Main Page

From SaferMobile

About SaferMobile

Activists, rights defenders, and journalists use mobile devices for reporting, organizing, mobilizing, and documenting. Mobile phones provide countless benefits -- they are relatively low cost and allow for increased efficiencies and vast reach, for example -- but they also present specific risks to rights defenders and activists. It is critically important to know that mobile communication is inherently insecure and exposes rights defenders and those working in sensitive environment to risks that are not easy to detect or overcome.

The goal of the SaferMobile Project is to help activists, human rights defenders, and journalists assess the mobile communications risks that they are facing, and then use appropriate mitigation techniques to increase their ability to organize, report, and work more safely.

We do this by providing:

• Online and offline educational and tactical resources (risk evaluation tools, case studies, how-to guides, security tool reviews);
• Trainings and curricula;
• Specific mobile security software focused on the needs of rights defenders, activists, and journalists.

Funding for SaferMobile is provided in part by the Bureau of Democracy, Rights, and Labor of the U.S. Department of State, Google Inc, and other private donors.

Principles

• We believe that skilled, trained, and knowledgeable activists, journalists, and rights defenders are key to democratic changes. We also believe that the smart and effective use of technology constitutes an integral piece of their skill set.
• The better activists, journalists, and rights defender are able to work, the more safely they are able to organize and communicate, the more likely it is that their work is effective and heard.
• We are committed to accessible, useful, actionable, and technically accurate and secure content, materials, and software.
• We are committed to describing technological vulnerabilities in terms that non-technical users can easily understand.
• We are committed to working with activists on the ground to ensure that the content we produce addresses real uses and risks.
• We are committed to building responsive connections between activists and security professionals so that both are more able to assess and respond to changing risks.
• We are committed to maintaining information that reflects current security risks and technological vulnerabilities and is vetted for security and technological accuracy by knowledgeable experts.

Roadmap and Process

The SaferMobile project is currently in Phase 2 (May - Dec 2011). Phase 1 (2011 Jan - April) included needs assessment with users and peers – activists, rights defenders, journalists, technologists, security experts, and mobile developers. Through this research, we’ve outlined plans for web content, training curriculum and tools (software) and are now creating these pieces in Phase 2. We have been developing web resources, software, and training materials and publishing them here and on the MobileActive.org site. We will launch our SaferMobile project site in Fall 2011.

Our approach is iterative and open – we work as a team to develop ideas and welcome review and comments from peers. All content is reviewed by team members and peers prior to revision and posting and subject to frequent updates and revisions.

Team

SaferMobile is a project of MobileActive.org. Other contributors to SaferMobile include:

• The Guardian Project working on mobile software tools for SaferMobile
• Tom Keunen, Protektor Services
• Melissa Loudon, mobile developer and a Ph.D. student at the USC Annenberg School for Communication & Journalism
• Ramy Raoof who works with human rights NGOs on utilizing online platforms and digital devices for human rights, and helps activists to maintain their privacy and security online. He blogs here.

Get in touch with Us

We welcome your comments to keep us on track, and useful to your real needs. We're particularly interested in suggestions and requests that you have for additional content topics and tools.

• FAQ - This is a collection of mobile-security questions from activists, human rights defenders, journalists and techies. Please add your mobile security questions here.
• on Twitter: @safermobile
• via email: info@safermobile.org

Guides and Worksheets

Mobile Basics

Help in understanding the basics of mobile devices and networks, and how they work so that you can better understand risks. This includes longer written descriptions as well as a glossary with short definitions for common terms.

• Mobile Lockdown Guides - Guides for using native settings on your device to use your phone more safely. These are one-page, device-specific and available for a variety of manufacturers and models Lockdown Guide blogpost

Mobile Security Risks

Primer for Activists, Rights Defenders, and Journalists. A description of security vulnerabilities associated with mobile phone technology and specific uses of mobile devices; tactical advice on how to mitigate some of these risks.

Mobile Security Risk Assessment. A guide to assessing mobile security needs and creating security policy in your work.

