Category Archives: Tor Browser

Tor

The Tor Project has joined with HackerOne to launch a public bug bounty program aimed at finding vulnerabilities which could compromise the anti-surveillance network.

The Tor network is a system of nodes and relays used to mask online activity, as well as access areas of the Internet not indexed by so-called "clear web" search engines.

While sometimes associated with Dark web illegal trading and nefarious goods, Tor is also a key tool for activists, privacy enthusiasts, and journalists looking to keep their online activities private.

Cybercriminals and governments alike are constantly poking the system to find vulnerabilities to exploit for surveillance purposes.

This year, the FBI used a "non-public' vulnerability to unmask individuals connected to child pornography, but as the agency refused to reveal how this was achieved, the case was dropped.

Tor is not 100 percent safe from compromise; no system is. However, to close the net on any bugs which may be used in similar ways in the future -- no matter the cause -- Tor is asking researchers to scour the network for any weak links.

"Millions of people around the world depend on Tor to browse the internet privately and securely every day, so our security is critical," The Tor team says. "Bugs in our code pose one of the biggest threats to our users' safety; they allow skilled attackers to bypass Tor's protections and compromise the safety of Tor users."

On Thursday, Tor launched a public bug bounty program under the moniker #HackTor. Hosted on the HackerOne platform, the scheme is specifically targeting security flaws in the Tor network daemon and Tor browser used to access the network.

In particular, Tor would like to see reports of any remote code execution flaws, local privilege escalation, unauthorized access of user data, or attacks that cause the leakage of crypto material of relays or clients.

Depending on the severity of the issue, researchers can expect to earn up to $4,000 per report.

The public bug bounty follows in the steps of a private program launched in January 2016 which resulted in three denial-of-service flaws and four edge-case memory corruption bugs being discovered, fixed, and rewarded.

See also: The 10 step guide to using Tor to protect your privacy

Tor Browser chief Georg Koppen told HackerOne that the decision to go public was made once the private system allowed the Tor team to better organize their workflow.

"We want to expand relationships with the research community and make our software more secure in the process," Koppen says. "Reported bugs will help us to address issues before they can potentially become a threat to our network of users."

"I can easily see expanding the program's scope beyond Tor and Tor Browser to cover other parts of our software ecosystem or even infrastructure as well," he added.

Read the original post:
Tor network will pay you to hack it through new bug bounty program ... - ZDNet

Dive Brief:

The nonprofit Tor Project announced it plans to launch its first public bug bounty project, working with HackerOne, according to VentureBeat. The Tor browser is the controversial program that allows people to troll the internet without being tracked.

The Tor Project wants to find vulnerabilities that could compromise the anti-surveillance network.

Tor launched a private bug bounty program last year. The new program is public, which means anyone can participate. Tor Project said a legitimate bug report could land a researcher up to $4,000.

Bug bounties are growing in popularity among companies looking to keep on top of vulnerabilities. For one thing, such programs are often much cheaper than the cost of recovering from an attack. The average cost of recovery from a single security incident is estimated to be $86,500 for small and medium businesses and $861,000 for enterprises,according to a recent report from Kaspersky Lab.

The number of enterprise bug bounty programs grew more than 300% over the last year, according to the 2017 State of Bug Bounty Reportreleased by BugCrowd earlier this month.

HackerOne is well known for helping big-name companies improve their security posture, and its efforts appear to be paying off. In April, HackerOne announcedit received $40 million in series C funding led by Dragoneer Investment Group and the company said its hacker community tripled to nearly 100,000 last year.

Large companies like Google, General Electric, Microsoft, United Airlines, Western Union, Tesla Motors and Fiat Chryslerhave all participated in bug bounty programs over the last few years.

