Smartphones sure are handy. They come with all the functionality one could want from a device – constant internet connection, web browsing, all you favorite social media pages, a camera, map apps that help you find your way. What else could one want? Well, privacy and security. Each of the beforementioned Android functionalities comes with a set of vulnerabilities and expands the device’s attack surface. Here’s why you might be better off without them.
The main thing is that the more connected a device is, the more doors it has for attackers. USB and Bluetooth could be such points of entry, as well as browsing the Internet, installing (potentially malicious) apps, using social media, etc. Our goal when designing Secure Phone was to create a mobile device with a zero attack surface. The first step was to identify the weak links, and the second was to go deep into the code that makes the device work and surgically remove them.
How we modified Android's kernel?
Remember when Mark Zuckerberg taped his laptop’s camera and microphone jack? Or when an art student planted spyware on his phone, had it stolen, and then made a movie out of what the phone recorded in the thief’s hands? The thing is, unwanted software may always find its way on your phone. And if you want it not to be able to exploit your device, certain things on the latter better be turned off.
This is why when we were designing Secure OS, the Android-based operating system which Secure Phone uses, we tweaked its kernel. The latter is the part of the operating system which contains the drivers for the different pieces of hardware. We took out the drivers for USB (which is an easy way to the device), Bluetooth (which could be used in a similar way), Wi-Fi (which is inherently unsafe; a hotspot could act as an IMSI-catcher and let attackers intercept your communications), etc.
If you do want to use these things, you can reinstall the drivers via the Secure Administration System (SAS), a MDM used to manage Secure Phone. You can also remove (or reinstall) the drivers for the camera, near-field communication (NFC) and anything else you might be concerned about. Control is in your hands, not those of hackers.
Why we cleaned up the application framework?
This is a software library that provides the support for different functions developers include in apps – shared code that different apps use. For example, the telephony manager is the part of the application framework that gives apps access to information about the telephony services on the device – what is the device’s IMEI, SIM serial number, the version of software it uses, whether it is in roaming mode or not, etc. Service providers need that info to identify handsets and make phone calls possible. Every app that lets you make calls over the operator’s network via SIM uses the telephony manager.
As you probably have noticed, though, it gives away a lot of information about the device. If intercepted (for example, with an IMSI-catcher), the IMEI could potentially be used to make it appear so that calls made from another handset came from your device. This is why criminals steal them. And also why we disabled the telephony manager on Secure Phone, while leaving the option for calls to be made only through our encrypted VoIP app, Secure Voice.
For similar reasons, we removed the location manager (you don’t want to get tracked, do you?) and notifications manager. We also customized the content provider in the application framework so every app can access only its own application package – contacts info stored in one app stays there and is off-limits to other apps.
No bloatware, no third-party apps
Android phones usually come with a lot of bloatware – proprietary apps by the phone manufacturer that provide basic functions like email, camera, Internet browsing, etc. The user cannot uninstall these apps on a regular Android phone. And just because they are made by the company that made your device, doesn’t mean the apps don’t send your info to the company’s headquarters.
As noted, we removed certain drivers from the OS and parts of the application framework, so most regular Android apps wouldn’t even work on Secure Phone. We removed them too. Then we installed our proprietary suite of apps that allow you to communicate securely over email, chat and VoIP, monitor your device and act as its antivirus, let you wipe all data at any time, etc (you can read more here).
We also removed the option to download any third-party apps such as social media (Facebook itself is a big privacy concern), messengers, games, browsers, and so on. If the user wants to install such an app, they can do it through SAS, but it is not recommended. If you use Secure Phone as it is, out of the box, your privacy is guaranteed.
Internet browsing disabled to reduce attack surface
Where does malware come from? Users either download it directly (if they fall for a phishing scheme) or get it from infected attachments in emails. Malware can also be hidden in web pages, including the ads on completely legitimate sites. In fact, there are practically no boundaries to cybercriminals’ inventiveness when it comes to figuring out ways to bypass defenses.
And then there’s the issue of tracking and privacy. All websites employ a large number of trackers that monitor your behavior on them so that they could hit you with targeted advertising afterward. Also, traffic on smartphones is usually made via the HTTP protocol and not its safer version HTTPS. Even the latter is not entirely secure by today’s standards.
Because of that, it is recommended to not browse the Internet at all from your device. To ensure your privacy and security, we disabled the browser on Secure Phone. The end result is a device that makes no compromises with security, yet offers you the means to communicate in privacy.