSS and Clickjacking attacks
Onion Browser Button- connect to Tor in one click
Phony- substitution of User Agent
Random Agent Spoofer- change profiles at a specified time interval
RequestPolicy Continued- control of cross-domain requests
Save / Load Prefs- export and import of Firefox settings
Self-Destructing Cookies- automatic cleaning Cookies and LocalStorage
Speed ​​Tweaks (SpeedyFox)- setting preferences for browser acceleration
Spoof Timezone- time zone change
Third-party Request Blocker (AMO)- blocking requests to third-party resources
uMatrix- firewall with blocking of scripts, frames, etc.
User-Agent Switcher- change User-Agent
wow-dpi- bypass Russian blocking without the need to use proxy, Tor, etc.

F (L) OSS Browser
Privacy browser
Tor
Fire.onion (Browser + Tor)- anonymous web browser (open source)
Orfox
Orfox: Tor Browser for Android- a secure browser for Android based on Mozilla Firefox (open source)
Tor browser

TORnado (Browser + TOR)- anonymous web browser (closed source)

Notes
Note Crypt Pro- creation of encrypted (AES 128 bits, CBC, PKCS5Padding, random IV, PBKDF2WithHmacSHA1) tag database with support for tags (open source)
Swift notes- work with text files, encryption, setting a password, sending (closed source code)
Calls
Lock
Root Call SMS Manager- manager of blocking incoming and outgoing calls and SMS (closed source code)

Calendars
Calendar Calendar F-Droid- simple calendar with additional CalDAV synchronization, recurring events and reminders (open source)
Business calendar- functional calendar (closed source code)
Cameras
Bacon camera- camera with manual settings for devices that do not support Camera2Api (closed source code)
Open camera- multifunctional camera (open source)
Simple camera- multifunctional camera (open source)
Cards
Keyboards
The best keyboard for Android -savagemessiahzine.com
AnySoftKeyboard
AnySoftKeyboard- virtual keyboard with support for multiple languages ​​(open source)
Hacker's Keyboard
Hacker's Keyboard- A full 5-row keyboard with Tab / Esc / Ctrl keys with a separate number block (open source)
Jbak keyboard
Jbak keyboard- a beautiful and fast keyboard with a bunch of settings and features (open source)
Multiling O Keyboard
Simple keyboard
Simple keyboard- customizable keyboard with minimal resolutions (open source)

Contacts
Open contacts- creation and use of a separate contact database (open source)
SA Contacts- export phonebook contacts to Excel and vice versa (closed source code)
Save contacts to txt- allows you to save selected contacts downloaded from the phone book as a text file in TXT format, which can be sent by email (closed source code)
Simple contacts- creation and use of a separate contact database (open source)
VCF
VCF Contacts
VCF Contacts- opens .vcf files in the form of a phone book and allows you to add, delete, edit contacts, make calls (closed source code)
On the potential leak (Lent okomand # 69542431)


Messengers
Messenger Comparison - Wikipedia
Comparison of instant messengers - Wikreality
Comparison of instant messaging clients - Wikipedia
Comparison of LAN messengers - Wikipedia
Digital Communications Protocols
SECURE MESSAGING APPS COMPARISON
Tails - mobile messaging
True Private Messaging: 7 Apps to Encrypt Your Chats PDF
Crypto-resistant androids. Why encryption in Signal, WhatsApp, Telegram and Viber will not protect your correspondence from hacking PDF
Encrypt correctly! Why messengers do not protect the secret of your correspondence
Encrypt correctly! Choose an instant messenger for secure and private correspondence.
Encrypt correctly! Choose an instant messenger for secure and private correspondence.
Actor
Actor- centralized messenger (there is an email registration) based on the MTProto v2 protocol (open source)
Bitseal
Bitseal- decentralized transmission of encrypted messages to another subscriber or many subscribers (open source)
Bleep
Bleep (alpha)- decentralized messenger (there is a registration by email or anonymously) (closed source code)
Briar
Briar- messenger that works on the basis of secure Tor networks, as well as Wi-Fi and Bluetooth (open source)
Briar Beta - Open Source - News
Briar - Darknet Messenger ... Or Good News From The Dark Dungeon Mesh Networks
Chat.onion
Chat.onion- decentralized messenger based on the Tor network (anonymous registration) (open source)
Delta chat
Delta chat- centralized instant messenger with end-to-end encryption using the selected mail domain as the server (open source)
Delta chat
Delta makes chatting better
Contribute
Dib2Qm
Dib2Qm- IMAP and QuickMSG-based email messaging (open source)
Eleet
Eleet Private Messenger- private messenger (registration by phone number or anonymously) (closed source code)
Choosing a secure messenger for android devices: Eleet Private Messenger
Jitsi
Jitsi - Wikipedia- Internet telephony and instant messaging system
Jitsi (open source)
Jitsi meet (open source)
Jingle
Kontalk
Kontalk- client-server messenger (registration by phone number) based on XMPP (open source)
Nextcloud talk
Nextcloud talk- the extension of the Nextcloud platform, allowing you to make protected audio and video calls, as well as exchange text messages (open source)
Nextcloud talk
QuickMSG
QuickMSG- mail client with PGP support (open source)
RetroShare
RetroShare- a decentralized messenger based on the platform of the same name (open source)
Ring
Ring- decentralized messenger with e2e encryption (anonymous registration) (open source)
Ring (program) - Wikipedia
Riot
Riot- decentralized messenger (anonymous registration) (open source)
Safeum
Safeum- encrypted multimedia messenger (there is an email registration) (closed source code)
Signalal
Silent phone
Silent phone- paid instant messenger (anonymous registration) with encryption of audio and video calls and text messages (open source)
Signal-Server source code
Surespot
Surespot- client-server instant messenger (anonymous registration) for secure exchange of text messages, photos and voice notes for up to 10 seconds (open source)
Has secure IM app Surespot been compromised by the feds?
Telegram
Telegram F-Droid- client-server messenger (registration by phone number) based on the MTProto protocol (open source client, closed source server code)
Plus Messenger- unofficial client for Telegram (open source client)
MTProto - Wikipedia
Documentation

