Monday, February 24, 2014

Blackphone: an Android phone that puts privacy first

Blackphone hero
This is Blackphone. It's a smartphone born out of a growing desire for privacy, as months of leaks have proven that agencies like the NSA are monitoring our communications. It runs Android, which many might perceive as a relatively insecure mobile operating system; its makers, however, have made significant changes both visible and behind the scenes. They've relabeled it "PrivatOS."
The Blackphone looks like a fairly standard Android phone. It has a 4.7-inch HD (the exact resolution has yet to be announced) IPS display, a 2GHz quad-core processor, 16GB of storage, an 8-megapixel camera, LTE — pretty much everything you'd want in a smartphone, and very little you wouldn't. Produced by Silent Circle, a company with an existing portfolio of security- and encryption-related software, and Geeksphone, a Spanish hardware startup, the Blackphone claims to be the first smartphone to place "privacy and control directly in the hands of its users." How it achieves this is through a mixture of secure applications and Android modifications that give users more insight into and control over what third-party applications are doing with their data.
Blackphone1_1020
Silent Circle's suite of apps consists of Silent Phone, an app that offers peer-to-peer encrypted VoIP calls; Silent Text, which gives the same level of encryption for messaging; and Silent Contacts, which replaces the stock Android app to safeguard your contact list from apps that may seek to skim your contacts for nefarious purposes. All of the applications are already available for iPhone and Android devices with a paid subscription, and the Blackphone comes with two years of service included.
It's not quite as simple as just buying a Blackphone and suddenly having secure communications, though. Silent Circle's applications can only offer peer-to-peer encryption when you're calling another Silent Circle user, and you need to pay Silent Circle to be a user. To solve this problem, everyone using a Blackphone will receive three extra one-year subscriptions to Silent Circle's services to hand out to friends, colleagues, or family members. After one year the free subscription runs out, and users will be presented with a choice: pay $10 per month to continue using the suite, buy a Blackphone, or go back to regular phone calls and text messages. It's clear that Silent Circle is hoping you'll choose one of the two options that makes it some money.
"It gives the user the chance to choose the level of privacy."
Not all communication needs to be secure. Mike Janke, CEO and co-founder of the company, suggests there are certain calls you'll want to encrypt, but "if you're ordering a pizza or calling your grandma," it's unlikely you'll feel the weight of the NSA on your shoulders. "This is why Blackphone is so unique — it gives the user the chance to choose the level of privacy."
Blackphone1_1020A Blackphone placing an encrypted call to a Samsung Galaxy smartphone.
Silent Circle has also partnered with other security-focused companies to offer a broader range of services. The Blackphone comes with SpiderOak, which provides 5GB of "zero-knowledge encrypted data backup," and Disconnect, a search provider that utilizes a VPN to anonymize internet queries through regular search engines like Google or Bing. Both are subscription services, and buying a Blackphone gives users two years free. After that, it's assumed you'll be looking to buy the latest Blackphone with the latest specifications, which will no doubt come with new subscriptions.
"There's no such thing as an NSA-secure phone."
Is the Blackphone totally secure? No. "There's no such thing as 100-percent secure," explains Janke, "and there's no such thing as an NSA-secure phone. If you have a phone it can always be hacked." People will try to break Silent Circle's security, and the company says it's "not so arrogant" as to think they won't succeed. The company will open source the vast majority of its code for the phone in order for third parties to properly audit its techniques, find holes, and ultimately help to improve the product.
The majority of security and privacy issues with Android smartphone don't come from your calls, texts, or from the operating system itself. They come through apps. The Blackphone, security apps aside, is still an Android phone, and although it will only install Google services like the Play Store if you ask it to, the third-party apps it runs are no different to those on a Galaxy S4 or HTC One. Silent Circle's answer to the Android app problem is a Security Center that gives granular control over what apps can do.
"Normally," explains Toby Weir-Jones, GM at Blackphone, "when you download an app from the Play Store, it tells you all the permissions it wants in a single aggregate list, and you only have the option to accept or decline that list in full." What Security Center does is give users the option to modify every permission every app can take advantage of. You'll be able to set system-wide permissions, like saying "no app can have access to my location data or my contact information," or set permissions on an app-by-app basis. This won't necessarily stop malware or phishing attacks, but if a user is concerned about insecure apps they're free to revoke any permissions they choose. The idea is to neutralize the risk of, for example, an app secretly transmitting data or calling premium numbers.
Blackphone3_1020
The Security Center, which offers granular control over app permissions.
In addition to the Security Center, there's also a Wi-Fi manager that keeps Wi-Fi switched off when you're out of the house or office to stop Wi-Fi-based tracking. There's also a separate tool that sits on the network stack of the phone and blocks a list of known trackers used by companies that target ads at you. It won't block ads from being displayed or cut off a developer's source of revenue, but it will prevent your information from being tracked and sold to advertisers. Silent Circle will obviously need to update this list periodically, but it's confident it will be blocking the vast majority at launch.
Silent Circle wants to "force a rethink of the economics of monetizing personal data in exchange for free services."
There are some apps that will not run when refused certain permissions, Weir-Jones explains, There the user has a choice: give the app full permissions and use it knowing the risks, find an alternative, or reach out to developers and implore them to change their ways. "Longer term that's the hope that we have, that this is going to force a rethink of the economics of monetizing personal data in exchange for free services."
That's a lot of what the Blackphone is about: provoking change. Its makers aren't expecting to outsell Apple or Samsung, or even smaller players like HTC or Huawei. But they see an opportunity to sell a fairly large number of phones. Silent Circle is targeting 10 million sales per year within three years. And although the Blackphone might be "the world's first" privacy-focused smartphone, it almost definitely won't be the last. The company is planning "a whole family of devices" to follow up the original Blackphone, and although neither Janke nor Weir-Jones would confirm it, a tablet is very likely to be one of those devices.
Blackphone6_1020
Preorders start today at $629
For now, though, the focus is on the Blackphone launch. Today it's opening up preorders that'll ship to users in June 2014. In the US, and indeed most of the world, you'll only be able to buy the phone off-contract at $629. Silent Circle believes that's a fair price — it's offering a phone that "competes with the best out there" along with over $850 in services and subscriptions for less than the price of an iPhone 5S. Only the Dutch carrier KPN, which operates its own network in the Netherlands, Germany, and Belgium, will offer Blackphone directly to customers. It's also planning on offering KPN customers without Blackphones access to Silent Circle subscriptions as part of their contracts.
The Blackphone's success isn't likely to hinge on price, specifications, or carrier deals (although the latter certainly won't hurt). Its success is dependent on only one factor: consumer interest. Will enough people be willing to buy a high-end smartphone with the sole purpose of protecting their privacy? Silent Circle thinks so, and so does KPN, but the rest of the world needs convincing.

No comments:

Post a Comment