The rest is here:
Tor Project to launch public bug bounty project - CIO Dive

If you think search engines like Google and Bing let you probe the entire web, youre totally wrong. Youre barely scratching the surface of the webliterally. Below the webs outer crustthe one youre accessing right now to read this articleflows other layers of the internet that you cant find through search. But with a little bit of know-how, anyone can dive into the webs deep end to find some hidden treasures (and perhaps a bit more than that). Heres a quick guide to the deep web, the dark web, and what youll find when you get there.

There are basically three parts to the world wide web: surface web, deep web, and dark web.

The surface web is everything thats publicly available and accessible through search or typing a URL into your browser. The deep web, also known as the invisible web, is all the content on the web that is not indexed by standard search engines, such as email clients, online banking websites, or pages that are inaccessible to crawlers, the software that indexes the web for search engines. Some of those pages can still be accessed if you have the URL while others require you to have login credentials. According to expert estimates, the deep web is 500 times larger than the surface web.

The dark web, however, is a totally different beasta tiny fraction of the web that is only accessible through specialized software such as the Tor browser. However, the term dark web is also often used to refer to the darknet, the overlay networks that are used to anonymize communications and obfuscate both the origin and destination of internet traffic. READ MORE:

The main characteristic of the dark web is its anonymity, which makes it appealing to a number of actors. Like all innovative tools, the dark web is an instrument to shady and illegal activities, such as child pornography and the sale of drugs, firearms, and stolen credit card numbers.

One of the most famous cases that involves the dark web is that of Silk Road, the first modern online black market that was created on the dark web. The website was shut down in 2013 and its founder is serving a life sentence in prison. Naturally, many other similar websites have sprouted in recent years. Earlier this month, AlphaBay, another dark web marketplace that made $600,000 and $800,000 a day, was shut down by law enforcement.

However, the dark web is also being used for many other activities that are mostly legitimate (though not necessarily legal, depending on your perspective). Edward Snowden, the famous whistleblower who exposed the U.S. governments mass surveillance program, used the dark web to send information to reporters and media outlets.

Journalists and activists also use the dark web to avoid being traced by autocratic governments or other actors that might want to harm them.

In countries where the government restricts access to specific websites and social media networks such as Facebook, Twitter, and YouTube, dark web tools can help circumvent censorship.

The most famous tool to get on the dark web is the Tor browser. With Tor, you can access websites whose address ends with the .onion extension. These are websites that are exclusively available on the dark web and cant be accessed through normal browsers.

Tor enables you to access all the other surface and deep websites with the added benefit that it anonymizes your browser traffic by encrypting it and deflecting it across several computerscalled Tor nodesbefore sending it to its destination.

However, there are several things you should know about Tor:

With those considerations in mind, have fun surfing the dark web, and stay out of trouble.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

Visit link:
How to access the dark web - The Daily Dot

(Charles Krupa / AP Photo)

The Dark Web conjures images of gothic fonts and black backgrounds, like a metal fans MySpace page circa 2001. But this section of the internet looks surprisingly normal. Accessible only through the TOR browser, there are Google-style search engines and Amazon-style marketplaces. Except what theyre selling are mostly illegal thingsstolen passports, hacked account numbers, and drugs. A lot of drugs.

This week, we stress out WNYCS IT department and venture onto the Dark Web. Where you can get heroin, fentanyl, or oxycontin shipped right to your door via USPS. And we talk to Nick Bilton, author of American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road, about how Libertarian philosophy and tech-bro hubris combined to spark an online drug revolutionand an opioid crisis.

Andthe Dark Web community is starting to recognize the role they're playing. Since we recorded this episode, Hansa Market - the verysite we visit in the show - has banned the sale of fentanyl, according to the New York Times.

Go here to see the original:
Your Mailman Is a Drug Dealer. He Just Doesn't Know It. - WNYC

If all goes to plan, from April 2018 anyone in the UK visiting a website deemed pornographic will be asked to verify that they are aged 18 or over before they can proceed.