Proxy
Telegram Open Network (TON)

Security issues Telegram
Callback to Telegram developers
Is Telegram Safe? Or as I was looking for a bookmark in MTProto
Potential Android Telegram Vulnerability
Telegram attack for 2 ^ 64 operations, and why the supervillain doesn't need it
About the intricacies of privacy in the Telegram Bots API: "this is not a bug, this is a feature"
Why two-factor authentication in Telegram does not work
How to hack Telegram and WhatsApp: special services are not needed
Telegram entered in the register of information dissemination organizers
Telegram itself adds someone else's contacts? This is the norm
Telegram will ask for a passport
Why Telegram Passport is No End to End
Vulnerability in Telegram can compromise secret chats.
We reveal the numbers of Telegram users
Telegram messenger merges metadata to everyone
Telegram was unsafe
Iranian company intercepted all Telegram traffic
Telegram accused of storing messages in unencrypted form
Telegram will still share user data with special services.
"Media Factory" Eugene Prigogine constantly talks about the vulnerability of the telegram. Is it all scary?
Telegram Security Analysis PDF
Telegram, AKA “Stand back, we have Math PhDs!”
About the "safest" telegram
Comparison with Signal (Post neonedrid # 73388860)
About location tracking (Post Aeronliru # 68454877)
Company

Threema
Tox
Antox- decentralized messenger (anonymous registration) for confidential communication (open source)
TRIfA- tox client in active development (open source)
Whatsapp
Wire
XMPP
Chatsecure

Conversations- XMPP client with encryption support and Android HIG design (open source)
Freelab messenger- XMPP client, fork Conversations (closed source)
IM + All-in-One Mobile Messenger- supports all popular instant messaging services: Facebook, ICQ, VKontakte, Mail.Ru Agent, Classmates. Gadu-Gadu, RenRen, mig33, SINA Weibo, Fetion and Jabber (closed source)
Jasmine im- IM client for quick and easy communication, ICQ, QIP, VK, Jabber, etc. (closed source)
Pix-Art Messenger F-Droid- fork of a well-known XMPP Conversations client with additional features (open source)
Sj im- XMPP client that supports automatic encryption of PGP (OTR) messages (closed source code)
Zom Mobile Messenger- XMPP client, focused on simplicity and security (open source)
Xabber- universal Jabber client (open source)

Location
Location Spoofer

Cleaning
Andro shredder- permanently delete files and SMS (closed source code)
File shredder- utility for permanently deleting files (closed source code)
IShredder 3- permanently delete files, photos, sms, contacts (closed source code)
® SD Maid - System Cleaning- cleaning "tails" for remote applications (closed source)
Undeleter- permanently delete files of some types (closed source code)
shell

Passwords
bitwarden
bitwarden- client-server password manager (open source)
Keepass
Keepass2Android
Keepass2Android- password manager (open source)
AutoFill plugin- plugin for auto-complete (open source)

KeePassDroid- password manager (open source)
Password store
Password store- password manager compatible withpass (open source)
SealNote Secure Encrypted Note
SealNote Secure Encrypted Note- notes, registration data under encryption 256-bit AES (open source)
SuperGenPass

Payment systems
post office
Fairmail
K-9
K-9 Mail- mail client (open source)
p≡p
pretty easy privacy p≡p F-Droid- mail client with OpenPGP, key exchange via p2p, key import from other clients (open source)
Protonmail
ProtonMail - Encrypted Email- Email web service with encryption support (open source web version)
ProtonMail IMAP / SMTP Bridge- ProtonMail integration with any programs that support IMAP and SMTP
TempMail
TempMail- creation of temporary mailboxes on the site temp-mail.ru (closed source code)
Tutanota
Tutanota- Email web service with encryption support (open source)

Backup
Helium- backup and synchronization, the ability to work without root using the desktop client
®oandbackup- create backup copies of applications with data (open source)
® Titanium Backup- backup applications and user data
Nandroid
Nandroid Browser- extract and use separate files from nandroid backup
® Nandroid Manager- allows you to view, explore and edit your Nandroid backups
Online Nandroid Backup * root- makes CWM / TWRP compatible backup without loading into recovery
® Orange Backup- a program to create compatible with CWM and TWRP backups and synchronization with the cloud

