Questions about security, privacy and anonymity in the network and under the android | [technoblabla] general security, privacy and anonymity issues



Rep: (572)
Questions about security, privacy and anonymity on the network and under the android



Since there are enough different topics for discussing software for Android security, private and anonymous surfing, but discussing general security, privacy and anonymity issues in them is increasingly considered offtopic, I think it makes sense to create a separate topic for this popular topic, where you can all these topics are free to speak and ask.
So you are welcome!

Safety
Since many tips and tools in the subject require superuser (root) rights, you should follow certain safety guidelines:
1. Try to do all the actions consciously, having previously studied the relevant materials and clarifying incomprehensible moments.
2. Make as many backups as possible. They can be done both with the help of custom recovery (TWRP, CWM, PhilZ Touch, Carliv, etc.), and with the help of applications that can backup all the firmware, as well as individual applications and data.
Relevant applications can be found in the section:
Software ->Backup.
Accordingly, it is worth taking care of safe storage of the created backups.



About security, all and different
Four Horsemen Infocalypse
Which apps and tools actually keep your messages safe?
Protection of confidential data and anonymity on the Internet PDF
prism-break- protection from global surveillance systems such as SORM, PRISM, XKeyscore and TemporaGithub
Guardian Project
https://privacytools.io/- encryption against global mass surveillanceGithub
SECURITY IN-A-BOX- tools and tactics for digital security
GitHub - ValdikSS / awesome-anti-censorship: curated list of open-source anti-censorship tools
danoctavian / awesome-anti-censorship: curated list of open-source anti-censorship tools
GitHub - StreisandEffect / streisand- Wiring, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, Sslh, Stunnel, and a Tor bridge. It also generates custom instructions for all of these services. You can be shared with friends, family members, and fellow activists.
sovereign / sovereign: email, calendar, contacts, file sync, IRC bouncer, VPN, and more.
https://ssd.eff.org/- Tips, Tools and How-tos for Safer Online Communications
How to protect Android: 10 tips for maximum security PDF
Mission Impossible: Hardening Android for Security and Privacy PDF
eBlocker- hardware and software platform
De-Googling my phone В· Martin Pitt
nomoregoogle.com - a fresh collection of alternatives to the services of the technology giant
Project SAFE "I have nothing to hide"
Big data
Information Security
Information Security - Wikipedia
Personal Data Protection - Wikipedia
OPSEC for Linux users, developers and administrators
The basic model of threats to the security of personal data when they are processed in personal data information systems
Internet counterintelligence in action: create a personal information security management system
Information technology social hacking
The art of "teaching protection of information" ... while giving a ton of good-will and non-speaking words PDF
DLP
IPC
Massachusetts Institute of Technology. Lecture course # 6.858. "Security of computer systems." Nikolai Zeldovich, James Mykens. year 2014
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 1
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 2
MIT course "Computer Systems Security". Lecture 1: "Introduction: threat models", part 3
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 1
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 2
MIT course "Computer Systems Security". Lecture 2: "Control of hacker attacks", part 3
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 1
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 2
MIT course "Computer Systems Security". Lecture 3: "Buffer overflow: exploits and protection", part 3
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 1
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 2
MIT course "Computer Systems Security". Lecture 4: "Separation of privileges", part 3
MIT course "Computer Systems Security". Lecture 5: "Where Security Errors Come From", Part 1
MIT course "Computer Systems Security". Lecture 5: "Where Security Errors Come From", Part 2
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 1
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 2
MIT course "Computer Systems Security". Lecture 6: "Opportunities", part 3
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 1
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 2
MIT course "Computer Systems Security". Lecture 7: "Sandbox Native Client", part 3
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 1
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 2
MIT course "Computer Systems Security". Lecture 8: "Model of network security", part 3
MIT course "Computer Systems Security". Lecture 9: "Web application security", part 1
MIT course "Computer Systems Security". Lecture 9: "Web Application Security", part 2
MIT course "Computer Systems Security". Lecture 9: "Web Application Security", part 3
MIT course "Computer Systems Security". Lecture 10: "Symbolic execution", part 1
MIT course "Computer Systems Security". Lecture 10: "Symbolic execution", part 2
MIT course "Computer Systems Security". Lecture 10: "Symbolic Execution", part 3
MIT course "Computer Systems Security". Lecture 11: “Ur / Web programming language”, part 1
MIT course "Computer Systems Security". Lecture 11: “Ur / Web programming language”, part 2
MIT course "Computer Systems Security". Lecture 11: "Ur / Web programming language", part 3
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 1
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 2
MIT course "Computer Systems Security". Lecture 12: "Network Security", part 3
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 1
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 2
MIT course "Computer Systems Security". Lecture 13: "Network Protocols", part 3
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 1
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 2
MIT course "Computer Systems Security". Lecture 14: "SSL and HTTPS", part 3
MIT course "Computer Systems Security". Lecture 15: "Medical software", part 1
MIT course "Security of computer systems". Lecture 15: "Medical software", part 2
MIT course "Security of computer systems". Lecture 15: "Medical software", part 3
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 1
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 2
MIT course "Security of computer systems". Lecture 16: "Attacks through the side channel", part 3
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 1
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 2
MIT course "Security of computer systems". Lecture 17: User Authentication, Part 3
MIT course "Computer Systems Security". Lecture 18: "Private Internet Browsing", part 1
MIT course "Security of computer systems". Lecture 18: "Private Internet browsing", part 2
MIT course "Computer Systems Security". Lecture 18: "Private Internet Browsing", part 3
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 1 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 2 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 19: “Anonymous Networks”, part 3 (lecture from the creator of the Tor network)
MIT course "Computer Systems Security". Lecture 20: "Security of mobile phones", part 1
MIT course "Computer Systems Security". Lecture 20: “Mobile Phone Security”, part 2
MIT course "Computer Systems Security". Lecture 20: "Mobile Phone Security", part 3
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 1
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 2
MIT course "Computer Systems Security". Lecture 21: "Tracking data", part 3
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 1
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 2
MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 3

Online services
Bitcoin
VPN
Auto removal
Website archiving
Mobile networks
Platforms
Search
post office
Checks
Abuse
APK
Cloudflare
DNS
IP
Sip
SSL / TLS
URL
Harmful
miscellanea
Certificates
Speed
Leaks
Vulnerabilities
Encryption

