How to secure your Android web browsing

The tin hatters in the audience will already be aware that organised crime syndicates run internet cafés and open wi-fi hotspots as ways to scrape user information and passwords from customers. It’s hard to know if this is true or not, but the monetary incentive for people to ‘listen in’ on public wi-fi networks cannot be denied.

So, if you find yourself needing to use a public wi-fi access point when home or abroad, it makes sense to take the time to encrypt any data travelling across said network, keeping it from any eavesdroppers – both real and imagined.

Follow on to learn about two methods that allow you to achieve this on your Android device.

01-Android-VPN-Menu-AndroidVirtual Private Network (VPN)

By creating a VPN – the same technology used to bypass global entertainment restrictions – you can make your Android device work as if it’s connected to your home wi-fi network – including using its internet connection, and accessing all the services, printers, and shared files that are available on the network – while encrypting all traffic between the device and the VPN server.

It’s worth noting, though, that the download speeds on your device will be limited to the upload speed of your home internet connection – which is pitifully slow on ADSL connections.

You can set up a VPN server in one of two places: either on your router itself (most don’t support this, however), or on an always-on computer. To connect, you’ll also require a static IP address or a service like DynDNS.

Setting up a highly secure IPSec VPN connection on your router is a notoriously difficult task plagued with compatibility problems – I just couldn’t get it to work between my Billion router and my phone. In the end, you may need to opt for the less-secure (but infinitely easier to set up) PPTP. Thankfully, if you choose a strong password (that is: lengthy, not in any dictionary, and using extra characters – a cinch if you use a password manager like KeePass), PPTP is secure enough for your needs. Setting this up on your router is beyond the scope of this article, though, so consult your manual for more info.

02-Android-ConnectingVPNAndroid natively supports both IPSec and PPTP, and setting them up on your Android device is just a matter of heading to the ‘Wireless & networks’ menu in system settings, then choosing ‘VPN’, and ‘Add VPN Profile’. You just need to enter your home IP address and the connection details, then click connect. If you want to make sure that your VPN is always used (and never other connections), choose ‘Always on VPN’ from the menu.

If your router doesn’t support an in-built VPN server, then you need to install one on an always-on PC. I recommend using OpenVPN as it’s broadly compatible, and has both Android and iOS apps for smooth set up on your mobile device.

While there are benefits to running your own VPN, it can be complicated and difficult. There is an alternative, though:

SSH tunnelling

04-SSHTunnel-KeyFileManagerSecure Shell (SSH) is a cryptographic network protocol that allows secure, remote command execution and communication between two computers. If you have an always-on Linux box stuffed in a cupboard somewhere, you’ve doubtless already used SSH to manage it in some way, but you can also set up SSH on Windows through PuTTY or Cygwin.

In addition to sending commands, you can actually use the tunnelling feature of SSH to send almost anything through that secure channel – including an internet connection.

SSH tunnelling on Android requires a rooted handset, but doesn’t require any extra mojo on the server beyond locking down SSH for remote access. Of course, if the server is on an ADSL connection, it will suffer the same speed problems as VPN.

You can actually bypass the speed and security issues entirely by paying for a web host that offers SSH connectivity and tunnelling (via SOCKS). If you don’t already use a web host, you should consider signing up for one (and setting up a personal website or cloud while you’re at it), as they don’t cost very much, and the SSH tunnel justifies the cost. SSH isn’t a standard feature, however, so make sure that your web host not only offers it, but is comfortable with you using it as a tunnel (aka web/SOCKS proxy) – Dreamhost is one such company.

07-SSHTunnel-IndividualProxyAlso, tunnelling will make your traffic look as though it’s coming from your web-host, so websites and streaming services will think that you’re browsing from your web host’s country – handy for streaming Hulu, not so much if you need to access something Australian.

To set up SSH tunnelling on your Android device, download the free SSH Tunnel app by Max Lv from the Play Store, and opening it.

Before flicking the ‘Tunnel Switch’, you first need to enter your connection details, starting with the (external) IP address of the SSH server (under ‘Host’), and the port you will access it from.

If you’re using public key authorisation (you should be), place your private key in /sdcard/sshtunnel and press the three-dot menu and choose the ‘Key File Manager’ and then navigate to and select your OpenSSH key.

Next, enter your username and password/key passphrase, and select the ‘Use socks proxy’ and ‘Global proxy’ options so that all apps and all data on your phone are routed through SSH. If an app plays up, choose ‘Individual proxy’ and remove it from the list.

That’s it! Now you just need to scroll back up to the top of the page, enable the connection and grant Super User access. To check if it worked, type in ‘what is my IP address’ into Google, and make sure that your IP address matches that of the server you connected to.

Third-party VPN secure browsing Android

Like with SSH tunnelling through your web host, there are many third-party VPN providers out there that can provide you with an encrypted connection. For instance, TunnelBear comes with Android an iOS app, and even allows you to choose the country you want to appear to be from – giving you access to foreign streaming services to boot. These are faster, but, obviously, you won’t get access to your home network.

Setting up remote SSH

To gain remote SSH access to your home computer, you’ll need to forward a random port number from your router to port 22 on your computer. I’d also recommend setting up public key authentication and disabling password-only authentication and remote root account access. Some background knowledge is required, but a sample workflow is available at http://kb.mediatemple.net/questions/1626/Using+SSH+keys+on+your+server.

Tor

One other way to make sure that your browsing data is anonymised is to use the anonymising ‘The Onion Router’ network. This is actually fairly easy to set up on Android, as there is a Tor app (and secure Tor browser called Orweb) available for Android. You can learn more (and set it all up) at the Guardian Project.