Repositories
App & Gamesavagemessiahzine.com- view and check for updates of applications and games laid out onsavagemessiahzine.com
APKPure App- alternative application market
Aptoide- client-server application of an alternative market
APKUpdater- can check for updates for programs on popular alternative services APKMirror and APKPure (open source)
Aurora Store
Aurora Store- search and download programs from the Google Play Store without the Google Services Framework, fork of the Yalp Store (open source)

Blackmart- alternative to applanet and the like
F-Droid
F-Droid- repository of open source software (open source)
Second Security Audit Results

Open store- the application allows developers to create their own repositories with applications for Android
Yalp Store
Yalp Store- search and download programs from the Google Play Store without the Google Services Framework (open source)

Network
Ad-hoc / Mesh
Android Intercom- calls via bluetooth and Wi-Fi in the local network
Anyfi
Anyfi- mesh network of devices via Wi-Fi
Gilga
Serval mesh

Wi-Fi talkie- voice chat, chat and file sharing without the Internet within the Wi-Fi network
MAC
macchanger

® Change My MAC- change the MAC address of your Android device (closed source)
® Pry-Fi- change the MAC address of your device (closed source code)
®Wireless Mac Address Changer- changes the MAC address of the device to any other and restores the original back (closed source code)
DNS
AndroDNS F-Droid- configure DNS queries (open source)
Daedalus- change DNS settings via VPN tunnel (open source)
DNS man- change DNS for selected Wi-Fi networks (open source)
®Override DNS- DNS change with built-in list of servers (closed source code)
Cloudflare
DNSCrypt
Tunneling
iodine- binary files for tunneling through a DNS server (open source)
AndIodine- tunneling through a DNS server using VPN Api (open source)
Element53 (DNS Tunnel)- tunneling through a DNS server (open source)

i2p
i2p- access to the anonymous I2P network
OONI
ooniprobe- a global observation network client for detecting censorship and traffic manipulation on the Internet (open source)
Proxy
Privoxy
ProxyDroid
® ProxyDroid- HTTP / SOCKS4 / SOCKS5 proxy with automatic inclusion by SSID (open source)
Shadowsocks
Shadowsocks- fast SOCKS5 proxy with traffic encryption (open source)

Ssh
Tor
Orbot
Orbot- the ability to use the Tor network for anonymous surfing (open source)
How to set up Tor in Android - turn on Orbot
orWall
orWall- firewall for use in conjunction with Orbot, may conflict with other firewalls (open source)

VNC
VMLite VNC Server- control of the Android device through the browser
VPN
The Best VPN Services
Bitmask
Bitmask- VPN and encrypted (OpenPGP) email support (open source)
Openvpn
Open VPN Connect
Open VPN Connect- OpenVPN client (closed source)
OpenVPN Connect Android FAQ
OpenVPN Client
OpenVPN Client- a client with rich capabilities (for example, with a painless TAP connection option without root) for connecting to OpenVPN (closed source code)
VPN Client Pro- a client with rich capabilities (for example, with a painless TAP connection option without root) for connecting to a VPN (closed source code)
OpenVPN for Android

Outline
Wireguard
Wireguard- client for connections to the WireGuard tunnels (open source)

WebRTC
AtrizA Conference- WebRTC based conferences
UniComm- private p2p communications based on WebRTC (open source)
Zyptonite
Zyptonite- secure decentralized p2p platform

Wi-Fi
®fqrouter2- turning the smartphone into a wi-fi repeater and not only
® WiFi TX power- WiFi power control
Wi-Fi Direct
NearShare- communication and file transfer via WiFi Direct
SuperBeam | WiFi Direct Share- wireless data transfer directly between devices (including using WiFi Direct technology)
Wi-Fi cast- transfer files via Wi-Fi using the access point built into the phone (without an external Wi-Fi router)
WiFi Shoot! WiFi Direct- wireless data transfer directly between devices (WiFi Direct technology)
Protection
®ARP guard- traffic interception / redirection protection
® Wifi Protector- detection and prevention of ARP attacks on your phone in Wi-Fi networks
Wi-Fi Privacy Police- prevents connection to unknown networks and sending a list of known networks (open source)

Monitoring
Connection list- View all available TCP device connections
Network connections- monitoring of incoming / outgoing connections
®Network Log- monitoring network connections
Tinny network monitor- monitor network connection
Pentesting
Pentesting

