Project

General

Profile

UsageNotes » History » Version 20

Denis 'GNUtoo' Carikli, 02/20/2020 12:53 PM

1 1 Paul Kocialkowski
h1. Usage Notes
2
3 13 Wolfgang Wiedmeyer
{{>toc}}
4
5 12 Wolfgang Wiedmeyer
General-purpose usage notes and tips can be found on this page.
6
"The website":https://www.replicant.us/freedom-privacy-security-issues.php#recommendations also provides recommendations and general advice.
7 1 Paul Kocialkowski
8 2 Wolfgang Wiedmeyer
h2. Enabling root access
9
10
To allow root access, open the *Developer options* in the settings. There, press *Root access*. In the pop-up menu, select either *Apps only*, *ADB only* or *Apps and ADB*, depending on how you want to restrict root access. See [[ADB]] for more information about root access with ADB.
11
12
h2. Device Encryption
13 1 Paul Kocialkowski
14 20 Denis 'GNUtoo' Carikli
While that Android feature is called "Device encryption", it doesn't encrypt everything.
15
16
For instance, on a Galaxy SIII, enabling "Device encryption" only encrypts the USERDATA partition.
17 6 Wolfgang Wiedmeyer
18
h3. Setting a device encryption password separate from the lockscreen password
19
20
By default on Android, the encryption password is the same as the lockscreen password. As users tend to use a simple PIN, password or pattern for the lockscreen, the encryption can be easily circumvented with a "brute-force attack":https://en.wikipedia.org/wiki/Brute-force_attack.
21
22
Replicant allows to set an encryption password that is not tied to the lockscreen:
23
# Encrypt your device (In the settings: *Security* -> *Encrypt phone*)
24
# After the phone has rebooted and the encryption is set up, select *Change encryption password* in the *Security* menu of the settings
25 19 Denis 'GNUtoo' Carikli
# Choose a strong passphrase. You will only have to enter this passphrase once when the device boots. There is a section below that elaborates more on how to choose a strong passphrase.
26 6 Wolfgang Wiedmeyer
# Reboot the device and verify that the encryption works properly by entering the previously chosen passphrase
27
28 1 Paul Kocialkowski
If a separate encryption password is in place and a PIN or password is set for the lockscreen, another security measure is active: After five unsuccessful attempts to unlock the screen, the device is rebooted and the attacker is faced with the much stronger encryption passphrase. This makes brute-force attacks on the lockscreen much harder.
29 19 Denis 'GNUtoo' Carikli
30
h3. Choosing a strong passphrase
31
32
As Android uses cryptsetup, most or all the "Cryptsetup FAQ":https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions also apply to Replicant as well.
33
34
That FAQ has a "Security Aspects":https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#5-security-aspects section where it details the cost of breaking a passphrase in a table like this one: 
35
36
|_. Passphrase entropy |_. Cost to break |
37
| 50 bit | EUR/USD 600k |
38
| 55 bit | EUR/USD  20M |
39
| 70 bit | EUR/USD 600B |
40
| 75 bit | EUR/USD  20T |
41
42
Be sure to look at the FAQ for potentially more up to date figures and the details that goes with them.
43
44
As for calculating the passphrase entropy, tools like keepassxc (which is available in Parabola) have a password generator that is able to calculate the entropy. At the time of writing, in keepassxc, this can be found in @Tools->Password generator@.
45
46
h3. Real example of a bad password
47
48
For instance if we use @Replicant@ as a password is a very bad idea for several reasons:
49
* Casual attackers knowing that the device is running Replicant and can simply try various variations on Replicant by hand. They'll most probably find it.
50
* Attackers can easily copy the encrypted partition and try entries from dictionaries, it will probably find it very fast too.
51
* Slightly more sophisticated attackers probably have optimized dictionaries that try variations on common words with accurate statistical models. It will probably find it very fast too.
52
* Even with brute-force it's way too easy to find: It's too short and not enough random. Using Keepasxc to calculate the entropy gives us 15.32 bits of entropy. That's about 20452 tries in average (1/2 * 2^(bits of entropy in passphrase, according to the cryptsetup FAQ). So even with a slow computer that only does 1 try per second, we only spend 5h40 to find it.
53
54
h3. Evil maid attacks
55
56
Replicant doesn't have protections against "Evil maid attacks":https://en.wikipedia.org/wiki/Evil_maid_attack
57 6 Wolfgang Wiedmeyer
58
h3. Other tips
59
60 1 Paul Kocialkowski
* Do not set the default keyboard (LatinIME) as a non-system app if you use encryption: it will prevent you from entering the password to open the encrypted storage.
61 3 Wolfgang Wiedmeyer
62 10 Wolfgang Wiedmeyer
h2. Browser and webview: freedom and security issues
63 8 Wolfgang Wiedmeyer
64
The default Browser has JavaScript enabled and runs the JavaScript that is loaded when you visit a website. Replicant has no mechanism to check if the complex JavaScript programs that are included in some websites are free software. See the "JavaScript Trap":https://www.gnu.org/philosophy/javascript-trap.en.html article for more general freedom-related information about JavaScript.
65
66
Not only browser apps might run non-free JavaScript. Some apps include an embedded view that loads websites which is called webview. Although app developers can disable JavaScript for the webview, JavaScript is usually enabled in the webview. So you might run non-free software inside a webview.
67
68
For these reasons, it is recommended to disable JavaScript by default in the browser settings. As most browser exploits require JavaScript to work, you can also prevent that malicious websites can make use of security issues with your browser. Unfortunately, the currently used webview in Replicant has many security issues. See #1780 for more information. So disabling JavaScript helps a lot in securing your device.
