[vox-tech] any OTR preferences?

Bill Broadley bill at broadley.org
Tue Dec 6 00:20:03 PST 2016


On 12/05/2016 11:44 PM, Rick Moen wrote:
> Hey, Bill (Broadley), I wonder if you've seen this useful page from the
> Tor folks about doing the best one can with Android security:
> https://blog.torproject.org/blog/mission-improbable-hardening-android-security-and-privacy
> 

Ha, looking at your link and found:
Because the download integrity for all of these packages is abysmal ....

Couldn't agree more.  Looks pretty promising to me.  Hugely complicated, but
making progress.  Seems like f-droid is the wrong approach.

Would be nice to have copperhead OS, then something automated like:
* launch container/sandbox without rw to /system
* use google play to download APKs and verify signatures.
* save downloaded APK to /tmp
* shutdown container
* have copperhead install and verify the APKs (after checking they won't
overwrite copperhead APKs)

That way no google play services, and no way for google to change any copperhead
files.

For most installing signal via:
Download the apk.
Unzip the apk with unzip org.thoughtcrime.securesms.apk
Verify that the signing key is the official key with keytool -printcert -file
META-INF/CERT.RSA
You should see a line with SHA256:
29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0
EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Make sure that fingerprint matches (the space was added for formatting).
Verify that the contents of that APK are properly signed by that cert with:
jarsigner -verify org.thoughtcrime.securesms.apk. You should see jar verified
printed out.

Is *WAY* to complicated.

The updates process sound pretty painful as well.  Kinda surprised they are
trying to sign the entire /system, seems like they should just build a
dependency tree and check the signatures of the dependency tree.  RHEL does
similar, grub tests the kernel signature, kernel checks the module signatures,
and then hands control over to user space.

For similar reasons apple and google are moving from whole disk encryption to
per file encryption.  Entire immutable images are just too inflexible.  After
all what good is whole disk encryption if your device is booted and unlocked
close to 24/7 anyways?  Not to mention who wants their phone to reboot at night
to upgrade security and not be able to receive
calls/texts/email/notifications/podcast downloads etc until the user signs in?

With all the said, copperhead sounds awesome and a significant security upgrade.
 Good stuff.




More information about the vox-tech mailing list