FrontlineSMS is a software platform that enables structured communication via text messaging, using only a computer and a mobile phone or GSM (Global System for Mobile) modem. The platform enables two-way messaging between users and groups of people via mobile networks without the need for an Internet connection.
The purpose of this guide is to provide FrontlineSMS users designing, implementing, and monitoring programs with data integrity concerns in mind with a data integrity framework. The guide is intended to help users to understand, analyze, and address the vulnerabilities, risks and threats that can affect the integrity of the information communicated through the FrontlineSMS platform.
For many, mobile devices are an indispensable tool for storing and sharing increasingly sensitive information. Contacts, emails, and mobile browsing history can easily be compromised without taking the proper measures to ensure that that information is safely in the right hands... and out of the wrong ones. Newly added to our mDirectory are the following how-to guides on securing mobile email, mobile anonymity, backups, and data deletion from our SaferMobile team:
Securing Your Mobile Email - This guide catalogs the different tactics you can take to keep mobile email safe. It covers email security basics, TLS/SSL enabling, and email encryption. The guide also provides customized tactics and suggestions for Android, Blackberry, iPhone, and Nokia/Symbian phones.
Mobile Tools for Backups, Data Deletion and Remote Wipe - Anyone who has ever had their phone stolen knows how frustrating and potentially dangerous that can be. Here we have a comprehensive review of some of the tools out there for data backup and restore, data deletion, and remote wipe.
For all other materials produced by the SaferMobile team, check out this complete list (and watch for a new SaferMobile site soon!)
Mobile Tools for Backups, Data Deletion and Remote Wipe data sheet 1870 Views
Author:
SaferMobile
Abstract:
Anyone who has had a phone stolen knows the frustration of trying to rebuild your contact list, not to mention data on the phone that is unrecoverable. Worse, the data stored on your phone can be dangerous in the wrong hands. In addition to being able to impersonate you to your mobile contacts, consider the risk of an attacker who has access to some of all of the following:
Your saved contacts - names, phone numbers, perhaps also email addresses and physical addresses
Call logs - calls made and received
Stored text messages
A calendar with your appointments, or a task list
Your mobile email
Your web browser with stored passwords
Photos, video and sound recordings stored on the phone and memory card
Data stored by applications - notes, social networking contacts and posts
Three kinds of tools can lessen the pain of losing your mobile data, and limit your risk should your phone be lost or stolen.
Backup and restore tools allow you to save a backup of contacts and other data stored on your phone
Data deletion tools can be used to ‘clean’ a phone completely before disposing of it, giving it away or travelling to a location where you are worried it could be stolen or confiscated
Remote wipe tools are set up so that if your phone is lost or stolen, you are able to clean it remotely, deleting sensitive data. Many remote wipe tools also allow you to track the phone provided it has not been turned off.
Anyone who has had a phone stolen knows the frustration of trying to rebuild your contacts list, not to mention data on the phone that is unrecoverable. Worse, the data stored on your phone can be dangerous in the wrong hands. In addition to being able to impersonate you to your mobile contacts, consider the risk of an attacker who has access to some of all of the following:
Your saved contacts - names, phone numbers, perhaps also email addresses and physical addresses
Call logs - calls made and received
Stored text messages
A calendar with your appointments, or a task list
Your mobile email
Your web browser with stored passwords
Photos, video and sound recordings stored on the phone and memory card
Data stored by applications - notes, social networking contacts and posts
Three kinds of tools can lessen the pain of losing your mobile data, and limit your risk should your phone be lost or stolen.
Today's Mobile Minute brings you news about the decline of knock-off phones in China, mobile phone statistics in South Africa, the case for password protecting your mobile phone, challenges to mHealth projects in Africa, and new global mobile statistics.
A new article from the L.A. Times looks at the fall in popularity of shanzhai (knock-off) phones in China, as shanzhai phones now represent only 7% of the Chinese market, down from 20% in 2007. The article says that the trend for buying brand-name phones is due to the greater availability of low-cost smartphones, and a preference for high-end features in smartphones that the knock-offs can not replicate.
Nielsen Wire recently released a study on mobile use in South Africa, examining everything from network loyalty and social mobile use (such as downloading ringtones, wallpapers, and screensavers), to comparisons between mobile contracts and pre-paid phones and the use of SMS and mobile instant messaging services.
