This has really been mentally crushing for me for a long time.
My problem: I need to choose which Apps I can 100% trust with my personal user data.
My general fear is that an App will send telemetry back to a malicious hacker/user on the Internet.
I think this fear was created in me when I came across a story of how an Android App that was available for download as an .APK on a pirated website contained an especially awful piece of malware. Basically, this pirated App was able to upload 24/7 private user data including the phone’s video camera footage, SMS messages, call logs, browsing habits and extremely private user data like passwords etc. With upload speeds being so fast on most phones these days the user didn’t even notice how much data was being uploaded to the Internet.
Obviously, this is an extreme example and I’d NEVER install a pirated Android App .APK and I’m sure nobody in this community would do this, but it really gave me a hightened sense of how easy it would be for an App I’ve installed on my Windows 10 PC to send back text of what I’m doing with the .PDF files that I’ve got opened in my PDF Reader. For example, a PDF Reader App sending back lines of text about what PDF file a user is reading and what notes and highlights they’re making seems so much easier and less detectable than uploading video from a camera on a smartphone.
My problem is that I keep looking for an app that’s 100% safe and will not transmit my personal user data. Since I’m unable to find an App that’s 100% safe I end up making no progress and I don’t make a decision.
Sorry for the long post… it’s just that this issue has really been crippling me…
The simple truth is: there are no “100% safe” apps.
You can maybe get pretty close but any complex app, even when open source, can be found unsafe years later when someone discovers a nasty exploit or even a very well hidden backdoor.
Best to be realistic and to determine a threat model who/what you really want to defend against and to not give in to paranoia.
The PG guide (and others) will help you with that.
I suppose one strategy I could employ would be to just buy a hardware device that’s completely 100% offline and doesn’t connect to the Internet at all?
Does anyone know how I’d go about setting this kind of PC up?
I think you can also see the account names and machine it was also saved on. So do be aware that even with a 100% offline setup, some things like metadata can leak, apart from things obfuscated by its proprietary nature.
Unfortunately app usage needs vigilance and is more of a marathon than a race. What is 100% secure today may not be secure after a few updates. Keep an eye out in the news feeds. One of the fastest is, unfortunately Twitter but there is also Mastodon.
There is bliss in ignorance but I doubt any if us will go back. And in case one goes back to the smothering arms of MS/Google/Adobe/Facebook, it wont be the same and you’d still be wary.
One option is using a device like a PC that’s completely disconnected from the Internet and has no wifi card installed.
Could this be a second option:
Install a special firewall app that I know for certain is 100% trustworthy and configure it to block both incoming and outgoing requests to the Internet? This way all the apps on the device would be 100% secure, however, I’d be putting a lot of trust and faith into that firewall app.
How would I know how to choose which firewall app to use?
Open source is usually my first choice, but then again, there are some premium firewall apps available that are expensive. I’d feel more confident in an expensive firewall app because I’d know that the company has a vested interest in keeping the firewall app secure?
You can use a firewall appliance like pfsense that sits outside the OS and filters things in the network itself but that involves learning something new.
I used to think dedicated firewall devices like just don’t see how a firewall appliance like pfSense or a Linux distro can make a difference when it only takes one single app on a Windows PC to have a backdoor built into it that transmits data back to someone on the Internet…
I mention it more over here in the opening post:
I’ve been researching this topic for a long, long time and I still haven’t been able to find a good answer. I’ve read all about people using old PC’s to install a “Firewall Linux Distro” and this sounds great in theory but how is this helpful if a Windows PC on the network has installed an App that has a trojan attached with it that can send information about the Windows user like every keystroke that the user enters to the trojan’s author online?
You have to decide if this is just an academic interest that you want to know out of curiousity or if you worry about a more or less targetted attack.
The only way to make sure is to inspect all traffic yourself. Not an easy feat and may require some specific hardware capability on the part of your network switch (you need a managed network switch), namely to duplicate all outgoing traffic on the machine that you are interested in analyzing.
Then you need to make yourself a certificate authority to see the encrypted(?) traffic. I havent done this myself but to my understanding, part of the thing you need to do is run PiHole and put DoH in a blacklist.
I can no longer give more info because I havent done this personally and I lack the actual know how.
If I were you, just make things simple for now and just use an air-gapped machine for your sanity’s sake.
Hey, super important conversation you are having here!
I think you both have points and are talking somewhat next to each other.
What @Average_Joe was asking is about an app doing malicious things, not the OS. I agree with @HauntSanctuary that any application including Portmaster (which uses the kernel but still runs in the OS) is limited in what the OS could do. In our case MS would have to make changes in the Kernel to bypass Portmaster, but because they are in control of the Kernel, we can’t stop them if they do. So what Haunt is saying is true, but what is missing in his explanation is 1. @Average_Joe 's needs - he is looking to restrict an specific app, which is super hard to do on the network level because you have lost the Information what app is doing the connection. and 2. blocking doh is also useless, when the malicious app is using a p2p connection, and or just uses a not labeled bad domain in your pihole… and because you don’t know what app the request is coming from in pi-hole you cant investigate properly.
I hope this helped.
again, both are right, but you need to look at the needs, if someone does not want to switch os then arguing that you cant trust the os does not help. But it helps to keep in mind, that the OS vendor is providing the framework any application is running in, and any app running in this framework can potentially be bypassed by the OS itself. And netwrok firewalls are nice, but they are super limited in what they can do, and PiHole is basically dependent on devices and apps sending it the requests, so a PiHole on its own would be 100% useless in case of a even a mild malicious actor (any app with its own dns) - any PC with Portmaster installed is hidden from PiHole because Portmaster does the DNS resolving.
I think you’ve been the only person to understand what I’m trying to say in regard to using a dedicated Linux firewall distribution that’ll protect a user’s home network, but this falls apart when there’s an App on a Windows PC that’s transmitting data about the user back to the malicious author on the Internet. It could be something as benign as an app for reading PDF files that brings the user’s security crashing down despite having a dedicated Linux firewall distribution.
Assuming you have latest security updates and >Android 12, this isn’t possible.
Android has permission, the app would have had to ask permission for EACH of those information -except passwords which it can’t access at all.
An advanced zero-day could maybe have access to one of this data point. But please note that Location&Camera access always display a green icon on your display.
