English  |  Italiano 

Android 4.4.4 "KitKat" hardened binary distribution


This is the Android 4.4.4 "KitKat" hardened binary distribution by Guido Trentalancia for Sony Xperia E3 mobile phone devices (D2203, D2206, D2243, D2202). It is mostly focused on security and privacy and it is provided freely to you.

Filename    Size    Signature    Known problems    Notes   
AOSP_KitKat_D2203_07112024.tar.gz    (277M)    GPG signature    list of known problems    LATEST VERSION
AOSP_KitKat_D2203_23102024.tar.gz    (277M)    GPG signature    list of known problems   
AOSP_KitKat_D2203_08092024.tar.gz    (277M)    GPG signature    list of known problems   
AOSP_KitKat_D2203_27062024.tar.gz    (277M)    GPG signature    list of known problems   
AOSP_KitKat_D2203_08052024.tar.gz    (277M)    GPG signature    list of known problems   
AOSP_KitKat_D2203_17042024.tar.gz    (277M)    GPG signature    list of known problems   
AOSP_KitKat_D2203_10042024.tar.gz    (277M)    GPG signature    list of known problems   


This distribution includes over a thousand fixes to common security vulnerabilities that would otherwise let potential attackers execute malicious and harmful code remotely to obtain sensitive information from the device or, even worse, take complete control of it.

In addition, the following security features and improvements, not available in the original distribution from the device manufacturer, are included in this hardened distribution:

- Security Enhanced Linux (SELinux) is enabled (Enforcing Mode) rather than disabled (Permissive Mode) and uses an updated and customized policy;
- Updated Certificate Authority (CA) certificates bundle;
- End-to-end encryption for the Web (HTTPS) and other Internet services such as Mail Transport (IMAP/SMTP) using Transport Layer Security (TLS) only, thus disabling the insecure Secure Sockets Layer (SSL) protocol: you can test HTTPS encryption compliance at the following web pages Qualsys, How's My SSL and BrowserLeaks.com;
- Ability to enable or disable the Hardware PRNG (Pseudo-Random Number Generator) for cryptography and other applications: you can read a brief description of the motivation and design principle;

- Revised kernel PRNG (Pseudo-Random Number Generator) providing more entropy;
- Removal of several obsolete, insecure and weak ciphers previously used for encryption using TLS and other protocols;
- Optional browser protection from the CORS Vulnerability: it can be tested using the Google Appspot web page;
- New browser option to disable Third-Party Cookies for increased privacy: you can test it using the web page of Alan Hogan at github.io (the test requires Javascript and CORS);
- Removal of several other online tracking and identification mechanisms (super cookies) such as TLS Session Tickets and TLS Session Resumption, TLS Channel ID, Shared Dictionary Compression over HTTP (SDCH) information persistance, combined with explicit "Do Not Track" tagging of HTTP/HTTPS requests;
- Countermeasures against Google, Bing, Yahoo! and Yandex tracking mechanisms based upon search query URL-tampering (patch for WebKit on Android KitKat, also available as a patch for the latest WebKit version on any platform);
- New browser option to automatically clear cache and cookies on exit (also clears all Shared Dictionary Compression over HTTP (SDCH) information, see above);
- Stronger GCC stack-smashing protection;
- SELinux confinement of the audio capture device (microphone) to prevent others from turning your phone into a remote listening device (a bug);
- The Calendar can also be used in local mode, for increased privacy, rather than just in combination with a Google account;
- Light-torch functionality for your own personal safety, when its dark;
- Over 1000 patches to resolve specific security and/or privacy vulnerabilities;
- Many other improvements not related to security or privacy.

In addition to the above mentioned security and privacy features this distribution offers a SMS (Short Message Service) Encryption functionality with automatic self-destroying capability, compliant with the Wassenaar Arrangement and the U.S. Department of Commerce - Bureau of Industry and Security - EAR99 for permitted uses. SMS cryptography is safe for both governments and business or personal users, as it cannot be used to transmit phaedophilic images or other illicit content such as computer viruses and malware. By activating this functionality, you agree to using it only for lawful purposes and not for illicit or white-market drug trafficking, proliferation and related war crimes, including euthanasia war crimes: store the destination numbers, including their international prefix, under the "Encrypted SMS" category; using the People application, set your own phone number, including its international prefix, under the same "Encrypted SMS" category; obviously the destination phone numbers must have this distribution installed for encryption to work.

An extensive collection of free applications from various authors is also available: selected binary Android applications




Android is Copyright (C) 2007-2024 by the Android Open Source Project and is a trademark of Google Inc.

The Linux kernel is Copyright (C) by The Linux Foundation and others.

Xperia is a trademark of Sony Mobile Communications Inc.

The WLAN firmware image files are Copyright (C) Qualcomm Inc.

Bing is a trademark of Microsoft Corporation.

Yahoo! is a trademark of Yahoo! Inc.

Yandex is a trademark of Yandex Inc.




Additional software parts, modifications, security features and custom configurations developed by Guido Trentalancia and distributed with the above binary package are provided as free software in binary form ony without source code and subject to the following disclaimer and limitation of liability terms:

Redistribution.

THIS CONTENT CANNOT BE REDISTRIBUTED WITHOUT PERMIT.

Disclaimer of Warranty.

THERE IS NO WARRANTY FOR THE PROGRAM, SOFTWARE AND/OR CONFIGURATION, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM, SOFTWARE AND/OR CONFIGURATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM, SOFTWARE AND/OR CONFIGURATION IS WITH YOU. SHOULD THE PROGRAM, SOFTWARE AND/OR CONFIGURATION PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

Limitation of Liability.

IN NO EVENT WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM, SOFTWARE AND/OR CONFIGURATION AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, SOFTWARE AND/OR CONFIGURATION (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM, SOFTWARE AND/OR CONFIGURATION TO OPERATE WITH ANY OTHER PROGRAMS OR ELECTRONIC DEVICE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.


Copyright © 2007-2024 Guido Trentalancia. All rights reserved.