Umbrella is an Android mobile app developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email; securely access the internet; plan secure travel; protect their office/home; conduct counter-surveillance; or deal with kidnapping, arrest or evacuation. Once a situation is chosen, the app outlines what to do and what tools to use given your circumstances. This is followed by a simple checklist of recommended actions that can be customised, saved and shared securely. Umbrella’s Feed also provides users with an up-to-the-minute account of potential risks in their chosen location.
Umbrella is designed for everyone (people looking to increase their security, folks living in high-risk areas, regular travellers, business people, techies, journalists, NGO staff, aid workers, human rights defenders, social workers, environmental activists, etc).
However, when we built Umbrella we tried to keep in mind the story of Glen Greenwald and Edward Snowden. Greenwald couldn’t communicate with Snowden at the start because he found it cumbersome to set up encryption (he nearly missed one of the biggest stories of the decade because of this!). Also, when he (and Laura Poitras) travelled to Hong Kong – they didn’t have much knowledge about how to meet securely with Snowden and detect surveillance. This is a common problem for journalists and activists. Umbrella is designed to solve this problem (and others) by having nearly everything they would have needed to know in one place – in their pocket.
Main Parts of Umbrella
Introduction: This is the part the user sees first. It explains briefly how the app works and the basic terms and conditions.
Menu: The bottom navigation menu is the main way for a user to navigate. It lists the feed, forms, lessons (with tool guides), checklists and account.
Feed: The feed contains security feeds from places like the UN Relief Web and the US Centers for Disease Control. You enter your location (and how often you want to be updated). Every a new update is released (e.g a disease outbreak in your location), the information comes up on the dashboard.
Lessons: Lessons are where users can learn about topics and things that they can do to improve their security. Some of the lessons have different levels (Beginner, Advanced, Expert) depending on your needs, ability, and risk. Each module is broken down into sections. At the end of each module is a list of other resources and further reading.
Tool Guides: These are detailed guides about how to use software and apps mentioned in the lessons.
Checklists: Checklists are quick and easy references to help users implement the advice in the lessons. You can tick them off as you complete each item. Items can be edited. You may also create custom checklists. If you start ticking a checklist, you will then see them on the Checklists page. Checklists can also be shared through other apps such as your email.
Forms: Forms allow a user to quickly fill out and share important information about issues such as their travel plan in a high-risk location or report on a digital/physical security incident.
The general flow of lessons is presented in order to replicate the typical way that a user works. Protecting their information -> Communicating with other people -> Arranging and travelling to a location -> Doing their operations and work -> Dealing with personal issues that may arise-> Seeking support if something goes wrong.
These are the lessons currently in Umbrella.
Access your risk
- Security Planning
These lessons mostly cover the security of information that is stored on your computers.
- Managing information
- Protecting Files
- Safely Deleting
- Backing Up
- Protect your workplace
- Workplace raids
These lessons mostly cover the security of information when it is sent or received.
- Mobile Phones
- Making a call
- Sending a message
- Online Privacy
- Radios and satellite phones
- Online abuse
These lessons cover the security of travelling in high-risk areas.
- Protective Equipment
These lessons include topics that may affect you in your work.
- Being followed
- Dangerous Assignments
- Public Assignments
- Public Communications
These lessons cover how to respond to events.
- Sexual Assault
Explains places to get extra help if you have a problem.
These are detailed guides about how to use software and apps mentioned in the lessons. These are the tools currently covered in the tool guide.
- Signal for Android
- Signal for iOS
- Encrypt your iPhone
- k9 & Open Keychain
- PGP for Linux
- PGP for MacOS
- PGP for Windows
- Orbot & Orfox
- Tor for MacOS
- Tor for Linux
- Tor for Windows
- Cobian Backup
Contains explanations of the various terms used in the app.
Explains the licences that we use for and by Umbrella. Also says a big THANKYOU to everyone whose work we built on to make it happen.
Dashboard Feed Sources
These are the sources that we currently include for real-time updated security Feeds. For privacy reasons, users never connect directly to these services. We are always looking for more useful sources that will help users keep updated on the move.
- ReliefWeb / UN: excellent physical security updates that amalgamate information from the UN and various NGOs – though not available in every country
- Foreign and Commonwealth Office: foreign travel advice, consular help and services abroad and document legislation
- Centers for Disease Control: updates on disease and health warnings
- Global Disaster Alert and Coordination System: updates on natural disaster issues such as floods, earthquakes and tsunamis
- US State Department Country Warnings: updates mainly focused on the security situation for travellers and internationals – available for every country
Navigate to the “Account” from the bottom menu. Here you can:
- Modify settings (feed interval, feed location, feed sources, notifications, connections, import data, export data)
- Enable Mask
- Set a password
- Log out
You need an Android phone with a minimum version of 4.0.3 (SDK 15 – ICE_CREAM_SANDWICH_MR1)
Contributing Bug reports
Unfortunately stuff breaks sometimes. If you are in a hurry and have found a code or content problem then please email it to [email protected]. If you have a little more time we generally try to manage any bugs using GitHub. Please search the existing issues for your bug and create a new one if the issue is not yet tracked.
If the issue you have identified is a security risk to users, please read the documentation about our responsible disclosure policy here:
If you wish to contact us via PGP, please drop a mail to [email protected] (2C1D3B4D)
Ideas are powerful things! If you have any about what we could do better or things which you think we should do in the future, please email us at [email protected].
We have a really big development plan of functionality we want to include in the future and are currently in the process of building a way to manage contributions from the open source community. Until we have that up please drop us a mail at [email protected] if you are interested in contributing a specific part of future code. If there is something you want to help out within the interim, then here is some basic advice:
- Fork it!
- Create your feature branch: git checkout -b my-new-feature
- Commit your changes: git commit -am ‘Add some feature’
- Push to the branch: git push origin my-new-feature
- Submit a pull request 😀
Thanks to everyone who has contributed code to Umbrella. It wouldn’t have happened without you.
- Rok Biderman – Security First Lead Developer
- Vesna Planko – Security First Lead UI/UX Designer
- Alex Guerrieri – Security First Developer
- Adam Hani Schakaki – Security First Developer
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country’s laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
See http://www.wassenaar.org/ for more information.