Synchronization
Social networks
Storage
Encryption

Regulations

Forum
"Free Web" | Free internet is discussed in the topic.
Amnesiagroup corner
Benga1983 corner
commandos98
DoberPC corner
Corner of elenakawai
Fahren-heit
Formobe corner
Corner IcanTellstories
JumpingJerry Corner
Corner Ruiz_Av
Tomin corner
Wernow corner
About potential threats (Post wernow # 51543260)
On threat groups (Post wernow # 51550069)
About open code (Post wernow # 51902449)
Selling information (Post wernow # 52003733)
About toolkit (Post wernow # 52015424)
About providers in android (Post wernow # 52061764)
On complete privacy and security (Post wernow # 53580616)
About F-Droid, messengers and priorities (Post wernow # 59144989)
About F-Droid and open source (Post wernow # 59151363)
About Fingerprint (Post wernow # 61458449)
About biometrics (Post wernow # 61564247)
About wiretapping and protection from it (Post wernow # 62796218)
On leaks and anonymous networks (Post wernow # 66632070)
About file attributes (Post wernow # 66682128)
About USSD (Post wernow # 66793981)
How to take a dump via tcpdump (Post wernow # 66824767)
About the causes of problems with modules Xposed (Post wernow # 67999793)
On the priorities of threats (Post wernow # 68333815)
About UID 1000 (The Post wernow # 68613246)
On the interaction of DuckDuckGo and Yandex (Post wernow # 68635660)
About DuckDuckGo Algorithms (Post wernow # 68655630)
On the hardware protection device (Post wernow # 69275830)
On the protection of the port microUSB (Post wernow # 69281156)
About threats and liability (Post wernow # 69293509)
About threats, fictional worlds and time (Post wernow # 69309907)
On service traffic (Post wernow # 69566867)
On the infrastructure Telegram (Post wernow # 70323319)
About China (Post wernow # 73860971)
About China (Post wernow # 73863824)
About China (Post wernow # 73880680)
About messengers (Post wernow # 73969101)
About Antivirus (Post wernow # 74161934)
About China (Post wernow # 74950096)
About malware testing and emulators (Post wernow # 75074647)
About Google Data Collection (Post wernow # 76081812)
About repairing devices (Post wernow # 76537920)
About inspections in China (Post wernow # 76539879)
About device checks (Post wernow # 77754685)
On digital capitalism (Post wernow # 78044951)
About Telegram and the Future (Post wernow # 78053170)
About the registration of instant messengers in the Russian Federation (Post wernow # 78739705)
About famous cryptographers (Post wernow # 78739705)
On anonymity (Post wernow # 78927918)
About VPN (Post wernow # 79392952)
On the set and disagreement (Post wernow # 79458293)
On the hidden record and the legislation of the Russian Federation (Post wernow # 79511161)
About microcopy and data protection (Post wernow # 79670518)
About IMEI registration in the Russian Federation (Post wernow # 79852809)
On the registration of IMEI in the Russian Federation (Post wernow # 79858616)
About changing IMEI (Post wernow # 80654422)
About bookmarks in chips (Post wernow # 80781651)
About bookmarks in chips and checking them (Post wernow # 80786808)
About bookmarks in chips (Post wernow # 80817610)
About removing EXIF ​​(Post wernow # 80944444)
Analysis of EXIF ​​(Post wernow # 80973859)
yhnyhn11


Software
Compatibility Test Suite (CTS)
GApps
microG GmsCore is a FLOSS framework- framework for replacing original Google Play services
NanoDroid- implementation of Play Services Core (open source)
NOGAPPS Project
/ d / gapps- program to remove / disable Gapps (open source)
GSM
Android IMSI-Catcher Detector- identifies fake base stations (IMSI-Catcher) in GSM / UMTS networks (open source)
В®Darshak- helps to detect "silent" sms, signs of phone tapping, lack of communication encryption on Samsung Galaxy S3 (GT I9300) (open source)
EAGLE Security- protection against listening in the form of determining false base stations and blocking access of applications to the camera and microphone (closed source code)
Network cell info- shows the location of cells on the map and measures the signal strength of the serving cell and neighboring cells (closed source code)
В®SnoopSnitch- makes a map of attacks on devices with a Qualcomm chip (open source)
Hips
Binderfilter
Binderfilter- IPC Binder call control system in the core (open source)
Picky - an application for managing BinderFilter filters (open source)
Commandos98 corner

Donkeyguard
Donkeyguard- Xposed-module allows you to block access of applications to personal data (open source)
Protect My Privacy
Protect My Privacy- Xposed module for managing application permissions (closed source)
Post Whitestar # 68400078
Xprivacy
Xprivacy- Xposed-module that allows you to prevent the leakage of your personal data through the application, control it or replace it to choose from (open source)
XPrivacyLua
XPrivacyLua- Xposed-module for Marshmallow +, which allows you to prevent the leakage of your personal data through applications, control it or replace it with a choice (open source)
XPrivacyLua Official Site
XPrivacyLua repo
Frequently Asked Questions
Comparison with XPrivacy
Forum

Sensors
Sensor Disabler- Xposed-module that allows you to disable and change the values ​​for all sensors available in the device (open source)
Camera
Camera block- temporarily disables and blocks all camera resources and denies access to the camera for other applications (closed source code)
Disable at the kernel level (Post Dementy000 # 79737060)
Microphone
Mic block- temporarily disables and blocks access to the microphone for other applications (closed source code)
Microphone Guard Plus- protection against listening
Ultrasound


Kernel / Shell
Busybox
В®BusyBox- BusyBox installer for Android (open source)
В® BusyBox- application to install BusyBox (open source)
BusyBox Install (No Root)- install BusyBox on devices without root (closed source code)
В®Busybox On Rails- installs BusyBox on the device, and also updates it to the current version (open source)
Entware
Logcat
Root
В® Dianxinos SU- Root access control (closed source)
В®Magisk - The Universal Systemless Interface- a utility that allows you to install various system applications and mods in systemless mode and hide the root from any applications and services (open source)
В® SuperSU- Advanced access control for superuser rights to applications on the device that require root (closed source code)
В® Superuser- a program for managing ROOT rights (open source)
В® Superuser- superuser rights management (open source)
Superuser- superuser rights management (open source)
В®Superuser X (L)- root-access for applications without intermediaries (closed source code)
Concealment
Rootcloak- Xposed-module that allows you to hide the presence of root for applications (open source)
В®suhide- suhide utility allows you to hide the presence of ROOT on your Android device (open source)

SELinux
SELinuxModeChanger- change SELinux mode
Terminal
Android Terminal Emulator- terminal emulator (open source)
Termux- terminal emulator with an extensive collection of Linux packages (open source)

Launcher
AppAsLauncher- allows you to select any third-party program as a launcher (closed source code)
T-UI F-Droid- launcher with terminal (open source)
Linux
Linux for tablet
BOCHS for Android- OS launch for x86
Complete Linux Installer- we install Linux on Android
Debian noroot- debian emulator
GNURoot- installation on Android Wheezy, Gentoo, Fedora or Aboriginal without root rights (open source)
GNURoot Debian- launch Debian on Android devices (open source)
В® Linux Deploy- automate the process of installing, configuring and running GNU / Linux distributions on the Android platform inside the chroot container (open source)
В® Linux Installer- Installing Debian / Ubuntu on Android devices
PureOS

QEMU for Android- starts any OS in the img and iso image
XServer XSDL- X server for Android, which allows displaying Linux graphic applications running on an external computer or installed in the chroot Android device
Replacing Android on the desktop distribution
Recovery
update-script
Android Script Creator- a program for creating scripts (update.zip)
Update Script Generate- program for creating updater-script (update.zip) based on boot.img and system.img for any processor in which it is possible to flash system images in img format (ext2, ext3, ext4)

SafetyNet
SafetyNet Helper Sample- a simple utility to check the status of SafetyNet (open source)
Sip
Ostel Setup (Post ANPolter # 47912222)
CSipSimple- functional SIP client (open source)
Linphone Video- Internet phone using VoIP (open source)
SMS / MMS
Image SMS- sending image via SMS (open source)
Encryption
Dark SMS- exchange of encrypted SMS messages, the ability to password protect SMS messages on the phone (closed source code)
Silence- SMS / MMS application that supports encryption (open source)
The wall- application for sending and receiving SMS messages encrypted with the AES algorithm (closed source code)