The plan, proposed as part of the Digital Economy Act in 2016, was formally commenced this weekby the Minister of State for Digital and Culture, Matt Hancock, who offered surprisingly scant detail on its implementation in comments made to a newspaper website.

It seems likely that the British Board of Film Classification (BBFC) will be empowered to decide what constitutes a pornographic website. As regulator it will also will be given the power to fine publishers up to 250,000 ($325,000) for failing to impose verification, on pain of being blocklisted by local ISPs.

Hancock summed up the Acts purpose:

All this means that while we can enjoy the freedom of the web, the UK will have the most robust internet child protection measures of any country in the world.

With anti-censorship and privacy groups up in arms, and network engineers scratching their heads, worries that the law will have unintended consequences are surfacing too.

At its heart is the age verification process, which it seems will involve asking for credit card numbers. This means that people will have to start trusting their personal data to websites whose security they know little about, in situations where their concerns about privacy and anonymity may be higher than usual.

Its not yet clear whether verification will happen through a single provider or on every site but wherever the datas kept it will surely be a tempting target for hackers and extortionists.Pornography publishers dont have a pristine reputation for data security as a number of recent breaches show.

There are also concerns that the move will encourage a market in stolen credit cards re-purposed to access porn sites.

The vast majority of publishers arent in the UK which means that enforcing UK Data Protection (DPA) to prevent (or prosecute) a data breach looks a naive hope.

I expect people not least millions of adults who dont have a credit card to turn to VPNs (Virtual Private Networks) or Torto bypass verification. Both tools allow users to hide their IP address and appear to be in countries other than the UK.

The assumption is, presumably, that children either wont want to do this or wont be able to. Good VPNs cost money and paying for them often requires access to a credit card.

Technology has a habit of becoming commoditised over time though. The Tor browser is free and so is Opera, a web browser that comes witha free, integrated proxy-based VPN (i.e. securing only browser traffic) on desktop and mobile. Googles Wi-Fi Assistant builds the same into Android for its own handsets connecting through public hotspots in the US.

There is another cost to using a VPN though, even a free one: with all your browser traffic flowing through it you end up sharing far more with your VPN provider than you ever do with any individual site. Youd better choose one you trust.

By my reckoning it would only take a modest expansion of free VPNs in the coming years to send the UK Digital Economy Act back to square one.

Would the Government then attempt to filter or legislate against VPNs too? The only government to do that currently on any scale is China, a dismal example for a country such as the UK to follow. Going that far would risk a collapse in support for any legislation.

Meanwhile, pornographic content distributed via social media appears to be a grey area. People access this from within each platform and its not clear whether companies would be asked to apply parallel controls.

What is clear is that the UK wants to join a growing list of countries imposing controls on Internet content, including pornography. Campaigners fret that this is really a potential gateway to the eventual imposition of censorship on other kinds of content.

If it is, future governments might one day rue the day. Evasion will grow, as could adult resentment. Telling people what they can and cant view tends to end in tears.

See the original post:
Want porn? Prove your age (or get a VPN) Naked Security - Naked Security

Until earlier this month, AlphaBay served as a one-stop shop for illicit consumer needs online. Essentially an Internet-based black marketplace stationed on the dark Web and accessible only through an untraceable Tor browser, the platform hosted sales using bitcoin for everything from illegal drugs to stolen credit card data. With up to 300,000 listings, the site was conservatively hosting $600,000 to $800,000 a day in transactions, Wired reported, and was said to host more products than Silk Road, the illicit marketplace closed by U.S. authorities in 2014.

But on July 5, all that back alley commerce stopped when AlphaBay suddenly went dark. The shutdown was reportedly due to an effort by law enforcement across the world to bust the administrators running the website. And now the Bangkok Post and Sydney Morning Herald report that a Canadian national allegedly linked to AlphaBay has died in custody after he was arrested on the same day AlphaBay disappeared.

