[SECURE] Encrypted phone storage & Permitions of Android apps
 

I want to start post about increasing secure of Sailfish OS for end-users.

Many geeks are using on their phones Cyanogenmod, becouse it is provide feature to delete android permitions of installed apps.

Is any way to delete permitions of Android apps in Sailfish OS? Is more interesting proprietary applications, but I do not want to allow applications to do everything in the system that they have requested(try to remember story about Skype, apparmor, and reading /etc/shadow).

If way is, is it usable for everyday usage?

Also, many geeks encrypte SMS, contacts, emails on their Android and iOS phones. Can I have same feature on Sailfish OS?
If you will lost your phone, bad guys can read your files, change passwords in your accounts (if it save on your losted device), and have fun with your torments.

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

That is why you generally want to have the lock code enabled on your device.

Lock code will prevent the easy attacks; booting the device, flashing another boot image, connecting to device with USB.
What it doesn't protect is attacking the device via boundary scan or physical chip attacks. (However it will indeed stop the casual hackers)

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

I have a login PIN code. I want to save my private files. If I lost smartphone, anybody can try to remove PIN. If he win, he can read my files.

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

By "login PIN" do you mean the device lock code?
It is not easy to remove that.
I'd say it is pretty difficult indeed... How do you propose going around it?

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

But the service center can be, is not it?

And after deleting PIN, user can get from service center smartphone with files and accounts (with saved passwords) of old owner.

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

I don't think so. AFAIK what is possible at service is to cold-reflash it so that all content is wiped, but it is not possible just to remove locking so that content is readable.

This is why it is called "Lock code" :D

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

Oh... It is good news :)

May be also is solution for android apps?

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

This is true, as I dound to my cost when I borked my lock code with limited retries. :o

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

But all the data is still there, unencrypted. And I would not want to place my bets that there is no mechanism for going around the lock (UART, JTAG, etc.). You might also have sensitive data on the uSD card.

The only way to be sure no one can get to your (or to any third party data you might have) is to use full disk encryption. Then the stolen/lost device is basically just holding a lot of random data. :)

Re: [SECURE] Encrypted phone storage & Permitions of Android apps
 

May be, we need a new topic for android permitions removing feature?
I think, it is also very important and affected privacy very much.