Some have referred to Blackphone as a smartphone for people who are “paranoid”, I don’t see it that way. Blackphone offers something that, as a society, we give away too freely: our privacy.
Many will say “if you don’t have anything to hide, you don’t have anything to worry about”, yet these people still close the door on the stall when using the restroom, and have curtains over their windows to keep people from snooping. That’s what Blackphone does, only for your personal communications. How it does that is a little complicated, so let’s walk through what kinds of security Blackphone provides and how to set it up, as well as what’s not covered.
When you open the box, pop in your SIM and an sdcard if you’d like, followed by the 2,000 mAh LiPo battery. From there, booting up your Blackphone is essentially like any other Android-powered device – with some security-centric nuances.
1. Mandatory Screen Lock
The first difference you’ll likely note is that you cannot continue the device setup without first providing a PIN or password that you’ll use every time you turn on your device. Out of the box, the “None”, “Slide”, and “Pattern” unlocking methods are “disabled by administrator, encryption policy, or credential storage”. “Face Unlock” is nowhere to be found.
This one simple step (that you can do on any Android-powered phone or tablet) is one of the best ways to keep your data safe. You can change the amount of time before your phone automatically locks from “immediately” all the way up to 30 minutes. I set mine at 1 minute, which seems to work best to balance convenience and security for my usage patterns. You can also use the power button to immediately lock your device, or not, it’s up to you.
2. Whole Phone Encryption
Very early on in the setup process, you’ll be asked to “Encrypt your data”. This is essentially the same process that stock Android offers, but presented in a much more visible (and much less “optional”) manner. The battery in our test unit didn’t come charged enough to complete this step out of the box, but allowed us to “skip” the process, assuring us that we’d be reminded to encrypt our device later.
On the surface, encrypting the storage on your device may seem like an unnecessary step, especially since setting up a PIN or password to gain access is mandatory. However, this is likely the single most important thing that you can do to keep your device secure, and answers a concern that we’ve had for a very long time.
The problem has to do with files and the way they’re handled on storage media. When a file is created, an entry is made that points to where the file starts on the storage device. When that file is “deleted”, the pointer to its location is removed, but the data still exists – if you know where to look. Wiping the data takes time, and I/O processes are already somewhat “slow”. Additionally, flash storage has a limit to how many times it can be written, and wiping would reduce that number significantly.
Encrypting your file system solves both issues. When you factory reset your device, if encryption was previously used, the bits on the device are encrypted with a key that was destroyed as part of the factory reset process. This hasn’t wiped your data, but it keeps your data from being accessed by anyone without the original key, which could be even better than, and significantly more secure than wiping.
Storing data in the cloud is extremely convenient, but it’s equally insecure. Here in the States, your cloud storage can be accessed by anyone with a general court order, rather than a Warrant describing the particular place to be searched and the particular things to be seized. Again, the argument of “nothing to hide, nothing to worry about” will be brought up, but we’ve heard reports of government agents who collect and even trade “intimate” photos they’ve encountered during their investigations.
You put frosted “privacy glass” in your bathroom so people can’t watch you shower, encrypted cloud storage is the same thing.
Like Google Drive, Dropbox, and others, SpiderOak makes it possible for you to store, sync, share, and access your data from anywhere. SpiderOak uses a concept called “Zero-Knowledge privacy”, which means the server never knows the plaintext contents of the data it is storing. This ensures your data is “never at risk of being compromised or abused by either internal threats or external hackers”.
Setting up SpiderOak requires a significantly more “involved” process, and cannot be completed without a desktop or laptop computer. Additionally, there is some delay between setting up the desktop client before you can log in with the mobile client. This isn’t explicitly stated, so be patient while the process completes. Once it’s configured, saving and syncing files operates just like you’ve come to expect with other cloud storage services.
Did you know that if you leave your Wi-Fi turned on that you’re feely giving away a uniquely identifying piece of information, and your general location? Yup. Your Wi-Fi radio identifies itself with something called a MAC address, and every wireless access point in the world is actively “listening” for devices to come into range. Most WAPs use that information for what it’s original intent: allowing access via the wireless network. Others, however, are being used to log the MAC address, date, time, and other information of all devices within their reach.
To be clear, not every WAP does this, but as more distributed “hotspot” networks are deployed, many are seeing this as yet another way to sell your information to interested parties.
Smarter Wi-Fi Manager is built into Blackphone and helps to reduce this from happening. Using the IDs of nearby cell towers, this app will either toggle your Wi-Fi on, or off. If you’re near a trusted WAP (one that you’ve connected to before), your Wi-Fi will automatically be turned on when you’re near it, allowing the network to automatically connect. When you leave the area your Wi-Fi is automatically turned off.
In addition to keeping your private information safe from snooping WAPs, this can help with your battery life as well .
Whenever you send data over the air, there’s a possibility that someone is listening in. Your first line of defense is only connecting to trusted wireless providers. This goes for cellular data as well as Wi-Fi, but since it’s easier to setup a Wi-Fi hotspot than a cellular access point, the former is typically of more concern.