Tts
SVOX Classic Text To Speech Engine- reading text with voice for other applications
Webview
Android System WebView- Android WebView system component is based on Chrome technology and allows you to view web content in applications
Bromite
Bromite- WebView implementation without WebRTC and protected from some other digital fingerprints (open source)
SystemWebView releases
Installing SystemWebView
Forum


Automators
Easer
В®Easer F-Droid- automation of actions on events (connection to WiFi, Bluetooth, on time, location) (open source)
Tasker

USB
Blocking domains and ads
В® AdAway- ad blocker with white and black lists support (open source)
Adblocker reborn
Adblocker reborn- Xposed-module, blocks AdView, AdActivity, receivers, services, WebView and Hosts, while not touching the hosts file itself and does not conflict with the blockers that use it (open source)

DNS6- allows you to block hosts via DNS through a local VPN service (open source)
В® MinMinGuard- Xposed-module for blocking ads inside applications (open source)
PeerBlock For Android- Xposed-module that allows you to block hosts and DNS (open source)
Silent- Xposed ad-blocking module (closed source)
UnbelovedHosts- Xposed-module, blocking calls to domain names that distribute advertising (closed source code)
Browsers
Chromium
Brave
Browser Brave: Fast AdBlock- Chromium-based web browser with built-in AdBlock, tracking protection and security system (open source)
Bromite
Bromite- Chromium based browser with ad blocker and privacy protection (open source)

Firefox
Firefox- a browser from the developers of Mozilla (open source)
Firefox focus- Mozilla browser with automatic blocking of a wide range of online trackers (open source) F-Droid
Firefox GOST- Firefox fork with Russian cryptography support
Icecatmobile
Icecatmobile- fork of Firefox browser that meets the requirements of completely free software (open source)
Librefox
Librefox- additions in privacy and security to Firefox (open source)
Waterfox
Waterfox browser- browser on the engine Gecko, which continues to support the "obsolete" according to the new Mozilla policy additionsopen source)
Waterfox - The free, open and private browser
Waterfox - Wikipedia

Add-ons
Adnauseam

anonymoX

Bluhell firewall- restriction of advertising and redirects
CanvasBlocker- prohibition of browser fingerprint identification
Certainly Something (Certificate Viewer)- view certificates
Certificate Patrol- certificate management
CheckMyHTTPS- verification of the certificate of the secure connection (open source)
Decentraleyes- protection against tracking through centralized CDN
Easy image blocker- image loading control
HTTP UserAgent cleaner- increased privacy (randomly replacing the UserAgent, canvas, locale fields, blocking WebRTC, etc.), blocking ajax and requests to third-party sites and unnecessary cookies, security assessment https (TLS) connections, phishing protection
HTTPS Everywhere- replacement in addresseshttp: //onhttps: //
Mobile Password Manager- view and edit saved passwords
NoScript- blocking scripts and plug-ins, protection against XSS and Clickjacking attacks
Onion Browser Button- connect to Tor in one click
Phony- substitution of User Agent
Random Agent Spoofer- change profiles at a specified time interval
RequestPolicy Continued- control of cross-domain requests
Save / Load Prefs- export and import of Firefox settings
Self-Destructing Cookies- automatic cleaning Cookies and LocalStorage
Speed ​​Tweaks (SpeedyFox)- setting preferences for browser acceleration
Spoof Timezone- time zone change
Third-party Request Blocker (AMO)- blocking requests to third-party resources
uMatrix- firewall with blocking of scripts, frames, etc.
User-Agent Switcher- change User-Agent
wow-dpi- bypass Russian blocking without the need to use proxy, Tor, etc.

F (L) OSS Browser
Privacy browser
Tor
Fire.onion (Browser + Tor)- anonymous web browser (open source)
Orfox
Orfox: Tor Browser for Android- a secure browser for Android based on Mozilla Firefox (open source)
Tor browser

TORnado (Browser + TOR)- anonymous web browser (closed source)

Notes
Note Crypt Pro- creation of encrypted (AES 128 bits, CBC, PKCS5Padding, random IV, PBKDF2WithHmacSHA1) tag database with support for tags (open source)
Swift notes- work with text files, encryption, setting a password, sending (closed source code)
Calls
Lock
Root Call SMS Manager- manager of blocking incoming and outgoing calls and SMS (closed source code)

Calendars
Calendar Calendar F-Droid- simple calendar with additional CalDAV synchronization, recurring events and reminders (open source)
Business calendar- functional calendar (closed source code)
Cameras
Bacon camera- camera with manual settings for devices that do not support Camera2Api (closed source code)
Open camera- multifunctional camera (open source)
Simple camera- multifunctional camera (open source)
Cards
Keyboards
The best keyboard for Android -savagemessiahzine.com
AnySoftKeyboard
AnySoftKeyboard- virtual keyboard with support for multiple languages ​​(open source)
Hacker's Keyboard
Hacker's Keyboard- A full 5-row keyboard with Tab / Esc / Ctrl keys with a separate number block (open source)
Jbak keyboard
Jbak keyboard- a beautiful and fast keyboard with a bunch of settings and features (open sourceNow closed)
Jbak2 keyboard
Jbak2 keyboard- a safe professional beautiful and fast keyboard, with a bunch of settings and features, without access to the Internet (open source)
Multiling O Keyboard
Simple keyboard
Simple keyboard- customizable keyboard with minimal resolutions (open source)

Contacts
Open contacts- creation and use of a separate contact database (open source)
SA Contacts- export phonebook contacts to Excel and vice versa (closed source code)
Save contacts to txt- allows you to save selected contacts downloaded from the phone book as a text file in TXT format, which can be sent by email (closed source code)
Simple contacts- creation and use of a separate contact database (open source)
VCF
VCF Contacts
VCF Contacts- opens .vcf files in the form of a phone book and allows you to add, delete, edit contacts, make calls (closed source code)
On the potential leak (Lent okomand # 69542431)


