PanicKit 1.0: built-in panic button and full app wipes
Posted on June 4, 2019
| Hans-Christoph Steiner
Panic Kit is 1.0! After over three years of use, it is time to call this stable and ready for widespread use.
Built-in panic button This round of work includes a new prototype for embedding PanicKit directly into Android. Android 9.0 Pie introduced a new “lockdown” mode which follows some of the patterns laid out by PanicKit.
[Read More]
IOCipher is the antidote to “Man-in-the-Disk” attack
Posted on August 17, 2018
| n8fr8
Recently, at DEFCON 2018, researchers at Check Point announced a new kind of attack made possible by the way many Android apps are implemented. In summary, developers use the shared external storage space in an unsafe manner, by not taking into consideration that other apps also have read and write access to the same space. A malicious app can modify data used by another app, as a vector for compromising that app, causing it to be compromised or crash.
[Read More]
Haven: Building the Most Secure Baby Monitor Ever?
Posted on December 22, 2017
| n8fr8
About eight months ago, friends at the Freedom of the Press Foundation reached out to us, to see if we were interested in prototyping an idea they had been batting around. They knew that from projects like CameraV and ProofMode, that we knew how to tap into the sensors on smartphones to do interesting things. They also knew we could connect devices together using encrypted messaging and onion routing, through our work on ChatSecure and Tor (Orbot!
[Read More]
No more “Root” features in Orbot… use Orfox & VPN instead!
Posted on October 27, 2017
| n8fr8
Since I first announced the available of Orbot: Tor for Android about 8 years ago (wow!), myself and others have been working on various methods in which to make the capabilities of Tor available through the operating system. This post is to announce that as of the next, imminent release, Orbot v15.5, we will no longer be supporting the Root-required “Transproxy” method. This is due to many reasons.
First, it turns out that allowing applications to get “root” access on your device seems like a good idea, it can also be seen as huge security hole.
[Read More]
Repomaker Usability Trainers Worldwide, June 2017
Posted on June 29, 2017
| Carrie Winfrey
Repomaker Usability, Trainers Worldwide Study
Prepared by Carrie Winfrey and Tiffany Robertson, Okthanks, in partnership with F-Droid and Guardian Project
OK Thanks – Guardian Project For more information, contact carrie@okthanks.com.
Purpose The purpose of this study was to understand the following things.
Are users able to complete basic tasks including, creating a repo, adding apps from other repos, removing apps, editing app details, and creating a second repo?
[Read More]
fdroidserver UX Testing Report
Posted on June 1, 2017
| Seamus Tuohy
We ran user tests of fdroidserver, the tools for developers to create and manage F-Droid repositories of apps and media. This test was set up to gather usability feedback about the tools themselves and the related documentation. These tests were put together and run by Seamus Tuohy/Prudent Innovation.
Methodology Participants completed a pretest demographic/background information questionnaire. The facilitator then explained that the amount of time taken to complete the test task will be measured and that exploratory behavior within the app should take place after the tasks are completed.
[Read More]
F-Droid User Testing, Round 2
Posted on May 1, 2017
| Carrie Winfrey
#by Hailey Still and Carrie Winfrey
**** Here we outline the User Testing process and plan for the F-Droid app store for Android. The key aims of F-Droid are to provide users with a) a comprehensive catalogue of open-source apps, as well as b) provide users with the the ability to transfer any app from their phone to someone in close physical proximity. With this User Test, we are hoping to gain insights into where the product design is successful and what aspects need to be further improved.
[Read More]
F-Droid Lubbock Report – What We Want to Know
Posted on April 17, 2017
| Carrie Winfrey
F-Droid LBK Usability Study Report – What We Want to Know
Prepared by Carrie Winfrey
Preliminary Version – April 17, 2017
Introduction When planning this user test, the team outlined features and flows within the app on which we wanted feedback. From there, we created tasks for participants to complete that would access these areas, and produce insights related to our inquires.
This document is organized by the tasks participants completed.
[Read More]
ProofMode critiques and progress
Posted on March 30, 2017
| n8fr8
Bruce Schneier was kind enough to post about our work on ProofMode to his blog. A decent set of comments ensued, which we have considered, measured and weighed. We posted the response below on the post, and now also here. We also received an excellent set of feedback from the Lieberbiber blog. Below are responses to the various concerns raised, and links to work completed or in progress.
At a high level, securely dating files, digital notarization, easy capture of sensor metadata, among other things, are not solved problems.
[Read More]
Imagining the challenges of developers in repressive environments
Posted on January 26, 2017
| Seamus Tuohy
The Guardian Project team spends a lot of time thinking about users. In our work we focus on easy-to-use applications for users in high-risk scenarios. Because of this we are very focused on security. In our current work with the FDroid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments we have started to become more aware of the challenges and risks facing software developers who build software in high-risk environments.
