Protecting Digital Privacy on AndroidA considerable lot of us deal with our lives by means of cell phones. This one gadget holds a great deal of intensity, and it’s fundamental to remain over versatile security. Over 72.26% of the mobiles all over the world runs on Android Operating System. Source: Statcounter With various prominent security breaks in the news, protection and security are interesting issues for some Android clients. The worries aren’t just about messages either; every one of your information is in danger including photographs, instant messages, documents, and program history. It could really compare to ever to protect your information from would-be programmers and prying eyes. Today we will discuss about how to protect privacy on android phone. Security is an uncommon ware nowadays. Particularly, when you are at some open spot, or voyaging, you will discover numerous individuals who are keen on what you’re doing on your cell phone. Security is only a word for such spectators. You can’t keep others from seeing your private chats or exercises when you are sitting in a gathering of individuals. Some of the time, you don’t need your companions or relatives to know whom you are conversing with, however on the off chance that they are adjacent, there’s an extraordinary possibility that they will look at your cell phone. Be that as it may, we have an answer for this issue of yours. Step 1: Minimize the data you share with Google Most Android Phones, in the market, OEMs often use Android Stock Os (Google’s version) to prevent accidental installation of ransomware and bloatware apps. This makes the product to be activated with a Google Account. Because of this, every bit of data operations you perform on your Android Phone is tracked and saved by Google. But limiting the information you share with Google can save your highly valued online privacy. Also make sure you review your Google activity profile at https://myactivity.google.com/myactivity. Step 2: Protect your phone from strangers. This can be achieved by using a screen lock such as patterns, PIN, or a password. Today’s Android phones also support Biometrics Unlocking. But, protecting your phone with a password is best among all. This can be done by navigating to the Lock Screen on the Android Settings Application. Set screen lock on an Android deviceYou can set up a screen lock to help secure your Android phone or tablet. Each time you turn on your device or wake up the screen, you’ll be asked to unlock your device, usually with a PIN, pattern, or password. On some devices, you can unlock with your fingerprint.Important: Some of these steps work only on Android 10 and up. Learn how to check your Android version. Set or change a screen lockImportant: To ensure your automatic and manual backups are encrypted with your screen lock, use a PIN, pattern, or a password. Learn how to back up or restore data on your phone.
No lock
Every time a new built or firmware update is introduced, it includes Bug fixes which will keep your device more secure and more private than before. To Update: Open Settings-> About Phone -> Check for Updates Step : 4 Beware of third-party apps Do not install any third-party apps on your mobile unless you trust the product source. Every app on the Google Play Store is gone through numerous filters for scanning threats and then it is made available on the Store. So, Apps downloaded and installed via the Play Store can be trusted and it is a secure app (not affirmative). But apps installed from other source i.e., from other App stores, APK files and other unknown sources, may not be secure. These apps can compromise you security and can gain access to your phone’s core functionality. Some of these include malware, ad-ware, spy-wares, which can compromise your security. Third-party apps can also act as a Trojon-Horse . Unlike computer viruses, worms, and rogue security softwares, trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves. Some trojans take advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide Internet usage, enabling the controller to use the Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP address. The host’s computer may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer trojan horses tended to leave their tracks in the page view histories of the host computer. Later generations of the trojan tend to “cover” their tracks more efficiently. Several versions of Sub7 have been widely circulated in the US and Europe and became the most widely distributed examples of this type of trojan. To Avoid these, turn of “Allow installation from unknown sources” option from your device settings. For full article regarding the Third-party installations, refer here. Step 5: Check App Permissions Think carefully about whether to continue installation if it’s requesting access to sensitive data. Seek out apps that require the minimum permissions necessary like Duckduckgo App. Step 6: Consider which apps you want syncing with the cloud. Not syncing apps will limit the data they send to the cloud. How: Settings > Accounts section > [app name] Step 7:Hide private notifications. Stop apps from showing notification content in the lock screen (newer versions of Android only). How: Settings > Sound & notifications Step 8: Review Default Apps Assess your default applications, making sure you trust critical communication apps like email, SMS, and browser (newer versions of Android only). How: Settings > Apps > icon > Default Step 9: Don’t share your location with apps. Stop individual apps accessing your location (newer versions of Android only). How: Settings > Apps > icon > App permissions > Location Step 10: Don’t share your location with Google
Stop Google services tracking your location, and reset your location history. Source: Duckduckgo How: Settings > Location > Google Location History
0 Comments
