Forgot your password?
typodupeerror
Cellphones Communications Encryption Handhelds Privacy Security Hardware

Ars Takes an Early Look At the Privacy-Centric Blackphone 67

Posted by timothy
from the all-voice-calls-should-be-encrypted dept.
Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did). PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.
This discussion has been archived. No new comments can be posted.

Ars Takes an Early Look At the Privacy-Centric Blackphone

Comments Filter:
  • by by (1706743) (1706744) on Monday June 30, 2014 @04:06AM (#47348489)
    Obviously, if you're concerned about privacy, you should avoid apps which require location, etc., information. However, it would be neat if you could get PrivOS to spoof things like location (and possibly calls, contact lists, etc.).

    Location information could still be very useful for apps that need it, if you have a sane spoofing policy (either manual or automatic). If you, say, travel to another city for a week, you could have the OS spoof a single location in that city for the duration of the trip. The privacy implications of, "Bob is in San Francisco" are somewhat different than, "Bob is at 14th and Valencia."

    Of course, I didn't RTFA, so I have no idea if something like this is implemented/in the works/impossible...
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      But you give away your location by just connecting to a base station? (if anyone has solutions to this, please share!)

      Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies.

      • by AHuxley (892839)
        Re AC and "Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies."
        Thats the problem. At some hardware and software level all your text entry is fair game to the telco that allows you to connect to their gov granted network.
        You can run all the apps you want but your still walking around with a beacon that has a mic and other neat features to offer any interested city/state/federal/mil/.com
        • by Anonymous Coward

          Access to the mic is "guarded" (*) by the phone's software, which is presumably secure. That's of course a key point, but if the software is leaky, you are going to have lots of other problems.

          (*) I put that in quotes because it's not actually *guarded* by the software, but essentially there is no way for the FBI or anybody else to access the mic *other than* through software/firmware/microcode which accepts a connection from them and routes data from the mic to that connection.

          So -- beacon, yes. With a uni

        • by Anonymous Coward on Monday June 30, 2014 @06:52AM (#47348879)

          The mic is not the main concern. Where I live, it is mandated by law that you have to show national ID card when you purchase any phone, and have the phone no and IMEI numbers associated with you.

          Meaning they are automatically tracking everybody, and indeed the police cameras routinely use cell phone location information (among others) to narrow down the face recognition hits. (Yes, this system exists and is publicly announced).

          It is harder to listen in to the mic on everyone all the time.

      • Therefore, you should always use a tor-like algorithm to connect to the cell tower.

      • by paziek (1329929)
        If there are 3 base stations in your range, then they can triangulate your position. It ain't as accurate as GPS, but can be useful - just check Google Maps with GPS disabled.
      • by sjames (1099)

        The tower knows where you are when the phone part is enabled. Otherwise, it doesn't. You could use an AP at the starbucks to make a VOIP call for example.

    • Take a look at Xprivacy [xda-developers.com]. If you have a rooted android phone you can do that and more today. I think Cyanogenmod also has some sort of permission control built in now. Even Iphone's have basic permissions. The only thing that doesn't is stock Android and Windows.

      Google knows there's a market for it, but they're worried about ad revenue or apps breaking because it would be "too much of a burden" on developers to make sure there apps behave when permissions are denied.

      • by drinkypoo (153816)

        I just use "Fake GPS" on my Android stick and the phone I use around the house for SIP. It uses the simple gmaps interface to let you select a location. Whether you want to lie about your position or just don't have a GPS, it's fairly small and it works.

        Nice heads up on Xprivacy though, I do have xposed on my actual phone, along with a grip of modules. App Settings is a peach.

    • if you're really concerned about privacy, don't use a cellphone. If you're somewhat concerned about privacy, use a dumb phone. Then if you want to play Angry Birds, get a tablet where none of your personal information is embedded.
      • by anagama (611277)

        Does a "dumb phone" exist? Wouldn't it be more accurate to call them weak computing devices with few _user_ accessible features?

