Security of data and passwords when phone is lost/stolen

Hi,

I'm in the process of setting up a Google Nexus 5 with ubports for somebody else. And I keep wondering, what are the security implications of running ubports on a device with unlocked boot-loader?

In case the phone is lost or stolen, will any new "owner" of the device be able to access the WiFi passwords, IMAP passwords and all data, photos etc. stored on the phone by just connecting USB cable and running adb/fastboot to dump the flash?

Are passwords stored on the device encrypted with the unlock passcode?

What precautions can/should be done to secure the data on a phone running ubports?

Thanks for any insights,
cheers,

Dave

Hi,

I sort of start feeling old, trying to participate in UBports: An open source project without a mailing list and without IRC channel does not really integrate with the modes of communication I'm used to use.

Just tried to make a telegram account (via web.telegram.org), however it needs a phone number, and (one of my) "landline" SIP-based phone numbers is not accepted ("incorrect phone number"). I'm not really willing to give my cell phone number to an untrusted 3rd party to participate in an open-source project. I mean, if I were, then I probably would just be using Google Android and not bothering with UBports, would I ?

So I guess I'll have to stay at the outside for now.

cheers,

Dave

Just to document some findings, in case somebody is looking for the same answer: This is how I am using and "integrating" normal Ubuntu and other 3rd-party applications into the launcher:

Creating a libertine image, as documented here.
Example:

libertine-container-manager create -i legacy -n "Legacy"
libertine-container-manager install-package -i legacy -p gnome-terminal
libertine-container-manager install-package -i legacy -p openjdk-8-jre

Now from the OpenStore install package "Desktop Apps". Enable the "Desktop Apps" scope in the launcher. Now swiping left on the Launcher should bring up the "Desktop Apps" scope. After running the commands above it lists just two items: "OpenJDK Java 8 Policy Tool" and "Terminal" . To add other custom launchers (for example to launch some manually installed Java GUI application), you can add more items to the Desktop Apps by creating files inside the libertine container at /usr/share/applications/*.desktop.

Example:

libertine-container-manager install-package -i legacy -p joe
libertine-container-manager install-package -i legacy -p vim
libertine-launch -i legacy  /bin/bash
cp /usr/share/applictions/terminal.desktop /usr/share/applictions/myapp.desktop
joe /usr/share/applications/myapp.desktop

For example to launch a java application installed in /home/phablet/.local/share/libertine-container/user-data/legacy/myapp.jar , edit myapp.desktop and change the line

Exec=/usr/bin/java -jar /home/phablet/myapp.jar

(Note how the container's directory /home/phablet corresponds to the absolute path /home/phablet/.local/share/libertine-container/user-data/legacy/myapp.jar when accessed outside the container)

Dave

Hi,

just to give some more data point: ordered a BQ M10 FHD Ubuntu Edition tablet, arrived yesterday. Installed ubports-installer on a Ubuntu 17.10 linux PC. Tablet initially not detected by the installer, but after setting developer mode, some reboots, trying a different USB port, and manually running "adb" to list connected devices, it "suddenly" started working (hat no prior experience with adb, never used it before).

After detection, installation just completed flawlessly (I configured it to wipe the tablet during installation).

So for now very happy with the device and the software. Next step will be to install some ubuntu desktop applications using the information found here:

https://docs.ubports.com/en/latest/userguide/dailyuse/libertine.html

Anybody here knows which libertine container types are supported by ubuntu 15.04r3 on BQ M10 FHD?

Looking forward to replacing my aging firefox-os phone with some new phone running ubports.

cheers,

Dave

Hi @advocatux ,

I ran into the same "signature error", attempting to update my Aquaris 10 FHD tablet. As I don't mind breaking the tablet (as opposed to my phone), I just attempted to upgrade using the development channel, which worked (i.e. no signature error), then once that was running switched back to the stable image, and this time no signature error as well.

Working nicely now, no problems, some bugs I encountered with 15.04 seem to be fixed with that release. Very happy. Will attempt the same procedure on my phone.

