How To Build Your Own Libro

This guide is geared for use on the Nexus 7 and Kindle Fire HD (non-bootloader/wifi-only devices), but is generally useful for any devices that wants to be configured in a more secure, privacy-enhanced manner.

From 0 to Firmware

  1. Purchase a Nexus or Kindle Fire HD (2013 edition - no mic, camera!)
  2. Root and unlock the bootloader of the device
    1. Nexus: http://www.redmondpie.com/how-to-root-android-4.3-on-nexus-4-7-10-and-galaxy-nexus/
    2. Kindle Fire HD: Info: http://androidcowboy.com/2013/04/root-kindle-fire-hd-7-3-0-firmware/ Video: http://www.youtube.com/watch?v=3dIneI44KxA
  3. Install a Custom ROM without Google Apps
    1. CyanogenMOD (Nexus 7): http://www.cyanogenmod.org/blog/cyanogenmod-installer-release
    2. PAC-Man ROM (Kindle): http://forum.xda-developers.com/showthread.php?t=2355103
  4. Alternative options from the bleeding edge
    1. Test secure GuardianROM on Nexus 4 or Galaxy Nexus: http://shadowdcatconsulting.com/devices/
    2. Compile a firmware from source, like OmniROM: http://docs.omnirom.org/Main_Page

Core Device Security

  1. DO NOT setup a Google Account or any other cloud account
  2. Set Lockscreen password
  3. enable Full-Disk Encryption
    1. Your FDE password should be longer than your lockscreen one. Learn how to do that here: http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html
  4. (CyanogenMOD): Run the Guardian Project App Installer: http://shadowdcatconsulting.com/apps/
  5. Update all apps using F-Droid
    1. Install F-Droid open app store: https://f-droid.org/FDroid.apk
    2. Add the Guardian Project app repo to F-Droid: https://guardianproject.info/2012/03/15/our-new-f-droid-app-repository/
    3. Refresh and update apps from the Guardian Repo
  6. Run SecDroid to disable all unnecessary services (including camera, microphone drivers, etc)
    1. SecDroid More Info here: http://shadowdcatconsulting.com/apps/
    2. APK Download: https://static.squarespace.com/static/51cb9feee4b09eb676a2566b/51cf1500e4b07838a6e3f432/51cf1500e4b07838a6e3f434/1360821860423/secdroid0.4.apk
  7. Harden your hardware
    1. Put tape over your cameras (Nexus) if they still make you nervous
    2. Optionally open remove/de-solder camera and mic hardware
    3. (Nexus w/ baseband) Remove/Don't use SIM cards, put device into Airplane mode, and only enable Wifi/Bluetooth/NFC when necessary and safe

App Setup

Guardian Project Apps

  1. Ensure you have the latest apps from the F-Droid Guardian Project repo
  2. Run Orbot, setup your connection to Tor to "transparent proxy all"
  3. Run ChatSecure, create new "clean" account on Dukgo or Jabber.ccc.de using Orbot
  4. Setup secure voice calling (Nexus w/ Mic enabled)
    1. Setup account on https://OStel.co
    2. Configure CSipSimple for OStel: https://guardianproject.info/howto/callsecurely/
  5. Setup GnuPG for Android (new private key, import public key ring from computer)
  6. Setup LilDebi to turn device into secure Debian server (for Tor Hidden Service Hosting): https://guardianproject.info/code/lildebi/

Third-Party Apps

  1. Install Firefox with Privacy Enhancing Add-ons
    1. Download Firefox browser directly: https://ftp.mozilla.org/pub/mozilla.org/mobile/releases/latest/android/multi/
    2. Privacy Enhancing Add-on Setup Guide: https://guardianproject.info/apps/proxymob/
  2. Install K-9 Mail: https://f-droid.org/repository/browse/?fdfilter=k9&fdid=com.fsck.k9
  3. Use OpenVPN with a service like Riseup.net VPN: https://we.riseup.net/riseuphelp+en/openvpn-android

How-To Documentation

  1. "How To Browse Freely": https://guardianproject.info/howto/browsefreely/
  2. "How to Call Securely": https://guardianproject.info/howto/callsecurely/
  3. "How to Chat Securely": https://guardianproject.info/howto/chatsecurely/
  4. Android Phone De-Soldering Antennas, Hardware:
    1. Part 1: http://www.youtube.com/watch?v=ZUCOrcThxWc
    2. Part 2: http://www.youtube.com/watch?v=35vTUPpSgeE

Also available in: PDF HTML TXT