Searching For Privacy

Share if the site was helpful

Searching For Privacy

We’ve grown somewhat used to the phrase “If you’re doing nothing wrong then you have nothing to hide”.  That being said, plenty of us don’t take it as truth that privacy has to die.  There are countless stories of security leaks, and it’s impossible to hear the letters NSA without thinking about being watched.  But taking a few simple steps can drastically improve your right to privacy in everyday life.  Step one being how you browse the internet.

You don’t have to be watched:

Yes, it’s a little-known secret, but there are ways you can search the web without giving up your privacy.  Over the years the word “Google” has become synonymous to looking something up.  And for good reason because Google has a huge market share on global searches.  But they’re by no means your only option.  At the start of 2018 Google searches accounted for roughly 70% of all searches.  The bottom line being that they aren’t going away any time soon, but there’s 30% worth of other options.

The purpose of this blog post is not to bash Google by any means.  It’s an incredible search engine that yields top tier results.  It’s grown to the size it is for many reasons.  This post is simply to inform you of options besides the traditional search engines like Google and Internet Explorer.  There are some players that do things differently.  A key difference being that your search history is just that: yours.

Some alternatives:

If you’ve ever looked into private search engines, then you’re undoubtedly familiar with DuckDuckGo.  Its CEO is famous for saying “if the FBI comes to us, we have nothing to tie back to you.”  Their motto is simple: they don’t store your personal information. Ever.  They also offer an interesting feature known as “bangs”.  Not really privacy related, but bangs allow you to quickly search results on other sites by adding a “!” to your search.  So if you knew you wanted to search for something on Wikipedia you could jump straight to it.

Another solid option is Tor.  Tor Browser secures your connection to the internet with three layers of encryption, and passes it through voluntarily operated servers around the world.  It’s goal is to make you one in a million person crowd that is indistinguishable from others, and thus untargeted for any kind of privacy extraction.  Tor’s onion services allow for users to publish things online without needing to reveal their location.  Even the U.S. Navy has used Tor for open source intelligence gathering.  Don’t worry, by that I don’t mean info on your browsing sessions!

A 3rd favorite is StartPage.  Developed by Ixquick, StartPage gets you the privacy you want but actually gives you the results straight from Google. It features a proxy service, URL generator, and HTTPS support that allow you to revisit your browsing sessions without needing cookies.  In other words, it remembers your browsing in a privacy friendly way.

More than just security:

If you’re like me, you’ve been shocked before at some of the ads you see.  They’ve become so practical at targeting you you’ll see an ad for something you had only thought about in the privacy of your own mind.  Browsing in private mode can certainly help with this as the less data there is collected on you, the harder it is to target you with personalized ads.  Or even ads in general.  Just another big perk to consider when deciding if you want to check out other browsers!

All in all, you could be perfectly happy with the way you’re surfing the internet right now, but there are always other options if you decide to give them a try.  What are your thoughts on the recent privacy issues?  Maybe you use a VPN. Do you take other precautions to keep your information secure?  Let us know in the comments below!

Google Minus And Project Strobe

Share if the site was helpful

Google Minus and Project Strobe

After 7 years of effort Google has decided that enough is enough for Google+.  The tech giant has admitted to failing its entrance into the social media marketplace. As both a business decision and safety concern they’ve decided to take Google+ off the web and focus on other things.

Project Strobe

Security has been at the forefront of everyone’s minds this year as privacy scandal after privacy scandal has surfaced.  Facebook’s Cambridge Analytics scandal made us hyper aware of how much data is exposed to third-parties.  In an attempt to combat privacy issues Google launched Project Strobe.  It’s a root-and-branch review of third-party developer access to Google accounts and Android devices.  Essentially it’s a research project to check up on how secure everyone’s information really is.

The findings: not the best.   Today Google announced four key findings from the project along with steps to remedy each.

1. There are significant challenges in creating and maintain a successful Google+ product that meets consumer’s expectations.

Google+ has a pretty serious bug in it that exposed user data to third-party applications that didn’t have proper access.  Google says that there is no evidence anyone else found this out before they did (hard to be sure).  But combining this with the lack of adoption among users and the end result has been to remove Google+ entirely.  I don’t think anyone is too upset at this move, and it’s probably for the best Google diverts its time towards new innovations.

