One of the more interesting devices here at Mobile World Congress is Blackphone: a pro-privacy handset being developed by Spanish startup Geeksphone, in partnership with U.S. security company Silent Circle using a “security-oriented” Android build called PrivatOS.
“We modified some default behaviours of Android and some security flaws that we found and we call that PrivatOS. It’s just small modifications of the Android core,” said Geeksphone founder and CEO Javier Agüera, demoing the device to TechCrunch.
“For example the default crypto engines — there’s a list of crypto engines that the system by default uses… and in the first version of Android the first option was good enough, then they changed it for something that is terrible. So we reverted that to what it was before.”
“PrivatOS is 100% compatible. It doesn’t create any fragmentation at all,” he added. “Also we made performance improvements.”
The Blackphone will ship in June — with a price-tag of $629 — but the company has already started taking pre-orders via its website, and snagged its first carrier partnership with Dutch mobile operator KPN.
PrivatOS will get direct — and frequent — over-the-top updates from Blackphone, with no carrier bottleneck to negotiate. Which is as it should be; a security-centric phone can’t have users waiting around for a fix to a new software vulnerability.
“This is one of the most important features because if we discover something we will fix it right away,” said Agüera. He added that new PrivatOS features that get developed in future will also be made available to all existing Blackphone users.
The version of the handset on show here in Barcelona is a demo version, with both the handset design and its software set to change before the product ships.
“It’s going to be completely different,” Agüera said, adding that the phone may also get some additional features than those already announced, come launch.
The pro-privacy feature-set that has been detailed so far includes Silent Phone and Silent Text for secure, encrypted telephony and messaging — using Silent Circle’s secure network — so that only you and someone also using a Blackphone or using Silent Circle’s service on another device are privy to the contents of the messages.
Contact data is also protected on Blackphone in the event of the device being lost via a remote wipe feature that does not require a third party cloud service to be involved in the chain. “You have [remote wipe] on other devices but you rely on a third party company with a cloud,” said Agüera. “This company knows where your phone is. We don’t know where your phone is.”
Blackphone does not hold any encryption keys for the secure messaging itself — ergo, it can’t be strong-armed into giving up your secrets by overreaching government agencies since it can’t unencrypt your data. Silent Circle of course shuttered its own email service last August in the wake of the Edward Snowden NSA revelations — saying it was doing so to pre-emptively avoid having to be complicit with NSA spying.
As for local data stored on the phone, the Blackphone user is given the option to encrypt this — an option that is suggested to them right at the start of the device set-up process, underlining the “optimized for privacy” ethos of the whole project.
Secure cloud storage is included in the cost of Blackphone via SpiderOak, one of the partner services bundled with the device. Blackphone buyers get two years free SpiderOak service included.
They also get two years’ of Disconnect (capped at 1GB/month), a secure/non-trackable search product that deploys a VPN to anonymise Internet browsing on Blackphone. Unlimited use of Kismet’s Wi-Fi analyzer product is also bundled into the package. Plus there’s one year of Silent Circle usage to gift to friends/family so you have some people to talk securely with, even if they don’t own a Blackphone.
“Disconnect is a very interesting because, as it’s integrated deep inside you device, it can anonymize all your Wi-Fi browsing and it actually secures the Wi-Fi connection,” noted Agüera, demoing the app running on Blackphone.
“When you click here [to activate Disconnect] everything you do on the Internet goes through a VPN and that affects all the applications on your phone. And we don’t have to root your device or anything, it’s already there. And it’s already enabled for all the applications you will install.”
While normal VPN use slows down a connection, Agüera said the opposite is true when browsing on Blackphone through Disconnect. “What this VPN does is it removes all the crap that the websites put — all the advertising, all the tracking cookies, and it’s faster than a normal connection,” he said.
Notably there’s no ‘Silent Email’ product on the phone. The security of email is clearly problematic at this point. But Agüera told TechCrunch the future intention is for Blackphone to incorporate the open source encrypted messaging protocol currently being developed by Lavabit — under the Dark Mail banner (Silent Circle is a founder member of the Dark Mail alliance).
For now, the focus for Blackphone is clearly on raising the level of privacy the average user experiences by making a suite of security features more accessible and visible to the user. By, for instance, foregrounding switching on local storage encryption by making it part of the set-up mix.
“Blackphone is meant for people from all walks of life who are concerned with privacy,” said Agüera. “It can be very expert people but it can be not so expert people. It can be normal users from the street, or politicians or whatever.
“There’s an activation wizard so that when you take your device out of the box you’ll configure the device as a security expert will do but in a very easy, simple way.”
