How To Encrypt All Internet Use On Your Android Phone

When you connect to a public Wi-Fi network, your Android phone is susceptible to the same sorts of attacks as a laptop — as demonstrated by the Android data vulnerability exposed a few days ago. The solution to securing your communication is simple: you have to encrypt it. Here's how to set up an SSH tunnel as a cheap, easy method to encrypt all your Android phone's data.

What you'll need

  • A rooted Android phone: Your phone needs to be rooted in order to be able to make connections through an SSH tunnel. If you haven't rooted your phone yet, and you're willing to take the leap, hit up our complete guide to Android rooting to get started.
  • An SSH server: Ideally this would be rented from a web host online, but it could be any internet-connected computer with an SSH server running, including your home computer.
  • SSH Tunnel (free from the Android Market)

Why use encryption at all? What's an SSH Tunnel?

Normally, you don't need to worry about encryption on your phone because you're already using your carrier's mobile data connection, which in and of itself is pretty secure already, if only because you're the only person using it. The problem arises when you connect to public Wi-Fi. On public Wi-Fi, anybody can listen in on everyone else's web traffic with the right tools, and in doing so, potentially gain access to things like your social networks, your email, or worse.

SSH Tunnelling allows your phone to create a secure, encrypted connection to a server located far away from the public Wi-Fi, and run all your data through that connection (like a tunnel). The Wi-Fi connection you're using may not be secure, but when you're using an SSH tunnel, your data will be.

Step One: Find or Set Up an SSH Server

The first thing you'll need to do in order to use an SSH tunnel, is to find a server to connect to from your phone.

Paying for an SSH Server

By far, the best option is to buy a monthly web host subscription. There are fast, reliable options to choose from for around $US10/month (or even cheaper). See our list of the five most popular web hosts to get an idea of the pricing and options. Any web host will do, so long as it offers SSH access — this is the one thing it must have.

You can find free web hosts, but they tend to be extremely slow and unreliable. There are also "shell accounts", which are basically nothing but SSH accounts on a server; they're cheap, but you're really only saving a couple of dollars compared to the cheaper web hosts, and in my experience they're often not fast enough for our purposes.

You don't need to worry about buying a domain name for your server if you don't want to, since they come with what's called an "access domain". It's basically an ugly URL for your server (an example would be ve.tddlyfzr.vesrv.com), and it's all you need to connect with SSH.

Setting Up SSH on Your Home PC

If you don't feel like paying money for your SSH server, you've also got the option of setting up your own SSH server on your home PC, but it's got major pitfalls that make renting a web host — and spending the cost of two lattes — feel well worth it. When you tunnel through your home PC, the connection speed tends to be dismally slow (all the traffic is going through your home computer, so your speed will bottleneck with the speed of your upload bandwidth), not to mention the fact that the computer needs to be on and connected at all times. You'd also need to set up a service like DynDNS to assign a domain name to your PC and keep track of your home IP address, otherwise you wouldn't know where to connect to while out of the house.

We've got some very in-depth instructions for how to rig your home PC as a media server, which also covers router settings and setting SSH to receive connections. Windows takes a minimal amount of work to install and run SSH, while Linux and Mac should theoretically "just work".

It really is easier and generally better to use a web host if you can. Web hosts have a direct line to the internet, so compared to your home computer, they're incredibly fast, and there's nothing to bother setting up to connect to them with SSH. If, like many Lifehacker readers, you've already got one, then using it won't cost you anything more than you're already paying.

Step Two: Set Up the SSH Tunnel App on Your Android

The free SSH Tunnel app does exactly what it sounds like: creates the encrypted SSH tunnel between your phone and your SSH server, ensuring that all your internet usage is encrypted, even on open, public Wi-Fi networks. Setting it up is easy:

Once you have a server to connect to, simply enter your server's domain as the Host, then enter your SSH username, and your password. Check the boxes that read "Use socks proxy" and "Global Proxy", then flip the "Tunnel Switch" and it connects — dead simple. To make things even easier, the app also has options to reconnect automatically if the connection drops. Now, on all your connections (or just whenever you want to turn it on), all of your Android traffic will be secured, encrypted from prying eyes.

Got a preferred secure usage method of your own? Let's hear about it in the comments.


Comments

    Without wanting to start a debate about the merits of rooting a phone, I'd like to point out that this is not the first time you've provided an article which gives all manner of great information before coming to the requirements that I have a rooted phone.

    The simple fact is that I will not void the warranty on my contracted phone for the simple reason that this is my primary business tool - uh, right after my computer :)

      Recent versions of both iPhone OS and Android include VPN support, just not SSH. A business operator can probably justify the (small) extra cost for a service supported by their device.

      Err, it says you need a rooted phone in the second paragraph. Not exactly a concealed factor!

      Onno and Matthew,

      Encryption For non-rooted phones:

      At the time of this writing, Android actually has a non-functional implementation of PPTP since you cannot connect if encryption is required.

      However, you can still encrypt your Android with an IPSec/L2TP VPN tunnel. https://www.privateinternetaccess.com/

      It's also coincidentally way cheaper and much easier. :-)

    But its good to know that 3G connection is secure. Considering that we don't really want secure connection all the time, whenever I want to check my balance from my bank app I can simply turn the Wifi off and do it over 3G.
    All of us have plenty of un-used 3G quota every month ...

    Good info ... Cheers ...

    Peter makes an excellent observation which I confess I was aware of. The in-built VPN should indeed serve this purpose also.

    Might need to do some research to confirm that it encodes all traffic.

    Also, I realise that the information about requiring a rooted phone isn't hidden, it's just annoying :)

Join the discussion!

Trending Stories Right Now