Canadian-born Alexandre Cazes, 26, was arrested by Thai authorities on July 5 at the request of U.S. authorities, according to the Morning Herald. Known online as DeSnake, Cazes was found last week dead in his cell at the Thai Narcotics Suppression Bureau (NSB) in Laksi district of Bangkok.

The Bangkok Post reportedCazes was discoveredin the bathroom of his cell hanging from a towel. The NSBs Major General Soontorn Chalermkiat told the paper there are no clues that suggest he didnt hang himself. Cazes was reportedly set to meet with an attorney about his extradition to the United States on drug trafficking charges an hour before his reported suicide. Another Thai official, Maj. Gen. Chayapote Hasoonha, told the Bangkok Post Cazes had been living in Thailand for about eight years and had a Thai wife.The official added Cazess spousehas been charged with money laundering.

He was a computer expert involved with international transactions of bitcoins, Chalermkiat told Agence France-Presse.He didnt have any business in Thailand but he had many houses. The Bangkok paper said he also had four Lamborghini sports cars in Thailand.

Cazes father, Martin, told Journal de Montrealhis son was an extraordinary young man, with no history, no judicial record. He never smoked a cigarette, never used drugs.

Neither the Canadian nor U.S. embassies in Thailand responded to The Washington Posts request for further detail on Cazess arrest, extradition and reported death.

The AlphaBay shutteringcomes after an uptick in law enforcement action aimed at the marketplaces users an indication that U.S. policehave figured out how to skillfully mingle within the dark Web bazaar and target users.

AlphaBay is dedicated and designed to facilitate the sale of illegal narcotics, drug paraphernalia, firearms, and counterfeit and fraud-related goods and services, a U.S. Drug Enforcement Administration agent wrote in an August 2016 affidavit related to federal charges against a 50-year-old Detroit man named Robert Kenneth Decker. Illegal drugs, such as methamphetamines, heroin, and cocaine, are openly advertised and sold and are immediately and prominently visible on the Alphabay website.

Operating under the handle DIGITALPOSSI2014, Decker was tied to10,738 transactions on AlphaBay, including deals in whichhe sold and mailed hydrocodone to undercover law enforcement in exchange for bitcoins. After his arrest in late 2016, he pleaded guilty to one count of conspiracy to distribute controlled substances and one of conspiracy to commit money laundering. Decker was sentenced to 140 months in prison.

With the website now dark, illicit e-commerce is struggling to find a new home. Like Silk Road, AlphaBay left a gaping hole in the marketplace when it disappeared.

Its been really chaotic, Nicolas Christin, a Carnegie Mellon professor of computer science and public policy, recently told Wired. When you have asite like AlphaBay going down, it puts a lot of stress on the other players. Its stress-testing their infrastructures.

More from Morning Mix:

FBI agents spent decades searching for a mobster wanted in a cop killing. Then they found his secret room.

Here is the original post:
Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market - Washington Post

July 18, 2017 (KAMPALA) South Sudan government has admitted that it blocked access to the Paris-based Sudan Tribune website over its hostile news coverage.

If they [Sudan Tribune website] have been disseminating hostile messages towards us then we have the authority to close them, information minister Michael Makuei Lueth told Bloomberg Tuesday.

So many countries have been closing down, even giving total blackout to such media houses which create hostility, he added.

Multiple sources, however, confirmed that two other news websites were inaccessible on Monday after authorities directed internet providers to block them.

However, the Sudan Tribune and other banned websites remain reachable for our readers in South Sudan when they use Tor Browser or install applications like Fire Onion, Orfox and Tor nado on their smartphones.

The move comes barely two weeks after authorities arrested the head of the state-owned television, Adil Faris Mayat after the station failed to broadcast President Salva Kiirs Independence Day speech.

Meanwhile, Reporters Without Borders (RSF) called for the immediate release of Mayat, who has reportedly been held incommunicado since 10 July.

