As I write this review, my Facebook wall sits abuzz with consternation from friends and family alike, all of them complaining about the same offense in a rare show of unified ire. Facebook’s recent mandate that mobile users install its Messenger app, with all its Orwellian security permissions, has reignited a discussion more and more common among the general public: in today’s world, how much privacy are we really giving away … and how do we get some of it back?
To answer the latter question, cyber-security outfit Silent Circle came together with hardware firm Geeksphone to produce the Blackphone BP1 – a modern smartphone designed to “put privacy back in your hands.” The device uses a custom build of Android and a special suite of applications to deliver the most security-minded mobile software we’ve ever encountered. For those who put a premium on privacy, the Blackphone offers a combination of options never before seen in the consumer space.
It’s the consumer experience we’re focusing on with this review. While we’ve got a lot of expertise under the Pocketnow roof, we’re not set up to do the kind of technical testing that Ars Technica performed in its own run-in with the device – which we recommend checking out if you want a look into the Blackphone’s back end. Rather, we’re more interested in finding out how well the device works for the layman, the private citizen that makes up half of Blackphone’s target customer base for the version-1 product. (Our two review devices were loaned to us by the fine folks at GSM Nation, whom you should visit if you want a BP1 of your own.)
Regarding Blackphone from this perspective, we’re left with two impressions: 1) there’s never been a smartphone that gives you as many privacy tools as this; and 2) first-generation products, no matter how specialized, will always feel like first-generation products. Join us below, as we explore the world of the secure smartphone in our Blackphone review!
Software · Camera · Performance · Pros/Cons
Blackphone Review Video
Specs & Hardware
It goes without saying that the Blackphone is not the device you buy if you want to stand out. This is one of the most nondescript handsets we’ve ever seen, with even less hardware personality than the BlackBerry Z10 it’s built partly to compete with. Besides a small logo above the aft-mounted speakerphone, there’s positively no adornment on the device’s 8.4mm-thick plastic casing, which is finished in (what else?) matte black.
In the hand, this is a pretty insubstantial handset. Even after popping in the removable 2000 mAh (7.4 Wh) battery, the Blackphone comes in at a featherweight 119g – good news for those who like to travel light, but combined with the ho-hum casing materials, it gives the device a somewhat hollow feeling that belies its tall ambitions. That’s compounded by the thin material of the battery door, which utters the occasional creak when pressing the phone to the ear. Feedback on the power/volume keys isn’t terrific, nor are the viewing angles on the 4.7″ IPS display (720p). There’s nothing that stands out as particularly bad here, but the Blackphone hardware is some of the most forgettable we’ve ever seen. Then again, maybe that’s the point: it adds to the spylike mystique of the whole package.
The device’s processing power comes from a quad-core NVIDIA Tegra 4i running at 2GHz and backed up by a single gigabyte of LPDDR3 RAM, with onboard storage maxing out at 16GB (about 12.8GB of which is user-accessible). There’s a MicroSD card slot for storage expansion and a Micro SIM slot for your mobile carrier of choice. The Blackphone supports GSM, HSPA, and LTE and comes in global (LTE Cat 3 bands 3/7/20) and North American (LTE Cat 3 bands 4/7/17) flavors, meaning you’ll probably have little trouble connecting to AT&T or T-Mobile US here in the States.
The real star of the whole Blackphone concept is the software driving it, combined with the applications bundled in out of the box. The former is a custom-built fork of Android 4.4.2 called PrivatOS; the latter is a mix of native and third-party titles and subscriptions worth almost $900.
Firing up the Blackphone for the first time, it’s easy to mistake it for some type of Nexus prototype. The interface is almost exactly the same as stock Android, right down to the helpful mini-tutorials for mundane tasks like organizing folders and handling notifications. Only the sharp-looking black-and-yellow color scheme and the total lack of Google apps and services tips you off that the Blackphone is something else entirely.
PrivatOS 1.0.2 achieves some of its added security simply by enabling or mandating security features that Android has offered for some time. You’re prompted to set up a PIN or password to lock your device immediately upon first power-on; the more fun (but less secure) unlock options such as facial recognition and pattern unlock are either absent or, in the parlance of PrivatOS, “disabled by administrator, encryption policy, or credential storage.” Blackphone also prompts you to encrypt the entire device on first power-up; this is the same encryption option offered by most Android phones, but the software is much more insistent here than on other devices. That’s a good thing, since encrypting your smartphone is one of the single best ways to keep your mobile data secure.
Our favorite privacy feature baked into the Blackphone OS will be of particular interest to all those Facebook Messenger worriers mentioned in the introduction above. Following the path blazed by Android Jelly Bean and a few custom builds of Cyanogenmod, PrivatOS offers very granular control over how much access third-party apps have to your phone’s software. Upon downloading a third-party title (we prefer the Amazon appstore for this purpose, available here), you’re given the ability to choose exactly which bits of your phone a certain app gets access to. If, for example, you see no reason why a messaging client should be able to access your camera, you can restrict that particular permission while leaving the rest of the app’s functionality intact. And Blackphone’s default settings are, of course, rigorously pro-privacy: when we installed a barcode scanner with the default security parameters, the app wouldn’t function at all because PrivatOS had restricted the app’s camera permissions. Fortunately, it only took a short visit to the Security Center to enable that access so we could scan a QR code – and if we’d wanted to, we could have rescinded that permission again as soon as we were through with our scan.