Messengers
Messenger Comparison - Wikipedia
Comparison of instant messengers - Wikreality
Comparison of instant messaging clients - Wikipedia
Comparison of LAN messengers - Wikipedia
Digital Communications Protocols
SECURE MESSAGING APPS COMPARISON
Tails - mobile messaging
True Private Messaging: 7 Apps to Encrypt Your Chats PDF
Crypto-resistant androids. Why encryption in Signal, WhatsApp, Telegram and Viber will not protect your correspondence from hacking PDF
Encrypt correctly! Why messengers do not protect the secret of your correspondence
Encrypt correctly! Choose an instant messenger for secure and private correspondence.
Encrypt correctly! Choose an instant messenger for secure and private correspondence.
Actor
Actor- centralized messenger (there is an email registration) based on the MTProto v2 protocol (open source)
Bitseal
Bitseal- decentralized transmission of encrypted messages to another subscriber or many subscribers (open source)
Bleep
Bleep (alpha)- decentralized messenger (there is a registration by email or anonymously) (closed source code)
Briar
Briar- messenger that works on the basis of secure Tor networks, as well as Wi-Fi and Bluetooth (open source)
Briar Beta - Open Source - News
Briar - Darknet Messenger ... Or Good News From The Dark Dungeon Mesh Networks
Chat.onion
Chat.onion- decentralized messenger based on the Tor network (anonymous registration) (open source)
Delta chat
Delta chat- centralized instant messenger with end-to-end encryption using the selected mail domain as the server (open source)
Delta chat
Delta makes chatting better
Contribute
Dib2Qm
Dib2Qm- IMAP and QuickMSG-based email messaging (open source)
Eleet
Eleet Private Messenger- private messenger (registration by phone number or anonymously) (closed source code)
Choosing a secure messenger for android devices: Eleet Private Messenger
Jitsi
Jitsi - Wikipedia- Internet telephony and instant messaging system
Jitsi (open source)
Jitsi meet (open source)
Jingle
Kontalk
Kontalk- client-server messenger (registration by phone number) based on XMPP (open source)
Nextcloud talk
Nextcloud talk- the extension of the Nextcloud platform, allowing you to make protected audio and video calls, as well as exchange text messages (open source)
Nextcloud talk
QuickMSG
QuickMSG- mail client with PGP support (open source)
RetroShare
RetroShare- a decentralized messenger based on the platform of the same name (open source)
Ring
Ring- decentralized messenger with e2e encryption (anonymous registration) (open source)
Ring (program) - Wikipedia
Riot
Riot- decentralized messenger (anonymous registration) (open source)
Safeum
Safeum- encrypted multimedia messenger (there is an email registration) (closed source code)
Signalal
Silent phone
Silent phone- paid instant messenger (anonymous registration) with encryption of audio and video calls and text messages (open source)
Signal-Server source code
Surespot
Surespot- client-server instant messenger (anonymous registration) for secure exchange of text messages, photos and voice notes for up to 10 seconds (open source)
Has secure IM app Surespot been compromised by the feds?
Telegram
Telegram F-Droid- client-server messenger (registration by phone number) based on the MTProto protocol (open source client, closed source server code)
Plus Messenger- unofficial client for Telegram (open source client)
MTProto - Wikipedia
Documentation

Proxy
Telegram Open Network (TON)

Security issues Telegram
Callback to Telegram developers
Is Telegram Safe? Or as I was looking for a bookmark in MTProto
Potential Android Telegram Vulnerability
Telegram attack for 2 ^ 64 operations, and why the supervillain doesn't need it
About the intricacies of privacy in the Telegram Bots API: "this is not a bug, this is a feature"
Why two-factor authentication in Telegram does not work
How to hack Telegram and WhatsApp: special services are not needed
Telegram entered in the register of information dissemination organizers
Telegram itself adds someone else's contacts? This is the norm
Telegram will ask for a passport
Why Telegram Passport is No End to End
Vulnerability in Telegram can compromise secret chats.
We reveal the numbers of Telegram users
Telegram messenger merges metadata to everyone
Telegram was unsafe
Iranian company intercepted all Telegram traffic
Telegram accused of storing messages in unencrypted form
Telegram will still share user data with special services.
"Media Factory" Eugene Prigogine constantly talks about the vulnerability of the telegram. Is it all scary?
Telegram Security Analysis PDF
Telegram, AKA “Stand back, we have Math PhDs!”
About the "safest" telegram
Comparison with Signal (Post neonedrid # 73388860)
About location tracking (Post Aeronliru # 68454877)
Company

Threema
Tox
Antox- decentralized messenger (anonymous registration) for confidential communication (open source)
TRIfA- tox client in active development (open source)
Whatsapp
Wire
XMPP
Chatsecure

Conversations- XMPP client with encryption support and Android HIG design (open source)
Freelab messenger- XMPP client, fork Conversations (closed source)
IM + All-in-One Mobile Messenger- supports all popular instant messaging services: Facebook, ICQ, VKontakte, Mail.Ru Agent, Classmates. Gadu-Gadu, RenRen, mig33, SINA Weibo, Fetion and Jabber (closed source)
Jasmine im- IM client for quick and easy communication, ICQ, QIP, VK, Jabber, etc. (closed source)
Pix-Art Messenger F-Droid- fork of a well-known XMPP Conversations client with additional features (open source)
Sj im- XMPP client that supports automatic encryption of PGP (OTR) messages (closed source code)
Zom Mobile Messenger- XMPP client, focused on simplicity and security (open source)
Xabber- universal Jabber client (open source)

Location
Location Spoofer

Cleaning
Andro shredder- permanently delete files and SMS (closed source code)
File shredder- utility for permanently deleting files (closed source code)
IShredder 3- permanently delete files, photos, sms, contacts (closed source code)
В® SD Maid - System Cleaning- cleaning "tails" for remote applications (closed source)
Undeleter- permanently delete files of some types (closed source code)
shell

Passwords
bitwarden
bitwarden- client-server password manager (open source)
Keepass
Keepass2Android
Keepass2Android- password manager (open source)
AutoFill plugin- plugin for auto-complete (open source)

KeePassDroid- password manager (open source)
Password store
Password store- password manager compatible withpass (open source)
SealNote Secure Encrypted Note
SealNote Secure Encrypted Note- notes, registration data under encryption 256-bit AES (open source)
SuperGenPass

Payment systems
post office
Fairmail
K-9
K-9 Mail- mail client (open source)
p≡p
pretty easy privacy p≡p F-Droid- mail client with OpenPGP, key exchange via p2p, key import from other clients (open source)
Protonmail
ProtonMail - Encrypted Email- Email web service with encryption support (open source web version)
ProtonMail IMAP / SMTP Bridge- ProtonMail integration with any programs that support IMAP and SMTP
TempMail
TempMail- creation of temporary mailboxes on the site temp-mail.ru (closed source code)
Tutanota
Tutanota- Email web service with encryption support (open source)

Backup
Helium- backup and synchronization, the ability to work without root using the desktop client
В®oandbackup- create backup copies of applications with data (open source)
В® Titanium Backup- backup applications and user data
Nandroid
Nandroid Browser- extract and use separate files from nandroid backup
В® Nandroid Manager- allows you to view, explore and edit your Nandroid backups
Online Nandroid Backup * root- makes CWM / TWRP compatible backup without loading into recovery
В® Orange Backup- a program to create compatible with CWM and TWRP backups and synchronization with the cloud
Repositories
App & Gamesavagemessiahzine.com- view and check for updates of applications and games laid out onsavagemessiahzine.com
APKPure App- alternative application market
Aptoide- client-server application of an alternative market
APKUpdater- can check for updates for programs on popular alternative services APKMirror and APKPure (open source)
Aurora Store
Aurora Store- search and download programs from the Google Play Store without the Google Services Framework, fork of the Yalp Store (open source)

Blackmart- alternative to applanet and the like
F-Droid
F-Droid- repository of open source software (open source)
Second Security Audit Results

Open store- the application allows developers to create their own repositories with applications for Android
Yalp Store
Yalp Store- search and download programs from the Google Play Store without the Google Services Framework (open source)

Network
Ad-hoc / Mesh
Android Intercom- calls via bluetooth and Wi-Fi in the local network
Anyfi
Anyfi- mesh network of devices via Wi-Fi
Gilga
Serval mesh

