Tags

, , , , , ,

I have written about Silent Circle for many years and the Blackphone since its inception. I am a fan Phil Zimmermann, and of Silent Circle the company and its original owners. I still remember when Silent Circle burned down their own servers rather than receive an NSL and be forced to betray their customers.  I was using PGP back when the Puzzle Palace threaten Phil with jail time for giving away encryption.  Phil Zimmermann and Silent Circle have now fled the United States for Switzerland to escape our American Surveillance state. I have owned a Blackphone 1 and now a Blackphone 2. This is part of a three-part review about the Blackphone 2. The basic premise of these Blackphone 2 reviews is that by integrating the Silent Circle operating system (Silent OS) and Silent Phone application with the Google ecosystem of applications you have significantly reduced privacy, security, and anonymity.

SGP Blackphone (BP1) If you can afford the $650 this is the best option, secure apps on harden OS

SGP Blackphone (BP1) – No Google applications by default

The SGP Technologies Blackphone 1 hardware was significantly under powered by today’s standard.  But the way SGP setup the Blackphone 1 and PrivatOS appears to not dependent upon Google and thus much more private than the way Silent Circle setup Silent OS on the Blackphone 2.  With the Blackphone 1, by default, there were no Google services installed by design on the Silent OS then called PrivatOS. The Blackphone 1 was not connected to Google ecosystem.  PrivatOS was a branch of Google’s Android open source operating system (OS).   With the Blackphone 2, all Google services are installed by default and given extensive permissions on the renamed Silent OS. Most of these Google applications cannot be removed. A few cannot be disabled.  What changed between the Blackphone 1 and Blackphone 2 to convince Silent Circle management that Google had become a more trustworthy company in protecting user privacy?  I find it annoying that none of the many existing Blackphone 2 reviews clearly explain the fact that Google applications cannot be uninstalled from Silent OS on the Black Phone 2. To me, this is a significant difference between SGP Blackphone 1 and Silent Circle Blackphone 2.

In the first part of this review, I document what I thought was commonly known. Google’s Android and other Google applications take as much information from a mobile phone as possible. They do it to sell advertising to any company that will buy it, building a detailed database of each and every user of Android. Under US law, any information they take has no legal privacy protections. All of it can be seized by the US government without court proceedings using National Security Letters (NSLs). Under the “Five Eyes” intelligence alliance that information is shared with the Western world. Thus, the question, if you depend upon Google applications how “private” can you “designed for privacy” phone really be? In this review, I will give concrete examples of what I found setting up my Blackphone 2.

blackphone2-google2

Google search cannot be removed from BP2

Search: With the Blackphone 1 the default search engine was set to Disconnected Search. Disconnected Search is a way to anonymize your web searches but still get Google results. It is so good at making people anonymous using search that Google removed it from their Google Play application store and there is a lawsuit in Europe about it.   In Blackphone 2 your default search engine is Google, and you cannot change it. Even children know that if they don’t want their searches kept forever, and to be “more private” they use a more anonymous search choice like DuckDuckGo. With the recent release of information in a court case where we find Google paying Apple to put their search bar on their phones, you have to wonder what was Silent Circle thinking putting a Google search bar which cannot be changed on a “privacy-focused” Blackphone 2 phone. The Google search bar buried in the Silent OS operating system in the Blackphone 2 cannot be removed or changed. We can mitigate this by using a different search engine with our non-Google browser, but the issues with Google integration gets worse.

Voice: That Google search capability built into the base Owner space of the Blackphone 2 has a little microphone next to it. The reason is that it uses Google’s voice-activated search capability called “OK Google.” This ability allows Google to “listen” to your phone’s in case you want to search with your voice. I have never used it, but it appears to work very nicely. If you open the Blackphone 2, Settings, Language & input under Google voice typing, it is “on” by default. If you look under those settings, you will see “OK Google” detection is on by default. Thus, by default, it appears that Google is already authorized and configured to listen to everything said in the range of a Blackphone 2. Open source advocates who use Chromium the open source version of Chrome noticed that Google was downloading a big hunk of mysterious code (they called a BLOB) that “allows the microphone to use hot words” so that Google was always listening.  They called OK Google the “ease dropping extension” to Chrome.  I consider it the same for Android.

notok-1200The issue is that Blackphone 2 now has Google voice search running on its “built for privacy” phone. First that is creepy in any setting, second it seems not to add to privacy, to give Google the ability to listen to everything spoken near it by default.  Not only does Google listen, it publicly admits to storing the “OK Google request.”  But hey, that is all it stores. Silent Circle appears to know the danger. Silent OS  and the Blackphone 2 warns you if you “allow” an application (like OK Google) to have access to your microphone that it may “…be able to record phone calls which are placed over VOIP systems…”  Guess what calls are placed over a VOIP system on the Blackphone 2? Silent Phone. Why use the Silent Phone application when Google is recording everything you say on your Blackphone 2? Silent Circle is telling people the following:

1. We are telling you that the Blackphone 2 is “private by design.”
2. By default the Blackphone 2 allows Google to have access to your microphone.
3. This “may” enable Google to record your Silent Phone calls.

