This blog is normally in danish, but since there are very few actual reviews of the Blackphone2 to be found, I decided to write this review in english.
So I've had my Blackphone2 for three weeks, and it is time to make up my mind.
Reading PDF files
I get the impression that Android is basically designed to not allow you any privacy.
You have to stay incredibly alert to not miss a single one of the omnipresent "Automatically put all your secrets in our cloud" checkboxes.
You want to read a PDF file ? Well, guess what: The registered app for that is Google Drive.
Not only that, but it sucks at it.
I've been leafing through the Bell Laboratories Record which I downloaded to the SD card.
After a couple of pages, a pop-up urges me to take the PDFs I've downloaded from the Internet and "save" them from my SD card to Google Drive.
I have done everything in my power to make it clear that I do not want that.
But after about 20 PDF files, the phone gets notably slower and warmer. After a couple more PDFs it dies and cold-boots.
I've found out through experiment, that if I go into the APP manager, and clear all data from the Google Drive app, things return to normal.
After leafing through a December issue of BLR, that became a routine thing to do - which felt really 'retro' - like the 1960-1970 vintage 16 bit minicomputers where stopping and starting programs had to be done with due attention to core fragmentation. But in 2016, on an 8-core, 1.7 GHz computer with 3GB RAM ... really ?
The only rational explanation is that Google Drive is either buggy at CS-101 level, which I doubt, or more likely, slurping up data about my PDF reading, to dump into the cloud later, once I embrace the panopticon as my one true saviour.
For a regular Android phone I guess that could be considered par for the course.
But a "private by design" phone which does not let me read a document without being looked over the shoulder ? FAIL!
A root certificate is fundamentally a self-signed document, and if you accept it, you allow whoever signed it to lie to you, about pretty much anything and anybody on the net.
If you havn't already, you really want to go deep into preferences on your browser and OS, they likely have separate lists, and audit which you trust.
There are a lot of root certificates installed on the Blackphone2 by default, we're literally talking 150-ish of the things.
They are all enabled by default, but you can disable them.
By opening each one individually, scrolling down, pressing "DISABLE", and then "OK".
There are at least 10 overt root certs from government controlled by regimes I don't trust.
Here is the best and most deceptively named of them:
Couldn't somebody have found just a single data field in all the X.509-gunk in the cert, which would give a little hint about which government ? (/C= anyone ?)
Ohh, and once you've gone through and disabled all the root-certs you don't trust in the owner-space, guess what does not happen when you create another space ?
Bingo! You get to disable every single bloody single one of them, in every single bloody space you create.
I could go on, but this was sufficient for me to reach the conclusion:
Not Private By Design
Silent Circle prominently markets the Blackphone2 as "private by design".
It isn't - not even close.
They've glued some pieces onto Android - which itself seems designed to minimize your privacy - at least with respect to Google.
I have tried a couple of times to start with a factory reset, and not let allow the phone connectivity until I have gone through all the menus and settings I could find, and configured the phone for maximum privacy, but each time I've found out some time later that I overlooked something, somewhere in an obscure corner.
I'm not an Android specialist, so I'm not going say that it is patently impossible to get acceptable privacy on a Blackphone2 by configuring it correctly.
But 30+ year of systems programming and security experience is clearly not enough.
What went wrong ?
Speaking with my Inventor of Jails hat on, the fundamental problem seems to be that the root jail, the "owner space", is a fully fledged Android, loaded up with the full "Google Wants To Be 100% Part Of Your Life™" package, with no tuning or adaptation to turn the Google-Loving down a notch or two.
The moment you enter your google password, you immediately have a great chance to overlook that all your passwords will be "kept safe" by Google going forward.
I don't know if this is Silent Circle's marketing insisting that the "learning curve must be low" or part and parcel of how one licenses Android from Google, could be either or could be both. But the net result is that the blackphone2 does not easily get you privacy from the worlds largest advertising-funded panopticon.
If you're OK with that, then fine, but if like me you don't want, or for contractural reasons cannot allow Google to sniff around in all your passwords, data and communications, then the blackphone2 is just another untrustworthy computing device.
All that doesn't mean that the blackphone2 is without merit.
The display is gorgeous, the camera seems OK, and the "spaces" are, like all jail-concepts, a strong and conceptually simple security metaphor, in particular in divided-authority scenarios.
If your ambition is to avoid employees installing DropBox AutoSync onto the company VPN, or conversely, if you don't want the company to see the contents of or wipe your private phone when you leave their employ, then the BlackPhone2 with its spaces (or something similar) is the right way to think.,
I have not tried the cloud services offered by Silent Circle, so I cannot say if they swing the balance either way.
But in no way, shape or form can the blackphone2 live up to "private by design".
PS: My best shot at a the start of a HOWTO for privacy
- Go through the welcome dialogs without establishing network connectivity.
- Go into the space manager (grey icon bottom right)
- Set Privacy level to "deny all"
- Under Screen Lock, select PIN, then enable PIN for encryption on startup.
- In the Space section, enable "Lock Spaces on entry"
- In the Apps section, go through each and every one and rip permissions away.
- Disable all the untrustworthy rootcerts in the Settings::Security app
- Never log into google from the Owner Space.
- Never use the Owner space for anything but managing other spaces.
- Now make a personal space and use that as your phone.
...men det er dyrt at lave god journalistik. Derfor beder vi dig overveje at tegne abonnement på Version2.
Digitaliseringen buldrer derudaf, og it-folkene tegner fremtidens Danmark. Derfor er det vigtigere end nogensinde med et kvalificeret bud på, hvordan it bedst kan være med til at udvikle det danske samfund og erhvervsliv.
Og der har aldrig været mere akut brug for en kritisk vagthund, der råber op, når der tages forkerte it-beslutninger.
Den rolle har Version2 indtaget siden 2006 - og det bliver vi ved med.