Android 4.4.4 "KitKat" hardened binary distribution
This is the Android 4.4.4 "KitKat" hardened binary distribution by Guido Trentalancia for
Sony Xperia E3 mobile phone devices (D2203, D2206, D2243, D2202). It is mostly focused on
security and privacy and it is provided freely to you.
This distribution includes over a thousand fixes to common security vulnerabilities that would otherwise let potential attackers execute malicious and harmful code remotely to obtain sensitive information from the device or, even worse, take complete control of it.
In addition, the following security features and improvements, not available in the original distribution from the device manufacturer, are included in this hardened distribution:
- Security Enhanced Linux (SELinux) is enabled (Enforcing Mode) rather than disabled (Permissive Mode) and uses an updated and customized policy;
- Updated Certificate Authority (CA) certificates bundle: you can then disable unneeded and untrusted authorities in Settings->Security->Trusted Credentials to minimize Man-In-The-Middle (MITM) unlawful Internet traffic interception risks;
- End-to-end encryption for the Web (HTTPS) and other Internet services such as Mail Transport (IMAP/SMTP) using Transport Layer Security (TLS) only, thus disabling the insecure Secure Sockets Layer (SSL) protocol: you can test HTTPS encryption compliance at the following web pages Qualsys, How's My SSL and BrowserLeaks.com;
- Ability to enable or disable the Hardware PRNG (Pseudo-Random Number Generator) for cryptography and other applications: you can read a brief description of the motivation and design principle;
- Revised kernel PRNG (Pseudo-Random Number Generator) providing more entropy;
- Removal of several obsolete, insecure and weak ciphers previously used for encryption using TLS and other protocols;
- Optional browser protection from the CORS Vulnerability: it can be tested using the Google Appspot web page;
- New browser option to disable Third-Party Cookies for increased privacy (you only need First-Party Cookies when logging onto websites): you can test it using the web page of Alan Hogan at github.io (the test requires Javascript and CORS);
- Removal of several other online tracking and identification mechanisms (super cookies) such as TLS Session Tickets and TLS Session Resumption, TLS Channel ID, Shared Dictionary Compression over HTTP (SDCH) information persistance, combined with explicit "Do Not Track" tagging of HTTP/HTTPS requests;
- Countermeasures against Google, Bing, Yahoo! and Yandex tracking mechanisms based upon search query URL-tampering (patch for WebKit on Android KitKat, also available as a patch for the latest WebKit version on any platform);
- New browser option to automatically clear cache and cookies on exit (also clears all Shared Dictionary Compression over HTTP (SDCH) information, see above);
- Stronger GCC stack-smashing protection;
- SELinux confinement of the audio capture device (microphone) to prevent others from turning your phone into a remote listening device (a bug);
- The Android Telephony Provider is forbidden access to the following identifiers which might allow unlawful interception and location tracking by unauthorized parties: IMEI (international mobile station equipment identity) and IMEI SV for GSM, ESN (electronic serial number) and MEID (mobile equipment identifier) for CDMA and LTE: while the aforesaid sensitive unique identifiers are normally used for purposes such as lawful interception and black-listing of stolen phones, they should only be handled by the physical layer hardware and not made accessible to the Operating System, because if the Operating System is compromised, then such unique identifiers might be leaked to unauthorized third parties;
- The Calendar can also be used in local mode, for increased privacy, rather than just in combination with a Google account;
- Light-torch functionality for your own personal safety, when its dark;
- Over 1000 patches to resolve specific security and/or privacy vulnerabilities;
- Many other improvements not related to security or privacy.
In addition to the above mentioned security and privacy features this distribution offers a SMS (Short Message Service) Encryption functionality with automatic self-destroying capability, compliant with the Wassenaar Arrangement and the U.S. Department of Commerce - Bureau of Industry and Security - EAR99 for permitted uses. SMS cryptography is safe for both governments and business or personal users, as it cannot be used to transmit phaedophilic images or other illicit content such as computer viruses and malware. By activating this functionality, you agree to using it only for lawful purposes and not for illicit or white-market drug trafficking, proliferation and related war crimes, including euthanasia crimes: store the destination numbers, including their international prefix, under the "Encrypted SMS" category; using the People application, set your own phone number, including its international prefix, under the same "Encrypted SMS" category; obviously the destination phone numbers must have this distribution installed for encryption to work.
An extensive collection of free applications from various authors is also available: selected binary Android applications
Android is Copyright (C) 2007-2025 by the Android Open Source Project
and is a trademark of Google Inc.
The Linux kernel is Copyright (C) by The Linux Foundation and
others.
Xperia is a trademark of Sony Mobile Communications Inc.
The WLAN firmware image files are Copyright (C) Qualcomm Inc.
Bing is a trademark of Microsoft Corporation.
Yahoo! is a trademark of Yahoo! Inc.
Yandex is a trademark of Yandex Inc.
Additional software parts, modifications, security features and custom
configurations developed by Guido Trentalancia and distributed with
the above binary package are provided as free software in binary form
ony without source code and subject to the following disclaimer and
limitation of liability terms:
Redistribution.
THIS CONTENT CANNOT BE REDISTRIBUTED WITHOUT PERMIT.
Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, SOFTWARE AND/OR CONFIGURATION,
TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED
IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE
PROGRAM, SOFTWARE AND/OR CONFIGURATION “AS IS” WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM, SOFTWARE AND/OR CONFIGURATION IS WITH YOU. SHOULD THE PROGRAM,
SOFTWARE AND/OR CONFIGURATION PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
Limitation of Liability.
IN NO EVENT WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES
AND/OR CONVEYS THE PROGRAM, SOFTWARE AND/OR CONFIGURATION AS PERMITTED
ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM, SOFTWARE AND/OR CONFIGURATION (INCLUDING
BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM,
SOFTWARE AND/OR CONFIGURATION TO OPERATE WITH ANY OTHER PROGRAMS OR
ELECTRONIC DEVICE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
Copyright © 2007-2025 Guido Trentalancia. All rights reserved.