Privacy violations and data theft occur every day, making it necessary for all of us to safeguard our data. We trust our smartphones way too much and tend to store personal data on them, ignoring the fact that these devices could easily be compromised. However, there are a few open source apps that can ensure the data on your phone is not compromised. This article lists the best ones.
Everyone is becoming aware about information security. There are plenty of privacy and security apps available in the Google Play store too, but it is not easy to select the right one. Most users prefer free apps, but some of these offer only limited functionality and force users to upgrade to a premium membership, which many cannot afford.
This article sheds light on some FOSS Android apps that will really help in safeguarding your privacy.
Safe Notes is a companion app for the Protected Text website (https://www.protectedtext.com/). It is an online encrypted notepad which offers space on a separate site for users to store their notes. To use this service, you do not need to sign up with the website. Instead, you need to choose a site name and a password to protect it.
You have two options to use Safe Notes — you can either use this app to save your notes locally, or you can import your existing Protected Text site in the app. In the latter case, you can synchronise your notes between the app as well as in the Protected Text website.
By default, all the notes will be in an unlocked state. After you have saved your notes, if you want to encrypt them, click on the key icon beside your note and you will be prompted to give a password. After entering the password of your choice, your note will be encrypted and instead of the key icon, you will see an unlocked icon in its place, which means that your note is not locked. To lock your note, click the ‘Unlocked’ icon beside your note — your note will get locked and the password will be removed from your device.
Passwords that you are using are not transmitted anywhere. Even if you are using an existing Protected Text site, your passwords are not transmitted. Only your encrypted notes get sent to the Protected Text servers, so you are in total control. But this also means that you cannot recover your password if you lose it.
Your notes are encrypted by the AES algorithm and SHA 12 for hashing, while SSL is used for data transmission.
Have you ever wondered how many permissions you are granting to an Android app? While you can see these in the Google Play store, you may not know that some of those permissions are impacting your privacy more severely than you realise.
While permissions are taking control of your device with or without your knowledge, third party trackers also compromise your privacy by stealthily collecting data without your consent. And the worst part is that you have no clue as to how many trackers you have in your Android app.
To view the permissions for an Android app and the trackers in it, use Exodus Privacy.
Exodus Privacy is an Android app that has been created and maintained by a French non-profit organisation. While the app is not capable of any analysis, it will fetch reports from the Exodus Platform for the apps that are installed in your device.
These reports are auto-generated by using the static analysis method and, currently, the Exodus platform contains 58,392 reports. Each report gives you information about the number of trackers and permissions.
Permissions are evaluated using the three levels of Google Permission Classification. These are ‘Normal’, ‘Signature’ and ‘Dangerous’. We should be concerned about the ‘Dangerous’ level because such permissions can access the user’s private and other stored sensitive data.
Trackers are also listed in this app. When you click on a tracker, you will be taken to a page which shows you the other Android apps that have that particular tracker. This can be really useful to know if the same tracker has been used in the other apps that you have installed.
In addition, the reports will contain information such as ‘Fingerprint’ and other geographical details about the app publisher such as ‘Country’, ‘State’ and ‘Locality’.
Most Android apps need network access to function properly, but offline apps don’t need this to operate. Yet some of these offline apps continue to run in the background and use network access for some reason or the other. As a result, your battery gets drained very quickly and the data plan on your phone gets exhausted faster than you think.
Net Guard solves this problem by blocking the network access to selected apps. Net Guard will only block the outgoing traffic from apps, not what’s incoming.
The Net Guard main window displays all the installed apps. For every app you will see the ‘mobile network’ icon and the ‘Wi-Fi’ icon. When they are both green, it means that Net Guard will allow the app to have network access via the mobile network and Wi-Fi. Alternatively, you can enable any one of them; for example, you can allow the app to use the Internet only via the mobile network by clicking on the ‘Mobile network’ icon to turn it green while the ‘Wi-Fi’ icon is red.
When both the ‘Mobile network’ and ‘Wi-Fi’ icons are red, the app’s outgoing traffic is blocked.
Also, when ‘Lockdown’ mode is enabled, it will block the network access for all apps except those that are configured to have network access in the ‘Lockdown’ mode too. This is useful when you have very little battery and your data plan is about to expire.