Wi-Fi talkie- voice chat, chat and file sharing without the Internet within the Wi-Fi network
MAC
macchanger

В® Change My MAC- change the MAC address of your Android device (closed source)
В® Pry-Fi- change the MAC address of your device (closed source code)
В®Wireless Mac Address Changer- changes the MAC address of the device to any other and restores the original back (closed source code)
DNS
AndroDNS F-Droid- configure DNS queries (open source)
Daedalus- change DNS settings via VPN tunnel (open source)
DNS man- change DNS for selected Wi-Fi networks (open source)
В®Override DNS- DNS change with built-in list of servers (closed source code)
Cloudflare
DNSCrypt
Tunneling
iodine- binary files for tunneling through a DNS server (open source)
AndIodine- tunneling through a DNS server using VPN Api (open source)
Element53 (DNS Tunnel)- tunneling through a DNS server (open source)

i2p
i2p- access to the anonymous I2P network
OONI
ooniprobe- a global observation network client for detecting censorship and traffic manipulation on the Internet (open source)
Proxy
Privoxy
ProxyDroid
В® ProxyDroid- HTTP / SOCKS4 / SOCKS5 proxy with automatic inclusion by SSID (open source)
Shadowsocks
Shadowsocks- fast SOCKS5 proxy with traffic encryption (open source)

Ssh
Tor
Orbot
Orbot- the ability to use the Tor network for anonymous surfing (open source)
How to set up Tor in Android - turn on Orbot
orWall
orWall- firewall for use in conjunction with Orbot, may conflict with other firewalls (open source)

VNC
VMLite VNC Server- control of the Android device through the browser
VPN
The Best VPN Services
Bitmask
Bitmask- VPN and encrypted (OpenPGP) email support (open source)
Openvpn
Open VPN Connect
Open VPN Connect- OpenVPN client (closed source)
OpenVPN Connect Android FAQ
OpenVPN Client
OpenVPN Client- a client with rich capabilities (for example, with a painless TAP connection option without root) for connecting to OpenVPN (closed source code)
VPN Client Pro- a client with rich capabilities (for example, with a painless TAP connection option without root) for connecting to a VPN (closed source code)
OpenVPN for Android

Outline
Wireguard
Wireguard- client for connections to the WireGuard tunnels (open source)

WebRTC
AtrizA Conference- WebRTC based conferences
UniComm- private p2p communications based on WebRTC (open source)
Zyptonite
Zyptonite- secure decentralized p2p platform

Wi-Fi
В®fqrouter2- turning the smartphone into a wi-fi repeater and not only
В® WiFi TX power- WiFi power control
Wi-Fi Direct
NearShare- communication and file transfer via WiFi Direct
SuperBeam | WiFi Direct Share- wireless data transfer directly between devices (including using WiFi Direct technology)
Wi-Fi cast- transfer files via Wi-Fi using the access point built into the phone (without an external Wi-Fi router)
WiFi Shoot! WiFi Direct- wireless data transfer directly between devices (WiFi Direct technology)
Protection
В®ARP guard- traffic interception / redirection protection
В® Wifi Protector- detection and prevention of ARP attacks on your phone in Wi-Fi networks
Wi-Fi Privacy Police- prevents connection to unknown networks and sending a list of known networks (open source)

Monitoring
Connection list- View all available TCP device connections
Network connections- monitoring of incoming / outgoing connections
В®Network Log- monitoring network connections
Tinny network monitor- monitor network connection
Pentesting
Pentesting

В®AndroDumpper (WPS Connect)- check Wi-Fi router vulnerabilities
В® bitShark- traffic sniffer
В®CSploit- penetration testing (hacking) in a Wi-Fi network
В® DroidSheep- scanning and interception of web sessions (profiles)
В® DroidSniff- allows you to scan and intercept web sessions of users sitting under one wifi
В® dSploit- an application for analyzing and assessing network security, searching for known vulnerabilities, real-time traffic manipulation, spoofing
В® FaceNiff- scanning and interception of Internet sessions
В® Intercepter-NG (ROOT)- multifunctional network sniffer
iwscan Analyzer [ROOT]- analyzer of networks 802.11 a / b / g / n / ac, Bluetooth, LTE, WCDMA, GSM
В®Netcut- allows you to automatically scan the network, receive data about connected devices and, if necessary, disable them
@Network Spoofer- sniffer
В®Network utilites (Test version)- a set of tools to work with the network, as well as intercept / monitor / redirect traffic within your network
Packet capture- allows you to intercept network traffic with SSL decryption
В®Packet Sniffer- viewing and analyzing packages
Proxymon SSL [ROOT]- debugger of open and secure TCP connections at the data level
Р’В® Reaver-GUI for Android- hacking wifi from devices with bcm4329 / 4330 wifi chipset
Router keygen- key generator for wi-fi routers
В® Shark for Root + Shark Reader- traffic sniffer and view dumps in .pcap format
SSLUnpinning- Xposed-module that allows you to make the substitution of certificates in applications (open source)
В® Wi.cap. Network sniffer- package sniffer for ROOT devices
WIBR + WIfi BRuteforce hack- generation of WEP / WPA / WPA2 keys to all Wi-Fi point
В®WIFI WPS WPA TESTER (ROOT)- attempt to connect to some access points using known vulnerabilities
В®WifiAccess WPS WPA WPA2- check Wi-Fi router vulnerabilities
В® WiFiKill- disable "extra" users of the WiFi network
В®WiFree WPS- Wi-Fi hacking (WPS PIN + Router Keygen)
В®WPS connect- connect to a wireless network using the WPS protocol
В®zANTI- security assessment of Wi-Fi networks
Social networks
Diaspora
dandelion *- communication in the social network Diaspora (open source)
Mastodon

Firewalls
AFWall
В® AFWall +- restriction of application access to the Internet (open source, fork DroidWall)
FAQ В· ukanth / afwall Wiki

В® Android Firewall- firewall on Android (open source, fork DroidWall)
В® DroidWall- restriction of application access to the Internet based on iptables (open source)
Lightningwall- Xposed module, firewall for installed applications (closed source)
Netguard- blocks access to applications (both user and system) access to the Internet (via wi-fi or mobile) without root (open source)
NoRoot Firewall
NoRoot Firewall- firewall that does not require root-rights (closed source code)
Firewall for Android


Signaling
Car alarm
Car alarm- determination of the alarm condition in the protected object using a microphone and / or accelerometer and signaling about it in various ways
Haven
Haven: Keep Watch- an application using various sensors (camera, microphone, gyroscope, accelerometer, light sensor) to record changes in the location of the device (open source)
Snowden introduced a mobile application for protection from surveillance
Edward Snowden has created a paranoid mobile app.

