Freedom in Mobile Computing

I do not have unlimited Internet at home and sometimes need to fetch something big like a linux ISO image. I can walk into a library or cafe with an Android phone, but my old phone is pegged on internal storage and SD card space.

In principle, I should be able to use an OTG adapter to attach a USB drive to the phone, correct? From there, I have a couple questions:

• is root access needed to mount the USB drive to a mount point of some kind on AOS 5?
• can any FOSS torrent clients be configured to use an arbitrary mount point?

The linked article leads to EC recommendations on mobile payment systems. This bit is interesting:

8.1 KC MPSPs should distribute the payment-related software and authentication tools, including personalised security credentials, installed in the mobile device via a secure “distribution channel” (e.g. software preloading managed by qualified vendors following auditable procedures; off-line Recommendations for the security of mobile payments / software loading at authorised agents or local branches; or on-line downloading from trusted entities using security procedures¹⁸).

footnotes:

18: Examples of on-line software downloading:

• the user interface “app” (UI_App) is downloadable from a trusted “market store” with clear security policies and sound security measures (e.g. Apps Public Store requiring security evaluation and digital signature of “apps”);
• the payment software application that is resident in the SE (SE_Applet) is downloadable inside the SE, using a secure channel between the central server and the SE itself (e.g. encrypted SMS messages, secure OTA services, internet banking services).

“Trusted entities” is where everything goes to shit. The banks blindly trust Google despite being scientifically proven to be relatively insecure. Even if Google had their own shit together, a surveillance advertiser cannot have the trust of anyone with a bit of street wisdom.

Can anyone recommend a download manager for AOS 5 that can accept as input a list of URLs? This is what I’ve tried:

• GigaGet (must hand-type each URL manually)
• Download Navi (must hand-type each URL manually)
• Aria2App (strangely, it apparently needs a server and cannot simply fetch files directly)

/cc @askfedi@a.gup.pe #askFedi

This is what I found for screen capturing:

• Screenshot Assistant requires AOS 6 or later (no known archives of older versions)
• AndroSS requires root
• Screenshot Tile oldest archived version requires AOS 7

There is an adb method that works by running the Java desktop client net.srcz.android.screencast.Main, but there is no way to capture the screen if you’re not near a PC with adb. I got burnt because I needed to capture the window of a broken captive portal, and the browser refreshes the screen when it’s backgrounded and then brought back to focus.. which is a bit fucked up of a behavior.

update

I just found this post which mentions some options that my search missed.

• ScreenCam
• DroidRec
• Record You

cross-posted from: https://infosec.pub/post/10276158

There are apparently only two documented ways to reverse tether an Android via USB to a linux host:

• openVPN method
• Gnirehtet

OpenVPN dead
I really wanted the #openVPN method to work because I’m a fan of reducing special-purpose installations and using Swiss army knives of sorts. In principle we might expect openVPN to be well maintained well into the future. But openVPN turns out to be a shit show in this niche context. Features have been dropped from the Android version.

Gnirehtet dying
Gnirehtet works but it’s falling out of maintenance. ~~It’s also unclear if~~ #Gnirehtet really works without root. There is mixed info:

• Ade Malsasa Akbar from Ubuntubuzz claims root is not needed (and devs agree).
• OSradar claims root is needed. (edit: they are mistaken)

If anyone has managed to reverse tether an unrooted Android over USB to a linux host using free software, please chime in. Thanks!

update on Gnirehtet

Gnirehtet indeed works without root. But some apps (like VOIP apps) fail to detect an internet connection and refuse to communicate.

#askFedi

cross-posted from: https://fedia.io/m/Brussels/t/556987

Belgium has adopted an “official” app so that anyone can signal for help, so long as they belong to this exclusive group:

• Must have a smartphone (presumably recent).

• Must be a trusting patron of #Google or #Apple. Consequently,

  • must needlessly buy a GSM subscription and trust surveillance advertisers with the mobile phone number (which in Belgium must be registered to an ID) — even though the app can make emergency contact without phone service… thus imposing a needless cost on users and also causing a #GDPR minimisation breach.

• Must install and execute proprietary closed-source software. Consequently,

  • must trust closed-source software (by #Nextel or #Telenet?)
  • must be ethically aligned/okay with running #nonfreesoftware (which does not respect your freedom)

• Must be willing to leave Tor to access the access-restricted 112.be website.

This is a example of a public sector phone app is deployed in a way that’s encumbered by private sector actors. Belgium really needs a “public money → public code” policy.