[Read More]
“If This, Then Panic!” Sample Code for Triggering Emergency Alerts
Posted on October 17, 2016
| n8fr8
Earlier this year, we announced the PanicKit Library for Android and Ripple, our basic app for alerts any compatible app that you are in an emergency situation. Rather than build a solitary, enclosed “panic button” app that only can provide a specific set of functionality, we decided, as we often do, to build a framework, and encourage others to participate. Since then, we’ve had over 10 different apps implement PanicKit responder functionality, including Signal, OpenKeyChain, Umbrella app, StoryMaker and Zom.
[Read More]
How to Migrate Your Android App’s Signing Key
Posted on December 29, 2015
| Abel Luck
It is time to update to a stronger signing key for your Android app! The old default RSA 1024-bit key is weak and officially deprecated.
What? The Android OS requires that every application installed be signed by a digital key. The purpose behind this signature is to identify the author of the application, allow this author and this author alone to make updates to the app, as well as provide a mechanism to establish inter-application trust.
[Read More]
Hiding Apps in Plain Sight
Posted on May 7, 2015
| n8fr8
Beyond just thinking about encryption of data over the wire, or at rest on your mobile device, we also consider physical access to your mobile device, as one of the possible things we need to defend against. Some of our apps, such as Courier, our secure news reader, include a Panic feature, enabling a user to quickly delete data or remove the app, if they fear their device will be taken from them, whether by a friend, family member, criminal or an authority figure.
[Read More]
Turn Your Device Into an App Store
Posted on November 18, 2013
| cpu
As we’ve touched upon in previous blog posts the Google Play model of application distribution has some disadvantages. Google does not make the Play store universally available, instead limiting availability to a subset of countries. Using the Play store to install apps necessitates both sharing personal information with Google and enabling Google to remotely remove apps from your device (colloquially referred to as having a ‘kill switch’). Using the Play store also requires a functional data connection (wifi or otherwise) to allow apps to be downloaded.
[Read More]
Gibberbot’s “ChatSecure” MakeOver: Almost Done!
Posted on September 20, 2013
| n8fr8
In a previous post with the mouthful of a title “Modernizing Expectations for the Nouveau Secure Mobile Messaging Movement”, I spoke about all of the necessary security features a modern mobile messaging app should have. These include encrypted local storage, end-to-end verifiable encryption over the network, certificate pinning for server connections and a variety of other features. I am VERY happy to report that the latest v12 beta release of the project formerly known as Gibberbot, now called ChatSecure, has all of the features described in that post implemented.
[Read More]
Modernizing Expectations for the Nouveau Secure Mobile Messaging Movement
Posted on July 16, 2013
| n8fr8
The tl;dr of this lengthy (tho entertaining and immensely important!) post is this: Stopping with “We support OTR” or “We support PGP” is not enough anymore. There are at least seven, if not more, very important security features that any app claiming to provide secure messaging must implement as soon as possible, to truly safeguard a user’s communication content, metadata and identity.
Note: The names “Gibberbot” and “ChatSecure” are used interchangeabley below, as we are in the midst of an app rebrand.
[Read More]
GnuPG for Android progress: we have an command line app!
Posted on May 9, 2013
| Hans-Christoph Steiner
This alpha release of our command-line developer tool brings GnuPG to Android for the first time!
GNU Privacy Guard Command-Line (gpgcli) gives you command line access to the entire GnuPG suite of encryption software. GPG is GNU’s tool for end-to-end secure communication and encrypted data storage. This trusted protocol is the free software alternative to PGP. GnuPG 2.1 is the new modularized version of GnuPG that now supports OpenPGP and S/MIME.
[Read More]
Lower Bounds of The Narrow Bands
Posted on February 22, 2013
| lee
Voice is becoming a standard feature of any messaging app on mobile phones, in various forms using many different protocols. There’s the old guard, whom I will refer to as “Skype”. Some tough questions have been thrown their way by many groups who support a free Internet. There’s Google Voice, which is not really VoIP. Apple is playing around in the hedge maze inside their walled garden with iChat. There’s also Facebook, who is rolling out voice calling in Canada and the USA in their Messenger app on iOS.
[Read More]
IOCipher beta: easy encrypted file storage for your Android app
Posted on February 7, 2013
| Hans-Christoph Steiner
At long last, we are proud to announce the first beta release of IOCipher, an easy framework for providing virtual encrypted disks for Android apps.
does not require root or any special permissions at all the API is a drop-in replacement for the standard java.io.File API, so if you have ever worked with files in Java, you already know how to use IOCipher works easiest in an app that stores all files in IOCipher, but using standard java.
[Read More]
report on IOCipher beta dev sprint
Posted on January 31, 2013
| Hans-Christoph Steiner
We are just wrapping up an intensive dev sprint on IOCipher in order to get the first real beta release out, and it has been a wonderfully productive session on many levels! Before we started this, we had a proof-of-concept project that was crashy and ridiculously slow. We’re talking crashes every 100 or so transactions and 9 minutes to write 2 megs. Abel and I were plodding thru the bugs, trying to find the motivation to dive into the hard problems in the guts of some of the more arcane parts of the code.
[Read More]