®AndroDumpper (WPS Connect)- check Wi-Fi router vulnerabilities
® bitShark- traffic sniffer
®CSploit- penetration testing (hacking) in a Wi-Fi network
® DroidSheep- scanning and interception of web sessions (profiles)
® DroidSniff- allows you to scan and intercept web sessions of users sitting under one wifi
® dSploit- an application for analyzing and assessing network security, searching for known vulnerabilities, real-time traffic manipulation, spoofing
® FaceNiff- scanning and interception of Internet sessions
® Intercepter-NG (ROOT)- multifunctional network sniffer
iwscan Analyzer [ROOT]- analyzer of networks 802.11 a / b / g / n / ac, Bluetooth, LTE, WCDMA, GSM
®Netcut- allows you to automatically scan the network, receive data about connected devices and, if necessary, disable them
@Network Spoofer- sniffer
®Network utilites (Test version)- a set of tools to work with the network, as well as intercept / monitor / redirect traffic within your network
Packet capture- allows you to intercept network traffic with SSL decryption
®Packet Sniffer- viewing and analyzing packages
Proxymon SSL [ROOT]- debugger of open and secure TCP connections at the data level
В® Reaver-GUI for Android- hacking wifi from devices with bcm4329 / 4330 wifi chipset
Router keygen- key generator for wi-fi routers
® Shark for Root + Shark Reader- traffic sniffer and view dumps in .pcap format
SSLUnpinning- Xposed-module that allows you to make the substitution of certificates in applications (open source)
® Wi.cap. Network sniffer- package sniffer for ROOT devices
WIBR + WIfi BRuteforce hack- generation of WEP / WPA / WPA2 keys to all Wi-Fi point
®WIFI WPS WPA TESTER (ROOT)- attempt to connect to some access points using known vulnerabilities
®WifiAccess WPS WPA WPA2- check Wi-Fi router vulnerabilities
® WiFiKill- disable "extra" users of the WiFi network
®WiFree WPS- Wi-Fi hacking (WPS PIN + Router Keygen)
®WPS connect- connect to a wireless network using the WPS protocol
®zANTI- security assessment of Wi-Fi networks
Social networks
Diaspora
dandelion *- communication in the social network Diaspora (open source)
Mastodon

Firewalls
AFWall
® AFWall +- restriction of application access to the Internet (open source, fork DroidWall)
FAQ · ukanth / afwall Wiki

® Android Firewall- firewall on Android (open source, fork DroidWall)
® DroidWall- restriction of application access to the Internet based on iptables (open source)
Lightningwall- Xposed module, firewall for installed applications (closed source)
Netguard- blocks access to applications (both user and system) access to the Internet (via wi-fi or mobile) without root (open source)
NoRoot Firewall
NoRoot Firewall- firewall that does not require root-rights (closed source code)
Firewall for Android


Signaling
Car alarm
Car alarm- determination of the alarm condition in the protected object using a microphone and / or accelerometer and signaling about it in various ways
Haven
Haven: Keep Watch- an application using various sensors (camera, microphone, gyroscope, accelerometer, light sensor) to record changes in the location of the device (open source)
Snowden introduced a mobile application for protection from surveillance
Edward Snowden has created a paranoid mobile app.

Data synchronization
BitTorrent Sync
BitTorrent® Sync- allows you to synchronize your files between different devices (closed source)
DAVdroid
DAVdroid- CalDAV / CardDAV synchronization (open source)
Folderseync
Folderseync- cloud synchronization with support for various services and protocols (closed source)
Syncthing
Syncthing- application for distributed data synchronization (open source)
Syncthing-silk- distributed synchronization of files between devices (open source)
Cloud data storage
Degoo
100 GB free space: Degoo- cloud file storage service (closed source code)
MEGA
MEGA- client for cloud Mega (closed source)
Nextcloud
- sync files with the Nextcloud server (open source)
ownCloud
ownCloud- synchronization of files with the ownCloud server (open source)


System
Notifications
Toast
Xtoast- Xposed module for managing pop-up notifications (closed source)

Runtime
ART Checker- check runtime (closed source)
Monitoring
OS Monitor- system monitoring (open source)
Simple system monitor- system monitor and task manager (closed source code)
Substitution
Android Device Changer- Xposed-module, which allows applications to change IMEI, Android Id, Serial Number, Wifi Mac, SSID, Google advertising id, Bluetooth Mac devices for applications (closed source code)
Device faker- Xposed-module that allows you to change the device to make it look like another (closed source code)
Device ID Masker- Xposed-module that allows you to replace many of the characteristics of the device (closed source code)
Phone Id Changer Pro- Xposed module that allows applications to change IMEI, Android Id, Serial Number, Wifi Mac Address, SSID (closed source code)
IMEI
®Chamelephon- IMEI change for devices on MediaTek 65XX processors (closed source)
®GhostPhone- IMEI change on MediaTek 65xx / 67xx processors (closed source code)
IMEI Changer- Xposed-module that allows you to change the IMEI device (closed source code)


Steganography
Pixelknot- allows you to hide text messages in images (open source)
Application Management
LuckyPatcher
® LuckyPatcher by ChelpuS- application manager
My Android Tools
My Android Tools- disable / enable activity, service, receiver, provider for any applications (closed source code)
Lists of disabled services / receivers / activites / providers for different applications
Per App Hacking
Per App Hacking- Xposed-module to control the behavior of applications (open source)

APK
APK Editor
ApkCrack (AETool)
ApkCrack (AETool)- tool for editing apk-files
Apktool
Apktool- decompilation, recompilation, application signature
MT Manager
® MT Manager- editing, translating, cloning, encrypting, signing and optimizing user and system (without installing frameworks) apk-files

Windows
APK-Info- view APK information (open source)

