Android 4.4.4 "KitKat" hardened binary distribution
This is the Android 4.4.4 "KitKat" hardened binary distribution by Guido Trentalancia for
the Sony Xperia E3 device (D2203, D2206, D2243, D2202):
This Android distribution is mostly focused on security and privacy and it is provided freely to you, in the hope that amongst other things it will prevent tedious and dangerous electronic "infections"
: if you like it and benefit from using it, I would recommend making a small donation to: International AIDS Vaccine Initiative
. For those of you opposing the use of vaccines or seeking an alternative and immediate kind of protection, I would recommend to read the following resource carefully: Clearinghouse on Male Circumcision
. The total death toll for HIV related deaths so far
recently exceeded 40 millions (compared to less than 7 millions for COVID-19
). It is possible to speed up the move from HIV+ (HIV positive) to +HIV (positive about HIV) !
This distribution includes over a thousand fixes to common security vulnerabilities that would otherwise let potential attackers execute malicious and harmful code remotely to obtain sensitive information from the device or, even worse, take complete control of the device.
In addition, the following security features and improvements, not available in the original distribution from the device manufacturer, are included in this hardened distribution:
- Security Enhanced Linux (SELinux) enabled (Enforcing Mode) rather than disabled (Permissive Mode) and using a customized policy;
- Updated Certificate Authority (CA) certificates bundle;
- End-to-end encryption for the Web (HTTPS) and other Internet services such as Mail Transport (IMAP/SMTP) using Transport Layer Security (TLS) only, thus disabling the insecure Secure Sockets Layer (SSL) protocol: you can test HTTPS encryption compliance at the following web pages Qualsys, How's My SSL and BrowserLeaks.com;
- Ability to enable or disable the Hardware PRNG (Pseudo-Random Number Generator) for cryptography and other applications: you can read a brief description of the motivation and design principle;
- Revised kernel PRNG (Pseudo-Random Number Generator) providing more entropy;
- Removal of several obsolete, insecure and weak ciphers previously used for encryption using TLS and other protocols;
- Optional browser protection from the CORS Vulnerability: it can be tested using the Google Appspot web page;
- Removal of several other online tracking and identification mechanisms (super cookies) such as TLS Session Tickets and TLS Session Resumption, TLS Channel ID, Shared Dictionary Compression over HTTP (SDCH) information persistance, combined with explicit "Do Not Track" tagging of HTTP/HTTPS requests;
- New browser option to automatically clear cache and cookies on exit (also clears all Shared Dictionary Compression over HTTP (SDCH) information, see above);
- Stronger GCC stack-smashing protection;
- SELinux confinement of the audio capture device (microphone) to prevent others from turning your phone into a remote listening device (a bug);
- The Calendar can also be used in local mode, for increased privacy, rather than just in combination with a Google account;
- Light-torch functionality for your own personal safety, when its dark;
- Over 1000 patches to resolve specific security and/or privacy vulnerabilities;
- Many other improvements not related to security or privacy.
An extensive collection of free applications from various authors is also available: selected binary Android applications
The following optional extensions are currently available upon request: SMS (Short Message Service) Encryption (please note that SMS cryptography is safe for both governments and business or personal users, as it cannot be used to transmit phaedophilic images or other illicit content such as computer viruses and malware). Further extensions, functionality or security enhancements and customizations can be developed upon request.
Android is Copyright (C) 2007-2023 by the Android Open Source Project
and is a trademark of Google Inc.
The Linux kernel is Copyright (C) by The Linux Foundation and
Xperia is a trademark of Sony Mobile Communications Inc.
The WLAN firmware image files are Copyright (C) Qualcomm Inc.
Additional software parts, modifications, security features and custom
configurations developed by Guido Trentalancia and distributed with
the above binary package are provided as free software in binary form
ony without source code and subject to the following disclaimer and
limitation of liability terms:
THIS CONTENT CANNOT BE REDISTRIBUTED WITHOUT PERMIT.
Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, SOFTWARE AND/OR CONFIGURATION,
TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED
IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE
PROGRAM, SOFTWARE AND/OR CONFIGURATION “AS IS” WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM, SOFTWARE AND/OR CONFIGURATION IS WITH YOU. SHOULD THE PROGRAM,
SOFTWARE AND/OR CONFIGURATION PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
Limitation of Liability.
IN NO EVENT WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES
AND/OR CONVEYS THE PROGRAM, SOFTWARE AND/OR CONFIGURATION AS PERMITTED
ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM, SOFTWARE AND/OR CONFIGURATION (INCLUDING
BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM,
SOFTWARE AND/OR CONFIGURATION TO OPERATE WITH ANY OTHER PROGRAMS OR
ELECTRONIC DEVICE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
Copyright © 2007-2023 Guido Trentalancia. All rights reserved.