This page is written for people using the Samsung Galaxy Nexus mobile phone who would like enhanced privacy, unblocked internet, and the ability to communicate without normal mobile telephony infrastructure. If you happen to dislike the stock software installed by the manufacturer or local vendors, you can change the system to a customized version that is more suitable. Concerned about surveillance "backdoors" in phones sold in countries with oppressive governments? Erase the phone's software and replace it with a trustworthy and high performance system featuring the best encryption, SMS, and telephony applications! This guide focuses on the Galaxy Nexus GSM phone, but the method is applicable to other Android phones or tablet computers.
CAUTION and DISCLAIMER: Unlocking / Rooting the Galaxy Nexus will erase your present settings, pictures, music, contacts, and applications! It is most convenient to root the phone immediately after purchase - before large amounts of data are saved. Back-up any user data you intend to retain for future use. In addition, you root and modify at your own risk - this website is not responsible if you destroy important data or make your phone unusable.
Root the Galaxy Nexus using the instructions given here. It involves setting the phone in USB debugging mode, connecting it to a computer (windows, Linux, or Mac), installing the superuser application, and reconfiguring files for rooted operation. It is actually a simple matter of using a utility called "fastboot" to unlock and "flash" the new data into the Nexus' ROM (Read-Only Memory).
The next stage of customizing the Galaxy Nexus software is installing the ClockworkMod ROM Manager. This handy tool is used to back-up or install the Android operating system. While the ROM manager is often used to simply back up phones in stock condition, it will be used here to install a customized ROM. ClockworkMod Recovery is easy to install: simply download it directly to your phone from their website or find it on the Android Market. Follow the menus and install it to the Galaxy Nexus.
After researching available ROMs, Apex ROM v1.1.2 was chosen for installation to the privacy enhanced / super robust Galaxy Nexus. It provides an updated Android system with a better kernel and hardware drivers, Busybox, overclocking, and power consumption improvements. Apex ROM v1.1.2 makes a great platform on which to build a suite of apps on a smoking hot Android phone.
Apex ROM actually comes in two parts: the operating system and a package of Google applications. After downloading the ROM and Google Applications zip files, installation is accomplished using the ClockworkMod ROM Manager. Instead of the rather crude method of manually transferring and flashing the files from the recovery mode, ClockworkMod merely requires the user to navigate to the directory containing Apex Rom and Google Apps zip files.
CAUTION: It is important to wipe the phone's dalvik software and cache as a step before flashing the new ROM.
After flashing the new ROM, reboot the phone and wait patiently for the phone to set itself up. The first boot sequence takes longer than subsequent boots. When the phone is ready, configure the wi-fi, backlighting, wallpaper, and other settings as desired.
Waste no time after installing the new ROM before installing the essential communications applications. For Starters, consider software provided by the Guardian Project. These are at the cutting edge of Android applications protecting the privacy, security, and anonymity of smart phone users. Also be sure to install Skype, which can provide robust VOIP communications if internet connectivity is available.
Of particular importance is Serval Mesh Networking, a new and developing software package which enables the Galaxy Nexus to make direct phone-to-phone calls and send store-and-forward SMS messages independent of the local phone network. Mesh networking is an added capability for Android phones that decentralizes the network and enables communication even during emergencies, civil unrest, or when a group of users are simply too far from regular mobile phone infrastructure. More phones with Serval mean more robust comms when using a mesh network.
CAUTION: Serval gets you connected, but it does not encrypt communications - use a layer of encryption for voice, email, and SMS messages.
Consider RedPhone for protecting your voice communications from surveillance. It is a new, open sourced, and advanced application for voice encryption on Android phones, and available through Google Play and other Android Application repositories. RedPhone is sophisticated but easy to use, and requires both parties to have RedPhone installed. It works well and is quite effective protection against unwanted monitoring.
For protection from spyware, viruses and other malicious programs, install AVAST or AVG Mobilation. Do this! Skype and other VOIP services have been compromized by spyware able to tap the raw mic and speaker audio.
When using Wi-Fi for internet access, the local internet service provider's DNS servers may be subject to censorship or DNS poisoning. For greater freedom from such filtering or redirection, consider more trustworthy servers. Google DNS or OpenDNS are fast, unrestricted, and free from government tampering. Android devices set the DNS servers with the file /system/etc/dhcpcd/dhcpcd-hooks/20-dns.conf. Use the code below to make Google DNS the default servers. Select other servers if you have a better option!