69
70
h3. Prevent usage of the embedded webview in apps
71
72 9 Wolfgang Wiedmeyer
Some apps have a setting that allows to use an external browser to view websites. This ensures that the embedded webview is not used and websites are loaded with a browser you can configure for security and privacy and that allows to disable JavaScript.
73 8 Wolfgang Wiedmeyer
74
h3. Use AdAway
75 1 Paul Kocialkowski
76 9 Wolfgang Wiedmeyer
"AdAway":https://f-droid.org/repository/browse/?fdfilter=adaway&fdid=org.adaway blocks a lot of known malicious websites that contain spyware and malware. However, using AdAway does not guarantee that all malicious websites or domains in general are blocked or that only free JavaScript is loaded.
77 1 Paul Kocialkowski
78 9 Wolfgang Wiedmeyer
h3. Use two web browsers
79 1 Paul Kocialkowski
80 9 Wolfgang Wiedmeyer
The "Lightning browser":https://f-droid.org/repository/browse/?fdfilter=lightning&fdid=acr.browser.lightning works well with Replicant, but it is prone to the same security issues as the default browser or the webview in general. However, this browser can be better configured for privacy and security. It is recommended to go through all the settings and to not only disable Javascript, but also to enable other settings that enhance privacy and security.
81
82
If you use Lightning as your default browser with the above described configuration, some websites might not work due to disabled JavaScript or other settings. But if you are sure that these websites do not contain non-free JavaScript, spyware or malware, you could load these websites with the default browser that has JavaScript enabled. This way, you do not need to enable JavaScript or disable other conflicting settings in Lightning for certain websites and revert the changes afterwards again. The default browser is then your browser for trusted websites with only free programs, while you visit all other websites with the configured Lightning browser.
83 5 Wolfgang Wiedmeyer
84 18 Kurtis Hanna
**Note: The recommendation above to use the Lightning browser needs to be reviewed because it hasn't been updated in "over two years":https://f-droid.org/en/packages/acr.browser.lightning/
85
86 16 Jeremy Rand
h3. Use a Gecko-based web browser
87
88
Gecko-based web browsers (such as "IceCatMobile":https://f-droid.org/packages/org.gnu.icecat/ and Orfox) don't use WebView, and therefore don't have the security issues associated with WebView.  However, Gecko-based web browsers require [[Graphics#Enabling-llvmpipe-as-software-renderer|enabling llvmpipe]].
89
90
Note that "Firefox Klar":https://f-droid.org/packages/org.mozilla.klar/ uses "WebView, not Gecko":https://github.com/mozilla-mobile/focus-android/issues/13, and therefore does have the security issues associated with WebView.
91
92 14 Wolfgang Wiedmeyer
h2. Backups
93
94
Backups can be made using "oandbackup":https://f-droid.org/repository/browse/?fdfilter=oandbackup&fdid=dk.jens.backup or @adb backup@.
95
96
If you created a backup of system applications before switching from the factory image or a different Android distribution to Replicant or before an upgrade to a new major release (e.g. from Replicant 4.2 to Replicant 6.0), restoring this backup will cause issues. The [[Index#Replicant-installation|installation pages]] require a factory reset in these cases because the data is incompatible, so a backup of the data is incompatible as well.
97
98
SMS and contacts apps usually provide ways to export contacts and messages. Using these means to backup and restore the data will likely be successful and won't result in misbehaving apps.
99
100 5 Wolfgang Wiedmeyer
h2. Camera app
101
102
* If the front camera on your device [[ReplicantStatus|requires a non-free firmware]], selecting the front camera will crash the app and you will not be able to use the app unless you delete the data of the app: 
103
104
  # In the settings under *Personal*, select *Apps* 
105
  # There will be two apps named *Camera*. Select the second one that has a camera as icon. 
106
  # Press *Storage*
107
  # Select *Clear Data* and confirm the dialog
108
109
  You should now be able to use the camera again. 
110
111
* If the camera app freezes when you take a picture, press the shutter button a second time. This should restart the camera in the background and take the picture.
112 7 Wolfgang Wiedmeyer
113
* If your device [[ReplicantStatus|needs a non-free firmware]] for hardware media encoding/decoding, video recording will not work.
114 3 Wolfgang Wiedmeyer
115
h2. Barcode scanning
116
117 4 Wolfgang Wiedmeyer
The mostly used barcode scanner app "ZXing":https://f-droid.org/repository/browse/?fdfilter=zxing&fdid=com.google.zxing.client.android has a slow preview. The "privacy-friendly QR Scanner":https://f-droid.org/repository/browse/?fdfilter=qr+code&fdid=com.secuso.privacyFriendlyCodeScanner has a faster preview.
118
119
h2. Video playback
120
121
Viewing videos in the gallery or in the browser is not possible. See #1539 for background information.
122
123
Only the VLC app is known to be able to play videos on Replicant. Make sure to disable hardware acceleration in the settings to prevent crashes.
124
125 11 Wolfgang Wiedmeyer
h2. Terminal emulator
126
127
Replicant 6.0 includes a minimal terminal app, but it is not accessible by default. To make the app visible in the launcher, open the *Developer options* in the settings. In the *Debugging* section, enable *Local terminal*. A more feature-complete terminal emulator is available from F-Droid: https://f-droid.org/repository/browse/?fdfilter=terminal&fdid=jackpal.androidterm.