We’ve covered a number of stories here at Naked Security about how apps and settings on popular smartphone models often reveal more about their users than they realize, often without any knowledge of it happening. Our devices share data about our browsing habits, locations, contacts, WiFi connections and even health data with third parties.
That said, there’s a growing cadre of phone makers that are going in a different direction.
The latest of these is Purism, a San Francisco-based company that makes security-focused laptops, which says it has “a strict belief in users’ rights to privacy, security, and freedom”.
Purism said last month that it would be adding a smartphone (pictured) to its product range, the Librem 5, which it says will “empower users to protect their digital identity in an increasingly unsafe mobile world”.
Beyond the platitudes, what this really means is Purism hopes to sell a smartphone where every feature we normally associate with a smartphone is built with security in mind first, and to give users as much control over their phone as possible. For example, the Librem 5 will not used a closed or proprietary operating system; instead, it will run a fully open-source Linux distro, PureOS.
The phone will also have location settings disabled by default, end-to-end encryption set up by default for phone calls, texts, and emails; VPN for web browsing, and dedicated off switches for components that can be problematic for privacy such as the camera, microphone, Bluetooth and WiFi.
On phones by major market players such Apple, Samsung and Google, security and privacy can seem like afterthoughts, especially by app developers. Apps will ask for permissions to functionality, location data, and hardware that they don’t really need access to, and they aren’t always transparent about why they’re asking for this data in the first place.
Android itself has a number of high-profile vulnerabilities, and whether or not your phone can be patched often depends on the phone’s carrier, not Google, which means some devices can be several versions behind and lack sorely needed security updates. As a result, smartphones can be vulnerable to many issues that for a long time were thought to be in the realm of PCs only: arbitrary code executions, and even ransomware.
Often our best advice to readers is to be aware of what their kinds of access your apps are asking for, and to frequently check out your app’s settings and turn off any permissions you don’t want your app to have, such as always-on location tracking or data sharing.
But not everyone is going to have the technical know-how, initiative, or even just the time to stay on top of security issues for their phone. The hope with security-centric phones like the Librem 5 is that with more security features built into the phone’s core design, consumers will have less to actively manage without having to sacrifice their privacy.
It remains to be seen if Purism’s approach to the smartphone security conundrum is successful — it is certainly not the first phone5maker to try and run a Linux distro. Canonical’s Unity8 Ubuntu phone was abandoned earlier this year, citing lack of interest in the smartphone market in the platform.
Purism argues that by using a pure open-source OS for their phone, savvy phone users can even modify the source code on their phone to tweak and secure it as they like, but one wonders if there are enough phone users who will actually take advantage of this capability to sustain the market for a phone like this.
That’s the big question of course, and Purism is letting the market speak. To “gauge demand” and to get the funding needed to start manufacturing, Purism opened up a crowdfunding campaign to raise $1.5m. At the time of this writing, they’ve hit more than 10% of their funding goal with 49 days left to go, so it’s possible they’ll hit their target. Supporters of the crowdfunding campaign can vote with their dollars to get a Librem 5 at $599.
It will be interesting to see if consumers rally around products like this that set out to protect privacy and if this phone hits its fundraising milestone.
Smart Phone Guy
I hope this works insofar as the market is in desperate need of something other than Google or Apple, but I have serious doubts about the viability. If Canonical, Mozilla and Silent Circle all failed to make it work with massively larger budgets, how will Purism get mass enough appeal to succeed where they failed?
The key factor here is usability, which is the dominant reason why the Libre/FOSS (or even just the Open Souce) movement repeatedly fails to break out of its niche. The average consumer will only adopt FOSS if it actually works easily and does what the consumer wants, not just what the engineers think the consumers SHOULD want. Engineers tend to have zero understanding of marketing psychology, and then they wonder why the general public won’t use their software. There is a HUGE potential market right now for Open Source solutions contra Google/Apple, but usability is king. If FOSS developers can get over the hurdle of trying to impose their idealistic technical vision on consumers, and instead create stable, Open Source products that people can actually use intuitively, Open Source may have a shot at taking a major piece of market share.
If Purism can create a high-powered device that is well-supported and makes for a super easy, seamless transition from stock Android or iOS, in a way that DOESN’T rely on telling would-be users to significantly change their habits, then it might work. Otherwise, this project will go the way of Ubuntu Phone, Firefox OS and Blackphone. It’s up to Purism management what direction they will take. In the meantime, it seems like Copperhead OS is the best alternative smart phone OS.
Mark Stockley
I couldn’t agree more about usability – the interface is the product. For OSS the interface problem comes from the fact that open source culture bubbled up from developers scratching their own itches and improving their own (mostly command line) tools. Interface skills and designing for others aren’t required for success.
There is nothing similar to the OSS culture in the world of UX/usability, little cross-over and little reason for there to be cross-over because designers are well served with a relatively small number of high quality tools and don’t, for the most part, have the skills or the urge to get under the hood and waste a week making their tools 1% more efficient.
Bryan
“…not just what the engineers think the consumers SHOULD want”
This, a thousand times! Microsoft, Google, and Apple are massive enough that they can (and do) toy with this principle. Startups never are.
jkwilborn
I have been following the Sailfish OS for phones. This advantage is that it runs on many different phones. I’m hoping that it will also make a difference. It is definitely needed.
Nobody_Holme
Both blackberry OS and Windows 10 mobile feel far better to me than android or apple, but neither of them ever had the market penetration or funding for developers to get the variety of apps that customers demand (I still don’t know WHY having 12 versions of flappy birds is a big deal, just that it is).
If neither the creators of smartphones or the world’s biggest software company can do it, why on earth would any open-source based team even bother to try? And yet, they keep on popping up and dying under a hail of apple fanboys and google marketing spend…