Security Guides to Common Applications and Services

Under development, early May. Guides to include tools commonly used by activists and rights defenders including but not limited to: mobile data collection, SMS systems, crisis report aggregators, mobile web sites, voice systems, java apps.

• Safer Twitter
• Safer Facebook
• Using HTTPS for Secure Mobile Browsing
• Are your apps trustworthy? 6 questions to ask

Security Tool Reviews

Under development, July. Reviews of open-source and proprietary security tools available in the commercial market; and guides to choosing appropriate tools for your specific risk level.

Tactical Guides for Mobile Security

Ongoing development. Guides to using mobile phones more securely while participating in activism.

• Mobile Tactics for Participants in Peaceful Assemblies

Mobile Security Reports

Blog posts about current events and topics in mobile security, some cross-posted from MobileActive.org.

• Who Cares Where I am Anyway? An Update on Mobile Location Tracking
• The Bug in your Pocket: Remote Listening Applications for Mobile Phones

Training Materials

available in July

Trainer's Reference Manual An in-depth set of materials for all trainers including content published on SaferMobile and references to content from other sources. This is a comprehensive resource for trainers to learn and teach the mobile security curriculum, prepared to assist novice trainers as they master the material for training and experienced trainers who need to fill in knowledge gaps.

Training Modules Includes suggested curriculum -- sequences, content, and exercises for trainings of different lengths and ranges of trainee-expertise.

Training Guide Guidance for trainers in preparing and delivering mobile security trainings including: How to design and adapt modules for the trainees and context, tips for preparing and delivering training.

Pre and Post-training surveys for measuring trainee baseline knowledge and assessing needs for training curriculum and for assessing retention of curriculum.

Mobile Software

In addition to providing tactical advice and insight through research and documentation, the SaferMobile project plans to release simple, usable software tools that help normal users better protect themselves and detect filtering and/or censorship. We are developing these mobile software applications specifically in response to threats activists, rights defenders, and journalists in insecure environments face. Software developed by us and our partners is driven by an assessment of needs of activists in specific countries. We follow an agile software development methodology with user testing and rapid, iterative releases. All software projects developed by SaferMobile are free (gratis and libre) and open source.

"In the Clear" App Suite

The in The Clear mobile application suite is a set of tools designed to fit the needs of anyone working in situations where there is a risk of confiscation of their phone and/or detention. Mobile devices serve as a valuable tool for organizing and communicating, but they can also be used against you by technically savvy adversaries. Simple information on your phone such as the Address Book, Call Log, and Camera photos can easily be extracted off your phone and used as incriminating evidence. In the Clear allows you to automate emergency communications and erase personal information from your phone with a single click. The application suite consists of three major features: Shout (alert your contacts via SMS), Wipe (erase or hide your personal data), and Panic (trigger it all with a single click). We're working to make the app suite compatible with Symbian, BlackBerry and Android platforms.

Learn more on the product page: InTheClear

SMSTester: Mobile Network Test Utility

SMSTester is a simple mobile application (currently for Android only) that allows a user to create a set of keywords to be sent as SMS messages. When installed on both ends of an SMS conversation, it enables the user to inspect specifics about SMS delivery on their network(s), including message latency, SMSC, lacid, etc. Our first field trial using SMSTester was completed in April 2011. Initial results, along with links to source data, are posted here. After patching a few initial usability bugs, we've publicly released the application code here. We would welcome other groups to comment and run SMSTester in a second controlled run of tests. Please contact us if you are interested.

Learn more on the project page: SMSTester

Existing Mobile Security Apps and Tools

Mobile Security Tools

Relevant Events

Upcoming Events

Past Events

• "Don't be fooled" Mobile Security Hackday; Fri 4/1 9:30am- 5pm; Open Mobile Lab, 127 W 27 St, Suite 702, NYC
• OSMOB Open Source Mobile Hackday; Fri 4/29, 10 am - 7 pm, PariSoma Innovation Loft [1] 169 11th Street (and Natoma) in San Francisco.