Data synchronization
BitTorrent Sync
BitTorrentВ® Sync- allows you to synchronize your files between different devices (closed source)
DAVdroid
DAVdroid- CalDAV / CardDAV synchronization (open source)
Folderseync
Folderseync- cloud synchronization with support for various services and protocols (closed source)
Syncthing
Syncthing- application for distributed data synchronization (open source)
Syncthing-silk- distributed synchronization of files between devices (open source)
Cloud data storage
Degoo
100 GB free space: Degoo- cloud file storage service (closed source code)
MEGA
MEGA- client for cloud Mega (closed source)
Nextcloud
- sync files with the Nextcloud server (open source)
ownCloud
ownCloud- synchronization of files with the ownCloud server (open source)


System
Notifications
Toast
Xtoast- Xposed module for managing pop-up notifications (closed source)

Runtime
ART Checker- check runtime (closed source)
Monitoring
OS Monitor- system monitoring (open source)
Simple system monitor- system monitor and task manager (closed source code)
Substitution
Android Device Changer- Xposed-module, which allows applications to change IMEI, Android Id, Serial Number, Wifi Mac, SSID, Google advertising id, Bluetooth Mac devices for applications (closed source code)
Device faker- Xposed-module that allows you to change the device to make it look like another (closed source code)
Device ID Masker- Xposed-module that allows you to replace many of the characteristics of the device (closed source code)
Phone Id Changer Pro- Xposed module that allows applications to change IMEI, Android Id, Serial Number, Wifi Mac Address, SSID (closed source code)
IMEI
В®Chamelephon- IMEI change for devices on MediaTek 65XX processors (closed source)
В®GhostPhone- IMEI change on MediaTek 65xx / 67xx processors (closed source code)
IMEI Changer- Xposed-module that allows you to change the IMEI device (closed source code)


Steganography
Pixelknot- allows you to hide text messages in images (open source)
Application Management
LuckyPatcher
В® LuckyPatcher by ChelpuS- application manager
My Android Tools
My Android Tools- disable / enable activity, service, receiver, provider for any applications (closed source code)
Lists of disabled services / receivers / activites / providers for different applications
Per App Hacking
Per App Hacking- Xposed-module to control the behavior of applications (open source)

APK
APK Editor
ApkCrack (AETool)
ApkCrack (AETool)- tool for editing apk-files
Apktool
Apktool- decompilation, recompilation, application signature
MT Manager
В® MT Manager- editing, translating, cloning, encrypting, signing and optimizing user and system (without installing frameworks) apk-files

Windows
APK-Info- view APK information (open source)

Analysis
Apk analyzer- allows you to explore applications on the device, providing a detailed report not only about installed programs, but also about uninstalled apk files
App Detective- gives the most complete array of various data on the installed APK, including their contents and online analysis
AppBrain Ad Detector- identification of potential problems of all applications installed on the device
Exodus
Inspeckage
Inspeckage- Xposed-module for dynamic analysis of installed applications (open source)

Mobile Security Framework- a platform for testing mobile applications (Android / iOS / Windows), fully automated and capable of performing static and dynamic data analysis, identifying potential problems of all applications installed on the device (open source)
Frost
В®AirFrozen ~ Disabler (ROOT)- freeze (stop) applications (open source)
Cloning
App cloner- creation (without the presence of root) modified clones of some programs (closed source code)
Sandboxes
Island
Island- execution of applications in the sandbox (closed source)
Android: Island - a utility for isolating and freezing applications without root
Shelter
Shelter- running applications in the sandbox (open source)
UserControl
UserControl- execution of applications in the sandbox (closed source)
VirtualXposed
VirtualXposed- execution of applications in the sandbox with partial support for Xposed (open source)

Permissions
Android Permissions- shows the list of permissions of installed applications (open source)
App Settings
App Settings- Xposed-module for fine-tuning applications, including permission management (open source)
v1.16

App Ops
App Ops- disables selective permissions for selected applications (closed source code)
Analysis of the work (Post xynta123 # 64938074)

AppOpsX- client for Android AppOpsService (open source)
App Ops - Permission manager- application permissions management (closed source)
AppOpsXposed- Xposed-module, restoring the functionality of the App Ops system permission manager on Android 4.4.2 and higher (open source)
Permission master- Xposed module for working with application permissions (closed source)
APK
Advanced permission manager- removal of permissions from apk (closed source)
APK Permission Remover- removal of permissions from apk (closed source)
Permission Manager (re-installer apps)- provision and prohibition of application rights by reinstalling them (closed source code)

Hiding
AppHider- hiding applications (closed source)

Vulnerabilities
BlueBorne Vulnerability Scanner by Armis- check device for BlueBorne vulnerability
Bluebox Security Scanner- check device for the presence of Master-key vulnerabilities
Stagefright Detector- device scan for Stagefright vulnerability
Trustable by Bluebox- a tool for researching publicly known system vulnerabilities
VTS for Android- a tool for researching publicly known system vulnerabilities
Files
Recovery
В® DiskDigger- recovery of deleted pictures, photos, videos, saving recovered files and the ability to send them to the mail
Dumpster - Recycle Bin- file basket
В® Hexamob Recovery PRO- recover deleted files
Undeleter- recovery of files deleted from SD-cards and internal memory
Forum

Images
Exif
Exif_Editor- full EXIF ​​editor
ExifTool- viewing and editing the extended information of image files (closed source code)
Photo editor- a program for high-quality photo processing (viewing, changing or deleting EXIF ​​data)
Photo exif editor- allows you to view, edit and delete Exif photo data
Scrambled exif- removal of metadata from images (open source)

Media
MediaInfo- obtaining technical information from audio and video files (open source)

Encryption
Cryptography- encryption, training and hashing tool
Cryptomator Beta (Unreleased)- encrypt files in cloud storage and access them on all your devices
Derandom- prediction of pseudo-random numbers (open source)
EDS
EDS (Encrypted Data Store)- creation and management of encrypted containers TrueCrypt, VeraCrypt, LUKS, CyberSafe (closed source code)
Android: Protecting personal data. EDS: Overview and usage example.
Encfs
В® Cryptonite- data encryption on the device and in Dropbox (open source)
Encdroid- creation of encrypted folders on the device and in Dropbox
MiXplorer


В® EncPassChanger- change the password of the standard encryption section / data
Luks
В® LUKS Manager- creation and management of encrypted LUKS containers
Midnight murmur
Midnight murmur- encryption / decryption of files and text messages with a free design of the encryption procedure
PGP
Secrecy
Secrecy- encrypt files with AES256 (open source)
S.S.E.
Secret Space Encryptor (S.S.E Universal Encryption App)- encoder (AES, RC6, Serpent, Blowfish, Twofish, GOST-28147, Threefish (in Pro version), SHACAL-2 (in Pro version)) text and files, password manager (open source)
Encrypted for Android: Application S.S.E