Note: The /system partition is normally mounted as read-only. Re-mount the same in re-write mode, then edit the original or overwrite the new file. New DNS server defaults will take effect after rebooting the phone.
set_dns_props() { case "" in "") return 0;; esac count=1 for i in 1 2 3 4; do setprop dhcp..dns "" done count=1 for dnsaddr in ; do setprop dhcp..dns count=$(( + 1)) done setprop dhcp..dns1 8.8.8.8 setprop dhcp..dns2 8.8.4.4 } unset_dns_props() { for i in 1 2 3 4; do setprop dhcp..dns "" done } case "" in BOUND|INFORM|REBIND|REBOOT|RENEW|TIMEOUT) set_dns_props;; EXPIRE|FAIL|IPV4LL|RELEASE|STOP) unset_dns_props;; esac
OpenVPN Installer and OpenVPN Settings are essential Android applications if you intend to protect your privacy and overcome national censorship barriers on the internet! Both applications can be downloaded and installed from the Android Market or the developer's website. Installation takes minutes, but beforehand you must have a VPN service and prepare a set of configuration files for the gateways / portals to be used. Generally, the menus and prompts lead to a working installation, except they do not specify the fact that the openvpn binary should be installed to /system/xbin/.
Using a file manager, create a directory on the internal SD card named openvpn and copy your *.ca, both *.crt, and all of the service's *.ovpn files there. The config files should all be edited to indicate the names and paths to the *.ca and both *.crt files. Normally, a path for the tun.ko kernel module is not necessary, though old internet advice sometimes advocated its presence in the config file.
Shown below is a sample openvpnvpn config file usable on a cryptographically enhanced Galaxy Nexus:
# example for hypothetical cryptomasters # vpn service New York gateway # in file named /sdcard/openvpn/newyork.ovpn # edit this to configure for your vpn provider client dev tun proto udp remote vpn.newyork.cryptomasters.net 1194 remote-random resolv-retry infinite nobind persist-key persist-tun ns-cert-type server cipher bf-cbc comp-lzo verb 3 mute 20 fragment 0 mssfix 0 ca /sdcard/openvpn/ca.crt key /sdcard/openvpn/mister_mofo.key cert /sdcard/openvpn/mister_mofo.crt
Here is another config file example - for a service using TLS gateways for users in certain countries that are more aggressive in attacking VPN traffic:
# example for hypothetical cryptomasters # vpn service Boston TLS gateway # in file named /sdcard/openvpn/boston-tls.ovpn # edit this to configure for your vpn provider client dev tun proto tcp remote tlsvpn.boston.cryptomasters.net 443 remote-random resolv-retry infinite nobind persist-key persist-tun ns-cert-type server cipher bf-cbc comp-lzo verb 3 mute 20 fragment 0 mssfix 0 ca /sdcard/openvpn/ca.crt key /sdcard/openvpn/mister_mofo.key cert /sdcard/openvpn/mister_mofo.crt
After OpenVPN is installed, along with the config files, certificates, and key files, start OpenVPN Settings. The app should show a list of gateways, selectable by check boxes. Check the top box to start OpenVPN then select a gateway. As for settings, look in the menus to make any secesary changes (loading the tun.ko kernel module, showing ads, and so forth). Selecting a gateway begins the connection process - monitor the messages on screen for VPN status. CatLog is a useful app for monitoring the system for status messages and tracking down software glitches or incompatibilities. The webmaster discovered a syntax error in one ovpn file using CatLog and fixed the problem in minutes. To use your VPN most effectively, consider these 10 tips for VPN users.
There is a new application written by the developers of OpenVPN, which will is a good replacement for both OpenVPN Installer and OpenVPN Settings. Called OpenVPN Connect, it permits easy VPN usage without rooting the phone. Set-up is easy: simply import the config file and keys, then connect.
A security enhanced, radio-robust, and internet-unrestricted smartphone is possible to create with modern hardware using the Android operating system. Though the tasks involved are not trivial (and risky if not thoughtfully performed), easily downloadable software apps make it possible to fully reconfigure a stock phone, such as the Samsung Galaxy Nexus, in an hour or two. Use the above information as a guide for escaping a great deal of the surveillance and restrictions placed on smartphone telephony and internet access. With Serval mesh networking, it is possible to use the Galaxy Nexus for communications without infrastructure. Good luck, and never be muzzled.
Galaxy Nexus Forum |
XDA Developers Forum - Android Phone Upgrades, Mods, and Development |
Rooting the Samsung Galaxy Nexus
Installing Custom ROM on the Samsung Galaxy Nexus
A discussion and demonstration of Serval Mesh Networking, SMS, and the Batphone.
A demonstration of Serval Mesh Encrypted Voice Calling!