Security Vulnerability and Leak of Privacy While ChargingIf you get a bit frantic when your phone or tablet battery is low, you’re not alone. A public survey found that 87% of people experience “Low Battery Anxiety” when their phone’s battery dips below 20%. This can understandably cause you to seek out the nearest charger. But not all methods for boosting your battery power are safe! The Risk: Charging your phone or tablet at a public charging station. It’s become commonplace to find free USB charging stations in many public areas, from airports to hospital waiting rooms. While this seems like a thoughtful accommodation, a quick recharge from a USB port in a public setting could actually put your data at risk of being stolen. Although it has become synonymous with charging, USB technology was initially developed with the aim of transmitting data. Thus, hackers can use these public charging stations to install malware on your smartphone or tablet through a compromised USB cable. This process, called “juice jacking“, allows hackers to read and export your data, including your passwords. They can even lock your device this way, rendering it unusable. According to a survey of 576 adults, 37% of all respondents weren’t aware of this risk😥😔 . 9% of the respondents didn’t accept that there will be a privacy leak while charging at charging stations. 😫🤦♀️ The Solutions:
1) Carry a portable battery back-pack of your own. These are easy to find and, so long as you keep them charged up, provide the safest alternative to public USB charging hubs. 2) If you currently carry around your USB cord, keep the alternating-current (AC) adapter with you too. Yes, it will mean that you have to properly plug your device into a wall socket, but the added security of AC power only is worth the minimal space it’ll take up in your bag. 3) Buy a USB charge-only adapter. These clever attachments serve as an intermediary between your USB cord and the charging port, protecting your device’s data in the process. Source: Duckduckgo Methodology: Survey results are based on the polling of a random sample of 576 (March 2020) Indian adults (18+) via public survey methods, which ensures the demographic make-up of respondents is representative of the Indian population. Survey respondents were volunteers and were not paid and a confidence level of 92% was used for calculating the values above. JITSI Meet - A ZOOM AlternativeThis is our third post in this Privacy Defenders blog featuring JITSI MEET as an open source, secure and privacy respecting ZOOM Alternative. Read our article regarding the people’s knowledge regarding their privacy while online. http://technology.eurekajournals.com/index.php/IJITIT/article/view/517 Zoom has been criticized for its data hoarding practices, which include its collection and storage of “the content contained in cloud recordings, and instant messages, files, whiteboards” as well as its enabling employers to monitor workers remotely; the Electronic Frontier Foundation warned that administrators can join any call at any time “without in-the-moment consent or warning for the attendees of the call.” During signup for a Zoom free account, Zoom requires users to permit it to identify users with their personal information on Google and also offers to permanently delete their Google contacts. For Jitis Meet Review, Jump directly #jitsi-meet Widespread use of Zoom for online education during the novel coronavirus pandemic increased concerns regarding students’ data privacy and, in particular, their personally identifiable information. According to the FBI, students’ IP addresses, browsing history, academic progress, and biometric data may be at risk during the use of similar online learning services. Privacy experts are also concerned that the use of Zoom by schools and universities may raise issues regarding unauthorized surveillance of students and possible violations of students’ rights under the Family Educational Rights and Privacy Act (FERPA). The company claims that the video services are FERPA-compliant, and also claims that it collects and stores user data only to “provide technical and operational support”. The company’s iOS app was found to be sending device analytics data to Facebook on startup, regardless of whether a Facebook account was being used with the service, and without mentioning it to the user. On March 27, Zoom stated that it had been “recently made aware that the Facebook SDK was collecting unnecessary device data”, and that it had patched the app to remove the SDK (which was primarily used for social login support) in order to address these concerns. The company stated that the SDK was only collecting information on the user’s device specifications (such as model names and operating system versions), and was not collecting personal information. In April 2020, The New York Times reported that a data-mining feature on Zoom automatically sent user names and email addresses to LinkedIn via a tool meant to match user profiles, allowing some participants to surreptitiously access LinkedIn profile data about other users. In March 2020, Zoom was sued in U.S. Federal Court for illegally disclosing personal data to third parties including Facebook. According to the suit, Zoom’s privacy policy does not explain to users that its app contains code that discloses information to Facebook and potentially other third parties. The company’s “wholly inadequate program design and security measures have resulted, and will continue to result, in unauthorized disclosure of its users’ personal information,” according to the complaint. The same month, the New York State Attorney General, Letitia James launched an inquiry into Zoom’s privacy and security practices. Source: http://en.wikipedia.org/wiki/Zoom_Video_Communications#Criticism Moreover; If you install and run on your android device, you’ll be giving these permissions to the application.
