Snowden’s Haven Security App Review

Snowden’s Haven Security App Review

When news broke a few weeks ago that a Snowden-backed security app was out, I was interested. The app, called “Haven” allows you to turn a cheap Android phone into an extremely sensitive alarm system. This offers massive potential for increased physical security; you can leave your stuff in your hotel room with a pretty guarantee that no on is going to get into your room without you knowing about it. With this in mind I started my test of the Haven security app.

What Does the Haven Security App Do?

The Haven security app is an application that access your phone’s camera, microphone, and accelerometer. When activated, it detects sound, vibration, light, and motion. The intent is for you to turn the app on, leave your hotel room (or home or whatever), and be alerted if anyone comes in. When the door is opened the app will detect and record the sound. If the light is turned on the app will detect a change in light. If anyone moves in front of the camera, the app will detect motion and begin taking photographs. All of the detections made by the app can then be forwarded (via SMS or Signal) to your primary device.

The Haven security app is only available for Android phones. This shouldn’t bother you as this is NOT an app you should install on your daily driver. The Haven security app should be installed on a secondary device. Yes, this requires you have a second, “throwaway” device, but I think it is worth it for a couple of reasons. First, if you install it on your primary device, you’re giving an app that hasn’t been audited access to every sensor on the phone, as well as the ability to transmit messages through Signal. I wouldn’t be thrilled about that on my main device. Second, you need this on a second device so you can leave it behind in your home or hotel room. If you have the phone on your person it can’t protect you or your stuff.

Security Concerns

When I initially read about this software I had some security concerns. Anything with Snowden’s name on it is a target to be sure. Also, Snowden is in Russia, so if the Haven security app was actually developed there, I would have some questions about Russian (licit or illicit) involvement. Because this app is used on a second device, I have largely discarded these concerns. The device I installed the Haven security app on (a Motorola Moto G3) contains no personal data whatsoever.

I also don’t carry this phone around with me at all times like my personal device. I can keep this phone in a Faraday cage until I need it. This prevents my location from being tracked if I bring the phone with me on a trip. Ideally, the phone onto which you install the Haven security app will have a removable battery, too. This, in tandem with the Faraday cage, would guarantee that the phone cannot be tracked, and cannot record audio.

Haven Security App

I made only a few tweaks to the phone before installing the Haven security app. The first was to ensure it was fully patched with the latest operating system updates. You should make sure to do this before downloading any applications, especially from repositories like F-Droid. Next, I encrypted the device and gave it a long, strong passcode. If you are going to use this for security, you don’t want someone to be able to come into your room, open the phone, and see that Haven is running and/or delete the files it has captured. Finally, I set the phone up with a prepaid SIM so it could send notifications to my Signal number. With this minimalist setup I was ready to go.

Using the Haven Security App

Installation: The first order of business (after installing the SIM in the phone) was to install F-Droid. Once F-Droid was installed, I went into the app’s options and added the Haven repository. All of this was much simpler and much less intrusive than I expected it to be, and I was able to do all of it without creating a Google Play account. I was up and running within 15 minutes. Unfortunately, installing Signal through F-Droid did require a Google Play account.

I after the phone was set up I began to tinker with the settings. The sensitivity of the microphone and accelerometer (motion detection) are adjustable, but the interface is somewhat confusing. I attempted to adjust both, but after closing and reopening the app the setting was back at it’s default. You are also allowed to select between the front- or back cameras. I chose the forward-facing camera as this one offers the highest resolution.

The next morning I had some errands to run and figured this would be the perfect opportunity to use the Haven security app. I plugged the phone into power and activated the app. For this test I did not enable Signal notifications. When the app is activated you are given a 30-second countdown, presumably to get out of its field of view. As soon as the countdown ends the phone locks and the app is at work, but it gives no indication that it is silently running on the device. I set the phone on the night stand and left. I was gone for about four hours.

Results Collected by the Haven Security App

When I got back I went immediately to the device. Careful not to let my face get into the camera’s field of view, I unlocked the phone and deactivated the app. I opened the results and was shocked to find over 6,700 events! I scrolled for what seemed like 10 minutes and was only about 1/3 of the way down the list when I gave up. Most of the events collected by the Haven security app were motion detection. There was also a good number of audio captures, but they were mostly inaudible to me and must have been sounds like the house’s HVAC system. All of the pictures I bothered to look at were shots of the ceiling, probably taken in tandem with motion detection.

My Assessment of the Haven Security App

I love the concept of this app. The ability to leverage a mobile phone’s incredibly sensitive sensor array (and communication) is powerful. This has the potential to be a game changer in the physical security world. Recording 6,700 results in a four-hour period, however, makes the Haven security app unusable in practice (I’m glad I didn’t get 6,700 Signal notifications!). Not only were these false-positive “events” too numerous to look through, they also nearly filled the storage of the 8 GB phone. For now I consider this app fascinating, but not very useful because of the insane number of false positives. With a little refinement I believe this app will “get there” though, so I will definitely be keeping my eye on it.

Links
Haven: https://guardianproject.github.io/haven/
F-Droid: https://f-droid.org/
Haven F-Droid Repo: https://guardianproject.github.io/haven-nightly/fdroid/repo/

Leave a Reply

Your email address will not be published.