What the Blackphone Means for Mobile Security

NEWS ANALYSIS: The new secure Android phone has arrived, but what does it say about Android itself and what can security-conscious individuals do to get the same security today?

The world needs a secure Android phone like the Blackphone. Not only will it protect users against privacy violations, but it potentially will always be fully patched, too.

The Blackphone began shipping on June 30 as a security-focused mobile device. At its core, the Blackphone uses the PrivatOS operating system, which is based on Android KitKat. The general idea, as I see it, is that by being focused on security, Blackphone developers will make sure that security patches are quickly integrated into the phone.

Hardly a week goes by when there isn't some news about yet another mobile vulnerability, which more often than not is directly targeted at Android. One of the most recent examples comes from IBM, which published an Android security advisory on June 23 describing a buffer overflow condition, which Google thus far has only patched for its Android 4.4 KitKat users.

The flaw that IBM discovered is not a unique occurrence and the fact that Google is not patching all Android operating system versions at the same time unfortunately is the common practice as well. Simply put, the fragmented nature of Android, in terms of both version number and the myriad handset vendors that roll their own flavors, makes comprehensive Android patching a particularly daunting challenge.

Unpatched, publicly disclosed vulnerabilities, however, are only one of many security risks facing mobile users today. In the post-Edward Snowden era, where awareness of mass surveillance tools by nation-states is part of the public consciousness, there is a need for a privacy-enhanced mobile device, and that's where the Blackphone fits in. The Blackphone is a joint venture of Silent Circle and Geeksphone. Silent Circle builds private encrypted voice and video messaging applications that are now directly integrated onto the Blackphone.

Going a step further, the Blackphone integrates technology from Disconnect that enables users to privately search the Web and connect to sites and services with a secured virtual private network (VPN). The Blackphone also provides the Kismet Smarter Wi-Fi Manager to protect users against the dangers of untrusted WiFi hotspots. In case a device is lost or stolen, the Blackphone includes remote wipe and protect functionality.

The Blackphone isn't special because of any one of its specific security features. What makes it special is that it integrates all of the various security features out of the box in a phone that is intended to be secure from day one. I don't think any other Android handset vendor can make that claim.

What's also interesting is that most of the Blackphone's features can be installed by any Android user on the device of his or her own choosing. Nearly any Android user, for example, can take advantage of the Silent Circle, Disconnect and Kismet apps. The ability to do remote lock and wipe is another feature that can be added to many of the available Android handsets.

The challenge isn't necessarily the apps to secure Android; rather, it's having everything in one place on one device from the time the user first powers on the phone. That's why the Blackphone is important: It makes a secure Android device available, but it also helps to raise awareness for all Android users that security is within their reach.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.