Power Of Google: Google trackers have been found on 75% of the top million websites. This means they are not only tracking what you search for, they’re also tracking which websites you visit, and using all your data for ads that follow you around the Internet. Your personal data can also be subpoenaed by lawyers, including for civil cases like divorce. Google answered over 120,000 such data requests in 2018 alone! More and more people are also realizing the risk of relying on one company for so many personal services. If you’re joining the ranks of people who’ve decided Google’s data collection has become too invasive, here are some suggestions for replacements with minimal switching cost. Most are free, though even those that are paid are worth it — the cost of not switching is a cost to your personal privacy. Microsoft Teams ( Free for Schools using Office 365 ): By Viewing the Terms and Conditions and (Privacy Whitepaper) Privacy policy, Microsoft Teams seems to be a healthy privacy respecting alternative to both Zoom and Google Classroom. While Microsoft may also be a personal date intruder, it is less vulnerable than using Google and Facebook Products. Jitsi Meet: In many respects Jitsi meetings are simply private by design. To begin with, all meeting rooms are ephemeral: they only exist while the meeting is actually taking place. They get created when the first participant joins and they are destroyed when the last one leaves. If someone joins the same room again, a brand new meeting is created with the same name and there is no connection to any previous meeting that might have been held with the same name. This is all very important. Some of the systems that let people “pre-create” rooms, have subtle indications that let a potential attacker distinguish reserved from unreserved meetings which then makes the reserved meetings easier to identify and target. That said, since a name is all that one needs to actually access a room, we have to be really careful about how we choose them. We don’t want others accidentally stumbling into our meetings, just as we want to keep pranksters and snoopers away. This is generally not much of a problem for small size deployments (remember you can host your own Jitsi Meet) but it may be a problem if you are using a large and public deployment such as meet.jit.si . If you start a meeting with the name “Test”, “Yoga” or “FamilyMeeting” for example, chances of having some random uninvited people joining are very, very high. How does one pick a good room name then? Our random meeting name generator is a great start. It offers names that are easy to remember and read out loud on a phone call, and come from a set of over a trillion possible combinations. Picking out one of the auto-generated names is therefore quite safe. "If you don’t like the funky way the auto-generated names sound and you don’t want to use a long and uninviting UUID (which you totally could), then go ahead and pick a name by yourself but make sure it is long enough. For example, next time you’d like to have a coffee with someone over video, rather than going for meet.jit.si/coffee, try something with more of a twist." “We are also working on a “bad meeting name detector”. You’ll see a warning if your meeting name has a high chance of collision, so stay tuned!”
“We also give people the option to set a meeting password. A few important things to keep in mind: if you do set a password, it is your responsibility to communicate it to your peers.” – Jitsi Meet Jitsi meetings can operate in 2 ways: peer-to-peer (P2P) or via the Jitsi Videobridge (JVB). This is transparent to the user. P2P mode is only used for 1-to-1 meetings. In this case, audio and video are encrypted using DTLS-SRTP all the way from the sender to the receiver, even if they traverse network components like TURN servers. In the case of multiparty meetings all audio and video traffic is still encrypted on the network (again, using DTLS-SRTP). Packets are decrypted while traversing Jitsi Videobridge; however they are never stored to any persistent storage and only live in memory while being routed to other participants in the meeting. Note: Since Jitsi is built on top of WebRTC, a deeper look into its security architecture is very important when evaluating Jitsi’s security aspects. So, why is the media decrypted in Jitsi Videobridge? Currently there is no way to do without this in WebRTC. Some services try to achieve this by establishing a full mesh of peer-to-peer connections between participants but that presents significant issues. From a scalability perspective, this is a very limited approach as utilization of CPU and bandwidth grows quadratically to the number of participants thus quickly resulting in a very degraded user experience. This is the very reason why services like Jitsi Meet resort to using video routers (a.k.a., Selective Forwarding Units (SFUs)) like Jitsi Videobridge. With SFUs, clients establish a single connection with the video router and all data goes there. That saves a ton from a resource utilization point of view, but it complicates the encryption situation. At the moment WebRTC has no way to negotiate multi-party encryption over a single connection. Every client sets up a separate crypto context with the video router, which then has to trans-crypt the data as it relays it from one client to another. The WebRTC team are working on providing the necessary APIs in the browser so applications can add an additional layer of encryption that would allow apps to add an end-to-end encryption layer while still allowing SFUs to function. You can bet we will be all over this as soon as possible. Q: Do you use analytics?