Secured Android Smartphone

I want to build a secured phone that can be used as either a hardened comms device, or even as a daily driver. I have a decade of experience in practical applied operational security, and over 5 years of experience working on secured Android phones. This project is my last attempt to make a secured phone for everyone. I have the unique skills, knowledge and experience to create the device, but I am no business man and there is no real “secured phone” market.

The costs of developing, manufacturing, maintaining, distributing and supporting the devices is very high. The market is very small. As a pure business focussed solely on “secure phones” it is not financially viable. There are ways to overcome these obstacles, and you can help.

UPDATE: added an FAQ

First the specs, which people have been clamouring for, and then an explanation of the goals and objectives of the project.

Specs

Boot loader: Google’s boot loader. Locked. Signing keys for the OS.

OS: compiled stock GrapheneOS. Signing keys embedded in the bootloader. Private OTA update server

App Store: F-Droid, with a custom repo and collection of apps. All of the apps are available through a combination of: the Calyx Repo, Guardian Project Repo, and F-Droid repo.

Objective

  • Would rather pay for a device than assemble and maintain one themselves [ain’t nobody got time for that]
  • Wanted a device, could afford one, but were not comfortable making one [shut up and take my money!]
  • Need a secured device but cannot afford, nor build one. [beneficiaries]
  • Fund software development of a proprietary security app integrated into the OS. It creates a secured secret container for sensitive applications and data, along with a process that monitors for hostile environment factors and proactively secures the container. For more information see my 2014 syscan presentation: Click and Dragger, Denial and Deception on Android VIDEO SLIDES
  • Fund the upstream FOSS projects that are used by the device. Many people download and use FOSS tools without donating (that is fine), but this product allocates a portion of the sales price to each app/tool etc. and donates. This project relies on those tools and it is moral, ethical and practical to support the upstream FOSS projects.
  • Finally, to have sufficient profit to compensate me for my time working on the project.

Pricing

Production costs, before any overhead

Initial estimates to produce one unit: $450

Actual cost to produce one unit: $900

This is the “wholesale cost.” Simply making one phone costs about $900. Funding for the project and everything else has to be added on top of that. This raises the retail price of the device substantially. Making it a less attractive purchase, reducing the units sold… death spiral.

There are ways to address the costs and price points, such as offering different hardware and software solutions with tiered functionality. However, this would increase costs, due to additional Q&A, development, and supply chain logistics. It is not a solution to make the business viable, but can be a solution to make more affordable devices.

Post DEFCON decision

Due to the lack of interest, further work on the project was abandoned. Assembling a device for someone who “can pay, doesn’t want to build” or “can pay, doesn’t know how to build” was left open as an option on a case-by-case basis.

F.A.Q

Nothing is stopping you, feel free to do so. It’s less trivial than you imagine, but go for it. The goal of this project is not to sell a bare secure ROM on a phone. The goal is to fund the development of future secure phone software. Buying the phone distributes money to secure FOSS projects, and supports the research & development of future security software.

  • “Still, seems pretty steep though. Can’t you cut some corners?”

You get what you pay for.

The overhead price includes not only R&D, support, maintenance, operations, etc. It also includes budgeting to provide subsidised devices for those in need. People escaping abusive relationships. NGOs. Reporters. Those who desperately need a safe phone, but have neither the capability nor the resources to make their own.

  • “Why Android? Why not…” –

Android is the ideal platform. It is an existing stable software platform, with robust security features and APIs to build on. It has a vibrant FOSS ecosystem of apps which enhance the security and utility of the phone. Developing on anything else would require significantly more development resources, and cut the phone off from the great security apps that already exist for Android.

  • “Can’t you just sell the ROM? Or license it?” –

The market is very small, very niche. The people who could flash the ROM are the same who could flash GrapheneOS anyway. I have no desire to spend my time on something with such a small value add and no long term benefit to infosec.

A large segment of the people these phones are designed to help can’t flash a ROM. Those who can flash a ROM, either can pay the license but don’t have time for building a phone, or, they have the time but cannot afford the license. In short, I believe it would cannibalise the business.

There may be merit in a reseller program, but straight licensing of the ROM is not going to happen. Licensing would require additional development – the licensing infrastructure. At what price point does it become viable?

  • “Do you know about librem5, Calyx, Guardian Project, GrapheneOS etc?” –

Yes. In most cases I am working with them, in talks with them, or in preparation to talk with them (depending on the viability of this project)

  • “What security problem does this solve that any other phone doesn’t?” –

Let’s talk about the future version, the one that will be funded by this generation. The threat model is: user has no control over their device, it is being searched by a hostile threat actor, discovery of any incriminating apps/data leads to a negative outcome. The phone proactively escalates its stealth and security in lock step with the examination.

In the worst case, even if the threat actor discovers the secret compartments within the phone, they still can’t access them without the cooperation of the user.

Additionally, it creates a malware hostile environment reducing the functionality of many “spouseware” monitoring apps, prevents sideloading of apps, and attempts to block installing malware from a third party source.

  • “What about a Kickstarter, GoFundMe, or something?” –

The real problem with this project is not “initial seed capital.” That is a tractable problem (eg kickstarter.) The difficulty to be overcome is creating a sustainable business so that the business can continue to improve and help those in need.

  • “You want to build a secure phone business? Niche market man…” –

I do not want to spend my time building a secure phone business. I want a secured phone. No one is making what I want, and I know others need. I’ve created many versions in the past. Now I’d like to create a modern version. This approach is intended to get me the secured phone I want, and provide maximum benefit to everyone else who needs, or wants, a secured phone.

When you support this project you’re helping to build better security devices for those who need them. We can benefit everyone, or we can wait for someone else to get around to doing it.

Going Forward

I am not sure that there is a sustainable business in this market, it is very niche, most ppl who need them have no money, and many of the rest can easily make one themselves.

Ideal scenario

  • self sustaining,
  • supporting the development of improved security apps,
  • providing subsidised devices to people in need

As a pure business, the per unit price point requires a larger market than “friends of friends.” Without supporting investment or other outside funding, there is no way to start and continue the project.

(No, I’m not going to bother asking the Open Technology Alliance to fund this project. They’ve rejected every grant proposal I’ve sent. Their selection process is too opaque and confusing, and it simply isn’t worth the hassle.)

Final thoughts

I spent the last 5 years building various prototypes, models, versions and variants. I am tired of wasting my time creating software that will never be used. This project is an opportunity to realise my goal of an affordable secured phone. After the failed DEFCON experiment, I was prepared to abandon it and move on to the other things I care about.

Finding a viable plan to make my vision a reality has eluded me. This might be the chance.

After the recent spike in visibility and interest, I am in talks with people who may have larger markets and potentially be able to help creating a business or non-profit.

I very much hope this works.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store