Android’s Real Security Problem

Cameron Summerson makes an excellent point about the latest Android vulnerability: Android’s real security problem is the manufacturers,

Currently, manufacturers are doing a terrible job of protecting their users, full stop. While not getting full OS updates (or even point releases) is annoying at best, not getting security updates is unacceptable. It sends a message that can’t be ignored: it says that your phone manufacturer doesn’t care about your data. Your info isn’t important enough for them to protect.

Security updates aren’t huge like full OS updates or even point releases. They’re released monthly by Google, so they’re much smaller and easier to bake into the system—even for third-party manufacturers. Again, there’s no real excuse not to make this a priority.

Carriers also play a significant role in slowing down Android updates. All of these companies that are more than happy to take consumers’ money seem reticent to do beyond the bare minimum to make sure they’re protected on the devices and networks they choose.

As Duo Security notes, the result of this insanity is that “90 percent of Android devices were not on the latest security patch released 26 days prior.”

Shelter for Android–An Android Sandbox App

Shelter is a free, open source app for Android that implements a limited sandbox where you can run other apps.

Run “Big Brother” apps inside the isolated profile so they cannot access your data outside the profile

“Freeze” (disable) background-heavy or seldom-used apps when you don’t need them. This is especially true if you use apps from Chinese companies like Baidu, Alibaba, Tencent.

Clone apps to use two accounts on one device

CloudFlare’s Encrypted DNS App for Android and iOS

CloudFlare recently released an app for Android and iOS that makes it easy for users to encrypt their DNS queries using CloudFlare’s 1.1.1.1 DNS resolver.

For once, I’m really not sure what the point is of a security tool like this. One of the criteria for using the 1.1.1.1 app is you need to turn off any VPN you have activated. But I’m not really certain what the use case would be for wanting encrypted DNS but not a VPN.

Personally, I use ProtonMail’s VPN on my phone when I want privacy from the local network operator. There are issues with Proton, but it’s security is more than good enough for anyone not concerned about state actors in their threat model.

rcloneExplorer for Android

rcloneExplore is an Android app that,

  • Allows to browse rclone remotes, including encrypted ones
  • Import configuration file from rclone
  • Create new remotes from the app
  • Download and upload files
  • Move, rename, and delete files and folders
  • Create new folders
  • Streaming media files
  • Serving directories over HTTP or Webdav
  • Dark theme
  • Customizable primary and accent colors
  • Supports ARM and x86 devices
  • Supports SDK 21+ (Lollipop 5.0)

The one potential drawback with a[[ this is that it is only available as an APK that would need to be side-loaded. There is not a version of this available from the Play Store as far as I can tell.

InboxIt App for Android

InboxIt – Share to Mail is an app for Android designed to improve how Android handles sharing links via email, primarily for emailing links to yourself that you want to read later.

There is no need to type your email address, email title or body. InboxIt with a ‘single click’.

In addition, InboxIt grabs website’s image and description for nicer and more readable emails, no more clicking on emails to figure what article this is, images & videos are also supported (up to 25mb).

The premium 99 cent version will also automatically add a +keyword label for sharing to Gmail addresses, which makes it easier to sort these “read later” emails from other emails.

I have a variety of ways to track stuff I want to read later, and tend to email myself links that I need to follow-up on in the near future. InboxIt just makes those emails all the more useful.