We’ve covered a number of stories here at Naked Security about how apps and settings on popular smartphone models often reveal more about their users than they realize, often without any knowledge of it happening. Our devices share data about our browsing habits, locations, contacts, WiFi connections and even health data with third parties.
That said, there’s a growing cadre of phone makers that are going in a different direction.
The latest of these is Purism, a San Francisco-based company that makes security-focused laptops, which says it has “a strict belief in users’ rights to privacy, security, and freedom”.
Purism said last month that it would be adding a smartphone (pictured) to its product range, the Librem 5, which it says will “empower users to protect their digital identity in an increasingly unsafe mobile world”.
Beyond the platitudes, what this really means is Purism hopes to sell a smartphone where every feature we normally associate with a smartphone is built with security in mind first, and to give users as much control over their phone as possible. For example, the Librem 5 will not used a closed or proprietary operating system; instead, it will run a fully open-source Linux distro, PureOS.
The phone will also have location settings disabled by default, end-to-end encryption set up by default for phone calls, texts, and emails; VPN for web browsing, and dedicated off switches for components that can be problematic for privacy such as the camera, microphone, Bluetooth and WiFi.
On phones by major market players such Apple, Samsung and Google, security and privacy can seem like afterthoughts, especially by app developers. Apps will ask for permissions to functionality, location data, and hardware that they don’t really need access to, and they aren’t always transparent about why they’re asking for this data in the first place.
Android itself has a number of high-profile vulnerabilities, and whether or not your phone can be patched often depends on the phone’s carrier, not Google, which means some devices can be several versions behind and lack sorely needed security updates. As a result, smartphones can be vulnerable to many issues that for a long time were thought to be in the realm of PCs only: arbitrary code executions, and even ransomware.
Often our best advice to readers is to be aware of what their kinds of access your apps are asking for, and to frequently check out your app’s settings and turn off any permissions you don’t want your app to have, such as always-on location tracking or data sharing.
But not everyone is going to have the technical know-how, initiative, or even just the time to stay on top of security issues for their phone. The hope with security-centric phones like the Librem 5 is that with more security features built into the phone’s core design, consumers will have less to actively manage without having to sacrifice their privacy.
It remains to be seen if Purism’s approach to the smartphone security conundrum is successful — it is certainly not the first phone5maker to try and run a Linux distro. Canonical’s Unity8 Ubuntu phone was abandoned earlier this year, citing lack of interest in the smartphone market in the platform.
Purism argues that by using a pure open-source OS for their phone, savvy phone users can even modify the source code on their phone to tweak and secure it as they like, but one wonders if there are enough phone users who will actually take advantage of this capability to sustain the market for a phone like this.
That’s the big question of course, and Purism is letting the market speak. To “gauge demand” and to get the funding needed to start manufacturing, Purism opened up a crowdfunding campaign to raise $1.5m. At the time of this writing, they’ve hit more than 10% of their funding goal with 49 days left to go, so it’s possible they’ll hit their target. Supporters of the crowdfunding campaign can vote with their dollars to get a Librem 5 at $599.
It will be interesting to see if consumers rally around products like this that set out to protect privacy and if this phone hits its fundraising milestone.