How to go Ad free and secure your Android device.

Welcome to my first post! I am intending on using this blog to detail how to do things that every day users would want to do with IT software/hardware and other things technology. As this is my first formal blog, please bear with me as I learn how to do it the best way.

Introduction

In this guide I will tell you how to securely disable advertisements and known malware sites on your Android device. Why would you want to block ads on your device? For one this will reduce the used data on your data plan, and some domains that spread malware will be blocked! The application is called DNS66 and it blocks ads by creating a VPN service that directs blocked domains to a ‘localhost’ web address which is on your own device and thus returns no traffic. No rooting or modifying the Android Operating System is required. When a requested website that is on the list requests the IP address to obtain its (remote) data it receives the aforementioned localhost address, this in effect reroutes the traffic internally on your device which is effectively a black hole, thus protecting you from downloading things you don’t want and reducing the traffic over your data connection. This service works over whatever connection you have, and will automatically restart with your phone if you configure it properly.

There are several steps to this process in order to know for sure that you are getting the right software and not loading a piece of malware on your phone. With the recent public release of the CIA’s own hacking tool database, you should be well aware that you do not want to install software from sources you do not trust. This guide will show you how to do this. Once you have done the verification steps for the installed software the first time on your device, you shouldn’t need to do it again, and you can save a copy of your downloaded and verified software and use it again on another device or if you flash your device to factory settings (after you check for updates). You will need to do the first few following steps on a PC (Mac, Linux, Windows).

Before undertaking anything for security on your computer or phone you should make sure that:
  • You are not running an unsupported OS (an OS that no longer receives updates)
  • You have run whatever process to update it fully through whatever mechanisms that are available
  • You have a strong enough password on your computer and phone
  • You have a firewall running on your computer
Doing the basic steps to secure your device and computer should effectively block the majority of hacks.

A discussion on supporting software on your device is not in the scope of the post.
Now let’s start protecting your Android Phone:

Downloading

  • Download F-Droid (this is an Open Source App Store that you will need to get a secure copy of DNS66) from the website below and save it on your computer (not your Android Device)
  • Make sure to get the software AND the gpg key by clicking on:
    • Download apk (for the first one/latest one listed on the website)
    • Click the GPG signature
      • You may be directed to a display of the text of the key, if that is the case
        • Use your browser to Save the file (File > Save on some browsers) as an .asc file in the same location that you saved the Fdroid.apk file. 

MOST IMPORTANT STEP – Verify the software you got was valid

  • You will now verify that the software that you downloaded is the version of the software that the publisher intended you to have. This is the step which you need a computer and the different major OSes are all covered here, just scroll down to which flavour you use:

    • Apple

      • Click the spotlight menu in the upper right hand corner
        • Type “Terminal”
        • Run the Terminal
      • First step is to load the import keys by running the following command (Keyserver MIT)
        • gpg --keyserver pgp.mit.edu --recv-keys 0x41e7044e1dba2e89
          • You should see something like this:

      • Second step is to verify the fingerprint by running the following command
        • gpg --fingerprint 0x41e7044e1dba2e89
          • You should see something like this:
      • Final Third Verification Step is to check the software itself through gpg via the following, please note that you will have to change both the .asc and .apk filename for the version you downloaded! Also we are assuming that you have put both files in your Downloads folder:
        • gpg --verify ~/Downloads/org.fdroid.fdroid_103001.apk{.asc*,}
          or (if you cannot download the key above)
          gpg --auto-key-retrieve ~/Downloads/org.fdroid.fdroid_103001.apk{.asc*,}
          • You should see something like this:

    • Windows (Versions 7 or Later)

      • You need to have GnuPG installed before you can verify signatures. Select the latest version from:
      • Verify the SHA1 hash of the software you just downloaded (or you can try to verify the OpenPGP signature of the file if you want but that is not covered here):
        • Unless you have a dedicated software to validate SHA1 Checksums (Hashes) then follow these steps:
          • You will need to run a few commands from PowerShell
            • To open PowerShell press the following keys:
              • Windows Key + R
              • Type the following into the text box
                • Powershell.exe
              • Hit Enter or OK
          • You will be put in the root of your user folder, make a note of it (shown as youruser below) the prompt should look something like this:
            • PS C:\Users\youruser> _
          • You will first need to locate where you downloaded gpg4win, navigate to that folder, to navigate to the Download folder type the following command into Powershell (replace youruser with your actual username if you are unsure, run the following command to get to your downloads folder)
            • cd .\Downloads 
              • If this is the location you are downloading to, make sure to write the directory down, you will need it in a later step.
          • Get a directory listing by typing in the following and hitting enter
            • dir
          • When you’re in the directory where you downloaded the file run the following command making sure to change the filename for the version you downloaded:
            • Get-FileHash .\gpg4win-2.3.3.exe –Algorithm SHA1 | Format-List
          • Compare the Hash with the one located on the download page shown here next to the version and filename of the one you downloaded (it should be right next to the link you clicked):
          • Your result should look something like this:
      • Install the verified downloaded OpenPGP installer, paying attention to where it installs it on your computer.
      • Since GnuPG for Windows is a command-line tool, you will need to use cmd.exe.  To get it press the following keys:
        • Windows Key + R
        • Type the following into the text box
          • Cmd.exe
        • Hit Enter or OK
          • Once in the Command  Prompt app, get the directory from above and type in the following command to go to the download directory (change the path if your FDroid app was downloaded somewhere else)
            • CD C:\Users\youruser\Downloads
               
