Why this Dutch carrier is the first to sell the Blackphone — the ultimate secure smartphone
Dutch carrier KPN is understandably concerned about security.
And when it comes to security, it all starts with Jaya Baloo, KPN’s Chief Information Security Officer, a former fraud and security expert at Verizon and France Telecom. She was headhunted to help KPN clean house after a disastrous 2012 hack forced it to shut down the email service of two million users.
One of Baloo’s tasks was to ensure that KPN’s CEO could, for example, securely discuss the details of an acquisition with the head of a Chinese firm. Baloo chose Silent Circle‘s mobile security suite for the job.
Silent Circle was founded by the inventor of the encryption scheme PGP (Pretty Good Privacy) Phil Zimmerman. Baloo and Zimmerman later had a chat at an event about the latter’s latest venture, a privacy-preserving smartphone called the Blackphone. Baloo’s role is internal security, not consumer offerings, but she set about persuading KPN’s CEO to make the Dutch carrier the first mobile operator in the world to sell it.
KPN ended up ordering several hundred thousand phones, the first of which it will receive in June.
The Blackphone launched on Monday at Mobile World Congress. It’s billed as a privacy-oriented, premium smartphone for non-boffins.
“Why should you care (about privacy) as a private citizen who is emailing their shopping list or what not?” Blackphone’s managing director Toby Weir-Jones told VentureBeat. “The reason is it’s not just about an individual evaluation of a single communication, which may be a trifle. It’s about the fact that by losing ownership of your privacy, invisibly, without your knowledge, it becomes much harder to get it back.That loss of privacy is becoming a pain point and we want people to say ‘You know what? I care about that and I’m going to do something about that.’”
Blackphone is a joint venture between Silent Circle and Spanish smartphone makers Geeksphone. The phone runs an OS called PrivatOS which is based on Android, but includes a number of low-level and app-level changes. The full list of changes will be published and open sourced after the first phones ship in June. There’s a single provisioning wizard when you first power up the phone which activates all of the subscriptions and bundled applications.
A smart Wi-Fi manager turns Wi-Fi on and off dynamically based on whether you are in proximity to a known, trusted Wi-Fi hotspot. “Therefore when you are walking through an airport or down the high street you are not at risk of your device identifiers being harvested by Wi-Fi beacons,” explains Weir-Jones. “Which, of course, is only the first step in correlating your movements and your behaviors.”
There are no restrictions on the applications you can install, but rather than being forced to accept all of an app’s requested permissions or not installing at all, users can select particular ones.
“What users are starting to do in the first part of every review they are writing is complain if there are inappropriate permissions or trackers built into the app,” says Weir-Jones. “Our job is to support that kind of mentality. We need to go in and change slightly how Android enforces permissions so we can get the granular control that we want.”
So you can install a game, for example, but switch off the permission which allows it to collect your GPS location and use it for targeting advertising.
Searches on Google and other search engines are anonymized via a VPN. Calls and messaging with other Blackphone and Silent Circle users are encrypted, as are backups. A one-year Silent Circle subscription for three other people in your network is included with the blackphone.
“You have to understand, for example, why you are using a VPN for your web browser but you don’t need to worry about proxy IPs.” says Weir-Jones. “Similarly, you don’t need to worry about what the cryptography is underneath your private phone call and the dialer looks like a regular phone dialer.”
The Blackphone can be ordered at a cost of $629 from the company’s website. Carriers who will offer it, including KPN, cannot install any of their own code on the phone, a huge change from current industry practice.
Baloo seems unphased. “We are really happy about it,” she says. “It’s not just free from our influence but free from anybody’s influence.”Like this story? Want to learn more? On April 14-15, our fourth annual VentureBeat Mobile Summit will tackle the six biggest growth opportunities in mobile today. The invitation-only Summit will gather the top 180 executives at the scenic Cavallo Point Resort in Sausalito, Calif., to discuss issues like this. Request an invitation.