Net Guard can also block network access to the system apps, but please be cautious about this because sometimes, when the user blocks Internet access to some critical system apps, it could result in a malfunction of other apps.
xBrowserSync is a free and open source service that helps to sync bookmarks across your devices. Most of the sync services require you to sign up and keep your data with them.
xBrowserSync is an anonymous and secure service, for which you need not sign up. To use this service you need to know your sync ID and have a strong password for it.
Currently, xBrowserSync supports the Mozilla and Chrome browsers; so if you’re using either one of them, you can proceed further. Also, if you have to transfer a huge number of bookmarks from your existing service to xBrowserSync, it is advised that you have a backup of all your bookmarks before you create your first sync.
You can create your first sync by entering a strong password for it. After your sync is created, a unique sync ID will be shown to you, which can be used to sync your bookmarks across your devices.
xBrowserSync encrypts all your data locally before it is synced. It also uses PBKDF2 with 250,000 iterations of SHA-256 for the key derivation to combat brute force attacks. Apart from that, It uses PBKDF2 with 250,000 iterations of SHA-256 for the key derivation to combat brute force attacks. And it uses AES-GCM with a random 16 byte IV (Initialization Vector- a random number that is used with secret key to encrypt the data) with 32-bit char sync ID of the user as a salt value. All of these are in place to ensure that your data cannot be decrypted without your password.
The app provides you with a sleek interface that makes it easy for you to add bookmarks, and share and edit them by adding descriptions and tags to them.
xBrowserSync is currently hosted by four providers, including the official one. So to accommodate all the users, the synced data that isn’t accessed for a long time is removed. If you don’t want to be dependent on other providers, you can host xBrowserSync for yourself.
When we share our photos on social media, sometimes we share the metadata on those photos accidentally. Metadata can be useful for some situations but it can also pose a serious threat to your privacy. A typical photo may consist of the following pieces of data such as ‘date and time’, ‘make and model of the camera’, ‘phone name’ and ‘location’. When all these pieces of data are put together by a system or by a group of people, they are able to determine your location at that particular time.
So if you want to share your photos with your friends as well as on social media without divulging metadata, you can use Scrambled Exif.
Scrambled Exif is a free and open source tool which removes the Exif data from your photos, after installing the app. So when you want to share a photo, you have to click on the ‘Share’ button from the photo, and it will show you the available options for sharing — choose ‘Scrambled Exif’. Once you have done that, all your metadata is removed from that photo, and you will again be shown the share list. From there on, you can share your photos normally.
Riseup VPN (Virtual Private Network) is a tool that enables you to protect your identity, as well as bypass the censorship that is imposed on your network and the encryption of your Internet traffic. Some VPN service providers log your IP address and quietly betray your trust.
Riseup VPN is a personal VPN service offered by the Riseup Organization, which is a non-profit that fights for a free Internet by providing tools and other resources for anyone who wants to enjoy the Internet without being restrained.
To use the Riseup VPN, you do not need to register, nor do you need to configure the settings — it is all prepped for you. All you need is to click on the ‘Turn on’ button and within a few moments, you can see that your traffic is routed through the Riseup networks. By default, Riseup does not log your IP address.
At present, Riseup VPN supports the Riseup networks in Hong Kong and Amsterdam.
Secure Photo Viewer
When you want to show a cool picture of yours to your friends by giving your phone to them, some of them may get curious and go to your gallery to view all your photos. Once you unlock the gallery, you cannot control what should be shown and what ought to be hidden, as long as your phone is with them.
Secure Photo Viewer fixes this problem. After installing it, choose the photos or videos you want to show to a friend and click ‘share’. This will show ‘Secure Photo Viewer’ in the available options. Once you click on it, a new window will open and it will instruct you to lock your device. Within a few seconds the photo you have chosen will show up on the screen. Now you can show your friends just that photo, and they can’t get into your gallery and view the rest of your private photos.
Most of the apps listed here are available on F-Droid as well as on Google Play. I recommend using F-Droid because every app has been compiled via its source code by F-Droid itself, so it is unlikely to have malicious code injected in it.
The author is deeply interested in Linux and he spends most of his leisure time
exploring open source.