Making Your Pocket Spook Less Spooky: Upgrading the Privacy of Android Smartphones (closed: max capacity)

Instructor: Neil A. Milchak, MAJ | Capacity : 30 | Length : 3 hours | Time : 0900 -1200 & 1300 – 1600 (optional for those with hardware)

Instructor: Neil A. Milchak, MAJ

Background: Neil is a software developer with the 780th MI BDE, a longtime AvengerCon volunteer, and is an OSINT, online privacy, and Android OS enthusiast.

Difficulty: Beginner Description:

Today, the privacy and security risks and consequences of using smartphones are numerous (1) (2) (3). Many smartphone users are either unaware of the privacy risks inherent to using smartphones with default settings and common applications, or have resigned themselves to the apparent unavoidable compromise of privacy in exchange for the convenience of a modern lifestyle and the ability to seamlessly communicate with friends and family. But is that loss of privacy really unavoidable? In this workshop, I will provide an overview of the Android operating system, the common ways that smartphone activity can be tracked, how you can analyze Android applications for privacy and security risks, and how you can configure Android devices to better respect your privacy without sacrificing all of the conveniences of the smartphone.

This podcast episode provides an excellent primer for some of the topics that we will be talking about and implementing in the workshop:

https://soundcloud.com/user-98066669/176-privacy-crash-course-03-mobile-devices
(1) https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html

(2) https://www.cnet.com/news/geofence-warrants-how-police-can-use-protesters-phones-against- them/

(3) https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

Syllabus:
Part 0: Android Operating System Crash Course
– Android Runtime (ART)

– Boot process and boot security features
– File system
– Apps and App Permissions Model
Part 0 Exercise 1: Setup and interacting with your Android VM or phone – Genymotion or AVD

– User Interface
– Android Debug Bridge (ADB) Features and Usage
Part 0 Exercise 2: Android Hello World
– Intro to Android Studio
– Building and installing custom applications on your phone
Part 1: Threat landscape and privacy risks
– Online Advertising and Data Economy
– Cellular network and cellular provider risks
– Advertising and Telemetry SDKs
– Google Play Services
– Location and Geolocation Services
– Preinstalled system applications
– Privacy risks of common apps
Part 1 Exercises: Analyzing and modifying Android apps (Android RE crash course) – Automated scanning apps and tools
– Analyzing app network traffic

– Decompiling APKs
– Modifying APKs
Part 2: Setting up and using your privacy-improved Android phone
– App store alternatives (F-Droid, Aurora)
– Screening and verifying non-Play Store apps
– Phone; SMS service through VoIP
– Disabling nosy preinstalled system applications
– Multiple User Profiles
– Other privacy-enhancing user behaviors and OPSEC tips
Optional Part 3 (From 1300 – 1600): Installing AOSP on a compatible Android phone (hardware required) – AOSP Overview
– Lineage OS Features and Drawbacks
– CalyxOS Features and Drawbacks
– GrapheneOS Features and Drawbacks
– Backing up device contacts, messages, photos, and other files
– Unlocking device bootloader
– Running custom recovery
– Install AOSP image (Lineage OS/Calyx OS/Graphene OS) to system partition
– Boot phone into AOSP image (Lineage OS/Calyx OS/Graphene OS)
Required Materials: Laptops and Laptop Chargers
Optional Materials: AOSP Compatible Android Phone

Go to Training Registration