Analysis
Apk analyzer- allows you to explore applications on the device, providing a detailed report not only about installed programs, but also about uninstalled apk files
App Detective- gives the most complete array of various data on the installed APK, including their contents and online analysis
AppBrain Ad Detector- identification of potential problems of all applications installed on the device
Exodus
Inspeckage
Inspeckage- Xposed-module for dynamic analysis of installed applications (open source)

Mobile Security Framework- a platform for testing mobile applications (Android / iOS / Windows), fully automated and capable of performing static and dynamic data analysis, identifying potential problems of all applications installed on the device (open source)
Frost
®AirFrozen ~ Disabler (ROOT)- freeze (stop) applications (open source)
Cloning
App cloner- creation (without the presence of root) modified clones of some programs (closed source code)
Sandboxes
Island
Island- execution of applications in the sandbox (closed source)
Android: Island - a utility for isolating and freezing applications without root
Shelter
Shelter- running applications in the sandbox (open source)
UserControl
UserControl- execution of applications in the sandbox (closed source)
VirtualXposed
VirtualXposed- execution of applications in the sandbox with partial support for Xposed (open source)

Permissions
Android Permissions- shows the list of permissions of installed applications (open source)
App Settings
App Settings- Xposed-module for fine-tuning applications, including permission management (open source)
v1.16

App Ops
App Ops- disables selective permissions for selected applications (closed source code)
Analysis of the work (Post xynta123 # 64938074)

AppOpsX- client for Android AppOpsService (open source)
App Ops - Permission manager- application permissions management (closed source)
AppOpsXposed- Xposed-module, restoring the functionality of the App Ops system permission manager on Android 4.4.2 and higher (open source)
Permission master- Xposed module for working with application permissions (closed source)
APK
Advanced permission manager- removal of permissions from apk (closed source)
APK Permission Remover- removal of permissions from apk (closed source)
Permission Manager (re-installer apps)- provision and prohibition of application rights by reinstalling them (closed source code)

Hiding
AppHider- hiding applications (closed source)

Vulnerabilities
BlueBorne Vulnerability Scanner by Armis- check device for BlueBorne vulnerability
Bluebox Security Scanner- check device for the presence of Master-key vulnerabilities
Stagefright Detector- device scan for Stagefright vulnerability
Trustable by Bluebox- a tool for researching publicly known system vulnerabilities
VTS for Android- a tool for researching publicly known system vulnerabilities
Files
Recovery
® DiskDigger- recovery of deleted pictures, photos, videos, saving recovered files and the ability to send them to the mail
Dumpster - Recycle Bin- file basket
® Hexamob Recovery PRO- recover deleted files
Undeleter- recovery of files deleted from SD-cards and internal memory
Forum

Images
Exif
Exif_Editor- full EXIF ​​editor
ExifTool- viewing and editing the extended information of image files (closed source code)
Photo editor- a program for high-quality photo processing (viewing, changing or deleting EXIF ​​data)
Photo exif editor- allows you to view, edit and delete Exif photo data
Scrambled exif- removal of metadata from images (open source)

Media
MediaInfo- obtaining technical information from audio and video files (open source)

Encryption
Cryptography- encryption, training and hashing tool
Cryptomator Beta (Unreleased)- encrypt files in cloud storage and access them on all your devices
Derandom- prediction of pseudo-random numbers (open source)
EDS
EDS (Encrypted Data Store)- creation and management of encrypted containers TrueCrypt, VeraCrypt, LUKS, CyberSafe (closed source code)
Android: Protecting personal data. EDS: Overview and usage example.
Encfs
® Cryptonite- data encryption on the device and in Dropbox (open source)
Encdroid- creation of encrypted folders on the device and in Dropbox
MiXplorer


® EncPassChanger- change the password of the standard encryption section / data
Luks
® LUKS Manager- creation and management of encrypted LUKS containers
Midnight murmur
Midnight murmur- encryption / decryption of files and text messages with a free design of the encryption procedure
PGP
Secrecy
Secrecy- encrypt files with AES256 (open source)
S.S.E.
Secret Space Encryptor (S.S.E Universal Encryption App)- encoder (AES, RC6, Serpent, Blowfish, Twofish, GOST-28147, Threefish (in Pro version), SHACAL-2 (in Pro version)) text and files, password manager (open source)
Encrypted for Android: Application S.S.E

