Ralf C. Staudemeyer

Security Researcher

Ralf C. Staudemeyer (b. 1973) has a doctorate in computer science and shows more than 15 years of international experience in research, teaching and application. His research interests are in the fields of network security, artificial intelligence and privacy-enhancing technologies. As an IT expert he also gathered founded expertise in
planning, administration, protection and monitoring of modern networks. Currently, he is a world traveler, scientist and author.

Presentation: Android(in)Security

Data economy is definitely not a property in mind when thinking about the Android OS. Nevertheless android-based cryptophones are available. This shows that there is need for an Android-flavor with a dedicated focus on privacy.

We want to discuss if and how we can turn our standard Android phone into a device which gives us significant more control over our data. It is challenging to achieve a strong security property like anonymity on the base band layer as fiddling with IMAI and IMSI is seen as a criminal act in most countries. Nevertheless there is a lot of control to be gained by using encrypted VoIP for voice communication and to rely on VPN solutions to protect content data, or even resist traffic analysis.

Most of the work that can be done with reasonable effort is on the OS level. First we will show what we can do without rooting, and how far can we make it without a custom firmware. Then we will cover how to get a decently secure device given we are prepared to sacrifice some comfort.

Steps include replacing Google apps with custom apps, using private cloud services, securing mail and chat, and getting rid of popular apps that leak data – given the train wreck of Android’s apps rights system there is not much alternative. Finally, we’ll talk about the risks and benefits of alternative app stores, rooting and custom firmwares.

This talk is a reminder. You can turn your standard Android phone into a device which gives you significant more control over our data. It just needs a little bit of love and sacrifice.

Presentation @DefCamp 2014