Silent Circle Suite
Lying atop the baked-in security measures is a suite of apps that, when paired with included service memberships, take this device to the next level of secure communications. Whereas the PrivatOS’s baked-in functionality will still look and feel very familiar to an Android user, firing up any of the Silent Circle apps propels you into a world more befitting a device that calls itself “Blackphone.”
For phone calls too sensitive to go out over the cellular network, Silent Phone stands ready to push your voice through a secure SIP connection. This is a data-based VOIP call that uses ZRTP encryption to ensure that calls to and from other Blackphones (or other Android phones running the Silent Circle app) remain secure, while calls to “non-secure” lines through the Plain-Old Telephone System (POTS) arrive with at least some of their source information masked. For an added level of security –not to mention a degree of badassery– Silent Phone also generates one-time passphrases for use as a manual authentication. You’ll never feel more like a hardcore espionage agent than the first time you start a call to a Blackphone-toting friend with the challenge, “Salt Lake from Boston, secure; authenticate Yankee Foxtrot, over.”
The security doesn’t let up over in the Silent Text hub, which replaces regular SMS messages with an IM-like exchange built on the Jabber protocol. Again, this requires that the receiving party be a paid Silent Circle subscriber with a Blackphone or a compatible device, and again it offers a variety of security tools you can’t find on the conventional equivalent. Messages sent through Silent Text can be set to auto-destruct after a set period ranging from a minute to a day, or deleted manually (from both phones). The screenshot utility is disabled within the app, preventing your messages from being turned against you unless your recipient has a camera handy. The entire app is protected by a separate passphrase, and a persistent toggle lives in the notification shade whenever Silent Text is active, providing a shortcut to quickly lock the entire app if you’re worried about someone imminently nicking your phone.
Both services draw from a central phonebook called Silent Contacts, and all three sit behind the protection of the Silent Circle KeyManager, which holds passwords for the entire Silent suite and can be used to lock or unlock the combined trio all at once. That’s handy, because the Blackphone is so dominated by passwords, PINs, and pass phrases that it’s easy to grow weary of the constant verification challenges.
Other Security Apps and Measures
The above protections alone would be enough to put Blackphone above all others in the “most secure smartphone” contest, but the company didn’t stop there. Also preloaded are tools for protecting (and strategically destroying) sensitive data, including:
- Disconnect Secure Wireless. Provides the ability to encrypt and send all your traffic through a Virtual Private Network.
- SpiderOak BE. An encrypted cloud storage service with accompanying desktop software that uses “zero knowledge privacy” to ensure that not even the hosting servers ever have access to the plaintext data they’re passing.
- Remote Wipe. Allows you to remotely disable (force quit) applications via a web interface if your phone is lost or stolen, causing them to require a password before being restarted. Also provides for total erasure of the device if needed.
- Disconnect Search. Replaces the standard Google search bar on the homescreen with one from disconnect.me, a specialized VPN which serves as an anonymous front-end to Google, Yahoo, DuckDuckGo, and other search engines. This has the effect of masking your searches, IP addresses, and other personal information from search providers and websites which could otherwise log and retain such material for their own use.
Compromises and Vulnerabilities
Security often finds itself at odds with convenience, and with such an elaborate secrecy suite, Blackphone is no exception. The sheer number of passcodes alone will probably be enough to make some privacy proponents second-guess just how much protection they really need: just powering on the device requires passing through three security checkpoints (decrypt storage, PIN unlock, and Silent Circle KeyManager). And it doesn’t really get much easier from there.
The shortcomings don’t stop with pedestrian inconveniences like that, though; some of Blackphone’s biggest features fell short during our testing. Silent Phone offers outstanding vocal clarity when it’s working well, but in our experience (testing it on T-Mobile LTE and a high-speed office LAN) it more often than not suffers from drop-outs, high latency, and even total connection failures. During one particularly frustrating afternoon, the connectivity problems were so bad that Joe Levi and I couldn’t keep a call going even for 30 seconds, despite 90 minutes of trying. We also ran into issues sending media files via Silent Text, and with setting up a Google Apps account to sync properly with the device’s onboard email and calendar apps (which offer no additional security measures beyond the standard Android offerings). User error could well have played a part in that latter failure, but it’s a shame that implementing two-part authentication –a security measure we recommend for all Google Apps users– makes syncing with Blackphone so very difficult.