Lock screens
App Lock (HI App Lock)- an application to block and protect confidential information
App Lock (Smart App Protector)- protects installed applications with a password or lock, and also prevents the screen from turning off and switching to landscape mode while applications are running from a user-defined list
CyanLockScreen- Xposed module to expand the lock screen on 4x4, 5x5 and 6x6 pixels
Cyclic Lock- Xposed-module for cycling PIN / password / pattern keys
DroidLock: Dynamic Lockscreen- screen lock, where PIN can be time, battery charge, etc.
® GravityBox- Xposed-module with the ability to shuffle PIN numbers on the lock screen
Knock Lock-App Lock Pro- functional customizable screen blocker
Knock lock- allows you to select the lock area on the display to enable the "Knock Lock" feature
Lockdown- blocking applications with various keys
Lockmod- Xposed module for customizing the lock screen on Lollipop and above
Maxlock- Xposed-module that allows you to block the launch of applications (open source)
Picture Password Lockscreen- lock screen with support for drawing points, lines and circles
PIN / Pattern Shortcuts- Xposed-module that allows you to open different applications with different PIN codes
ScreenLock - Time Password- time based lock screen
Shortcut Lock Screen Mod [MM]- Xposed module for setting lock screen shortcuts on Marshmallow
Smart lock- protection of any installed applications with a password
Smart lock screen- floating screen lock button
Timepin- lock screen with PIN based on time
Data
Locker- clearing data after exceeding the maximum number of attempts to unlock the device
Selfdestruction Unlocking- deleting folders on the memory card and clearing the device memory when the limit of incorrect attempts to unlock the screen comes (closed source code)
Wrong pin shutdown- turning off the device when exceeding the limit of screen unlock attempts (open source)

Energy saving
Tips to improve power saving devices on Android OS
Wakelock
Wakelock detector- search for the cause of the device not falling asleep




Continuation of the header (Network, System)
Continued caps (Hardware, Location, Telephone, Encryption / Cryptography / Steganography, Creativity)

Post has been editedokomand - 08.07.19, 22:32



Rep: (74)
* privateperson2015,
To fake imsi you need a suitable fake Ki. Otherwise the network will say go ahead. :)
Yes, and then how to receive incoming, if imsi is associated with a subscriber number? : D
And imei can change at least once a minute, you vseravno authenticly identified by transmitted imsi. Imei it so, for the black list of stolen / not legally imported devices. But it almost does not work with us. And wiping your imei you made it "gray", which only may attract undue attention ...

Post has been editedtimspb - 15.05.15, 00:08



Rep: (1)
To fake imsi you need a suitable fake Ki. Otherwise the network will say go ahead. :)
Yes, and then how to receive incoming, if imsi is associated with a subscriber number? : D
And imei can change at least once a minute, you vseravno authenticly identified by transmitted imsi. Imei it so, for the black list of stolen / not legally imported devices. But it almost does not work with us. And wiping your imei you made it "gray", which only may attract undue attention ...

I understand that changing imei without a SIM card will not help much to get out of sight)) But it’s easier to change imei than to change the device)) I understood what the salt is about .. Well, okay, this is not about this topic)

I would like the developers to develop their software in different directions to protect the android, not only from wiretapping, but also, for example, from subscriber location and signal triangulation, protection from stealth sms, etc.



Rep: (502)
There are applications: a microscope (when you can see germs through the device’s camera), ultrasound from mosquitoes and dogs (through a standard speaker), a lie detector (without sensors), a metal detector (which detects gold and platinum), thermal imagers (through a standard camera), there is there is also a program that determines the presence of spirits and ghosts near you (through a disturbance of psi-energy, by measuring the electromagnetic field), and there is (will) be a program that determines the presence of wiretapping from the operator (using a very complex algorithm that requires volumetric calculations reports and analytics on the developer's server, it is possible that distributed computing may be required due to the enormous amount of incoming data) ...
----
Operators in the CIS do not listen to anyone.
This makes the complex feed (its various modifications and equipment).
He always stands behind the operator.
And the default operators give the entire amount of the form already decrypted (both at the entrance and at the exit). This does not mean that all data is heard / analyzed by real people, but if all the same your number will be listened to, your incoming / outgoing data will not change at all.
In simple terms, the feed does not know anything about encryption and does not change anything in the data one iota.
And the operators do not know anything about wiretapping (who exactly, when, how long, in what volume). They are never told this.
Sorm removes only data already opened by the operator. I omitted many details, but the meaning is exactly that.
Therefore, it is possible to determine whether you are listening through the feed, (and not through the equipment of the operator), with the same effect as to determine the psi-energy disturbance.
P.s. In the countries of rotten democracy, the operators are listening just the same, but upon request / order of the court / special services. But the method is the same (incoming / outgoing data remains unchanged, although I cannot say for all countries, because there are operators who do not have a permanent intermediate open area) ..
There are nuances (with them and with us), when the controlled object is sent hush sms, and this is definable and blockable programmatically.
And of course the collection (sometimes selective analysis) of metadata (this is already done by the operators themselves), but this is no longer control of voice traffic.



Rep: (591)
And yes, this is exactly the application that Edward Snowden himself recommends using (Edward Snowden).

A truly secure application should at least allow using not just phone numbers as identifiers.
What kind of anonymity then speech.
Well at least the source code, unlike Telegram, is open.
Tox clients are truly safe and anonymous.

Post has been editedokouser - 05.12.15, 14:57



Rep: (307)
Unfortunately, Snowden did not explain why Signal should be used (well, or I did not find it).
Open source is not an argument.
Telegram sources are also open:https://telegram.org/apps#source-code
Plus Durov awarded a prize of $ 100,000 to the one who hacked the defense.

