In case you use OpenPGP on a smartphone ...

ಚಿರಾಗ್ ನಟರಾಜ್ gpg-users at chiraag.me
Mon Aug 10 16:27:43 CEST 2020 

10/08/20 09:07 ನಲ್ಲಿ, Stefan Claas <sac at 300baud.de> ಬರೆದರು:
> 
> Matthias Apitz wrote:
> 
> > El día domingo, agosto 09, 2020 a las 10:06:13p. m. +0200, Stefan Claas escribió:
> >
> > > > This article showed up today, when I did a Google search again:
> > > >
> > > > <https://tech.firstlook.media/how-to-defend-against-pegasus-nso-group-s-sophisticated-spyware>
> > > >
> > > > Trustworthy source.
> > >
> > > Mmmhhh, it is getting 'better and better' for smartphone users.
> > >
> > > https://www.androidauthority.com/government-tracking-apps-1145989/
> > >
> >
> > One can use a Linux mobile phone running UBports.com (as I and all my family do)
> > or the upcoming Puri.sm L5 (as I pre-ordered in October 2017).
> 
> Yes, people gave me already (not from here of course) good advise for other OSs
> which one can use. The question is how long will those OSs been unaffected ...
> 
> > Stop whining, stand up and fight and protect yourself.
> 
> I am not whining ... I only wanted to let the people know. Also very
> interesting that only one person in this thread replied, besides you ...

I was wary of storing my private GPG keys on my phone (if only because of theft/loss/etc), so I set up my keys on a Yubikey and use that to decrypt stuff on my phone. From what I understand, even if they were to obtain secrets decrypted by the Yubikey or exfiltrate private files, they would not be able to actually decrypt them given that the key resides on the Yubikey (if the private key were on the phone itself, they'd "just" have to crack the passphrase or whatever, which would presumably be much easier...).

Just another way to mitigate the risk of stuff like this.

Sincerely,

Chiraag
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - gpg-users at chiraag.me.asc.pgp
Type: application/pgp-key
Size: 651 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200810/02324045/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 233 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200810/02324045/attachment.sig>

More information about the Gnupg-users mailing list