The second line of defense is encrypting the wireless connection itself. This is usually accomplished by inputting a password or PIN, or by pressing a button on the WAP to initiate a secure connection. These methods are fairly inconvenient when connecting to a public hotspot, so many of them allow you to connect in the clear. This is obviously not secure, and anyone can “listen in” on your traffic with a laptop and the right software.
Blackphone includes Disconnect, an app and associated service that lets you encrypt all your traffic through a Virtual Private Network. You can toggle this on for “untrusted networks”, or disable it for “trusted networks”, like the one at your home or office.
Blackphone comes with 1GB per month of VPN traffic, but you can upgrade that to unlimited for $3/month or $30/year if you’re in the USA. If you’re outside the States, prices and amounts may vary.
6. Remote Wipe
Google offers remote wiping through the Google Apps package that comes preinstalled on most Androids. GAPPS are absent on Blackphone for reasons that are fairly obvious. To ensure that you can still erase a device if it ever is “in the wind”, Blackphone includes a Remote Wipe service that functions pretty much the same as Google’s, but also includes a “Brace for Impact” function that can “force quit” any apps that you specify. In particular, apps that contain sensitive information and are protected behind passwords can be terminated, disallowing access to them until the app’s password is re-entered on the device. This would prevent someone who’d “acquired” your phone from making encrypted phone calls, sending encrypted texts, or accessing your encrypted address book, for example. All without having to completely wipe the device.
This functionality is protected behind a password, and it’s arguably the most important password for the entire device. It must be at least 12 characters long, and cannot be recovered if you lose it or forget it.
One of the main features of PrivatOS (the variant of Android that runs on Blackphone) is the ability to specify what resources installed apps can access.
Need a barcode scanner? No problem, install it and you’re asked what permissions you want to grant the app – they’re all disabled by default. Since you want to scan barcodes, if you don’t enable access to the camera, it won’t work. For a barcode scanning app, that access to that resource (the camera) should be fairly obvious, but what about some other app that you don’t think should need access to your camera, network, location, contacts, etc.? On Blackphone, those permissions are turned off by default, but can be turned on if you think the app rightly needs them.
8. Secure Contacts
Guilt by association shouldn’t be a consideration, but it often is. To protect your associates from unwanted attention and scrutiny (whether from a law enforcement agency, an embittered ex-spouse, or a former employer) Blackphone offers an encrypted address book. It functions just like the regular contacts app, which is still present, but is protected behind a password, and the contents are encrypted.
9. Secure Texting
Sending quick texts or chat messages is something that has become more popular and commonplace on our smartphones that actually picking up the phone and talking to someone with our voices. Blackphone includes Silent Text, an app which utilizes the Jabber protocol to send truly secure messages to anyone on the Silent Circle network. Unlike SMS, these messages aren’t limited to 160 characters, aren’t sent in plain text, and can include inline images. Conversations or specific texts or images can be set to “self-destruct” after a pre-determined amount of time, just in case their content is extra-sensitive.
Since these conversations utilize peer-to-peer encryption, they’re safe from prying eyes along the way, including anyone that might be watching on the server itself.
For those times when a phone call is more helpful than a text, Blackphone lets you call other users on the Silent Circle network using Silent Phone. Rather than using your cellular voice plan, Silent Phone is a secure Voice Over IP SIP client that’s pre-configured to use the Silent Circle network. As with Silent Text, these conversations use peer-to-peer encryption, so your conversation is secure from your phone to the other party’s phone.
Voice as well as video can be made from the app, but you’ll need a reliable and strong Internet connection to do either.
What’s not included?
Some things that you think might be included, aren’t.
The first thing you’ll find that isn’t there is an app store, most notably the Google Play Store. If you want to install any apps that aren’t pre-loaded, you’ll need to enable the ability to install apps from unknown sources, which you can do in the Security settings. On the surface, you might think this would punch a huge hole in the security that Blackphone offers. To an extent, you’d be correct, but thanks to the very granular App Permissions which you can turn on or off per app, the hole is only as big as you want to make it. We utilized the Amazon Appstore to supply the majority of the apps that we typically use.
Next, there is no secure email client, nor a client that includes PGP or GPG encrypted emails by default. The way email “works” is insecure, and it all has to do with meta-data. In an interview with ZDNet, Silent Circle CEO Michael Janke had this to say:
“We knew that metadata was just as dangerous as email content regardless if the contents of an email are encrypted. Who, when, where, why, the message header, your ISP, what operating system you’re using, geolocating, and who you’re communicating with are all very dangerous bits of data to retain.”
The stock Android email client is included on Blackphone, with the ability to set up an IMAP, POP3, or Exchange account. Just remember, anything you send over email, even if you PGP or GPG encrypt it with a third-party app, is still insecure because of the problem with meta-data.
There’s even more hidden under the covers of Blackphone and PrivatOS, but the items mentioned above should cover what most people need to know. Stay tuned for even more coverage of Blackphone and PrivatOS in the coming weeks here at Pocketnow.
As a final note, our review device comes to us on loan from the good people at GSM Nation, a global smartphone retailer which offers two regional variants of Blackphone for preorder at this page. If you’re jonesing for additional smartphone security right now and you simply can’t wait for our full review, pay them a visit – and tell them Pocketnow sent you.