The world's most secure smartphones - and why they're all Androids
If you really need privacy, these smartphones will do the job. But you'll have to be willing to pay a hefty price, in more ways that one.
Smartphones may be our most personal devices -- we carry them everywhere, and they know more about our lives than our closest friends -- but they were never designed with security or privacy in mind.
The apps we download harvest too much data (like the flashlight app that needs access to your contacts book) and the handsets themselves are just as vulnerable to hackers and malware as PCs, but harder to protect.
There have been a few attempts to tighten up smartphone security -- witness the recent introduction of end-to-end encryption on some widely-used messaging apps. But if you're really paranoid, or if they really are out to get you, then you're going to need something more.
Enter a small set of companies, ranging from startups to industry giants, offering smartphones designed to counter the efforts of business rivals or government agencies to snoop on your communications. These secure smartphones come at a price -- often an eye-watering one.
Sirin Labs' glitzy launch of the $14,800 Solarin smartphone was attended by Hollywood stars Leonardo DiCaprio and Tom Hardy. In stark contrast, Boeing, which developed the Boeing Black smartphone for its defence and security clients, offered this terse comment: "Boeing has developed a secure mobile solution that is designed to meet the needs of defense and security customers. Due to customer sensitivities, we cannot disclose who is currently using the device or considering a purchase."
The problem with smartphone security
Part of the problem with standard smartphones is that they do so much: thanks to a hyper-competitive marketplace there's a constant race to add more capabilities, which means that security often tends to lag behind.
"When you look at the standard off-the-shelf commercial smartphone, especially these days, the attack surface is enormous, and for a determined attacker it would be relatively easy to hack the device and obtain data of any kind," warns Bjoern Rupp, CEO of GSMK, a Berlin-based secure phone maker.
"An illusion is being created by many players that something is more secure or robust than in reality. If you have a determined attacker, this thing lasts for not even a minute," he warns.
Since it was revealed by NSA-contractor-turned-whistleblower Edward Snowden that governments had been sweeping up vast quantities of our online communications, many companies have boosted the security around their messaging apps: Apple's iMessage and Facebook's WhatsApp are both now using end-to-end encryption, for example.
But encryption can only protect you so far: while an app might be secure, that's not much help if you've already been tricked into downloading a piece of malware that's sending screen grabs of your messages or recording your calls.
All of which means that if someone really wants to spy on your communications, secure software alone will not be enough to protect you, Rupp argues.
"You also need to secure the phone itself against attacks from the outside, and that is something you can only do if you harden the operating system -- and that in turn means you have to ship complete phones because you can't do that in the form of an application."
The Android connection
One thing these security-hardened phones have in common is that they all run versions of Google's Android operating system. This may seem odd, as Android has long been dogged by a poor reputation for security. However, building on Android is much easier than building a smartphone OS from scratch. Also, because the core of Android is open source, it's much more likely that bugs will be spotted and fixed.
"Android had the advantage that, in essence, the core of Android is open-source so it was much easier to compile our operating system from the source code just the way we wanted, without special permissions or licences," said Rupp.
"It's mainly economics and timeliness: Android is fighting a stigma of being not secure because there are so many different versions out there, and those versions can't all be updated simultaneously," says Hyder. Silent Circle operates its own bug bounty programme and has paid out thousands of dollars to researchers who spot flaws in its operating system, promising to patches major vulnerabilities in 72 hours.
Security-hardened software and hardware isn't cheap: a CryptoPhone handset from GSMK can cost €2,450. So what can you expect for the money?
GSMK's CryptoPhones use a heavily stripped-down version of Android that lacks some common smartphone features because of the security risk: they don't support MMS and you won't be able to connect your Bluetooth headset, for example.
The phones are designed so the company itself can't snoop: the encryption keys are generated automatically on the device in a random pattern.
"We don't have all these multimedia codecs which are at the heart of most of Android vulnerabilities: we just don't include them and other components of the OS are stripped down by intention and modified," said Rupp.
Don't trust the hardware
The internal processes of the smartphone also come in for additional scrutiny, including the obscure-but-essential baseband processor, which manages all of the phone's wireless communications.
That's because a determined attacker could hack into the baseband processor, open the microphone and thus listen to a conversation before it was encrypted -- something that standard antivirus software would never spot because that only monitors the application processor.
"As a general principle we do not trust the hardware, but always monitor everything," said Rupp.
GSMK sells to governments, police and military, NGOs and multinationals in sectors such as energy, automotive, lawyers and journalists -- people who are likely to come under surveillance from well-funded rivals or government agencies.
"Our customers have to assume these attacks are being carried out either because they are conducting a billion-dollar transaction in the case of an investment bank for instance, where there is a very strong economic motivation to use advanced attacks because they can potentially provide you with a huge payoff, or because they are governments or international organizations where even lives may be at stake," says Rupp.