DroidStealth – Android Encryption Tool With Stealth Capabilities
Swati Khandelwal, writing in the February 13, 2015 edition of, TheHackerNews.com, discusses a new app/tool that “not only protects sensitive cell-phone data — with obfuscation; but, also hides the existence of this data from law enforcement, cyber thieves, and others — so as to appear to anyone looking for such data – that nothing is there. DroidStealth, is a new Android encryption tool, which has been developed by security researchers from Delft University of Technology in the Netherlands.
Stealth Login Mechanism
The “DroidStealth Android encryption tool creates a hidden folder in your cell phone, in which it stores all your encrypted files,” Mr. Swati writes. “The app itself,” he notes, “can be opened simply by dialing a phone number of any length — which is actually a pin; or, by punching an invisible widget on your phone’s home screen — five times. The application is [was] developed in order to hide the existence of any protection mechanism — that usually hints, [or gives a clue to] casual inspectors that they need to do some tampering — in an attempt to gain access to users’ encrypted data.”
According to the app’s developers, Olivier Hokke, Alex Kolpa, Joris van den Oever, and Alex Walterbos, of the Delft University of Technology, “several other disguise techniques, such as hiding the app within a flashlight program, are used to hide your private data,” “Since simply encrypting the data is not enough, our approach provides an added step of obfuscation…that increases the security of the data.” In essence, “DroidStealth hides itself,” the group wrote in a paper titled, “A Self-Compiling Android Data Obfuscation Tool,” and co-authored by Johan Pouwelse. “Instead of actually calling the number, the application launches, requesting a pin code. Furthermore, DroidStealth fully intercepts the call, making sure the number never gets added to the call log.”
Some of the DroidStealth features include: “app is stored in a secretive mode; and, can be renamed to appear as a benign app to “hide in plain sight; the app doesn’t appear under the normal downloaded app list; the app provides notification to the user if any secret files are left unlocked; they can be kept out of the running process list, when not in use; and, the app does not pop up in the recent visited list.”
Limitations Of Drone Stealth
Mr. Khandelwal warns that “in a centralized store, the DroidStealth Android Encryption Tool would result in a possible exposure threat, so it was distributed “nomadically,” as an untrusted, Android application; rather than from the Google Play Store, which would show up in a users list of installed apps. Secret data files would be encrypted using FaceBook’s Conceal API; and, could not be accessed from other apps, or from its original location.”
Drawback Of Droid Stealth
Mr. Khandelwal writes that: “the data is encrypted and decrypted — within the app; uninstalling the app may to deletion of all the [hidden] data, and thus not retrievable by the user if this was a mistake; low memory on the phone might lead to the force quitting of the application — and, this may lead to the loss of the data; and, if a user’s phone is in the hands of investigators while the app is in a decode mode, then it would be difficult for them to secure the data from officials.”
Get Droid Stealth Now
“The developers of DroidStealth say that the encryption tool’s user interface (UI) is chosen black in order to give users the feeling that they are indeed working in secret.”
“DroidStealth app is not released on Google Play; but users can get it with an untrusted APK version of the app. The APK is available as an unaligned version, while users can download the nomadic versions of the app that are available throughout the Internet,” Mr. Khandelwal concludes.
Like anything else, this is no panacea to privacy; and, sometimes, all these added measures aimed at hiding or obfuscating your digital footprint, can also hinder first responders, family and friends, should you become incapacitated, or otherwise unable to uninstall the app — in a time of great emergency or need. It also isn’t foolproof, or digitally ‘bulletproof,’ as the creators acknowledge. It certainly is going to add an additional layer of digital privacy, for those who want/desire to minimize their data exposure and limit their digital windfall — should your cellphone fall into the hands of someone that you do not want being able to access and see your sensitive data. V/R, RCP