2. People want fine-grained controls over the data they share with apps

When you download a new app that performs certain functions, it may need permission to do so.  Whether that’s accessing your camera to take a picture or seeing your contacts so that it can share a picture with others, apps can’t do these things until you let them.  This is a big plus for Android security, but unfortunately sometimes it’s not organized well enough.

There are some permissions that are grouped together when presented to a user, and this can potentially be a problem.  If you want an app to do one thing you shouldn’t have to grant it access to 3 permission, yet this is sometimes how things are organized.  Google has announced they’ll be launching more granular account permissions that will show individual dialog boxes for each.  Maybe a little more frustrating for relaxed users, but definitely a win for security.

3. When users grant apps access to their Gmail, they do so with certain user cases in mind

To correct the security issue of third-parties abusing contact information Google is limiting what kinds of apps are allowed to access Gmail data.  The only apps allowed will be those that are “directly enhancing email functionality”.  Basically, if there’s not real reason for your app to need to write an email, it’s banned.

4. When users grant SMS, Contacts and Phone permissions to Android apps they do so with certain use cases in mind.

3 and 4 are pretty similar to one another, but this other finding takes things past email and into the phone/contacts.  Google is limiting how many apps will be allowed to access this information.  In addition to this Contact interaction data will no longer be available vie the Android Contacts API.

The bottom line is that Google did a security sweep and decided a few things needed to change.  It seems that these changes are proactive which is always a good things, but if you’re one of the world’s Google+ user’s then I’m sorry you have to say goodbye.  For everyone else these changes should be nothing but good as security continues to improve.

What are your thoughts on Project Strobe?  Let us know in the comments below!

 

Reverse Engineering Apps. A Primer

Share if the site was helpful

Reverse Engineering Apps.  A Primer

Reverse engineering is a pretty cool concept.  Someone builds something, you want to see how they did it, so you take it apart and see how it was put together in the first place.   It can be a great way to learn, and it pushes technological progress forward.  But there’s also a dangerous side to it.

Reverse engineering done with malicious intent can lead to copyright infringement or other damages.  It’s a fine line to walk on for what is ethical and what isn’t, and that doesn’t change inside of the Android world.  In here reverse engineering is common and developers should always account for it when building apps to make sure they’re taking necessary precautions.

The term for reverse engineering an app is “decompiling”, and what you’re decompiling is an APK (Android Package Kit).   This is essentially just a .zip file that stores our apps code.  You build an APK when you compile your code and use that APK to upload the app onto the Google Play Store.  This is then what users around the world download onto their devices.  And if they’re tech-savvy enough, they can open up this APK and see what’s inside.

Why Decompile?

Let’s take a second to think about a couple reasons why we would want to decompile our APKs.  One possibility is that we’ve misplaced our source code and are hoping to recover it.  If this was the case then we could decompile our app from a phone it was already on. Note that this has its limitations as the decompiled code will not be the exact same as the original.  Some parts will be lost along the way, so make sure you save your code on Github!

Another possible reason for decompiling an app would be to evaluate its security.  If you’re able to see things you want to keep private simply by decompiling an app, other people can too.  And chances are they won’t always be decompiling for education purposes.  I’ll be following up on this blog shortly with another one going more in depth on how to properly hide secrets in your apps.

And of course there’s always decompiling for modding purposes. If you reverse engineer an app and put it back together how you want then you can add new features or customize how things behave.  Here’s where I throw in a disclaimer that you should make sure you’re a law abiding citizen while doing these things.  Lots of companies/developers would be very unhappy to hear that someone is decompiling their apps to make monetary gains.

How To Decompile?

The good news is that if you want to decompile apps on your own, you absolutely can!  You’ll need to download a popular tool known as apktool, and also make sure you have java set up on your computer.    Here’s an great video showing how to use apktool to theme and edit android apps.

 

Want to know more about decompiling apps?  Don’t worry we’ll be writing lots more on it soon, but in the mean time let us know what you want to know in the comments below!

en English
X