Do you password protect your phone? Read Write Web reports that more than half of smartphone owners surveyed by Confident Technologies do not lock and password protect their phones. If your phone is stolen, lost, or confiscated then all of your personal data (including contacts in the address book, emails saved in your inbox, and log-ins for social media sites like Twitter and Facebook) stored on your phone could be compromised; using a password makes this information harder to access.
PBS examines the hype around mHealth projects in the developing world, and whether mobile technologies are successful at managing health issues. The article looks at challenges to mHealth projects such as limited mobile access for beneficiaries, spotty network coverage, the high costs of large-scale projects, and the difficulty of maintaining charged phones.
The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers, and Users data sheet 785 Views
Author:
Cavoukian, Ann and Marilyn Prosch
Publication Date:
Dec 2010
Publication Type:
Report/White paper
Abstract:
Privacy by Design is a concept that is virally spreading around the globe. The powerful concept of engineering privacy directly into the design of new technologies, business practices and networked infrastructure, in order to achieve the doubly-enabled pairing of functionality and privacy, has gained significant adoption by governments, researchers and industry, in any number of sectors. Now that the PbD paradigm has achieved this high level of acceptance, the next major question to be addressed is – how can PbD best be operationalized?
In this guidance document, we focus on the solutions presented by the panellists – in particular, the parties to which responsibility for the implementation of each were assigned. Distinct trends were noted in the types of solution associated with each party, and it became clear that the panellists’ responses could be collected into a practical tool for developers, service providers and users – a Roadmap for Privacy by Design.
Here, we begin by describing the necessity for such a tool in the mobile industry, and then detail the Roadmap, which begins with the Device Manufacturer, travels through the OS/Platform Developer, Service Provider, and Application Developer, and ends with the responsibilities assigned to Users themselves.
Particularly for smartphones, there are many apps that promise improved privacy and security for your mobile communications. Like all apps, some are very good, but other are poorly written or overpriced, and may even be malicious. This article will help you evaluate whether you should trust their promises.
Before You Start
Security apps are most useful as part of a coherent security policy covering all your mobile communications. The Mobile Risk Assessment Primer will help you complete an inventory of mobile communications risks, and decide which are most important and most feasible to mitigate.
Once you’ve completed a risk assessment, it’s important to search broadly for security apps. MobileActive is in the process of reviewing many of these from our current list of security apps, but the mobile security landscape changes quickly. Ask friends and colleagues, read about your specific security need online, and search your device’s app marketplace. Once you’ve identified as many options as possible, it’s time to start evaluating your security apps.
Will It Work on Your Phone?
As with computer software, some mobile apps are built to work on one platform - Android, iPhone, Blackberry, Symbian, Java - and may not work on others. There may be other requirements too, such as particular phone models. Make sure the apps you have chosen are all going to work on your device.
Also consider how you will actually get the app - can it be downloaded from a web link that you open on your phone, or can you get it from an app marketplace? Some apps can also be downloaded to a PC and transferred via bluetooth or a data cable. This step sounds obvious, but it can be tricky when you don’t have stable Internet access on your phone or aren’t used to the app install process.
Facebook has more than 500 million users, half of which access the site through their mobile phone. Being able to communicate your message to an audience this large is exceptionally valuable. At the same time, your activities on the site generate very detailed information about you and your networks. If you are concerned about surveillance, this information can put you at risk. This how-to explains what those risks are and how to use Facebook on your mobile device more securely.
Facebook has more 500 million users, half of which access the site through their mobile phones. Being able to communicate your message to an audience this large is exceptionally valuable. At the same time your activities on the site generate very detailed information about you and your networks. If you are concerned about surveillance, this information can put you at risk.
Assess Your Facebook Mobile Risks
Like Twitter, Facebook is a way to get your messages to a potentially large audience. It is not a secure method of communication for sensitive information.
This article offers advice about how to mitigate risks when using Facebook as a dissemination and organizing tool. In particular, we consider the following risks:
The risk that your public activities on Facebook reveal compromising information about you or your networks - for example, revealing the identity of supporters or identifying people who were present at a particular event.
The risk of your private information being revealed to a third party without your consent.
The risk that your account details (username and password) are discovered, and that someone may impersonate you.
The risk of your account being deleted or suspended.
The risk that Facebook is blocked or becomes inaccessible.
in general, you should only use Facebook to share information that you consider public. Public information can be freely distributed by you, your organization, and your supporters, without any risk to individuals or organizational operations. In communicating public information, you can send and receive this information without taking any precautions.