“Jitsi Meet does not come with any preconfigured analytics engines. We do use analytics on meet.jit.si, so let’s talk about it.We are very committed to privacy and security and we are extremely careful about what information reaches the analytics engines we use. That said we also want to provide our users with a great product experience, so we need some visibility into what’s actually going on. We are currently using Amplitude, Datadog and Crashlytics to cover various aspects of the apps and the infrastructure on meet.jit.si. Things that we track in analytics include, an anonymous identifier (you can run in “incognito” mode if this bothers you), bitrate, available bandwidth, SDP offers and answers, product utilization events, mobile app crash dumps (how much various product features are used overall). Most importantly, once your meeting is over we do not retain any names, e-mail addresses or profile pictures (as we mentioned above, those are only transmitted to the other participants in the meeting). While we hope that the meet.jit.si configuration will be satisfactory to most users, we completely understand that it will be incompatible with what some others are looking for. If, for any reason, this is the case for you please remember that you could be running your private Jitsi Meet instance in as little 15 minutes! Online Privacy, Your Fundamental RightThis is our second post in the blog. You’ll be learning about the importance of your online privacy which you were trading with corporate for their products and services. Read time: 2 Mins
First, it’s important to point out that services such as Google aren’t free. While it’s true that you do not pay with cash every month, you pay with something far more precious: your personal data. From your location history to health records, your browsing history to your search history, your payment history to the way you scroll through a website, your personal data makes up a complete digital profile that detects even your most secret wishes and your crushes . This profile can then be used to influence the way you think, perform and shop. There is no shortage of privacy scandals to help underline the real cost of an ad-based business model. From the hack of Yahoo that exposed the personal information, including the real names, dates of birth, and telephone numbers, of 3 billion users, to Cambridge Analytica’s collection of personal data from millions of Facebook users, the consequences of having this personal data collected and then exposed have been massive. We’ve even seen how it can be used to manipulate election results. The chase for profits generally comes at the expense of users, who have little or no say in how companies use their data. And while companies sell your data for several dollars per month per user, the loss of control over personal information, the imposition of government and corporate surveillance, and the erosion of the democratic process are the real hidden costs. Source: http://protonmail.com .-. .. –. …. – … Is privacy a right? Privacy is a qualified, fundamental human right. The right to privacy is articulated in all of the major international and regional human rights instruments, including: United Nations Declaration of Human Rights (UDHR) 1948, Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” International Covenant on Civil and Political Rights (ICCPR) 1966, Article 17: “1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour or reputation. 2. Everyone has the right to the protection of the law against such interference or attacks.” The right to privacy is also included in:
For more information, read our article regarding the knowledge of Chennai’s people while using an online service. http://technology.eurekajournals.com/index.php/IJITIT/article/view/517 What is a Privacy Leak?This is our first post in this Privacy Defenders Blog. Feel free to contact us for any queries. 😊
Privacy is one of the most important things of today’s human life, always has been and always must be. We’ve gotten very used to the internet. We’re conscious about our daily life and about the food we eat, people we meet, places we go and the stuff we read. It’s not just as a feature or an add-on subscription. It’s more than that of fundamental right. In the beginning, we had personal computers which had its own operating system and its offline stand-alone applications. So, there was no connectivity to the internet and other network-based services. But, sooner, we moved on to cloud-based systems and services for their efficient processing power and less hardware requirements. So, they became more and more important to our daily lives. It’s human’s nature to focus more on the good. But, we lack our privacy in those processes. We use their products and services by trading our own privacy to the outside world. The constituents mostly include Google Cloud Platform and Microsoft’s Azure Services and many other smaller companies who provide a less reliable cloud services. Tragically, these companies use pleasant, attracting and inviting words in their privacy policies and their terms of conditions to get you fall into their devastating trap which makes your private life potentially vulnerable. This is called as Privacy Leak. Read our article regarding the people’s knowledge regarding their privacy while online. http://technology.eurekajournals.com/index.php/IJITIT/article/view/517 |