This becomes much more in focus when you read the Google privacy EULA: “Google says it logs your “phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls” in their privacy policy. It also logs your IP address. But it doesn’t say if this info is recorded for Android users specifically, or if it’s only collected from other services such as Google Voice. And it doesn’t say whether it logs data even if you’re logged out of Android services.” Is Google recording this information about Silent Phone calls and texts? If it does, in my opinion, it would make the entire Silent Phone application essentially useless for “privacy” as the information is being harvested by Google and shared across many Western nations. If it is not, where has Silent Circle said how they are keeping Silent Phone calls and text messages safe from Google and technically explained how they accomplish this?

GoogleSearchBlackhone2

Apparently Google Play Store cannot be removed or disabled on BP2

Silent Store / Google Play Store. I have never had a Google account. What I would love is too load a limited number of applications on the Blackphone 2, thus I was happy when I heard that Silent Circle had the Silent Store. For example, I do not wish to use Google’s Chrome or basic Android Browser, but I want to use anti-Christian bigoted Firefox or better yet Tor Browser.  However come to find out, the Silent Store is part of the Google Play Store. Silent Circle uses the Google Play Store to more “efficiently” distribute their application that has been reviewed. Thus, you must have a Google Account to use the Silent Store.

The permissions the Google Play store demands of the Blackphone 2 are invasive. Google Play store itself harvests data from your phone and reports this to Google regularly.  There was a security analysis report that I read that showed that the Google Play Store harvest more than 30 variables and send them to Google several times a minute.  [Bard Note: I cannot find that article anymore, thus suspect that it has been suppressed by search engines.  If anyone knows any third party security audit of Google Play Store and what information it captures please let me know in the comments below so I can update this post with the link.]  On the Blackphone 2 Google Play demands many permissions including the following:

Read phone status and identity
Send SMS
Detailed location both GPS and network based
Read contents of your SD card / modify contents of your SD card
Create accounts, set passwords, find accounts, use accounts on device
Change network connectivity, full network access, receive data from the Internet, view network connections, view WLAN connections
Run at startup
Prevent phone from sleeping

There are smarter people than who have documented how Google Play Store is not private by design. There are many reports that Google automatically harvests data anytime you install an application and shares it.  When I try to disable Google Play Store on the Blackphone 2, it disables for a quick second, and then re-enables itself without my permission.

blackphone2_engadget

Designed to keep your data private from whom?

Cannot segregate Google. Blackphone 2 uses a technology called Spaces.  This technology is built by a company called Graphite Software.  It is suppose to keep applications completely separate from each other “like having separate phones.”  It is not true visualization as we System Administrators understand VMware and the Hypervisor, but allegedly it is simliar.   Blackphone 2 even has the ability to install a Space without any Google applications which they called a “Silent Space.”  Allegedly Silent Circle had custom hardware built to make this spaces separation even stronger.  Great!  Not so fast.  There is an issue with Spaces as implemented on the Blackphone 2.  Google applications are installed in the primary Owner space, as System Applications in Read Only Memory (ROM) not in a separate, virtualized fire walled Secure Space.  The fact that the primary Owner space has Google applications, including the voice-activated search does not seem very private to me. I do not know how much separation there is in other spaces from applications installed as system applications in the primary space.

“Some police forces, such as those in Michigan, already carry readers that can copy all the files from a smartphone even if it is protected with a password, and that it has been used on motorists stopped for minor traffic violations. The American Civil Liberties Union says such examination amounts to an “unreasonable search”, which would be illegal in the US.” – The Guardian

For example, even though I created a “Silent Space” without any Google Applications and then used my Silent Phone application only in that space when I went back to the primary Owner Space all of my text messages and phone logs were in that space’s Silent Phone.  Thus Google potentially had access to that meta-data, if not the entire phone call.  I had not activated Silent Phone in the Owner Space, it was my desire to separate my private text messages and phone calls from the Space that Google has access too. I found I could not.

google-nsa-grid

All Google applications installed on Blackphone 2

The list of Google issues on the Blackphone 2 goes on.  Google Android stores significant information on the location of your phone in addition to the meta-data of your phone calls. A security research showed that Google by default stores up to 50 cell towers in its local database and transfers that information to Google.  I mean simple things like Google keyboard on the Blackphone 2 is recording everything you type and has Internet access to enable it to send everything to Google.

What is the use of encrypting your phone when Google lives in the same space that Silent Phone lives in and explicitly says it has access to your microphone, and explicitly says it may be listening and explicitly says it will transfer any information requested to the US government upon receiving an email? What is the use of Silent OS and Silent Circle not keeping your meta-data when it has integrated applications from Google which specifically say they keep all the same meta-data? How could Phil Zimmerman an Internet security legend and Silent Circle get into bed with such an anti-privacy company such as Google in such an integrated way? How could no other review (to date) on the Internet document this very troubling integration between a “private by design” phone and Google?  I have reached out to Silent Circle to learn if I do not understand something here.  No one has told me I have anything significantly wrong.

When I spend $800 for a “designed for privacy” phone, I want to decide who it is private from.  The fact that you cannot remove Google applications challenges the entire concept of privacy with the Blackphone 2.  If I would have known the over dependence on Google, I would have consider simply fixing my under powered Blackphone 1. As Silent Circle has Google applications that cannot be deleted, who exactly is Blackphone 2 design to keep your information private from?