    • I love the idea of poisoning "their" databases with bogus info. I used a WiFi app to poison databases at malls that offer free WiFi just to track people (can't remember name)

  • I say XPrivacy (Score:5, Informative)

    by johanw (1001493) on Monday June 30, 2014 @04:19AM (#47348517)

    "PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to"

    Those of us with a normal but rooted Android can do these things already with XPrivacy, an XPosed module. Fine grained control per system call, also for system apps (yes, that includes keeping pre-installed Facebook out of my address book and gps data). And I can choose to simply refuse, or tell it the address book is empty and I'm on the south pole.

    • I didn't know of XPrivacy, I'd like to thank you heartily for mentioning it here! I'm not the kind of person who just installs everything that I come across on my phone and, actually, I only have a small selection of apps installed at all times, but still, should I need something I don't quite trust I would definitely like something like this between my data and the app.

    • As an alternative, both Cyanogenmod and ParanoidAndroid ROMs contain permissions managers. There are more than likely others, but those are two I've used.

      Unless there's some fundamental changes to the OS that isn't included in the press reporting, I'm not really seeing anything that great about Blackphone other than the bundled services. My Nexus 4 has exactly the same protections: Baked-in permission control, including system apps, and VPN connectivity to my home / third party VPN service, or Tor network
  • Gimme a keyboard (Score:4, Interesting)

    by ptaff (165113) on Monday June 30, 2014 @04:59AM (#47348609) Homepage
    All fine, but can they (or someone else) release such a device with a keyboard? the point'n'grunt interface just gets so annoying for serious stuff (ssh with a soft keyboard, you're kidding me, where's the other half of my screen?). I mean this phone is not aiming for the 8-year old brat crowd, unlike most of what's on the market today.
    • Gimme a break. Cell phone makers target most of the market, which ranges from 8 year old brats to serious business users. And now that we have decent touch screens, many people seem to prefer those over physical keyboards that take up a lot of space ("you're kidding me, where's the other half of my phone?"). The idea that serious people want a physical keyboard is something that even people in the Blackberry boardroom no longer believe in. At our firm, BBs disappeared almost overnight as soon as corpora
      • The idea that serious people want a physical keyboard is something that even people in the Blackberry boardroom no longer believe in. At our firm, BBs disappeared almost overnight as soon as corporate mail was made available on iPhone and Android..

        I've seen that too; the mass exodus from BB to iPhone/Android. The full touchscreen was probably the shiny reason to move away; connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch, however. From an IT Administration standpoint, the elimination of the BES because EAS (Exchange ActiveSync) is good enough for maybe 90% of organizations was a primary factor: no more buying extra BES licenses when someone new com

        • by ArhcAngel (247594)

          connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch

          iOS & Android still can't match the BB for email support so I can't fathom what you are talking about here. I have at least six email accounts on my BB and can open them in a consolidated folder or individually. iOS 7 has dramatically improved over previous versions but it's still not on par with BB. I remember my first iOS device and discovering that you couldn't delete a calendar once it had been added to the device even if you deleted the existing email account without wiping the device! I think they

          • connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch

            iOS & Android still can't match the BB for email support so I can't fathom what you are talking about here.>

            That's certainly true now; my new BB Curve has all those features too.

            But I'm talking a few years ago; in the Bold 9000 era. BBOS at that time (4 point something or other) could only do email via BES; one account only and no POP3 / IMAP (unless you had a 3rd party client; even then it got messy because of no unified inbox and increased battery drain). The iPhone with iOS4 and most Android phones at the time could do unlimited email accounts - and iPhone could have multiple Exchange accounts, which was qui

            • by ArhcAngel (247594)

              BBOS at that time (4 point something or other) could only do email via BES; one account only and no POP3 / IMAP

              Perhaps you weren't aware of how to set them up but the ability was there. I had my Yahoo account set up via POP3 on my 7230 with BB OS 4.x in 2004.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Yes, let me buy a security-minded phone then get data into it over bluetooth.

        A secure phone MUST have a physical keyboard.

