Security: Pwned edited this page Jul 30, 2015 · 25 revisions

Welcome to the place of questions asked a million times! Get your answer here. Again. :smile_cat:

Index of Questions

Q: Why won't you upload your App to the Google Play Store?

A: We have extensively discussed this in #202. The downside of being on GooglePlay is that we'd be supporting all the privacy violations that Goggle stands for, and completely contradict all the independence that we've been working for. We just got rid of Google Apps/Maps dependence, so why keep them happier by also having to pay for their spam bullshit. Really!? Put in this context, also having to pay 25 USD for a Google Play Account should be considered abuse of the Android community. No thanks. Furthermore, Google has done nothing to resolve Issue 5353 (Ciphering Indicator) even though users screamed since 2009 to have that feature implemented. Ultimately, none of our team members agrees with the creepy terms and conditions on GooglePlay. Our project is not just here to provide countermeasures against privacy violations for the innocent people out there, but also to make people use their brains to get the idea behind free, open-source and unchained software - which GooglePlay does not promote nor support at all. And as long as Google collaborates to add backdoors to Android, is able remotely uninstall apps from our phone and builds military robots, we feel that having our app (or even just an installer) on GooglePlay is the wrong signal. We've got to stand up against any form of surveillance! Please do NOT upload our app on GooglePlay! Tell us if you see our app on GooglePlay!

Q: There are similar projects, why won't you stop work?

A: In simple words: Because we truly believe in our App, are very passionate about it and love Android. We don't do this for money, fame, nor to be "the cool kids on the block". Please see our note on similar projects.

Q: Why are you working on detection of IMSI-Catchers?

A: As for me, SecUpwN, IMSI-Catchers are a small "phenomenon". The sole invention of such devices and the usage of vehicles to drive around and get access to the data of the most personal device a human currently carries around each day, is a perfect example for the so-called "surveillance state" (great video: "Überwachungsstaat"). But also on a broader view how broken humanity in itself is. Furthermore, I still cannot believe that people really keep using their phones for talking about the most intimate details in their lives, even though the technology their phone uses is completely broken and every single word they say is being analyzed and stored by ECHELON. It might be that a majority of people will likely never think or care about IMSI-Catchers and governments as well as agencies listening in on their private calls, but I do feel it is my personal contribution to human mankind to work on an App that gives back some of that privacy and intimacy some people did not even realize loosing. The pure thought on IMSI-Catcher vehicles makes me shiver, but also gives me some sort of excitement (just like the one I got when listening to detective stories when I was a kid), thus I even look out for them on the streets while walking around. Knowing that there are people out there who are as concerned as I am and are working together on a tool to detect the bad guys, really makes me feel warm and fuzzy. This whole thing is a nightmare only a few people know about an fight against - yet!

Q: Is this a fully functional project or a prototype?

A: This is a work in progress (WIP) and that is exactly the reason why we are fully open source. It is a difficult task to reach our desired goals. If it was fully functional already, we would probably not have invited you to develop with us. But that does not mean you cannot already test it - grab the latest WIP-Release or compile it yourself.

Q: Sounds cool, where is this for my iPhone?

A: Sorry bro, but the iPhone will never be supported. Even though you could jailbreak your iPhone, we could never digg deep enough into iPhone internals due to the closed source APIs. In fact, the whole iOS is closed source (yet has many creative backdoors). But hey, the NSA has total access to it! You should get a shiny new Android phone and root it.

Q: Who are you guys?

A: Contrary to some of our competitor opinion, we're not M3g4G4lacticEl33tHAxor5, we're just a collection of ordinary and slightly above average tech savvy concerned citizens, who have a strong belief that individual privacy should be a basic human right and a personal choice, and not something your government can suddenly dispose of at any whim of an impulse. That is why we stand up and do something about it.

Q: Why are you anonymous?

A: Not all of us are anonymous, but we respect the fact that some of us would like to remain that way. This answer is probably slightly different for all of us. For example, E:V:A thinks:

Personally I have no problem of going public on this. I don't think anyone would come after me, at least not for something bad, but probably more to ask me to work for 'them'. However, there are mainly 3 reasons I choose not to.

  1. I have a company in a completely different field, and I do not wish to associate my hobby with that company.
  2. I'm also doing it out of principle. The principle that people should be able to stay anonymous without repercussions. Privacy should be the norm, not the other way around.
  3. The project is still in ALPHA stage, so it would be wrong to start making public presentations for something that only partially works on a few selected devices.

Q: What role do you want me to play ?

A: That solely depends on your capabilities, time and mindset. In an ideal world, you'd be primarily solving the Issues on our GitHub, contribute code through pull requests, test our App thoroughly and tell your friends. But honestly speaking, noone wants to force you doing anything. You can also just lurk around and complain that nothing is working.

Q: In what way will you compensate the work?