Threat Tracking

Here we track global events relevant to our investigation of mobile safety and security.

Documented Incidents

Publicly documented cases where mobile phone exploits have been used to indict, convict or otherwise threaten someones safety.

Known Exploits

Published exploits that take advantage of software or hardware bugs or features on mobile phones.

Other Resources/References

Previous MobileActive.org Resources

• Safer Photos: How to remove location information from mobile images, March 10, 2011.
  This article and screencast shows you how to remove location information from photos taken on a mobile phone.
• A Guide to Mobile Security for Citizen Journalists, March 1, 2010.
  This guide for Mobile Security gives an overview and provides recommendations for secure browsing, secure content uploading, and using "throw-away phones" for organizing and communications. We note that secure solutions for mobile communications are currently lacking, however!
• Mobile Surveillance - A Primer, June 10, 2009.
  This is an article identifying risks of mobile communication and offering some suggestions for mitigating these risks.
• Internet Security Resources, living document, last edited Feb 20, 2011.
  A matrix of mobile and information security resources available online.

Articles

• Your Apps are Watching You
  An excellent article in Wall Street Journal discussing the results of an investigation into smart phone app transmission of your private data and the lack of oversight given to users to control this. Includes a visualization of the study results.

Papers, Books, Blogs and Sites

• Roadmap for Privacy by Design in Mobile Communications: A practical tool for developers, service providers, and users, www.privacybydesign.ca, December 2010.
• Security and Usability, Lorrie Faith Cranor, Simson Garfinkel, August 2005. A compilation of 34 essays on the topic of computer systems that are secure and usable written by leading security and human-computer interaction (HCI) researchers on authentication, privacy and anonymity, secure systems, and commercialization.
• Schneier on Security A blog covering security and security technology written by Bruce Schneier, computer security expert. 
  
• Wireless Security - Cellular Networks Overview: 69 slide intensive overview by Jinyuan Sun, Professor, College of Engineering, University of Tennesse
• GSM for Dummies: Introduction to the Global System for Mobile Communictions (or Groupe Spécial Mobile) with excellent glossary and diagrams of network architecture

Email Lists

• Liberation Tech- The Program on Liberation Technology seeks to understand how information technology can be used to defend human rights, improve governance, empower the poor, promote economic development, and pursue a variety of other social goods.
• p2p Hackers - Theory and practice of decentralized computer networks
  

Interesting Projects

• App Genome https://www.mylookout.com/appgenome/. Feb 2011. Created by Lookout Mobile Security, the App Genome Project is the world’s largest mobile application dataset created to map the anatomy of mobile applications across multiple mobile platforms and app markets. To date, the project has analyzed more than 500,000 Android and iOS applications. The App Genome Project is an ongoing effort to provide insight into mobile market dynamics, gain insight into how mobile apps access personal data and sensitive capabilities on mobile devices, and identify security threats in the wild.

• http://www.avoidr.org/ Avoidr. "Keep your friends close and your enemies down the street. Avoidr uses Foursquare to check in where your not-friends are so you can avoid them."
  Wired Article about Avoidr, June 29, 2010. "White hat uses Foursquare privacy hole to capture 875k check-ins"

• Creepy a "geolocation information aggregator" that analyzes a user's tweets, Facebook posts, and Flickr stream, generating a map of where that person is, as well as the specific locations they frequent.
  http://www.huffingtonpost.com/2011/04/04/creepy-app-for-stalkers-social-networking_n_844791.html HuffPo Article about Creepy, April 4, 2011.

• http://www.opencellid.org/ OpenCellID;
  This project is an open source project, aiming to create a complete database of CellID worlwide, with their locations
  Project will provides free access to tools, data to not only create this database, but also retreive location informations.

• http://opensignalmaps.com/about.php OpenSignalMaps
  With your help, we're creating a comprehensive database of cell phone towers, cell phone signal strength readings, and Wi-Fi access points around the world. This data is collected via our Android application and uploaded to our servers, taking care to use as little processing power and battery life as possible.