Finally, much has been made of the recent developments concerning how quickly Blackphone fell to root attempts at DefCon 2014, with a researcher able to obtain root access in less than 5 minutes. Blackphone, for its part, has been very forthcoming about the nature and extent of the issue, running a series of posts on its own blog where it makes the point that “in order to exploit any of the above-mentioned vulnerabilities the end-user would require physical access to the device and then perform the exploit.” How critical you consider this breach will depend on how much –and what sort of– security matters the most to you; it’s outside the scope of this review and mentioned only for the sake of thoroughness (and as an example of how quickly Blackphone’s builders can move to address an issue). Ars Technica has a solid write-up of the implications here.
For a more condensed list of Blackphone’s added security measures, see Joe Levi’s piece on the 10 ways Blackphone keeps you secure.
The Blackphone’s camera is an 8MP autofocus module with a dual-LED flash and a 5MP front-facing counterpart, backed up by the old Nexus-style camera viewfinder from Google. That’s the same software we bemoaned as unintuitive in our Nexus 5 review, and the switch to yellow accents from blue ones doesn’t mask the software’s unfriendliness.
The unpleasantness is magnified by the camera’s incredibly laggy performance, which often stretched startup time to four seconds or more – a pretty big deal when you’re in a hurry to catch that perfect moment. Shutter response and processing are also miserably slow, and the camera’s output is so average that we hesitate to recommend it to anyone serious about capturing good-looking photos or video.
Blackphone made some spec compromises with its inaugural device, reportedly in an effort to get the phone shipped on time for some internal deadlines. The 1GB of RAM certainly isn’t flagship-grade, and the Tegra 4i SoC apparently wasn’t the company’s first choice of processor either. Unfortunately, while we’re always on the lookout for a genuine “specs don’t matter” situation, this isn’t one of them.
The combination of the Blackphone’s custom software and its oddball hardware has resulted in a device that’s moderately responsive at best and flat-out unstable at worst. Keyboard haptics aren’t consistently snappy. Switching between active apps takes longer than on other devices. On one occasion, while using a high-demand app (Spotify) inside a poor coverage area, the Blackphone became completely unresponsive and locked up, flashing its amber notification LED in a distress call until we gave the phone a soft reboot.
In other areas, Blackphone fared slightly better, though almost nothing about its basic functionality stands out. Voice calling over both earpiece and speakerphone is clear enough, if a bit too quiet on each. Sound quality over the included earbuds is fine, though again we could stand for more volume here. Reception seems slightly weak over WiFi but fine on T-Mobile US, our testing carrier of choice for Blackphone because it seems a better carrier candidate for the privacy buff than does AT&T. Fortunately the device comes unlocked out of the box, so the decision is yours to make.
Battery life is better than we expected, given the smallish 2000 mAh power pack: we’ve been able to get roughly the same battery life as on our in-house Nexus 5 devices on average – not bad, considering all the constant sync action the various security features require. We’d still recommend carrying a spare battery or a charger if you’re a heavy user planning to be away from an outlet for a while, though. And be sure not to go to sleep without plugging the phone in: we’ve awoken more than once to find a completely dead Blackphone by our bedside, evidently the result of some software bug that drained it overnight.
+ More security features under one roof than you’ll find anywhere else
+ Included software and services bring excellent value
+ Versatile, plentiful privacy settings
+ Unlocked and contract-free
– Limited hardware, unimpressive build
– Software not always stable
– Limited app ecosystem
– Middling camera
– Many first-generation foibles
Pricing and Availability
The BP1 is available direct from Blackphone for $629, and also from GSM Nation for $599. The device comes in two versions at each outlet: one for North America, the other for “Rest of World.” As noted above, the Blackphone ships with its Micro SIM slot unlocked – meaning activation on AT&T and T-Mobile US should be as simple as swapping in a SIM card.
If you’re trying to make the Scored for Me graphic below line up with our aggregate review score up above, let us save you the trouble: they don’t. And that’s okay. Because the Blackphone is an uncommon smartphone, one which doesn’t line up with our usual scoring metrics. And to an extent, that’s okay too.
The Blackphone BP1 is a perfect example of the first-generation product: full of equal parts promise and frustration, assets and shortcomings. It’s not a phone I’d recommend to power users, social hounds, media mavens, power users, or grannies. As a first-in-class product, it’s not a terribly good smartphone for the “typical consumer.”
But Blackphone exists in part to motivate “typical consumers” to start asking hard questions about how much privacy they’re giving up, and also to answer the important question “what if we didn’t have to?” If Pocketnow had a Privacy meter on the graph below, Blackphone would score very well indeed. Because despite its sometimes-bumpy implementation, no other smartphone offers so many privacy options bundled in a single casing, and no other company gives you so much subscription-based security just for buying a smartphone.
If you’re a technically minded person for whom communications privacy is top-priority, there’s never been anything that’ll fit your needs quite like the Blackphone. If you’re a layman just interested in a little extra security, there are other, better options – at least, until Blackphone BP2 rolls around.
Joe Levi and Adam Z. Lein contributed to this review.