A: Well, great question. First of all, we are a fully open-source project and as such, everyone is free to contribute whatever they feel willing to. We have set up a way of collecting anonymous donations via DarkCoin and upon great contributions our team eventually sends out what's in the bowl to the corresponding developer. Given the fact that our project is open-source and to certain folks not as addicting as Candy Crush (ok, we admit it, we are obsessed with our project and deleted Candy Crush) the bowl is not filling itself with as much money as we'd like to hand out. But if you consider getting a little fame through being mentioned in our CREDITS to be an adequate "compensation", we definitely pay that one. We know that nobody is doing shit for free, but with a glimpse of hope, we try to make this value-based world out there may feel warm and fuzzy about our carefully crafted, and with much love coded fully open-source App. How do you feel?

Q: Why did you contact me via an anonymous E-Mail address?

A: If we did contact you, it very likely did not happen through a clear name, mail or address. Even a phone call or personal meeting will be highly unlikely. Why? Simply because the whole purpose of this project is to defend peoples right to privacy. And we all know what happens to people who hand out their clear data and stand up to fight for something the state or law enforcement agencies don't want. That does not mean you have to be scared to contribute now. But feel free to take any security measures, you may find some here.

Q: I noticed that your App uses GPS. Isn't that dangerous?

A: Let me clarify some of the use of GPS on mobile phones: Ever since the first (feature) mobile phones with GPS technology was introduced, the GPS part/chip of the phone was separated from the processor. With the introduction of more modern (smart) phones, which have their baseband (RF DSP/modem) sepearted from application processor, the GPS part was still separate and communicating with either AP or BP via a serial interface. However, since about 2012, and in particular on Qulacomm Snapdragon based smart phones, they have integrated all three. For example, in the MSM8960 family, the GPS is part of, and directly communicating with/via the modem (BP), and then eventually forwarded to AP. Only that AP/BP are now both located on a PoP chip. And as shown here, Qualcomm insists to install all relevant HW for GPS, even if no such functionality is enabled or present in rest of AP FW. Thus Qualcomm modems can never be trusted to not send GPS data to mobile network. It is simply not possible to turn off the GPS on those devices. It's all embedded. In fact in that same post, E:V:A made an experiment, where he found that GPS hartbeat data was still being fed to the debug interface, even if his device (a wifi router) did not have any such features. Welcome to Qualcomm hell! So to summarize, concerns about GPS are not unfounded, but the idea of turning it off is. You simply can't on those chipsets. You can however, rip open your device and physically add/remove the GPS frequency filters.

Q: Is what you are doing illegal?

A: NO. We are not doing anything illegal since we are not destroying anything and are not even manipulating IMSI-Catchers remotely. We are merely constructing an App that reads certain values of your phone and its network, which helps people detect an attack on their privacy. Everyone has the right to know if they're being attacked or not. Have a look at the most trivial thing, the Ciphering Indicator, which displays if your connection is encrypted or not. What, you never saw it on your Android phone? Well, what a surprise: Google never implemented it, although it is required and has been requested since 2009. And this is one of the reasons we are here. Feel free to join us to making this world a better place.

Q: What to do if I'm colorblind?

A: We have been discussing this in #449 and concluded that if you're color blind or your vision is impaired then moving to Android 5 (Lollipop) could improve your experience with our app. On Android 5+, go to System Settings > Accessibility and scroll to the Display sub-heading at the bottom. Turning on Color Inversion will dramatically change the look of your device and may be more soothing on the eye for some people. Selecting Color Correction will allow you to choose from three different color modes - Deuteranomaly (red-green), Protanomaly (red-green), Tritanomaly (blue-yellow) - which may be beneficial to some color blind users. As with the high contrast text, this is an experimental feature and may slow down your system.

Q: My brain has been hacked! Should I send you an email?

A: No, go see a doctor! See below a true email I just received:

Hello I am a victim of electronic harassment and then being hacked daily on my phone and my computer and they have cloned my phone and computer and they also have some sort of chip or SIM card in my brain or in my body and they can communicate to me through silent sound with my body or brain. These people are terrorists and they are trying to drive me insane and use artificial telepathy to hack me all day. Please search Google for artificial telepathy patents. you will find a patent that is related to artificial telepathy. If you go to the bottom you will find link patents that are involved with the artificial telepathy patent. One of the patents is for mine cloning and for virtual immortality and one for the transference of a Digital virtual mine clone into a new clone body byway making immortality possible. They are taking over the United States with this technology and they are taking over the world please help me. You can contact me anytime my name is Tyler my phone number is XXX XXX XXXX. I have uploaded my data to open cell ID. Org and download the data from there as well please contact me and you can possibly monitor my phone and see who's hacking my phone. Please help me this is life or death and this could be the end of the world with this technology please help dire straits a major emergency thank you

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.