We call for this journalists immediate release, said Cla Kahn-Sriber, the head of RSFs Africa desk, adding Frequent arbitrary measures of this kind by the security services and the accompanying impunity are killing media freedom in South Sudan and are holding back a return to peace and national reconciliation.

After South Sudan obtained independence in 2011, a civil war broke out in 2013 and the ensuing political and security crisis has not spared the media. News outlets have been suspended, newspaper issues have been seized, and journalists have been detained arbitrarily, tortured, harassed, forced to censor themselves or forced to flee abroad.

The war-torn East African nation has fallen 20 places in RSFs World Press Freedom Index since 2015 and is now ranked 145th out of 180 countries.

(ST)

Excerpt from:
S. Sudan blocks Sudan Tribune website over hostile coverage - Sudan Tribune

The Slovak Spectator spent several days on the Darknet.

It is used by the mafia, journalists and activists. Tens of thousands of people do trade there without knowing the identity of their partners while using a currency that does not officially exist. Thus unwritten rules had to be created to ensure the entire system does not collapse.

A darknet or the Dark Web is becoming a widely used because it allows users to hide their tracks on the Internet, according to Tom Zako, the CEO of the Citadelo firm.

This tool is important in countries with strong censorship, Zako told The Slovak Spectator. The original purpose was not to aid criminals.

However, it is obvious that criminals, including Slovaks, have discovered it. Police recently arrested two Slovak citizens for the illegal sale of drugs via the darknet. At the same time they seized the electronic hard-to-track cryptocurrency Bitcoin (BTC) being used as a means of payment on the darknet. This currency hit a historic high on June 11, reaching $3018 per Bitcoin and fell to around $2200 in mid July.

The Slovak Spectator spent several days on the Darknet. It bought bitcoins, visited drugstores, weapons shops and sites with illegal pornography.

A darknet is formed by individual pages which can only be opened if a person knows their exact address and knows which program to use. Guessing a page name is not possible as they look like this: anonywebix6vi6gz.onion.

To open such sites users need the Tor browser originally developed by the US Army for the secure communication of its employees.

Entering a darknet is not difficult. The process can easily be found on the Internet. The user just needs to download Tor for free, find the list of websites working only through this program, and start exploring the dark corners of the Internet.

Soon a person finds that many of the published darknet websites, probably up to 80 percent, do not really work.

It is mostly because they are operated by individuals who have cancelled them for various reasons. Another possibility is that one company is running a number of sites, and when it ends, all of its sites end as well, according Polish internet security expert Marcin Koziej.

Websites accessible through Tor come and go, Koziej told The Slovak Spectator. They are mostly maintained by individuals, and can easily be discontinued.

This is also the case of websites belonging to Slovak drug dealers. Today there was only the announcement that they were locked by the police due to a decision of the Bratislava District Court.

Among those pages whose links are commonly available on the Internet, The Slovak Spectator has found, for example, a child pornography page aimed at the spanking of small children. The operator offers five albums for download, the possibility of commenting on them and discussion of the topic in a forum.

There is a freely available page of a false passport vendor promising that the customer will not only receive ID, but will also be registered in official databases and will be able to travel freely with the document.

On another page, people were offering 92-percent uncut cocaine from Peru for $75 a gram.

On the contrary, sites with crowfunding for an assassin or ordering a hacker attack did not work.

The websites do not always offer illegal activities though. For example, there are forums where people anonymously discuss ongoing protests in their countries.

There are actually many more sites running but people have to learn about them in locked forums or personally from other users.

When surfing a darknet, community and personal references are important, according to Koziej.

The community is also a source of trust in some hidden sites, Koziej says. A trust network is reason to believe a particular site is legit, and not police bait.

In general, dealers ask for bitcoins in exchange for goods. For example, a Walther PPK gun was available for BTC0.434, which is around 852.

The currency is produced by complex mathematical operations under the rule that only 21 million bitcoins can ever be created, preventing its inflation. The process is gradually slowing, which should resemble gold, a precious metal that has become increasingly rare following the start of its mining.

