Smartphones

Application permissions ==================================

There are 2 major application ecosystems today: **Android** and **Apple**. 1. iOS Apps store from APple is known for its controls and validations before public release. 2. Android Play store (Google) not so much

![Those apps all contain malware have been downloaded more than More than 280 000 times on Google plays store](/assets/i/android-apps-malwares.png "Those apps all contain malware have been downloaded more than More than 280 000 times on Google Play store") Those applications which all contain malware have been downloaded more than **280 000** times on Google Play Store before they have been removed.

Just like on a computer workstation, don't install any application on your smartphone. You must check the permissions of every application. For instance, is it ok for a flashlight application to access to your contacts?

Depending on your Android version (6 and above), you will most often need to look in: > Settings \> Applications \> (sometimes Advanced Settings) \> [Apps Permissions](https://support.google.com/android/answer/9431959?hl=en)

In order to check an application permissions on your Android, take a look at the [Exodus Privacy](https://exodus-privacy.eu.org/fr/page/what/) project.

Spyphones ============

On standby

You are uniquely identified on the GSM network with your SIM card's unique number (IMSI) and your phone's unique number(IMEI).
Your phone regularly checks in with base stations by transmitting these two informations
Your telephone operator has the technical ability to locate the network cell network cell you're in (from a few meters to several kilometres).

Many software programs can turn your smartphone into a spy microphone. However, they must be installed installed on your phone. Most of the time, the attacker pust have a physical access to your phone.

![spy chip](https://slides.nothing2hide.org/assets/i/iphone-puce.jpg "Spy chip")

Off ------ The battery, plugged in, is always a source of power. With the collaboration of the telephone operator, who can access the packets packets sent to the SIM card (Application Protocol Data Unit), the can theoretically be activated.

Disassembled battery ----------------- - Without battery, no power, no signals transmitted, no monitoring. - Problem: few phones still have a removable battery.

Communications ==============

The GSM network ---------------- The GSM network's encryption algorithm has been compromised for years now. GSM calls and SMS communications are not secure.

4G / WiFI

Signal for Android and Iphone
Wire for iOS or Android
Briar is an encrypted peer-to-peer communication application using the Tor network. Only available on Android.
Avoid Whatsapp for sensitive communications
Don't use Telegram

Local data ======================

The basics ---------- - Lock your smartphone with a password - Avoid using pattern (Android), fingerprints or facial recognition

Android ------- Data encryption is enabled by default since **Android 6.0** (end of 2015). Encryption is activated when the configuration wizzard asks you to choose a screen lock: pattern, PIN code or password. *Facial recognition and fingerprint are not included in this process*.

iPhone ------ Since **iOS 8**, data on Apple phones are encrypted by default when the phone is locked with a code or TouchID.

### Bonus On iOS you can configure automatic erasure after 10 unsuccessful unsuccessful unlock attempts.

Use a local safe ------------------- Tella is application available on [Android](https://play.google.com/store/apps/details?id=org.hzontal.tella&hl) and [iOS](https://apps.apple.com/us/app/tella-document-protect/id1598152580) that lets you take photos and videos and store them encrypted, camouflage them, or even erase them in an in case of emergency.

Prise d'images, de vidéos ou de sons dans Tella

Data everywhere --------------- - In the internal phone memory - On the SD card - On the SIM card - In the *Cloud* if you are an icloud or Google drive user

Emergency plan ================= In case your device got sized or stolen

Protect your accounts

Make a a list of your sensitive accounts
Change the passwords of these accounts
Use passphrases and enable dual authentication
Don't forget to download backup codes

## Erase your data: Android - Go to the [devices](https://myaccount.google.com/device-activity) security section of your Google account - Make it ring, locate it or erase remotely your data

## Erase your data: iOS Activate the Find app on your phone and go to [icloud.com/find](https://www.icloud.com/find) - [Find a lost device](https://support.apple.com/fr-fr/HT210515#erasedevice) - [Erase remotely your data](https://support.apple.com/fr-fr/HT210515#erasedevice)

Another option =====

Questions?

Contact

Mail: help@nothing2hide.org
Signal: +33 7 81 37 80 08
Twitter: @n0thing2hide
Mastodon: @nothing2hide
BlueSky: @nothing2hide

Contenu sous licence Creative Commons CC BY SA.