The Protesters' Guide to Smartphone Security

I was feeling inspired to write this morning after looking through a lot of this type of article and noticing they all omitted kind of important information. This includes all of the basics, and the stuff I thought was under-discussed, like AirDrop and the importance of security patches.

19 Likes

That was an enjoyable read. If I may offer some feedback:

Additionally, even if itā€™s encrypted, it still wonā€™t benefit from the same security protections that your phoneā€™s built-in storage provides, such as advanced brute-force protections.

I could be mistaken, but I donā€™t think this is strictly true. See Adoptable storage  |  Android Open Source Project.

Google is frequently tapped by law enforcement to provide location data, because they donā€™t protect your personal information with strong, zero-knowledge encryption.

This is / will no longer be the case (Iā€™m not super clear on whether it is fully rolled out yet). See Google Maps is making a big privacy change to protect your location history - The Verge.

2 Likes

Great article! I found this part really funny.

Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions. You should always speak with your licensed attorney before deciding how to proceed. If your phone was taken by law enforcement you may have legal recourse to get it back.

During my time at FPF, I once had a bunch of lawyers strongly discourage this idea in a protest security toolkit. As in they wrote entire essays to me during work hours :confused:

2 Likes

Great article! I think this was very much needed, especially appreciate how itā€™s written for the target audience.

2 Likes

Didnā€™t cover cell towers tracking (IMSI & IMEI).

4 Likes

Great article @Jonah. like I said before those articles are nice additions to the content available. This one in specific I think can expand much more but is good to have a starting point (which normally is the most difficult part).

It is up to us to believe that the setting is really working since there is no way to validate the code.

Which do you think is more likely?

A) That the feature works as intended, dramatically lowering the administrative load for Google associated with complying with geofence warrants.

B) That Google is lying to both its users and law enforcement in hundreds of countries by secretly keeping location data unencrypted on its cloud. Meanwhile, refusing to comply with geofence warrants from law enforcement despite possessing the requested data, exposing Google to significant legal liability (a pretty poor business strategy).

This is fairly good reason to believe Google not to mention the fact that:

A current Google employee who was not authorized to speak publicly told Forbes that along with the obvious privacy benefits of encrypting location data, Google made the move to explicitly bring an end to such dragnet location searches.

1 Like

It could be something in between. It doesnā€™t need to be necessarily the A and B that you mentioned.

They can on their side turn the feature to keep the location on because their were coerced to cooperate.

Thanks for creating the article, although I wonā€™t be protesting anytime soon, but I got some key takeaways from it :slightly_smiling_face:.

1 Like

This is a really important topic to cover! Most of the stuff I have read about this mostly focuses on physical aspects to consider during a protest; not many cover digital aspects so expansively.

4 Likes

It isnā€™t as simple as this guide isnā€™t laying out a threat model.

In some jurisdictions, body-hugging devices (like smartphones) may come pre-installed with spyware apps.

For instance, I was sent this tip on use of Rethink, an app I co-develop, to block such spyware by protestors in Hong Kong (mirror).

Also, Iā€™m not sure disabling 2G is enough. Govts are known to retroactively arrest based on location triangulated via Cell towers. Some speculate (ex / mirror) that basebands may be turned ON on remotely (even if is switched off, like via airplane mode), though unsure if thatā€™s a valid attack vector these days.

2 Likes

Iā€™d add more data disposal tips. Delete cloud storage apps that you donā€™t need access to while at the protest. If you can reinstall the app , login, and your data is back, you donā€™t need the app always on your phone. Donā€™t need your password manager that you protect with Face ID sitting there waiting to be extracted after your keychain gets snatched exposing all of your identities.

Cellebrite Premium basically bypasses every security measure on iOS device. Stolen device protection , lockdown mode, etc. are essentially just UI blocks that only affect the basic extraction methods, which does nothing when you literally have access to the file system. You must focus on keeping limited amounts of data on your iPhone and understanding the forensic nature of your applications.

1 Like

They have a valid point.

Leaving phones behind or using burner phones is a very practical advise. Iā€™d ask the same of vulnerable folks, especially those who can be made examples out of by powers-that-be: They can be detained for arbitrarily long periods, get declared a traitor, have their livelihood destroyed, and the life of their loved ones jeopardised for eternity. This stuff is serious in some jurisdictions.

True. Though, Firefox can talk onion, if you turn OFF network.dns.blockDotOnion in about:config? I think, Brave has built-in support? Ages ago, volunteer-run gateways (onion to www) like tor2web.org were popular.

3 Likes

Thanks for the feedback everyone! Iā€™m glad this guide has been very well received :slight_smile:

I will be updating it with some changes on Monday based on some comments Iā€™ve seen here and on social media, drafting here:

2 Likes

I think it really depends on the risk of the ā€œprotestā€, the same thing can be either ā€œno big dealā€ or ā€œif you get caught you are doneā€, depending on where you are. It would be nice if the article could bring this up.

1 Like

Considering the amount of very personal data that a phone (usually) has on you I think itā€™s the only advice that makes sense IF you really are in that high-risk position and have to assume your items will be seized with a certain likelihood.

Either that or having a burner phone - or at least a 2nd phone that has zero unnecessary apps/information on it and that you use just for occasions like this (and factory reset regularly).

2 Likes

Thanks @jonah for this guide!

Iā€™ve been working for the past 6 months to build a series of guides for activists (US-focused). And there are a few recommendations on your guide that I want to use to polish up our prepare for protest checklist.

5 Likes

Yes, go kick rocks. It is irresponsible to disseminate that you could possibly have ANY private phone use, i.e. related to attending a protest, when, on top of proof that nation states are targeting iPhone users., there is no app sandboxing, reproducibly.

Apps that are bought and sold (everything on the app store) can access other processes on the device, with the matching api even in the case of googled devices (anything with g in the name on any device).

This is fixed only by using open source operating systems and nothing less. Throw that app in a box (user profile). Practice privacy with your iphone, but an iphone is not a tool of privacy.

2 Likes

Not everyone has this high of a threatmodel. Telling folks to kick rocks because they are unable to flash graphene or even afford a pixels, and they are better off not protesting way to extreme.

You have to threatmodel, in some countries this mindset might be needed, but in others this is completely over the top.

3 Likes

I think this is the core misunderstanding and nuance, where it may be a hard requirement or not depending on the threat model. I believe Jonah will include this in the next draft of the article.

3 Likes