The activation wizard gives the user a short intro on Blackphone’s pro-privacy ethos, before diving into the set-up process proper — kicking off by requiring them to use at least a PIN or a password to secure their device. Users will also be told how secure their password choice is.
After this, the encryption option is offered which, if selected, secures data stored locally on the device — with the key being the PIN/password the user previously selected.
Access to/activation of the Blackphone’s bundled third party security services is done by the user scanning a QR code to provision the licenses for those services. Blackphone users can also choose not to use these bundled services, if they prefer.
Blackphone owners need to provide a username and email address during the set-up process, which Agüera said is “the only information we keep from you”.
“We keep your nickname [username], which is not your real name unless you want to, and that’s the only information we will ever have about you. If you ordered online or in a shop we will have your shipping details but once we give those to the shipping company we delete that data.”
Agüera argued that the set-up process, which takes less than five minutes, already puts the Blackphone user in a far more secure place than the average smartphone user. “You have taken some steps that 99% of users don’t make — like encrypting the whole file system,” he added.
PrivatOS continues works in the background to push its security-focused agenda, configuring the device with optimal security settings and flagging up app insecurities to the user.
“We’ll disable that you can install apps from non-trusted sources by default, we won’t let you connect to an open network when you’re configuring — we’ll remind you that you need to be using a secure connection. We’ll establish firewall policies,” noted Agüera.
Users are still free to do less-than-secure things on Blackphone, if they choose — such as download Google apps which are obviously going to try to harvest their data. But the phone will at least raise a flag about certain types of apps and services.
“The point of Blackphone is giving you information and choice,” said Agüera. “The point is making a phone that you can use. You can download Angry Birds and we’ll tell you what are the risk you’re taking, what does the Angry Birds application do and then you choose.”
More granular security information is pushed to Blackphone users via a Security Centre hub on the phone. This includes updated briefings on recommended best practices for privacy and security. But the main feature is analysing individual app behaviours to see what they’re accessing, and to give users the ability to block certain actions for individual apps.
“It’s not the permissions that the application says it will do… we actually analyse the application,” said Agüera. “So when you configure your device for the first time we analyse all the default apps so it’s ready to use when you turn it on.”
For example, via the Security Centre, a user can go to a location tab and see all of the apps that use location and then turn off their ability to use personal data, or to harvest your Wi-Fi information.
“As an example, if you go to a sound recorder app you’ll see it records audio. That makes sense. But it also accesses the Internet. ‘Why should a sound recorder access the Internet? I don’t want that. Switch it off’,” explained Agüera. “Some apps may not work after you do this. We’ll tell you — we’ll say ‘ok, this game that you downloaded, it accesses your contacts list — if you turn it off, it’s not going to work. What do you want to do? Uninstall it or not — it’s up to you.”
He also pointed out that some companies are doing Wi-Fi tracking of mobile devices to identify repeat visitors to a particular location, for instance. This can be used, in one example, by coffee shops and restaurants to track visitors and figure out what food/drinks to offer them, based on what they ordered elsewhere.
But it can also have less beneficial, more creepy uses to mobile owners — so Blackphone has incorporated a technology into its device that knows when to kill the Wi-Fi to protect the users’ privacy.
“Imagine you go to an investment bank for a job interview — what will you think if the person who’s interviewing you knows that you also make the same interview at a competitors’ bank a few streets away?” he said.
“That’s a bit creepy and with this technology… developed [by Kismet creator Mike Kershaw] specially for the Blackphone it takes control of the Wi-Fi chip, it learns where your safe locations are — home and work normally — and when you leave your home.. if you’re not in a safe environment it will switch the Wi-Fi off.”
If you use an open Wi-Fi network somewhere — such as at a coffee shop — that location will still be able to gather data on you at this point, but Agüera said Blackphone is working on techniques that will effectively cloak your presence by randomizing the parameters that they use. “So even if they detect you, the next time they detect you, you’ll be a different person,” he added.
As for the security of the mobile chipset hardware inside the Blackphone itself, that layer is out of the company’s hands to a degree. However Blackphone general manager Toby Weir-Jones told TechCrunch that it doesn’t currently know of any backdoors in the chipsets it’s using, and if it finds any it will commit to telling Blackphone users.
Of course the Blackphone is not ‘NSA proof’, as Weir-Jones reiterated. “Bad guys wanting to talk to each other probably shouldn’t be using a phone at all,” he said.
But he described security as a spectrum — and said the level of privacy protection Blackphone affords its users is far greater than what the average smartphone user can expect.