Blackphone promises complete privacy, but what will it deliver?

Privacy-minded smartphone users, take heed. There’s a new handset coming called Blackphone, and its creators want you to know that it’s being built from the ground up to provide the most secure smartphone experience possible. But will it live up to the hype?

blackphone

The Blackphone team is comprised of some heavy hitters in the digital privacy game. Four key members were part of the crew at Silent Circle, one of the secure email services that shut down last summer due to fears of U.S. government interference.

Hardware expertise is being supplied by Geeksphone, the Spanish firm that offered up the first publicly available devices running Boot2Gecko — the core of the Firefox OS experience.

Blackphone will run a modified form Android they’re calling PrivatOS. Obviously it’s been tweaked with privacy as a primary concern, with support for encrypted calling, messaging, and file transfers. A VPN layer is built-in for increase privacy and security.

Unfortunately, the official website and Vimeo teaser don’t really offer a lot of “meat.” That’s understandable, since the marketing team wants to generate as much buzz as possible — but it would be nice to have a few details cleared up.

For example, as several commenters over at Hacker News have pointed out it’s virtually impossible to build a truly secure phone without addressing the baseband processor and SIM card. They’re two of the biggest weaknesses in our devices.

And then there’s the device at the other end. How, exactly, can Blackphone ensure that a phone call or text message sent to someone with an iPhone or Galaxy S4 is fully secured and private? It seems impossible, and if they’re merely bundling apps to tackle those chores, then… well, users can already install similar apps right now.

We need to see what Blackphone can do before passing judgment, of course. If they can deliver what they’re promising, then this could be a device that genuinely offers privacy-minded smartphones users some much-needed freedom and peace of mind.

  • LittleOtterPaws

    the fact that they went with Android, easily the most insecure OS and not BBOS/iOS/Windows makes me think they are not so concerned with privacy as they are making money. I smell a gimmick.

    • Guest123

      Yeah, BBOS/iOS/Windows are all open source and useable.

      /s

      Including iOS is a list of “secure” operating systems lost you all possible credibility that you gained by having BBOS.

      • LittleOtterPaws

        iOS is obviously not a candidate for their own device, but I meant the porting of services in that case. Regardless, it is far more secure then Android.

        Also, the kind of security they are talking about baking in doesn’t go well with an open source attitude.

      • Guest

        Psst.. stop embarrassing yourself!

      • LittleOtterPaws

        Psst.. how about you actually contribute something to the conversation and attempt to refute my valid point?
        Why pick the least secure OS for a “privacy” phone?

      • Guest

        Aww, alright, I’ll bite.. since you made the accusation (more like marketing FUD really) why do you think Android is the least secure phone OS, and in what way are the others better? specifically.

      • LittleOtterPaws

        Its pretty obvious. Android has the most malware. I could imagine an OS built around basic Linux with basic features just to be a safe-phone but the nature of Android that encourages tweaking and what not makes me think the security features are a gimmick and will likely be no more secure then a Samsung, or BlackBerry, who already take steps to provide security. In that regard my point of this being a gimmick stands up since its not worth the effort to be just as good if not less as the big guys.

      • Guest

        Really? A few misinformed sensationalist headlines is all you’ve got? Well your malware point is like saying all sex is a bad thing because a few people slept with a skank crack whore and now walk like chickens.
        Disable sideloading as a policy in the new Android variant and malware is almost a negligible problem. The “problem” with Android compared to the rest is that it’s easy to sideload – and with that power comes the responsibility to make sure the app is safe. With Apple and others you are caged and have to break into your phone (so you compromise its security) to enable it. The vast vast majority of Android malware incidents are in China, Russia, UAE, Vietnam, because piracy is highest there.
        Of course, these incidents are reported by AV companies, who have a strong incentive to exaggerate the problem. And AFAIK there are no AV products on iOS because Apple doesn’t allow them.
        And lest we not forgot the VERY wide definition in a lot of these malware “reports” – things like ads sourced from a less well known supplier, rather than Google, was once flagged as malware.. or maybe the use of an unencrypted connection – and that’s not the OS’s fault – it’s the app developer’s (ahem, Starbucks iOS app)!
        At the end of the day, if you stick to honest sources for apps the malware risk is negligible. For all the OSes. Android just happens to have 80% of the market so there are more stories about it. There are few WP malware stories, because it only has 2-3% of the market and nobody cares about it.

      • Guest

        Now, the reason Android is best suited for a secure phone.. it’s open source, so it can be browsed for flaws and adapted to a purpose – sideloading can be permanently disabled, custom kernels can installed, since 4.0 there is good SELinux integration (google it, I’m not explaining yet another trivial thing to you) and if enabled (I *think* Samsung Knox may use it) has very fine access control and security.
        The development of Android is also, relative to the others, quite open – Apple et al keep development and operations (malware incidents and statistics) very secret and mystical – but with Android the operations and development are a known quantity.
        Android is also written in a way that supports third party plugins – like arbitrary authentication, encryption, ACL or security. Try doing those things on any of the other OSes.
        Bottom line is, malware is from pirate sources, sideloading can be disabled in this new “secure version” (at the cost of everyday flexibility), there are security hardened kernels, and fine grained access control. There’s even work being done on ARM virtualisation. It’s the clear choice for a secure mobile OS.
        Too bored to go on..
        PS Building a secure phone OS directly on Linux is a good idea, but the OS won’t take off without available apps (and you’d need to develop GUIs, APIs etc), so Android is a better starting point.

      • LittleOtterPaws

        I don’t disagree with any of the points in this post, and you certainly put a lot of effort into this, so I commend you for that.

        For me, bottom line is if it comes with google services enabled. If it does, then its a joke, and if it doesn’t then it has its priorities straight.

      • Guest

        Thanks son, but I don’t need your commendation. And it’s not effort – it’s all common knowledge which I’m sure you’ve come across before and you’d remember if you weren’t biased against Android or easily swayed by baseless FUD.

        Which brings me to your second sentence – I guess malware wasn’t your issue, it’s the Google services. Google services are not Android. You can use an Android phone (even the Nexus range) without a Google account (try that on other OSes and the equivalent SSO!) – you just won’t have access to GMail, Play Store etc.. but the phone will still work, you’ll still be able to sideload apps, to use your office e-mail account, and so on..
        Just ask Amazon.

        Blackphone just has to tighten the restrictions in SELinux – so they’ll break a lot of the older apps in the Play Store – so, they can start an app store of their own with very closely vetted security minded apps.

        One thing I will say against Android (but this applies to most phone OSes) is that the permissions are usually all or nothing.. although this is changing (partial permission revocation was accidentally released in 4.3, and removed in 4.4 until it’s ready for prime time, apparently) – so as long as apps check their permissions at run time and adapt, they’ll be fine.

        So, with that, let’s call an end to this War on Error. Peace out.

      • Guest

        Two days and no answer? Who’da thunk it.

  • Guest

    Using an open source code base like Android is a great idea.. so it can be vetted and fortified.. however, what are they going to do about the closed parts of the system, like the radio firmware?

    • mongrol

      Without completely open firmware it’s dead in the water as a true
      privacy option.

      • Guest

        And I feel stupid now for skipping over mention of firmware in the article. Not sure how I missed it. My bad.