Post has been editedeen - 05.12.15, 20:07



Rep: (23)
Plus Durov awarded a prize of $ 100,000 to the one who hacked the defense.

those who seriously need data, they will not crack the cipher, but simply come and confiscate the server under absolutely any pretext. And this window dressing with kilobaxes is a complete mess.
I have no doubt that the connection between the prog and the server is protected. But the fact that the prog does not pull all the data from the phone to this server, which Durov does not concern at all - there is no guarantee for this. And even more so there is no protection from the fact that Durov himself will merge everything that is needed. Well, if a multimillion Skype was forced, then Durov was never a defense at all.

Security must be guaranteed by the architecture, not by the words of marketers and other boltologists. Neither the Telegram nor the Signal Private Messenger, which requires my mobile number, guarantees no data protection. So far, only tox and surespot can be trusted, but, unfortunately, they are very raw. The rest is just chats / dialers, in which "privacy" and "security" in the name and description are just an advertising move.

Unfortunately, Snowden did not explain why Signal should be used.

Yes, it is a pity that a person who has made an enormous contribution to the protection of the privacy and informational integrity of people mentions such dregs somewhere, requiring the registration of a telephone number and contrary to anonymity. If he said it at all, and not just someone uses his image, as the image of Che Guevara, sold without his consent by such organizations with which he would not have anything in life.

Post has been editedformobe120 - 05.12.15, 20:24



Rep: (591)
Telegram sources are also open

Is Signal's source code also closed?



Rep: (307)
The fact that the prog does not pull all the data from the phone to this server, which Durov does not touch at all - there is no guarantee for this.

Warranty is open source. In which you can see that the program does not transmit to the server "all data from the phone."
And in the signal, and in the telegram everything is in order. Unlike other popular programs (watsapp, etc.).

they will not crack the cipher, but simply come and confiscate the server under absolutely any pretext

OK, confiscated. What's next?
If the server contains encrypted messages, and the key to them in principle does not exist on the server - let them crack and read. Years after dtsat.
On the telegram server it will be exactly like this (we are talking only about the secret chat, and not about the usual chats / channels).
And indeed, now the FBI is pressing Durov on the topic of "giving the keys", but for him to remove the secret chats from the messenger at all.

But how it is arranged in signal - I have not yet understood. I would be grateful (+) if someone pokes his nose in the description (you can in English).

this window dressing with kilobaxes is a complete mess

Thanks to this "window dressing" a person has already received money. Although not the full amount: he did not read the chat, but found a potential vulnerability in the code. See details on Habré.

Is Signal's source code also closed?

And what's the point in server codes? After all, there is no way to verify that the published code corresponds to the executable modules on the server.

A truly secure application should at least allow using not just phone numbers as identifiers.
What kind of anonymity then speech.

Yes, the very fact that people with such telephone numbers communicated with each other - on the server the signal (telegram, watsapp, etc.) is stored. And, of course, can be merged with the relevant services. With this you need to either accept or not use such instant messengers at all (and, by the way, a mobile phone, too).
But the content of this communication is quite possible to protect.

Post has been editedeen - 06.12.15, 00:05



Rep: (591)
een 05.12.2015, 23:02*
Warranty is open source. In which you can see that the program does not transmit to the server "all data from the phone."

The guarantee is not only in what is seen in open source, as developers can not collect apk from them, but in the ability to view the code and build their own installation based on it, which is what projects like F-Droid do.
een 05.12.2015, 23:02*
On the telegram server it will be like this

You are either a telepath or a person close to Durov, because without source you know what will be there ...
een 05.12.2015, 23:02*
And what's the point in server codes? After all, there is no way to verify that the published code corresponds to the executable modules on the server.

Hmm, how consistent in this context is your passage about open source client ...
And the point is that then we can build our server ourselves, and not feed ourselves with tales of a white bull.
een 05.12.2015, 23:02*
and by the way, mobile phone too

Since when in smartphones forbidden not to insert a SIM card?
And the contents of the communication can be protected when you are exactly sure that the encryption keys do not go to any external servers, which some clever people know thoroughly ...

Post has been editedokouser - 06.12.15, 01:31



Rep: (307)
developers can not build apk of them

This will be a direct deception, and it will be discovered - there are many who want it.

once without source you know what will be there

So the point is that the source is.
And anyone can check (and checked, I think, 100,500 times) that when using secret chat on the server side, you cannot get encryption keys.
And therefore it is impossible to read the correspondence, even it suddenly appears on the confiscated server (the developers say that it is not stored there at all, but that's fine).

Consistently in this context sounds your passage about open source client

You really do not understand?
If you have an executable module and source code, you can find out if they match each other.
In the case of a client Signal or Telegram, there are both published sources and apk. Therefore, a comparison is theoretically possible.
And executables running on Open Whisper / Telegram servers cannot be obtained. Accordingly, server source codes (if they are suddenly published) do not make any sense for the analysis of the security of correspondence, there is nothing to compare them with.

[[and, by the way, mobile phone too]]
[Since when in smartphones forbidden not to insert a SIM?!]
I wrote about the mobile phone, not about the smartphone. Well, "mobile communication too" - so clearer?



Rep: (591)
een @ 12/06/2015 3:20*
And anyone can check (and checked, I think, 100,500 times) that when using secret chat on the server side, you cannot get encryption keys.

