Ars Takes an Early Look At the Privacy-Centric Blackphone 67
Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did).
PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.
Apps which require location? (Score:5, Interesting)
Location information could still be very useful for apps that need it, if you have a sane spoofing policy (either manual or automatic). If you, say, travel to another city for a week, you could have the OS spoof a single location in that city for the duration of the trip. The privacy implications of, "Bob is in San Francisco" are somewhat different than, "Bob is at 14th and Valencia."
Of course, I didn't RTFA, so I have no idea if something like this is implemented/in the works/impossible...
Gimme a keyboard (Score:4, Interesting)
Re:Apps which require location? (Score:5, Interesting)
Power and Performance (Score:5, Interesting)
Blackphone is MY only way to go.
after all, how can I trust anything on any other device? The manufacturers and Google are very much interested in keeping a major part of their official ecosystems CLOSED SOURCE.
I am putting the keys to my kingdom on them: on-line banking, SSH, VPN, and all sorts of other stuff is accessed by my phone. Just a tiny bit of mystery code could be slurping up all these credentials and key data and storing it on the device... only to transmit it later via covert means (DNS requests or whatever). How do I know this is NOT happening? I don't. I need to have faith in the multitude of vendors and app authors. Vendors that I have no reason to trust.
Two factor authentication? HA! The second factor is ALSO on my phone. Sorry to say, that's ZERO FACTOR if someone already has code running as root on the device.