People can access their bitcoin via a unique key granted after creating a virtual wallet.

The Slovak Spectator has downloaded the mobile application that provided the key for BTC. Using this app, the editors bought BTC worth 10 at a special ATM in the centre of Bratislava in mid May.

The entire operation passed quickly and ended without a receipt. The machine only produced a confirmation QR code, which appeared on the display and the amount of 0.005 bitcoin appeared in the mobile wallet. If the transferred euros had immediately disappeared, the police or any bank would not have done anything about it.

All BTC transactions are visible, but the trading parties are anonymous. The trader does not know who is buying the goods, and the customer does not know who is selling it to him. So users therefore have to solve the issue of who has first turn: the one sending the goods or the one sending the money.

For example, a system of intermediaries has been created. The customer first sends the money to a third party they both trust. After the salesperson learns that money has been transferred he or she sends the goods. After the customer receives what they paid for the seller gets their money from that third party.

In order to gain trust, salespeople in a darknet are much more customer-focused than their counterparts in ordinary life, British journalist Jamie Bartlett says in one of his lectures. He spent several months on a darknet, made contacts with the users, and bought marijuana in order to report on how the whole system works.

Now, this kind of consumer-centric attitude is the reason why, when I reviewed 120,000 pieces of feedback that had been left on one of these sites over a three-month period, 95 percent of them were five out of five, said Bartlett. The customer, you see, is king.

The Slovak Spectator did not buy any illegal goods and neither did it use its bitcoins.

Though it could be surprising that the vast majority of goods, even illegal ones, arrive via standard postal service, according to Zako.

People in the European Union only focus on a sender operating in the Schengen area so that the package doesnt go through scanners, Zako said.

18. Jul 2017 at 17:14 |Roman Cuprik

Thank you for singing up. Shortly an email will be sent to the address you provided to verify your e-mail.

Error! Please try to register again later, your e-mail was not registered.

Your email is not in a correct format.

View original post here:
Assassins and child porn; a darknet offers everything - The Slovak Spectator

Apple users are being warned about a newly discovered form of Mac malware which is spread via a phishing attack and steals banking credentials.

The malware, dubbed OSX/Dox, was discovered by researchers from Check Point Security and mirrors the websites of some of the worlds leading banks to steal attempt to steal money from users.

The malware is being spread via a combination of phishing and so called Man in the Middle attacks.

Security experts say the Mac malware is extremely difficult to detect as it is able to bypass Apples stringent security measures and spy on all communications from the victim.

Check Point said they have seen a recent surge in the malware being used by hackers who are currently playing a game of cat and mouse with Apple.

Check Point say the hackers are purchasing dozens of Apple certificates to sign on the application bundle and bypass GateKeeper. As soon as Apple revokes one of the certificates the hackers switch to another, with new certificates being used on a daily basis.

They are aiming at the victims banking credentials by mimicking major bank sites. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well, Check Point said in a blog post.

Once the malware has been installed on a device it downloads the Tor browser and starts to communicate with servers controlled by the hackers. It then records the location of the infected device and customises the fake banking page depending on the location of the victim, making the attack even more convincing.

Image: Check Point. The very convincing but fake banking page by use by OSX/Dox

The malware then asks victims to login into the fake banking page with their banking credentials and also asks for their mobile number to setup SMS authentication.

Victims are then tricked into downloading a malicious app and the Stack encrypted messaging app.

It is not known why victims are made to download Stack but Check Point researchers speculate that it could be used by the hackers to commit more fraud at later date.

Whatever the goal may be, Signal will possibly make it harder for law enforcement to trace the attacker.

Alternatively, the perpetrator might be using Signal temporarily, to acquire install rate statistics and prove the method is working, while planning to install a malicious mobile application with future victims at a later time.