Convinced.
But in group chats, are the encryption keys transmitted to the server?
How is this with Signal?
The same Telegram in F-Droid is assembled, but Signal is not.
een @ 12/06/2015 3:20*
If you have an executable module and source code, you can find out if they match each other.

This is not always the case. From the bytecode is not always possible to get the source.
Once again, this is why there are projects like the F-Droid.
een @ 12/06/2015 3:20*
Well, "mobile communication too" - so clearer?

In this case, terminology is important.
So about that, and in such programs, it is extremely important to completely untie the user from mobile communication.
Why this is not done - an open question.

Post has been editedokouser - 06.12.15, 10:21



Rep: (307)
But in group chats, are the encryption keys transmitted to the server?

Yes, messages in normal (non-secret) telegram chats can be decrypted on the server.
Moreover, they write on Habré about experiments proving that messages are analyzed on the server and used in contextual advertising. Business s.

How is this with Signal?

there iscomparison of instant messengersfromElectronic Frontier Foundation.
From it, in particular, it follows:
1. Messages in chats Signal on the server can not be decrypted
2. A detailed description of Signal cryptography does exist. Will seek.

In such programs, it is extremely important to completely untie the user from mobile communication.
Why this is not done - an open question.

So in the description of Signal there are no statements about anonymity and unlinking from mobile communication.
And why not done - this question for tehnotrepalki.

[The same Telegram in F-Droid is compiled, but Signal is not.]
I don’t understand why the F-Droid build guarantees security.
Suppose there are sources from F-Droid and apk compiled from them.
Where is the confidence that apk is built from the published sources?
How does this differ from the case when the source code from Open Whisper and apk from it?


Post has been editedeen - 06.12.15, 15:45



Rep: (591)
een @ 12/06/2015, 14:34*
Moreover, they write on Habré about experiments proving that messages are analyzed on the server and used in contextual advertising.

Link?
Of course, but on the other hand, if there are links in the messages, it can be a generation of previews for them.
een @ 12/06/2015, 14:34*
I don’t understand why the F-Droid build guarantees security.
Suppose there are sources from F-Droid and apk compiled from them.
Where is the confidence that apk is built from the published sources?
How does this differ from the case when the source code from Open Whisper and apk from it?

No, I did not say that.
There are also necessary and sufficient conditions.
So this is necessary, but not sufficient.
I think the fact that you can go through all the steps to compile the source and check whether the hashes of the apesheks are the same.

Post has been editedokouser - 06.12.15, 18:25



Rep: (151)
een @ 12/06/2015 00:02*
If the server is encrypted messages


IMHO safe when no server is used, messages are stored only with correspondents with the deadline specified by the author of the message (for example, the message lives no more than 2 hours. then it is destroyed)



Rep: (307)
If there are links in the messages, then it can be a generation of previews for them.

No, it's not about previews for links.
Like this: if in correspondence (not the secret chat) long enough to discuss some kind of [crap], this very [crap] starts to appear in ads on the web pages. Of course, this [crap] was mentioned only in this messenger, in other messengers and in the mail they never discussed, and did not go to the sites dedicated to it.
For the sake of fairness, I could not repeat the results of this experiment - I couldn’t find a product that I often advertise on the one hand, and on the other hand, so that I didn’t go to sites describing it before.

[so that you can go through all the steps to compile the source and check whether the hashes of the apesheks match.]
Why it is impossible to go through the same steps to compile the source Open Whisper and not compare with apk Open Whisper?


V1ct0r @ 12/06/2015, 18:39*
IMHO safe when no server is used, messages are stored only with correspondents with the deadline specified by the author of the message (for example, the message lives no more than 2 hours. then it is destroyed)

This is exactly how secret chat works in Telegram. Well, that is, the developers say so. We cannot verify this statement ("I swear by my mother" is not a guarantee).
Therefore, he wrote: "even if it suddenly shows up on the confiscated server", i.e. if the developers lied.

Post has been editedeen - 06.12.15, 18:49



Rep: (591)
V1ct0r @ 12/06/2015, 17:39*
IMHO safe when no server is used, messages are stored only for correspondents with the deadline specified by the author

A similar principle is implemented in Tox, and according to the developers at Bleep.
een @ 12/06/2015, 17:41*
Why it is impossible to go through the same steps to compile the source Open Whisper and not compare with apk Open Whisper?

Because they will not tell with what tools and how they build the apk, and the hashes will be guaranteed to be different.

Posted 12/06/2015 6:55 PM:

een @ 12/06/2015, 17:41*
This is exactly how secret chat works in Telegram. Well, that is, the developers say so.

Do secret chat messages bypass the server?
And where are the developers say.
There are sources, if everything is in the code as the developers say, then assembling the apk, everything will be exactly the same, even if there are bookmarks in the official apk.



Rep: (307)
Do secret chat messages bypass the server?

It is not over. But the developers say that messages are not stored on the server.
Exactly this statement is impossible to verify.

And where are the developers say.
Sources are

There are no server sources.

If in the code everything is as the developers say, then collecting the apk

apk has nothing to do with it, it's about the server. And there is no access to server executables.


Full version    

Help     rules

Now: 08/29/19, 20:52