This is part 3 of 3 of my review of the new Blackphone 2 (BP2). In this review, I initially wanted to show you how I setup my Blackphone 2 to be as “private as possible.” I cannot. After fighting with this device for weeks, the total of it is: The Blackphone 2 is not private or secure at all. It is not recommended for Patriots by the Redoubt Darknet project. In part 1 of this review titled Privacy from Whom, I went over what is accepted in the modern cyber security / information assurance community, Google is not a company dedicated to privacy. In part 2 of this review with the slightly click bait title Google takes over Silent Circle, I went over specific examples of how I found Google applications now integrated with Silent OS with the BP2 to be less secure than Silent Phone running on PrivatOS running the BP1. Before writing this review, I even went so far as to send in a Silent Circle Service Request reference #33312. I asked Silent Circle the following questions:
- How do I remove all Google applications from the primary or “Owner” space?
- If I cannot do that, then I would like to remove all of my sensitive Apps from my Owner space.
- I want to remove all permissions from Google applications from the primary or Owner space.
- How do you change the default search from Google to Disconnected or DuckDuckgo.
- I want to remove my Exchange contacts from the Silent Phone application. I do not want those two contact list the same.
What is annoying is that Silent Circle (email only) support has failed to even respond to these questions. They have not said, “…hey we are working on it, get back to you.” Perhaps a “well actually you can’t do that.” Just a black hole. I have tried to work through these questions myself. For example, I have tried removing permissions from all Google applications. Basically, even though I can remove a lot of permissions from Google applications I cannot stop the Google Play Store from running in the Base User Space of the Blackphone 2. Actually, I can, but then it enables itself without my permission. In my second review I showed how this Google application has massive permissions in the Blackphone 2. Without the ability to terminate all Google applications this Google Android phone is harvesting data potentially including all Silent Circle phone calls and texts.
There are so many minor things that make this phone less secure than the BP1. For example, I figured, hey if Silent Phone is now BLOB with Android, I will just use different encrypted solutions from a Silent Space. When I download and add WICKR application from the Google Play Store (it is not in Silent Store for some reason) to the Blackphone 2 and want to add it to a Silent Space that does not have Google, I cannot do it. The Google Android Blackphone 2 will only allow it to run in the Base Space right next to Google Play Store. Isn’t that special? Why? I have no idea, but heck the Spaces is supposed to allow you to put applications in various non-Google spaces, and I could not figure out how to do it.
The way to try this with your own Blackphone 2 is Base Space – Security Center – Silent Space – Edit button which is in the upper right-hand corner. You should see a list of all applications that can be added or removed from the Silent Space. WICKR is not one of them. Callas said in a recent Reddit AMA “Google requires that the default space is the Google space. If you want to be an Official Android Phone it has to come out of the box with the Google Experience. I’m not defending it, but that’s their rules.” Where has Silent Circle put this information out before this Reddit? Why have no other reviewers warned people of this fact? It doesn’t matter how many spaces you make if Google is listening to all of them.
When I stop most Google applications, the Silent Circle updates fail. This suggests that the only way to install Silent OS Security Updates to the Blackphone 2 is somehow integrated into Google ecosystem of applications. That is not secure. Where do you get your security patches from? Google. The answer from Silent Circle support which only has support via email is “factory reset” your phone. Really? This is Enterprise support? When I did that, sure as heck, I could install update 2.0.4, thus it appears that you cannot update Silent OS without Google. When I remove the ability for all Google applications including Google Play to use my microphone, I can make Silent Phone calls, but the other person cannot hear me at all. The list just goes on and on. When I disable most of Google and then use Silent OS Security Center to remove abilities from the the last Google application Google Play store, my phone now overheats very quickly. In less than four hours it drains more than 1/2 my battery. What is Google Play store trying to do that is killing my phone?
