The “privacy built in by design” Blackphone smartphone has started to ship to customers. While it looks like a good packaged product for individuals who are concerned about their privacy while using their smartphones, but there is something missing.
One of the side effects of the Snowden NSA leaks is it has reminded many individuals of the unfortunate reality that much of the information they input into their smartphones, and other information the phone produces itself, can be tracked without their knowledge or permission. With the publicity engendered by the leaks, two companies, a US company called Silent Circle which develops privacy enhanced communications software and Geeksphone, a Spanish specialty smartphone manufacturer, decided to jointly create SGP Technologies. SGP Technologies is the company behind a smartphone called Blackphone, designed from the ground up to protect an individual’s privacy. It seems that there is enough interest in the Blackphone for the company to claim to have sold out the first production lot of devices at a price of $629.
Some Blackphones have been handed to tech media outlets and the first reviews are coming in (here is one example from Ars Technica. On the whole, the Ars Technia review, with the caveat that they were reviewing a pre-release version of the Blackphone, is positive. While the Blackphone isn’t quite leading edge in typical smartphone technology, this isn’t the reason for people to buy the product. The Blackphone comes with two year subscriptions to several privacy enhanced services, namely Silent Circle’s secure communications service (voice and video calling plus SMS), a virtual private network and browsing anonymization service from Disconnect and a private cloud based data sync service from SpiderOak . On top of these, there are a number of features associated with the phone’s PrivatOS designed to protect the security of data and communications coming from the Blackphone.
We applaud the Blackphone as a credible packaged solution to creating a privacy centric Android phone. While there are ways an individual could set up their Android phone to get much of the same functionality (paywall), the Blackphone is trying to make it easier as a bundled offering. Still, there is one thing which is missing from the Blackphone and that is an easy way for an owner to get secure apps for their phone. Generally, the Google Play app store has a reputation as containing more malware thanother app stores , but even so, the Blackphone isn’t allowed to access the Google Play store. The Blackphone could get apps from the Amazon AppStore but even so, issues have been reported with that store as well.
Of course, what we would like to see is more developers using tools like Cryptanium’s Secure Key Box or Code Protection. Already used in financial and other mobile apps, these tools help individuals protect the private information handled by apps by increasing the security of the apps. For example, apps can hide sensitive cryptographic keys using the white-box cryptography solutions provided by Secure Key Box or the integrity protection mechanisms of Code Protection to avoid malware “copies” of their apps. Combined with encryption of their data streams, app developers could go a lot farther in creating apps a Blackphone owner would feel comfortable in downloading.