Lock screens
App Lock (HI App Lock)- an application to block and protect confidential information
App Lock (Smart App Protector)- protects installed applications with a password or lock, and also prevents the screen from turning off and switching to landscape mode while applications are running from a user-defined list
CyanLockScreen- Xposed module to expand the lock screen on 4x4, 5x5 and 6x6 pixels
Cyclic Lock- Xposed-module for cycling PIN / password / pattern keys
DroidLock: Dynamic Lockscreen- screen lock, where PIN can be time, battery charge, etc.
В® GravityBox- Xposed-module with the ability to shuffle PIN numbers on the lock screen
Knock Lock-App Lock Pro- functional customizable screen blocker
Knock lock- allows you to select the lock area on the display to enable the "Knock Lock" feature
Lockdown- blocking applications with various keys
Lockmod- Xposed module for customizing the lock screen on Lollipop and above
Maxlock- Xposed-module that allows you to block the launch of applications (open source)
Picture Password Lockscreen- lock screen with support for drawing points, lines and circles
PIN / Pattern Shortcuts- Xposed-module that allows you to open different applications with different PIN codes
ScreenLock - Time Password- time based lock screen
Shortcut Lock Screen Mod [MM]- Xposed module for setting lock screen shortcuts on Marshmallow
Smart lock- protection of any installed applications with a password
Smart lock screen- floating screen lock button
Timepin- lock screen with PIN based on time
Data
Locker- clearing data after exceeding the maximum number of attempts to unlock the device
Selfdestruction Unlocking- deleting folders on the memory card and clearing the device memory when the limit of incorrect attempts to unlock the screen comes (closed source code)
Wrong pin shutdown- turning off the device when exceeding the limit of screen unlock attempts (open source)

Energy saving
Tips to improve power saving devices on Android OS
Wakelock
Wakelock detector- search for the cause of the device not falling asleep

To place apk files and analyze executable files use the theme:
Android: checking and analyzing executable files and other thoughts about it

Option Caps TC

There is no curator in the subject. For questions about filling the caps, write to the topic, contact the section moderators via the buttonPictureunder the messages. How to do it right, what would you understand the first time, it is writtenhere.

Post has been editedferhad.necef - 22.06.19, 18:29
Reason for editing: / d / gapps



Rep: (572)
een @ 12/06/2015, 18:08*
Exactly this statement is impossible to verify.

Now you begin to deny yourself by repeating me.
You yourself have proven that it is possible.
If the apk is built from source code, in which secret encryption keys are not sent to the server (I think it is this code that is laid out in public), then this is exactly the behavior that will be, no matter how villainous the software on the server is.

Post has been editedokouser - 06.12.15, 19:19



Rep: (305)
“This is exactly the application that cannot be verified” - a statement that the encrypted messages are not stored on the server at all (which is what v1ct0r wanted).
It is impossible to verify, because there is neither server source nor access to executable modules on the server.

And the fact that the client does not transmit encryption keys to the server can be checked using the client’s source code and apk. Or do we have "Groundhog Day"?



Rep: (572)
Yes, I did not understand your message.
It certainly does not check.



Rep: (729)
een @ 12/06/2015, 18:08*
There are no server sources.

Server sources too. But only the part that is responsible for the messages.



Rep: (572)
Server sources too. But only the part that is responsible for the messages.

Those. can you raise your server?
You about
https://github.com/Whi...tems/TextSecure-Server
?
And here the protocol is described
https://github.com/Whi...rver/wiki/API-Protocol
https://github.com/Whi...roid/wiki/Using-Signal
https://github.com/Whi...ndroid/wiki/ProtocolV2

Post has been editedokouser - 07.12.15, 20:58



Rep: (729)
Those. can you raise your server?
You about

Yes it is.



Rep: (23)
* een,
much convincing, but:

1) to the account of the "direct deception" and the guarantees of the absence in the release of the code that is missing in the public source code. Is there at least one example for someone to reassemble and receive a matching checksum? While there are no guarantees of compliance of the “reporting” code with the “assembly” code, it is pointless to prove something using “open source”.

2) if everything is so good, transparent and secure, then why chat my phone numberwithout fail ? Is there a logical explanation for this that does not contradict the transparency of the project and the security of my chatter?

Programs written with great respect for users' privacy use logins, nicknames, or randomly generated identifiers. If someone needs my phone, then he is already aware that sooner or later it will be necessary to find out who owns this traffic. And such a need for clarification makes sense only if the traffic is still visible.
You can assume a lot of ways to implement "data theft", discussing technical details here is probably inappropriate, but if the author makes meaningless gestures and requires something that is not necessary for the program to work, then he has something to hide. I mean there is no openness, and the transparency of the code is ostentatious, not real.

Post has been editedformobe120 - 08.12.15, 14:09



Rep: (572)
formobe120 @ 12/08/2015, 12:56*
Is there at least one example for someone to reassemble and receive a matching checksum?

This is only possible if you collect according to the instructions and using the tools of the author of the assembly.
Otherwise the amounts will be guaranteed to be different, even if collected from the same source code.
Checksums are mostly used now to protect content, so that the user can check the authenticity of the downloaded content in the event of its possible substitution.

Post has been editedokouser - 08.12.15, 14:23



Rep: (23)
een @ 12/06/2015, 18:41*
V1ct0r @ 12/06/2015, 18:39 *
IMHO safe when no server is used, messages are stored only with correspondents with the deadline specified by the author of the message (for example, the message lives no more than 2 hours. then it is destroyed)

This is exactly how secret chat works in Telegram.

Is it really? There are no servers?

FAQ telegram
Q: Can I run Telegram using my own server?
Our architecture does not support federation yet. Telegram is a unified cloud service.

Clearly, you can see that they have a set of servers, and they are not ready to allow someone to raise a similar server and attach to their cloud. Allegedly, for technical reasons and care about the speed of work. Allegedly.


een @ 12/06/2015 00:02*
Yes, the very fact that people with such telephone numbers communicated with each other - on the server the signal (telegram, watsapp, etc.) is stored. And, of course, can be merged with the relevant services. With this you need to either accept or not use such instant messengers at all (and, by the way, a mobile phone, too).
But the content of this communication is quite possible to protect.

Well, what are we talking about, these programs obviously do not fit the definition of secure and safe. One is burning unequivocally, the other is protected in words, but this is by no means guaranteed.
In this telegram / textsecure, even when sending messages via wifi, your telephone number is still known. This paleo is no better than the vibers, except perhaps PR, promises, and public proof of AES: D cryptographicity. They would still prove that digital cellular communication is better than an analog radio, and concluded that therefore their program protects against interference)))
This is only possible if you collect according to the instructions and using the tools of the author of the assembly.
Otherwise the amounts will be guaranteed to be different, even if collected from the same source code.
Checksums are mostly used now to protect content, so that the user can check the authenticity of the downloaded content in the event of its possible substitution.

Yes, and synchronize time: D
I mean, the assembly toolkit can contain a lot of interesting things, including modifying the code. And let us not cling to trifles, unpack 2 apk-shki and throw away the dynamic elements. But the libraries and the program itself should be the same.
Sobsno, the question is, has anyone ever tried to do this at all? What sources can we talk about if there is no direct connection between them and the program under discussion?

You can write 2 programs that will do different things, but at the same time equally connect to the same server and even communicate with each other. Publish the source from one, and put in the assembled form the second. And then?
Referring to the source code, which have no direct connection with the finished prog - this is the same taking of arguments on faith, as if you just just said "trust me, everything is hurt." They do not prove and do not guarantee. Desktop programs on Linux, which are reassembled by dozens of distromakers and thousands of people, are one thing, and the situation is quite different here, where everyone downloads from a single market and almost nobody collects himself even with source codes. Let 5 people be assembled, let them use, but they will not compare with the original and will not distribute the newly assembled version, and the number of these people can be neglected.


Post has been editedformobe120 - 08.12.15, 18:06



Rep: (572)
formobe120 @ 12/08/2015, 13:46*
I mean

Time is not necessary ...
Everything is correct in general, but we are too carried away by the telegram, although there is another topic for this.
It should also be noted that, unlike the subject, the telegrams from the source code are collected by the guys from the F-Droid.
However, in a subject it seems you can build your own server and client, and use it.



