On 22nd December, Edward Snowden (President,
board of Freedom of the Press Foundation) announced a new project called
Haven, which is built in
collaboration between The Guardian Project and
Freedom of the Press Foundation. Haven is an Android
app which will turn any Android phone into a monitoring system to watch over
your laptop, or your house.
The problem Haven is trying to solve is an old one. How do you make sure that
no one is tampering with your hardware (or secretly searching your house) while
you are away? There is no easy and 100% secure solution, but Haven enables us
to see and record what is happening. It uses all the available sensors
including microphones (generally there are 3 of them), accelerometer, and
camera.
How to install Haven on your phone?
I’ve been wanting to try this app for some time, but I didn’t have any old
Android phones. So yesterday, as part of new year celebration, I went and
bought a new Android phone (around $100) to install Haven. But, remember that
Haven can be installed on cheap $50 burner Android phones too (and this is one
of the goal of the project). So, feel free to use whatever is available to you.
The project is still in Beta state, and it is available on Google Play
Store, and
F-Droid store (nightly beta builds). Remember that now
there are fake Haven apps in the Google Play
Store, so check twice before you install. The original app is published by The
Guardian Project.
If you want to use F-Droid like me, add this new a new repository with the
following URL.You can do this from F-Droid settings, in the repositories
section.
https://guardianproject.github.io/haven-nightly/fdroid/repo/
After adding the repository, refresh all the repositories by clicking the
refresh button, then you can install the latest Haven. I have installed the
version mentioned in the following screenshot. Remember that Haven can use
another app called Orbot to provide remote access to the logs over
Tor, but the Orbot from the Play store kept crashing
for me, so I installed the latest Orbot (15.5.1-RC-2-multi-SDK23) from the
F-Droid store. I am using the 0.1.0-beta-7 version of Haven.
Configuring Haven
You start Haven, a greeter window will welcome you. Swipe left to move to the
next windows of the configuration wizard.
In the first configuration window, you will have to setup which noise level
should fire up an alert. This totally depends on where you want to keep your
phone (on watch). You can start with the default value and then tweak it from
there if you’re not getting the alerts you want.
Then you will have to set the motion level. This will detect if someone moves
the phone. For example, if you keep the phone on top your laptop, or a document
file, there is no easy way to access the laptop or document without moving the
phone first.
Next, you can provide a phone number where you may want to receive
notifications, either over SMS or Signal messenger.
After the initial configuration wizard, you can click on the settings button in
the application. The first thing to do here is to set which number Haven should
use to send Signal notifications.
You will need two phone numbers with Signal enabled. One is your primary
number, where you will receive the notifications. You will put this number in
the Notification Number (Remote). The second number is which Haven will use
to send notifications. Put this number to the Signal Number (Local). Best way
is to put the second SIM into the same phone of Haven.
Next, click on the REGISTER button. The Signal app on that
number will receive a verification code over SMS, you will have to enter that
after clicking the VERIFY button.
You can also enable remote access over Tor, just click on the checkbox. This
will open the Orbot app, and then come back to the settings screen after
Orbot connects to the Tor network.
Remember, you can always come back to the settings and change the values as
required. Soon you will find that you will have to do that so that app can
adjust to various environmental noises etc.
How to use the app?
By default the app has a 30 second timer so you can make sure that the phone
is in a stable place, and then click on the START NOW button. When the timer
runs out, the app will start monitoring for any noise, light, movement or
vibration to trigger the alarm.
I kept trying to open the door of my office room without any noise, but the
motion detector always found me entering the room. I kept the Haven activated
and went to sleep in the afternoon. But, first a very loud helicopter, and then
a few super bikes and finally some dogs made sure that the system triggered on
noise in every other minute. So, I had to increase the noise level in the
settings. Though it was fun to hear the recordings on my iPhone, which Haven
sent to me over Signal.
Next time if you start the app, you will find the log entries, and you can
click on the play button at the right-bottom corner to start it again. Below is
a photo taken by the app while I tired to enter the office room.
Can Haven solve all of my physical security issues?
No, but it will record whatever it sees or hears. There are ways to block radio
signals (to make sure that Haven can not send out any notification), but that
is an expensive step for an attacker to make. You can keep the phone inside of
your hotel locker to record if anyone opens up the locker or make it watch your
hallway at the house. Government agencies love to see what is inside of our
computers/house(s), but they don’t like get recorded while doing so.
How can I help?
Haven is an Open Source application, the source code is
hosted on Github. Feel free to
submit issues, write blog posts, make people aware about the application. If
you can write Android code, you are most welcome to submit patches to the
project. Every form of contribution counts, so don’t hesitate.
You can read more about the project in this
post
from Micah Lee.
- Update 2018/01/03: Screenshot of configuration window updated for beta7 release
PHP version 5.5 have reached its 
These versions fix some security bugs, so update is strongly recommended.
Installation : use the 
Running programs as a non-root user is must in security sensitive environments. However, these programs sometimes need to publish their service on privileged ports like port 80 – which cannot be used by local users. Systemd offers a simple way to solve this problem.