Smartphones (iPhone, Android, Blackberry, Windows Mobile, Symbian) and many feature phones allow you to download and install mobile applications (“apps”). Apps do many useful things. However, some apps (and other types of software, such as your mobile operating system) can also present security risks. These include:
Apps and other software may have access to information stored on or generated by your phone.
Apps and other software may have the ability to transmit this information using your phone’s Internet connection.
Maliciousapps or other mobile software installed on your mobile device can expose you to the following risks:
With smartphones gaining market share, malicious apps are beginning to pose a serious threat. In an article titled “YourAppsAreWatchingYou”, the Wall Street Journal tested popular iPhone and Android apps, and found that of 101 apps tested, 56 transmitted a unique identifier for the phone without informing the user or asking for consent. 47 apps also transmitted the phone’s location, while 5 sent age, gender or other personal details to various companies. The AppGenomeProject reports that 28% of all apps in the Android Market and 34% of all free apps in the Apple App Store have the capability to access location, while 7.5% of Android Market apps and 11% of Apple App Store apps have the capability to access users’ contacts.
It can be very difficult to tell which apps are safe and which are not. App behaviours that might not bother most users, such as transmitting the phone’s location to an advertising server, can be unacceptable to people with higher privacy and security requirements.
This article offers suggestions on how to assess risks to security and privacy posed by apps.
Despite the smartphone craze of the past 5 years, featurephones are still king in much of the world. From the perspective of activists, rights defenders, and journalists, they cannot be ignored. And feature phones have plenty of built-in capability to help users stay safer. During the course of our research, we've uncovered valuable features that even the most experienced users may not be aware of.
As a part of SaferMobile, a project of MobileActive.org, we've focused on documenting the most important ways that a user can lock down a mobile handsets. No external apps or special tools are required, just a charged battery. We've condensed these tips into single-page, device-specific reference guides for a variety of makes & models that get straight to the point. And yes, we made sure to cover smartphones and featurephones.
This article contains information to help you understand and mitigate mobile security risks related to Twitter. As always, remember that risks are context-specific, and depend on the environment you work in as well as whether you are communicating sensitive information. For more information on risk assessment, please review the Guide to Mobile Security Risk Assessment.
Twitter is a way to get your messages to a wider audience. However, you should know that from any platform (computer or mobile phone), it is not a secure method of communicating sensitive information. Consider the following guidelines:
Your Tweets should only contain information you want to widely and publicly share. This should be public information that can be freely distributed by you, your organization, and your supporters, without any risk to individuals or organizational operations.
Even if you protect your tweets so that only followers can see them, followers can easily retweet your messages, or access them over an insecure connection.
Talking About Killing: Cell Phones, Collective Action, and Insurgent Violence in Iraq data sheet 1489 Views
Author:
Shapiro, N. Jacob and Nils B. Weidmann
Publication Date:
May 2011
Publication Type:
Report/White paper
Abstract:
Cell phones are assumed to enhance communication among insurgents, thus making it possible for them to coordinate more effectively. On the other hand, mobile communications can also hamper insurgent activity, by allowing the population to share information with counterinsurgents.
This paper makes a first attempt to provide a systematic test of the effect of cell phone communication on conflict. Using data on Iraq’s cell phone network as well as event data on violence, we assess this effect at two levels. First, we analyze how violence at the district level changes as a result of the introduction of new cell phone towers. Second, using a novel identification strategy, we examine how insurgent operation in the tower’s vicinity is affected by the introduction of coverage.
Taken together, our results show that mobile communication seems to increase the information flow from the population to the military, thus reducing insurgent effectiveness and ultimately, violence.
Safer Photos: How to Remove Location Information from Mobile Images data sheet 12919 Views
Author:
Melissa Ulbricht
Abstract:
This article and screencast shows you how to remove location information from photos taken on a mobile phone.
In a previous post, we described how to add location information to mobile content, including images and stories. For some reports, location information adds value, context, and interest to venue-specific reports. But today, we talk about how to remove that same location information. This is also detailed, step by step, in this screencast.
Towards End-to-End Security in Branchless Banking data sheet 1562 Views
Author:
Panjwani, Saurabh
Publication Date:
Feb 2011
Publication Type:
Report/White paper
Abstract:
Mobile-based branchless banking has become one of the key mechanisms for extending financial services to disenfranchised populations in the world's developing regions. One shortcoming of today's branchless banking systems is that they rely largely on network-layer services for securing transactions and do not implement any application-layer security. Recent attacks on some of the most popular branchless banking systems show that these systems are not end-to-end secure.
