My post on the Freedom Phone received more views than any other post ever on this blog (link).
One longtime reader of the blog chimed in with some actual technical concers regarding cell phones in general. Another reader left a comment about not doing bad things with certain body parts, essentially saying (I assume) that I was bashing the Freedom Phone. What I said was that I was taking a “wait and see” attitude. I am hopeful this new option provides exactly what they say the do. I responded to the commenter with some more specific concerns about the platform which I think bear mentioning in a post.
So here you go:
The offering is interesting but before I make a decision I would like more information. The company selling this phone offers VERY LITTLE in the way of technical specs for either the hardware or software. Before I give anything a thumbs up form a security perspective I want to see more than marketing blurbs.
While the Android OS is open source and based on Linux the vast majority of the code is developed privately by Google employees and contractors. Google is also the major sponsor and funding source for the open source community around Android OS. Many components necessary for the operating system to be used on a phone are still proprietary and closed software maintained by Google. It would be extremely easy for Google to insert code that could be used to spy on those running Android-based systems without anyone being aware. In fact, it is proven that they do exactly this. One of Google’s operating units, Jigsaw, is a government contractor assisting the NSA and otheragencies in their spy efforts. So, there is not only a political incentive but also a financial incentive for Google to plant spyware in the Android OS stack.
The hardware for the phone is sourced from China. It is a phone designed for the Chinese market by a Chinese company with ties to the CCP. Now, pretty much all phones are manufactured in China or from Chinese made parts. However, Apple, Google, Intel, etc. go to great lengths to ensure that the phones or components are free of embedded spyware (they hate competition). They have not always been successful with Intel being the most visible victim of this activity. If you buy ANY Chinese made electronics not under contract by a major US, Japanese, Korean or Taiwanese company it is almost guaranteed to have spyware embedded.
With all that said, it is POSSIBLE that the folks selling the Freedom Phone have overcome these obstacles and provided exactly what they advertise. But before I accept that as fact I want a lot more information and independent verification especially considering the recent history of even cybersecurity companies being compromised (supposedly by the Russians but more likely by the Chinese).
I certainly hope the folks at Freedom Phone have or can accomplish what their marketing claims.
With that said, cell phones technology as a whole has some critical security gaps which no vendor can bypass (technically or legally):
- Every cell device is required to have a unique identifier in order to access cellular networks. These numbers are tied to your account with a provider. Legally, retailers of so called “burner phones” are supposed to record personal data and tie it to the phones identifier (some may not if cash is used).
- When that device is powered on it connects to multiple cell towers providing a location (through triangulation) of the device. This information is tracked by the carrier and is available to the government, in most cases without a warrant. Just ask the folks who were in Washington DC on January 6th.
- Apps like Signal, ProtonMail and VPNs that encrypt communications are a good idea (I highly recommend using them). However, if the device itself is compromised/spyware installed the data on the device can easily be accessed including that sent over encrypted channels.
Another good point to consider and plan for is how you will communicate if cell service/Internet access is shut off. We are seeing that today in Cuba and have seen it in Hong Kong and other places recently.
Stay alert, stay prepared and stay safe.