There was a time that cell phones were about two people talking over phones. Before the time that cell phones were simply phones, desk top applications were tools to solve business problems. Now cell phones and desktop applications and browsers are skillfully designed sensors that collect any bit of information that defines a user of a cell phone or desktop application. I have seen phrases such as entertainment, and social centers, gaming platforms, etc. used to define cell phones and desktop computers. Microsoft, Apple, and Google invest enormous amounts of time and efforts to make cell phone and desktop applications satisfy human needs. What pixel at what color level goes where in a user interface is implemented to elicit the greatest amount of human activity. Life, and interacting with a device is one big happy game. There is even a term for it – gamification.
All those applications on cell phones and desktop platforms, opening, closing, entering text, playing games, linking socially, searching for information are all secondary to the collection of data that is generated from the interaction between a human and a computer. For Microsoft, Apple, Google, etc. the payback for developing operating systems, entertaining applications, fast hardware, high resolution cameras, etc., is the collected data. Microsoft, Apple, and Google satisfy the human need, and the end user produces the data from pointing and clicking here and there. The collected data is collected, processed, analyzed, and the service provider make a profit.
A common theme from the three major services providers is that they will do everything that they can do to protect your data from unauthorized access by bad actors. They say nothing about protecting you data from access by the service providers.
The book “Extreme Privacy: What It Takes to Disappear” written by Michael Bazzell addresses the loss of anonymity and what steps are required to take to restore privacy. The remainder of this post will address a path that can be taken to secure Google Pixel phones and restore privacy.
As a first step, the image of a Google Pixel 4a 5G phone will be replaced. I am going to cover the replacement of the cell phone image at a high level. Any missing low-level steps can be found in the book. Mr. Bazzell does an outstanding job of explaining the problem and a workable solution.
- To do the image replacement, the cell phone is attached to a Windows 11 laptop. The cell phone needs to be set to debugger mode. Instructions to set debugger mode can be found here: When the instructions say tap, you need to tap multiple times. Once the build number is tapped the correct number of times, there will be a pop up acknowledging the state change. Also, when you go to your home screen on the phone, if successfully changed to debug mode, there will be a notification of the state change.
- The Android Debug Bridge needs to be installed. Instructions to install the SDK so that you can use adb.exe, is here. Once the SDK is installed and you have connected the phone via the USB connector to your laptop/desktop, navigate to where the SDK is installed, locate adb.exe. In a terminal window run adb.exe devices. You should see a message about a daemon being started followed by a message showing the phone connected to your laptop.
“GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It’s focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. It was founded in 2014 and was formerly known as CopperheadOS.
GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they’re always enabled with no impact on the user experience and no additional complexity like configuration options. It’s not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB peripherals, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.”
Steps to Install GrapheneOs can be found here.
Should you have trouble:
I did an install of GrapheneOS with a Windows 11 laptop.
- Both the adb and boot loader drivers must be installed on the Windows host. I did not have the boot loader device driver installed. This page shows how to load both drivers.
- Make sure that the USB cable that you use to connect the host to the device is of high quality — try to use the same cable that came with your phone.
- If the boot loader commands do not work, try switching between USB 2.0 and USB 30 connectors on host.
Install took about 30 minutes. The result is a clean secure install of Android – maximizing privacy.
Next post I will add secure Text Messaging, VOIP and a VPN to the GrapheneOS install.
Discover more from Threat Detection
Subscribe to get the latest posts sent to your email.