Unfortunately, the OSX/Dok malware is still on the loose and its owners continue to invest more and more in its obfuscation by using legitimate Apple certificates, Check Point researchers wrote.

The fact that the OSX/Dok is ported from Windows may point to a tendency. We believe more Windows malware will be ported to macOS, either due to the lower number of quality security products for macOS compared to the ones for Windows, or the rising popularity of Apple computers.

Jonathan is our Google Nexus and Android enthusiast. He is also fanatical about football which makes it all the more strange that he should support Stockport County. In addition to writing about tech, Jonathan has a passion for fitness and nutrition and has previously written for one the UKs leading watch and horology websites.

The rest is here:
Apple users warned of dangerous new Mac malware that steals banking credentials - ThaiVisa News

With so much sensitive information on your Android smartphone, security should always be a priority. Malware, theft, physical access to your phone and eavesdropping are just some of the security troubles that youre up against when youre using your smartphone to connect to the internet.

Below are some of our favorite Android security apps that can help manage and deal with the threats to your phone.

As you take your phone with you everywhere, losing it to theft or your own ignorance is not beyond imagination. There are a number of apps that can help you recover your phone or at least make sure that none of its sensitive data falls into the hands of the wrong people.

One of them is Googles Find My Device, a free app formerly known as Android Device Manager. Once you install and activate Find My Device on your phone, youll be able to remotely perform a number of tasks through the apps website. This includes locating your phone, sounding an alarm, or wiping the data altogether in case you become certain that you can no longer recover your device.

Screengrab via Google Play

An alternative to Find My Device is Cerberus, a paid app that adds extra features such as taking pictures and recording audio and video of the device holder, displaying messages that stay on the screen, and remote shell access to your phone.

Screengrab via Google Play

Most people lend their phone to friends, family, or even strangers who want to make a phone call, oblivious to the fact that by doing so theyre temporarily exposing all their sensitive information.

AppLock is an application thatas the name suggestsenables you to lock down various apps. Once you install and activate it, the selected apps will require a PIN code to open. This can protect you against nosy friends and strangers who want to go through your chat logs and photos, or who might want to change your phone settings.

Screengrab via Google Play

READ MORE:

Cybercriminals are always looking for ways to compromise smartphones and remotely steal information. One of their conventional methods for doing so is to install apps with malicious code on their victims phones and use them to exfiltrate sensitive data. Android phones are especially vulnerable to this scheme because, as opposed to iPhone, its easier to install apps on them that havent been published on Google Play store and havent undergone professional vetting.

GlassWire is the best Android security app for monitoring the data usage of various apps installed on your phone in real time. The app lets you see a live graph of your apps data consumption and will alert you when a specific apps data usage spikes. Its a good tool to detect apps that are conducting unusual and suspicious activities.

Screengrab via GlassWire

If youre a regular user of free Wi-Fi in public locations and malls, you should know that theyre riddled with security threats. If youre not wary, malicious actors can intercept your internet traffic and steal your data or alter it. One of the best methods to protect yourself against theft or manipulation of data is the use of Virtual Private Networks (VPN). A VPN encrypts all your internet traffic, making it undecipherable to eavesdroppers. There are a handful of decent free VPN apps available on Android.

For secure browsing, you can also use Orfox, the mobile version of Tor browser. Like its desktop counterpart, Orfox encrypts your browser traffic and deflects it across several nodes before sending it to its destination, protecting you against both local spies and mass surveillance.

Screengrab via Google Play

There are a number of decent endpoint protection solutions available for Android. The best Android security app for this is arguablyAvast Antivirus and Security, a free app that offers an impressive range of security tools and features. Once installed, Avast will provide antivirus protection, monitor your apps for unusual activity and scan URLs for malware.

Avast also has an app locking feature, though it is limited to two apps when youre on the free plan. You can also block certain apps from using Wi-Fi or network, which can be handy for security.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

Read more:
The best security apps to lock down your Android phone - The Daily Dot