      • Gimme a break. Cell phone makers target most of the market, which ranges from 8 year old brats to serious business users. And now that we have decent touch screens, many people seem to prefer those over physical keyboards that take up a lot of space

        You know what takes up a lot more space? On-screen keyboards.

    • by Sockatume (732728)

      Take all the existing costs and yield problems of a touchscreen phone, then add a few dozen mechanical parts under a region-specific text overlay, and attach them to that phone with even more moving parts.

      It's probably best for a niche device like this to start off with a design that minimises risks.

    • ssh on an android phone sounds masochistic.

      Get a laptop and tether!

    • by AmiMoJo (196126) *

      You should try using a swipe keyboard. Once you get used to it you won't miss physical keyboards any more. The standard Google keyboard is pretty good and supports swiping.

      • by Sockatume (732728)

        That's not much good when you're pressing special characters and modifier keys all the time. I've hacked together regexes on an iPad before, using my favourite terminal app which brings up a bunch of useful shortcuts to special symbols and the modifiers, but it was still quietly horrific.

        • by AmiMoJo (196126) *

          I think your mistake was trying to do regexes on a device that isn't designed for anything more than email and web browsing. Maybe a Surface would be more suitable?

    • Sounds like you should update your skills, or get a Bluetooth mini keyboard or something. You are not most people. Save your grumpy mood for the wife

  • Binary deliverables does not cut anymore. 100% source like these guys: tearcomm.com

  • by lancejjj (924211) on Monday June 30, 2014 @08:11AM (#47349101) Homepage

    Blackphone is MY only way to go.

    after all, how can I trust anything on any other device? The manufacturers and Google are very much interested in keeping a major part of their official ecosystems CLOSED SOURCE.

    I am putting the keys to my kingdom on them: on-line banking, SSH, VPN, and all sorts of other stuff is accessed by my phone. Just a tiny bit of mystery code could be slurping up all these credentials and key data and storing it on the device... only to transmit it later via covert means (DNS requests or whatever). How do I know this is NOT happening? I don't. I need to have faith in the multitude of vendors and app authors. Vendors that I have no reason to trust.

    Two factor authentication? HA! The second factor is ALSO on my phone. Sorry to say, that's ZERO FACTOR if someone already has code running as root on the device.

    • by Forbo (3035827)
      So wait, is Blackphone open source? I'm not seeing anything indicating that. You state that you can't trust any other device, because it's closed source, but...

      Maybe I'm missing something here.
  • by mitcheli (894743) on Monday June 30, 2014 @08:12AM (#47349103)
    I have to seriously hope that the phone is more than just encryption and access control. What types of intrusion detection does the phone have? What types of behavioral analysis to determine unknown exploit vectors does the phone have? Does the phone have decentralized communication methods? One idea I have pondered but seriously don't have the time to get engaged in is to try an SVOIP concept using peer to peer wifi connections, a mesh network of sorts. If the communications are decentralized and segregated from infrastructure, then you can bypass many of the eavesdropping techniques. If you have some form of behavioral analysis, then you can start to identify techniques to exploit the phone at the operational level. Encryption goes a long way to help, and software based access control at the OS level (assuming it's secure and not hackable) is also a good start. But maleware is getting far more customized and attacks on the platform are getting much tougher to detect on a pattern based methodology.
    • Behavior analysis does not work. Since the attacker has access to the same algorithm they simply can test various methods until they get through, like how spammers use spamassassin to test their spamscore.

  • How can anyone take them seriously when they use proprietary closed source drivers...

    They are just a gimmick.

  • If you want to build good security, you need to know what threats you are trying to protect against: NSA spying? Thieves stealing your financial information? European spying? Chinese industrial espionage? Jealous wife? Corrupt prosecutor? MPAA fishing expeditions? Depending on the threat, the security solutions look rather different. Which of these use cases is the phone actually suitable for?

    And there are plenty of open questions about the security this phone claims to provide. How do we know we can trust

  • Nothing that the article says can't be done with CyanogenMod, except maybe some hardware stuff that seems vague. Just flash your phones with CM, people. (Sent from a z1 compact flashed the day of purchase)

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...