Anti-snoop Android 'Blackphone' sees the light of day The “Blackphone”, a super-secure Android handset promised to arrive in late June has just made its deadline, with the announcement that the first batch started to ship on the last day of the month. The handset is the brainchild of Spanish smartphone maker Geeksphone and Silent Circle, a secure communications firm founded by …
The Blackphone doesn't come with Google Play installed - http://tinyurl.com/blackpnogplay - so which app store is it designed to look at?
If apps are (as I suspect) by their very nature a security risk, one tends to wonder what the point of the AOSP implementation is at all.
"While PrivatOS is essentially Android, it’s Android without Google—which means no Google Play store and no easy access to Google’s collection of apps.
For many people, this won’t be an issue. I ended up downloading and installing the Amazon App Store app on the Blackphone to get a few of the apps I needed—and doing some clever sideloading tricks to get others installed. The Security Center features allowed me to toggle on and off features in some applications that are more difficult to get to from within the apps’ own settings—for example, I switched off Twitter’s access to location services easily from Security Center when I wanted to post a tweet from an undisclosed location....
PrivatOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks."
http://arstechnica.com/security/2014/06/exclusive-a-review-of-the-blackphone-the-android-for-the-paranoid/3/
You can't achieve security without trust at some level. That's looking at it from the point of view of risk management which is possible, and not full risk elimination which isn't possible.
You can make whatever conclusions you like of the fact Phil Zimmerman is their CEO. He was the author of PGP and faced a grand jury trial many years ago which was eventually thrown out, based on the allegation his authorship and release of PGP contravened export regulations which classified crypto software as equivalent to munitions at the time. You can form whatever opinion you like of Phil's motivations in doing this, and of his ability effectively to select and manage whichever professional engineers he has chosen to collaborate with him on this.
I fear it's very much a legitimate question. I've looked at a number of so-called "secure" setups and I am as yet to be convinced they are what they say they are. I am not implying this isn't a genuine effort, but doing a tech thing and making sure it all stacks up are two separate things. I, for one, would not yet touch it until it had a decent size user base and has gone through two independent audits of people not linked in any way, shape or form to the US. I've already had too many questions during Silent Circle, too many things simply did not add up. As soon as there is any link to the US, you ought to consider it tainted.
They have their Spanish part - get an audit done and a proper risk profile compiled, publicly, and it'll become interesting, but if it doesn't meet Kerckhoff's Principle I'm not interested, and neither should you. Just because they have more money doesn't mean it's secure - only facts and evidence matter.
You can make whatever conclusions you like of the fact Phil Zimmerman is their CEO. He was the author of PGP and faced a grand jury trial many years ago which was eventually thrown out, based on the allegation his authorship and release of PGP contravened export regulations which classified crypto software as equivalent to munitions at the time.
Of course the neat trick there was to publish the source code as a book which was protected by 1st Amendment (and export regulations only covered electronic form). This was then scanned and proofread to make a 100% legal version. I took part in the initial 5.0i proofread effort and I can tell that OCR at the time left fair bit to be desired.
This post has been deleted by its author
There's a simple word for what you listed: risk profile. Security is always a balance between risks mitigated and risks accepted (often that balance is steered by available budget).
Personally, I'm not bothered about physical access. I will not cross a border with a data holding device, we have our own private storage and travel protocol which pretty much prevents a border screening from becoming an issue. Transport security, however, is another matter and ZRTP protected comms is not a bad thing to have - provided it's implemented properly and it's still easy to use.
Not relevant to the phone, but I'm a cinematographer; I have no choice but cross borders with several terabytes of digital cinema data.
As for risk profile, phone falling into unauthorized or unwelcome hands is clearly a high risk; they're very vulnerable to theft - including by less than straightforward phone thieves in the target market for this phone (think corporate espionage, both private and government-sponsored).
Physical access is ALWAYS a risk, and one that can be substantially mitigated very easily by strong whole-disk encryption, with a strong passphrase at boot time - Truecrypt-style. I can't think of a good reason for NOT making that part of the defenses for this phone, but I haven't seen it mentioned in the spec.
So, does it or doesn't it?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