Dave

Hi,

I'm in the process of setting up a Google Nexus 5 with ubports for somebody else. And I keep wondering, what are the security implications of running ubports on a device with unlocked boot-loader?

In case the phone is lost or stolen, will any new "owner" of the device be able to access the WiFi passwords, IMAP passwords and all data, photos etc. stored on the phone by just connecting USB cable and running adb/fastboot to dump the flash?

Are passwords stored on the device encrypted with the unlock passcode?

What precautions can/should be done to secure the data on a phone running ubports?

Thanks for any insights,
cheers,

Dave

Hi @advocatux ,

I ran into the same "signature error", attempting to update my Aquaris 10 FHD tablet. As I don't mind breaking the tablet (as opposed to my phone), I just attempted to upgrade using the development channel, which worked (i.e. no signature error), then once that was running switched back to the stable image, and this time no signature error as well.

Working nicely now, no problems, some bugs I encountered with 15.04 seem to be fixed with that release. Very happy. Will attempt the same procedure on my phone.

Dave

@advocatux , yes that makes sense. However, what's the recommended way to upgrade to 16.04 stable, in spite of the signature error I get?

Hi,

running an ubports installation on LGE Nexus 5, "stable" channel ( 15.04 r3).

The download of the new stable image under "System Settings" -> "Updates" fails with :

Update failed
SignatureErorr:
sig path : 060f5c1283d44... /android/cache/recovery/device-f43cba6c627...
[..]
keyrings: ['56b9554d8355b87653425cb..'] ['/var/lib/system-image/keyrings/image-signing.tar.xz']

[..]

If I switch to the development channel, I do get a successful download (but don't want to install development version on my phone). If I switch back to stable, the download restarts and fails with the same error.

Any idea what's broken? Is this a local or server-side problem?

cheers,

David

Yes, I retried, the "stable", channel download (Versiwon 3) reproducibly fails with an "Signature Error". The development channel download (Verison 287) works and offers an "Install..." button once done.

Maybe will add another forum topic about the signature error.

Dave

@Lakotaubp ,

just switched channels to development and back to stable. It then started downloading an image. Though finally it failed "Update failed,; signatureError: ...".

Will retry again later and if this can't be made to work, commence with the manual upgrade procedure you linked.

thanks,

Dave

Hi,

I installed my Nexus 5 with ubports more than a year ago. According to "System Settings" -> "About" it is running Ubuntu 15.04 (r3), stating "Last updated "1/3/70" (which maybe means "never").

Pressing "check for updates" says "Software is up to date".

However, on devices.ubuntu-touch.io latest stable version is listed as 16.04.

In "channel settings" I have selected "Stable". I see no way to request the upgrade to 16.04.

Any ideas on how to get my installation up-to-date?

Thanks and cheers,

Dave

see also

Hi,

I sort of start feeling old, trying to participate in UBports: An open source project without a mailing list and without IRC channel does not really integrate with the modes of communication I'm used to use.

Just tried to make a telegram account (via web.telegram.org), however it needs a phone number, and (one of my) "landline" SIP-based phone numbers is not accepted ("incorrect phone number"). I'm not really willing to give my cell phone number to an untrusted 3rd party to participate in an open-source project. I mean, if I were, then I probably would just be using Google Android and not bothering with UBports, would I ?

So I guess I'll have to stay at the outside for now.

cheers,

Dave

So this is where my flash memory is going:

$ mount|grep mmcblk0p23 | sed -n -e 's/.*on \([^ ]\+\).*/\1/p'|sudo xargs du --max-depth=2 -c -h

-> /userdata/system.img is taking 2 GB and seems to be the actual ubuntu touch file system image. Then I wonder why there is another 4 GB partition in /dev/mmcblk0p21. This is mounted on /android/cache. Is there any reason for that "cache" partition taking up so much memory? Can its size be changed during installation from the ubports-installer to leave more room for my home partition?