In this paper, we make the case for designing mobile-based branchless banking systems which build security into the application layer of the protocol and guarantee end-to-end security to system users. Our main contribution is a threat model which effectively captures the goals of end-to-end authenticated transactions in branchless banking. This model, besides incorporating the obvious external threats to a protocol, also accounts for the possibility of insider attacks - those mountable by banking agents or other human intermediaries in the system. We then provide recommendations for solution design based on the security requirements of our model and the infrastructural constraints under which branchless banking systems operate.
Mobile communications are very easily surveilled. There is a need for anonymity services so that monitoring governments and networks cannot track user activities. This tracking should be prevented even if the surveilling party has information about what websites or information the user is browsing.
Orbot provides an anonymity engine which implements Tor on the Android Operating System. When coupled with a browser, or instant messaging client, Orbot can disguise the source of activities on the Internet. Anybody monitoring the connection to the internet-based service will not be able to tell the source of the web transation.
Tool Category:
App resides and runs on a mobile phone
Key Features :
Orbot is an application that allows mobile phone users to access the web, instant messaging and email without being monitored or blocked by their mobile internet service provider. Orbot brings the features and functionality of Tor (see technical overview or lay man's guide) to the Android mobile operating system.
A Guide to Mobile Security for Citizen Journalists data sheet 15163 Views
Author:
Melissa Loudon
Abstract:
Citizen journalism, and with it the rise of alternative media voices, is one of the most exciting possibilities for mobile phones in activism.
Mobile phones are used to compose stories, capture multi-media evidence and disseminate content to local and international audiences. This can be accomplished extremely quickly, making mobile media tools attractive to citizens and journalists covering rapidly unfolding events such as protests or political or other crises. The rise of mobiles has also helped extend citizen journalism into transient, poor or otherwise disconnected communities.
However, for those working under repressive regimes, citizen journalism can be a double-edged sword. Anything you create and disseminate can be used against you, whether through the legal system or in other more sinister forms of suppression.
This guide for Mobile Security gives an overview and provides recommendations for secure browsing, secure content uploading, and using "throw-away phones" for organizing and communications. We note that secure solutions for mobile communications are currently lacking, however!
Citizen journalism, and with it the rise of alternative media voices, is one of the most exciting possibilities for mobile phones in activism.
Cryptosms provides sms encryption for mobile phones running j2me. It is open source and under GPL license. It uses a public/private key scheme. See cryptosms.org for more details and a list of supported devices.
Tool Category:
Runs on a mobile phone
Key Features :
Public/private key pair encryption of sms, exchange of keys, key verification via fingerprint, completely separate from the normal sms programme, no interference with normal phone operations, all data (keys, received sms, addressbook) is in a crypto container secured with a passphrase...
As smartphones proliferate around the world, we ought to remain cognizant of what information we share on those phones with applications, application developers, advertisers and marketers. Phones are incredibly personal, always on, and always with most of us. As a result, they can reveal sensitive information. In fact, it is time for smartphone users to put pressure on application developers, platform providers, and eventually legislators to protect private and potentially sensitive information.
The Electronic Frontier Foundation recently published a paper on locational privacy. Because smartphones know where we are (using GPS, and if not, using applications such as Google’s My Location service), they can reveal a lot of information about activities, patterns of behaviour, and relationships we have.
Must work on mobile devices that are widely used in Asia (China in particular, but also Myanamar) and the Middle East (Iran for example). These are regions where State-sponsored Internet blocking is rampant.
Must be possible to download and install by a non-technical device owner using a simple one-click install, with an optional settings step and optional advanced settings.
In our ongoing and ever-expanding series of how-to resources for NGOs and grassroots organizations using mobile technology in their work, we are releasing a new primer on "Mobile Surveillance." Our reviewer, Melissa Loudon, gives an overview of mobile surveillance risks and tips and tools on how to prevent surveillance for secure communications.
I recently had a chat with Patrick Meier, a doctoral student at Tufts University, and am thrilled to have started a conversation. Patrick is doing his dissertation on what he calls the "iRevolution," activism, repressive regimes and who is winning in the cat and mouse tech game. (And yes, I am paraphrasing!) He generously allowed us to repost one of his pieces on secure SMS and a mobile equivalent to TOR. We'll be in close touch with Patrick as he delves into the research - it's much needed and great work.
WirelessWeek: Analysts predicted SMS revenues of up to $80 billion worldwide in 2007, with the number of text messages expected to reach a whopping 1.8 trillion by 2010.
