So I compiled a few apps that even the most paranoid people would feel safe to use. Privacy is mostly enforced through encryption but beware: if you don’t use encryption correctly by e.g. chosing a weak password, it’s totally useless. You can download from Google Play (GP) or F-Droid (FD)
TextSecure encrypts your text messages(SMS) locally. Also, if your partner also has TextSecure, you can encrypt the messages, so not even the carrier could intercept them.
update: No SMS encryption functionality anymore, but this app is now called Signal and can still encrypt the SMS and message database on the phone. For SMS encryption use Silence (GP).
RedPhone is basically an open source Skype replacement with even better encryption. It’s dead simple to use. If a contact in your phonebook also uses RedPhone, you will be asked if you want to upgrade to a secure call.
update: Now merged with TextSecure in the Signal Messenger App.
Google Authenticator (GP)
Whether it’s your bank, your WordPress blog, github, Dropbox or facebook. Two factor authentication with One Time Passwords(OTPs) is getting popular! With this app, you will not only need your password to login, but a code from your smartphone that’s generated and valid for 30 seconds. Just in case your phone gets stolen or lost, make sure to print out extra backup code. Don’t want them laying around your house? Use the next app!
EDSLite works much like Truecrypt/Veracrypt for your computer. You can create containers, where you can store your Pins, Tans, Backup OTP Backup Codes and more. Because TrueCrypt can read those containers you can just save them to your Dropbox and keep them in sync with your computer. If you don’t trust Dropbox, maybe the next app is for you.
update: Use Veracrypt instead of Truecrypt, since Truecrypt is not actively developed anymore. EDS can use both.
ownCloud is an app that works with your owncloud installation. You can download your private cloud and host it from home on a Rapberry Pi or chose a hosted solution in a data center that you trust.
So, from where should you download all these apps? Trust Google or Amazon that the binaries you’re getting are what the developers uploaded? f-droid.org is another alternative app store that you might consider to trust. The apps are all open source and you can probably even get a couple of apps for free that would cost a few cents in the Google Play Store.
Threema is probably the best app available for secure encrypted messaging; it works very much like Whatsapp. The servers are in Switzerland. The only downturn is: it’s not open source. But: you can verify that the encryption works correctly. If you just add a contact with his/her Threema ID, the contact appears read. If you sync your phonebook with Threema(your phone number is only transmitted as a hash) and Threema recognizes a contact, it’s getting orange. And if you meet your contact in person and scan his QR-code, the contact finally turns green. This is the most paranoid messaging app I’ve seen.
k-9 Mail (GP/FD)
If you want to send only encrypted emails, this is for you. Together with the APG app, it’s super easy to send encrypted and receive/decrypt emails.
Built-in Android encryption
With Android 4.x on you can encrypt your whole device. Make sure you chose and remember a good password or PIN.
Evernote is great for keeping your notes in sync. But if you want to keep them secret, you might want to consider using this app. Every entry is encrypted via sqlcipher with AES 256.
- Heml.is looks promising but has been under development for quite some time now. Hope to hear more soon.
- Telegram is another open source messaging app. The encryption only works, when both participants are online, so be careful.
- Droid-Break has a lot more high quality open source apps
GP: Google Play, FD: F-Droid, Pictures from play.google.com