I finally found another person that questioned the privacy of integrating Google Android and Google applications on a “Private by Design” phone. The review is at the blog Version2.dk (Germany) and is by Poul-Henning Kamp. The first review is titled simply Blackphone 2 review (1) dated 13DEC2015 and the second review Blackphone 2 review (2) dated 09JAN2015. He then wrote a third review titled Blackphone 2 review (3). In the second review, Poul-Henning finds something very strange. In the Blackphone 2 “private by design” there are many unknown SSL / TLS certifications in the phone. What these allow is secure access to the phone. One of the SSL / TLS certifications simply says “own by Government.” And that is all. No knowledge of which government, government agency or what it is doing. For normal users, by having a “trusted” SSL / TLS certification on your Blackphone 2 an unknown government agency has direct secure access to every Blackphone 2. Private by design?
When Jon Callas one of founders of Silent Circle was running something called an AMA on Reddit and was asked why there is unknown secure governmental access to the Blackphone 2 he responded “BP is an android phone. It’s the most secure (in my opinion) Android phone. We update it fast. We give you virtualization. We even have edited the cert store.” And that folk is most likely the truth. The Blackphone 2 is most likely the most secure Google Android phone. However, we all know that any Google Android phone is nothing more than a governmental spy device in your pocket. How can it be Private by design when Silent Circle does not even know who has secure access to their phone? Jon Callas likes to share how “nice” Google is to work with and how willing they are to listen. You think? Google believes they are ending a branch of Android which was a threat to their business model. They will be very nice to help Silent Circle betray their customer’s privacy.
Over the Blackphone 2.
We have not even started on the really risky things like no StingRay detection even though I have heard that may be coming or the Qualcomm firmware that has complete access to the I/O on the Blackphone 2. That is the second unsecured operating system (OS) running on all cell phones including the BP2. We have not talked about the many “minor” things like Bluetooth keeps re-enabling itself without my permission or knowledge, Google Play Store has the ability to modify permissions without user permission or knowledge. Once again Poul-Henning Kamp alludes to something simliar. There are all types applications that are on the Blackphone 2 “designed for privacy” that we don’t even know what they do. Poul-Henning asks “What the heck is “com.qualcomm.qcrilmsgtunnel” and why does it have Chernobyl permissions to everything including “add voicemail”? Why indeed. There is no detailed technical information on the Blackphone 2 yet you have literally hundreds of reviews saying it is a “more secure” phone.
The Blackphone 1 can still be purchased from third part retailers. It is an under-powered Smartphone but appears to be a good enough platform to run Silent Circle VOIP application more securely than your typical Google Android phone. If you want a more powerful phone or can’t get a BP1 you can actually do this with a full featured Android phone like the Samsung Galaxy. Essentially by making the Blackphone 2 just another Google Android phone, Silent Circle has reduced the business case for its own separate hardware. Just run Silent Circle on a harden Android phone with great hardware. I actually believe you are more secure if you run Silent Circle application on an iPhone / Apple device. Apple does a lot less gathering and selling of user data. If you want to try and harden Android, take a look at Tor’s suggestion for how to harden Android at the post-Mission Impossible Hardening Android. Why do you think Tor suggest making Android private is “impossible?” Perhaps Silent Circle should have asked that question before moving from the BP1 to a Google Android phone. This one article spells out in clear and precise steps the methodology of designing a cell phone to be more private. Read over it and then think, has Silent Circle done anything like this?
Jon Callas says “If your adversary is a nation-state that wants you badly, you have a security problem that mere devices can’t solve.” We do not want you to solve the issue Jon Callas, we want you to help to “whisper” over the Internet. What motivates a lot of individuals and company is the concern of Nation States at various levels, and anyone else monitoring their communications. The Blackphone 2 gives Google unlimited access to the Android phone. Google provides unlimited access to all information it captures from its Android phones to various Nation-States and any one else willing to buy the data.
Silent Circle Blackphone 2 is closely integrated with and dependent on the Google ecosystem is a complete miss when it comes to advancing security and privacy. I am now looking at other phones. As I have pointed out previously the German GSMK CryptoPhones are extremely secure, but I can’t afford them. Perhaps they will send two to me to review. I am also looking at the French Granite Phone and the Chinese Turing secure phone.
Note. I have paid full retail price for my Blackphone 2 and have limited communications with Silent Circle.