Rep: (23)
apk - as you know, archive. If you remove the amounts from archives collected at different times, the times of creating files in the archive will lead to a mismatch of the amounts, even if the contents of the files themselves are identical, therefore either the time to stop or unpack and check the contents themselves.



okouser @ 12/08/2015, 15:59*
However, in a subject it seems you can build your own server and client, and use it.

and throw out confirmation of the number, and spread, and solve a bunch of related problems. Only with the same success it is possible to tackle the free help of other programs, and not the millionaire Durov or whispersystems, which was bought by Twitter several years ago.



Rep: (570)
EFF data

If I do not confuse data sources, then the Telegram wives are also protected ...
I was told yesterday by one argument against the use of encryption: neither I nor anyone from my social circle are spies or other security personnel, and we can’t pass on something secret (for lack of it) then a reasonable question arises: you need to use encryption most causing only extra excess interest in the relevant authorities?


Post has been editedi81 - 15.12.15, 04:08



Rep: (23)
If I do not confuse data sources, then the Telegram wives are also protected ...

yes, telegram is the samebadly protected, as already written several pages back. What kind of protection can we talk about, if they initially require a number for registration, which is already a wild fawn.

I was told yesterday by one argument against the use of encryption: neither I nor anyone from my social circle are spies or other security personnel, and we can’t pass on something secret (for lack of it) then a reasonable question arises: you need to use encryption most causing only extra excess interest in the relevant authorities?

the argument of a thoughtless herd from the series “we are led to the slaughter, so what, we will die anyway, for the slaughter of sheep is well fed before slaughter
When encryption is needed, it will be too late.

1. Encrypt always and everything is necessary just so that the really important message does not arouse suspicion.
If you have everything in clear text, and once you send the encryption, it will immediately arouse suspicion and attract attention. And if everything is always encrypted and at the same time harmless, then when transferring something of value, the moment of this transfer itself will not be evident. Encrypt everything and always need in order not to burn that one single message that requires protection. You never know who and what you want to talk to tomorrow?

2. The more people encrypt harmless things, the wider the entire protected network, the more resources are required to compromise it, and thus the security of each individual participant increases. Even if you don’t need to encrypt anything on your own, think about those who are in trouble and need protection, if only for the sake of universal human solidarity. For example, I, too, have nothing to hide, but I always use as many protected programs and networks as possible just to make them evolve.

3. We live in a state where any day can pass any law, even contrary to common sense and basic human freedoms. Roughly speaking, tomorrow they will add the word "hello" to the list of extremist slogans (and they will definitely find a thousand reasons for this, for example, gangsters use as a code word), after which your friendly SMS will become outlawed. Yes, for this it may not be planted by everyone and everyone, but in case of contradictions with officials, they can recall and blackmail it. They will increase your rent by 10 times, you will come and say what kind of business it is not legal, I will sue you. And they will answer you - here is a printout with your extremist statement, so if you go to court, you will immediately sit down. Pay, cash cow, and do not rock the boat. Of course, I greatly exaggerate, on the one hand, but on the other there are no guarantees that this will not happen. And what's more, if this happens in our country, I am not even surprised.
Therefore, in order to feel more confident in the future, everything must be encrypted today. Not because you have something to hide, but because tomorrow familiar and normal things for you can become illegal, because everyone knows who writes the laws, and what they think about it.

Post has been editedformobe120 - 19.12.15, 03:22



Rep: (0)
There is a smartphone as a means of communication. There is a system of Androyd. There are programs that are downloaded through the application store.
And now the question. Downloading any program and before installing giving it access for example to photos, camera, dialer, etc. this program hypothetically gets access to everything that we have allowed. which means the one who wrote the program, absolutely any application gets access to all our "private" information. which can be drained.

Do I understand correctly that this is all true?

Is it possible to install applications to protect against the possibility of access to information?



Rep: (1074)
Do I understand correctly that this is all true?

Nearly. Theoretically, having access to multimedia and the network, you can merge everything that you have on your smartphone.
Is it possible to install applications to protect against the possibility of access to information?

Put a firewall and control the behavior of each application manually.



Rep: (0)
Nearly. Theoretically, having access to multimedia and the network, you can merge everything that you have on your smartphone.

why only theoretically?

Take for example Internet Retail. almost any company collects about every future and not only, but just a potential client, a buyer of a lot of information. What prevents them through wifi just to get on the smart end user?

Put a firewall and control the behavior of each application manually.

Having tried several options, I have not yet met a good firewall. Can you recommend something worthwhile?



Rep: (1074)
Space4Lace @ 12/19/2015, 09:16*
What prevents them through wifi just to get on the smart end user?

Decency and business reputation. And no desire to spend money on lawyers.
Space4Lace @ 12/19/2015, 09:16*
Can you recommend something worthwhile?

iptables



Rep: (0)
Decency and business reputation. And no desire to spend money on lawyers.

By installing a program requesting access to a specific service on the phone, we de facto give access to personal information. And once permission is obtained, her (information) can be used for her own purposes.

iptables

thank



Rep: (23)
een @ 12/21/2015 8:45 AM*
Threema source code is unpublished. The application has access to the address book.

About the address book in vain, synchronization with it is included optionally, and not necessarily, as in any Viber. Treme has its own contact list, which can function normally without a system phonebook.
At the same time, if you disable this option in the menu, access to the address book really does not happen - checked.
I checked it with the help of the regular Androdov access control, which displays notifications when accessing the relevant resources.

As for me, it is better to have an honestly closed code and promises that everything is fine, if there are no reasons for doubt, than a supposedly open code, the collection of which has not been checked by anyone, with an obvious phone number with ridiculous SMS confirmations

Post has been editedformobe120 - 21.12.15, 19:02



Rep: (305)
formobe120 @ 12.21.2015, 18:57*
if you disable this option in the menu, address book access doesn’t really happen - checked ... with the help of standard Androyd access control

It is impossible to check if there are no source codes. The fact that there is no access to AK with 100.5 million program launches does not mean that it will not go there by one time. A "full-time" control permissions is not in all firmware.

what is supposedly open source, the collection of which is not checked by anyone

According to the EFF, the Signal code has been verified.
And most importantly - it can be checked in principle (yes, there are technical difficulties), unlike Threema.
After all, tru paranoids can build apk on their own.

with a clear pale phone number with ridiculous SMS confirmations

Signal does not provide anonymity (it was not declared). It also transfers your address book to the server, i.e. "scorches" (c) your connections. But it protects the content of messages.
Threema does not burn the connection - only on those firmware, where you can control the access of applications to the AK (or when using root + related programs). Everything else, incl. protection of the content of messages - only upon the application of the developers and the trust of the EFF (did not understand how they checked).
In the end, everything is simple:
If non-disclosure of links and anonymity (by the way, questionable) is more important than protecting the content of messages - use Threema.
If the protection of the text of the message is more important than anonymity / connections - use Signal.
And so that in one bottle there is anonymity, connections and text — neither one nor the other — “both worse” (c).


Full version    

Help     rules

Now: 27.06.19, 06:39