Much of our daily lives are contained within our smartphones and
computers. Email, text messages, and phone calls all contain bits and
pieces of information that, in the wrong hands, could harm our privacy.
Unfortunately many people either don't understand how vulnerable their
data is when sent across the Internet (or another commercial circuit) or
just don't care. While I don't have much to say for the crowd in the
latter category (can't fix stupid) I do try to help people in the prior
category understand that any network outside of their control is fair
game for pilfering and that basic protections need to be taken to
protect themselves. While I'm not going to dig into how data can be
intercepted (there are plenty of articles out there on the subject) I
would like to talk about how one can use tools to protect their data
when using an Android smartphone.
Until recently email was the only easily-encrypted mode of
communication. Most people didn't have the means of encrypting their
phone conversations and certainly not their SMS messages (unless you
happen to be using a SME-PED, but those things are terrible in other
ways). Now, Whisper Systems have
released two open source programs that allow you to protect your
communications. The first is called "RedPhone". This program encrypts
your phone conversations and allows you to converse securely. The
second program is called "TextSecure" and encrypts text messages using
authenticated, asymmetrical encryption.
I like the way TextSecure manages keys and allows you to verify the
user's key directly so you can establish trust. RedPhone appears to use
the trust in the phone number for authentication. RedPhone also
provides encryption opportunities when the distant party also has
RedPhone on their device which is a nice feature that I wish TextSecure
also provided. Both of these programs are very easy to use and need
very little configuration.
TextSecure also provides an encrypted container for all your text
messages so that your text messages are secure if the attacker has
physical access to the device.
And OpenPGP is still a great option for protecting your email
communications but that is a topic for later.