      • Unless you edit your PATH environment variable, you will need to tell Windows the full path to the GnuPG program. If you installed GnuPG with the default values, the path should be one of the following, and you can try running the following command from within cmd.exe to test:
        • For 32-Bit Machines:
          • C:\Program Files\Gnu\GnuPg\gpg.exe
        • For 64-Bit Machines (most likely this one for newish machines):
          • C:\Program Files (x86)\Gnu\GnuPg\gpg.exe
      • First step is to load the import keys by running the following command (Keyserver MIT)
        • "C:\Program Files(x86)\Gnu\GnuPg\gpg.exe" --keyserver pgp.mit.edu --recv-keys 0x41e7044e1dba2e89
          • You should see something like this:

      • Second step is to verify the fingerprint by running the following command
        • "C:\Program Files(x86)\Gnu\GnuPg\gpg.exe" --fingerprint 0x41e7044e1dba2e89
          • You should see something like this:

      • Final Third Verification Step is to check the software itself through gpg via the following, please note that you will have to change both the .asc and .apk filename for the version you downloaded!
        • "C:\Program Files(x86)\Gnu\GnuPg\gpg.exe" --verify org.fdroid.fdroid_103001.apk.asc org.fdroid.fdroid_103001.apk
          or if you cannot fingerprint or verify the key above
          "C:\Program Files(x86)\Gnu\GnuPg\gpg.exe" --auto-key-retrieve --verify org.fdroid.fdroid_103001.apk.asc org.fdroid.fdroid_103001.apk
          • You should see something like this:

    • Linux – Ubuntu shown (run all commands without the leading $)

      • First step is to load the import keys by running the following command in the terminal (Keyserver MIT)
        • $ gpg --keyserver pgp.mit.edu --recv-keys 0x41e7044e1dba2e89
          • You should see something like this:
      • Second step is to verify the fingerprint by running the following command
        • $ gpg --fingerprint 0x41e7044e1dba2e89
          • You should see something like this:
      • Final Third Verification Step is to check the software itself through gpg via the following, please note that you will have to change both the .asc and .apk filename for the version you downloaded!
        • $ gpg --verify org.fdroid.fdroid_103001.apk.asc org.fdroid.fdroid_103001.apk
          or if you cannot fingerprint the key above
          $ gpg --auto-key-retrieve --verify org.fdroid.fdroid_103001.apk.asc org.fdroid.fdroid_103001.apk
          • You should see something like this:

Installing DNS66

  • Obtain a file manager to install F-Droid
    • Head on over to the Google Play store and download and install a file manager app
      • ES File Explorer is quite popular and useful
  • Transfer the FDroid App to your phone from your computer
    • You can either do this by USB, or OTG, or Bluetooth file transfer, or DropBox
      • If using the USB Cable that came with your phone:
        • Plug in your phone to your computer
        • When (or if) the USB menu shows in the taskbar select “File Transfer”

        • Make sure the phone is unlocked when you are transferring the file
        • Only Transfer the APK file
  • Temporarily disable the restrictions on side loading apps from “Unknown Sources”
    • Go to Settings and one of (depending on model of phone)
      • More > Security
      • Fingerprints & Security
    • Select to enable to Allow Installation of apps from sources other than Google Play Store as shown below:
  • Head over to your file manager app and run the FDroid App
    • Run ES File Explorer
    • If you saved the file in the internal memory, it will be in ‘Internal Storage’
    • If you saved the file in the SD card, it will be in ‘SD card’
    • Select the folder where you saved the file
    • Click on the apk file, and select install
  • Check for Updates on your FDroid App
    • Open FDroid
    • Depending on your version:
      • Click the Three Dots on the upper Right Corner
      • Click the Settings Gear at the bottom right
    • Select Repositories
    • Click the Update (Circle Arrow)
    • Wait for the update to complete (it should show in the taskbar)

    • If you have this software already check the Updates Tab to see if there are any updates
  • Find DNS66 on F-Droid
    • Click on Latest or Categories and Click the Search button in the lower right corner
    • Type DNS66
    • Select DNS66
  • Install DNS66
    • Click Install
    • Once Installed it’s icon should show up on your phone
  • Enable restrictions on side loading apps
    • Return to the Settings menu and either
      • More > Security, or
      • Fingerprints and Security
    • Scroll down to Allow installation of apps from sources other than Google Play Store and disable it.

Configuring – Required for Disabling Ads

  • First Install
    • The first time you run DNS66 you must update the lists of blocked hosts, click the update button on the top right (the leftmost one)
    • Then while on the Start/Stop tab long tap on the power button to start the service, you should see a key icon on your taskbar
      • You should see a Key icon next to your internet connection
    • Make sure the Automatically Start at Boot is set
  • Configuring Hosts
    • So long as you have the default list rules set on the Domain Filters Tab you shouldn’t need to do anything to just block ads.
    • If you have a webserver, and can generate a hosts file, you could enter that here, and use that hosts file to block those websites.
  • Congratulations! You now are blocking ads, head over to an app that you know has ads (Go to Google Play and My Apps, and under the Open Button of an app it will say “Contains Ads”) and enjoy the ad free and malware protecting experience!

Resolving Known Issues

  • The most common issue is when you notice your phone is no longer blocking ads where it should, and you see the key icon.
    • Find DNS66 app on your phone
    • On the Start/Stop tab long press on the power button to stop the service
    • Click the update button on the top right (the leftmost one)
    • When that completes long press on the power button to start the service


Credits

  • I used the following sites for reference in generating this post:

Comments

Post a Comment