I've not played with the Silent-* suite of apps yet, "Secure Wireless" or SpiderOakBE, so I have no comment on their stability.
Before using these, I'll want to setup some packet captures to inspect live data, but I have been too busy with other things.
So far, on 1.0.5 and 1.0.6, no crashes in web browsing, or K-9 mail.
The "Smart WiFi manager" (Tool that uses cell tower addresses as geographical references to determine it a WiFi access point by name is valid at the implied location, and if phone should enable WiFi and then try to associate with it) kind of works. It takes a long time to find cell towers. For example, I've been associated with one AccessPoint at home for 48 hours, but it has not found any cell towers to associate with it, but using another access point, the phone has found towers. A third and fourth access point have been used for 24 hours each, and the phone has found no towers to associate with them. All of these are at home. I have more access points to try at home, but only 1 out of 4 have been associated with towers while at home. 4 Access points at work found towers within 2-4 hours.
Occasionally, this being enabled (only enable wifi when close to cell towers that are around pre-learned WiFi access points) will turn off wifi, while I am in range. This is especially annoying when at a "remote location" where wireless provider service is very, weak or does not exist and my only data link is through WiFi.
They claim at least two changes in 1.0.5 to 1.0.6 were one for battery life, and another that addressed this: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-1474 -- A plus in favor of BlackPhone, as none of my other Android Phones have been upgraded to address that.
Standard Messaging and Phone calling (non-encrypted) works fine. There was an initial instability issue with my service provider over the first 24 hours -- phone would not associate wth network after moving SIM from old phone to this one. It would not ring when called, and could not call others. After about 30 minutes, I was able to call it, but several times over the first 24 hours, it would forget who my wireless service provider was, or my wireless provider rejected my SIM. After 24 hours, no problems with being kicked off my provider's network.
The hardware is a bit limited in band support compared to many other quad-band phones and their bands for data and voice.
I would liked to have had Dual SIM support, but that was not a deal-breaker.
Since it is not a widely used model, I've not found any vendors of larger batteries with custom phone back to accommodate the larger battery. The search continues.
Missing support for RedPhone, TextSecure and OpenVPN absolutely makes BlackPhone something I cannot move entirely over to use. As a result, I have a BlackPhone and another Android phone for normal use, and 2 or 3 other phones for special uses.
I like their goals, and recognize this is a first attempt. I am still happy to have voted my approval in their goals by buying one, and have hopes they and other developers will support it too, but most users of SmartPhones have expectations for using apps that have used before, and they will not be happy with the experience offered as of now. Executives, (CEO, CFO, pretty much all C*O except CTO and CSO won't understand how to manually install apps from APK, or recognize a need to keep up-to-date on OOB installed apps, or recognize the risks involved with installing alternate app stores, such as one from Amazon or the google play store.
Right now, the only market that would likely well receive this in its present state are:
* Techies that can afford it
* People that like many privacy and security-related features of CyanogenMod, who are willing and able to pay for them, and don't want to upgrade their phone's default OS, and then track down security apps to install and hope they work with their version of OS.
I have hopes for their "App Store."
I see no support for FullEncrypted MicroSD. Was annoyed that the phone could not (through menus) allow me to destroy the exFAT MicroSD, and reformat as FAT32 for me. I used my laptop to re-partition and reformat the MicroSD specifying LinuxFS with ext3, ext2, ext4 and variations of encrypted filesystems, but none were recognized by the phone. Gave up, formatted as FAT32, inserted it and that was recognized.
Some background: I was an early adopter of Android. I still own an Android Dev Phone 1 (Commercially similar to "G1") and was shipped Android 1.0, upgraded through to 1.1 and 1.5 and 1.6. I've owned Android Phones on many more versions up through 4.4, and understand the 1.x releases of many things is often less than expected.
I started this thread/topic with hopes others would also contribute through thoughts and experiences with BlackPhone.
Thanks for the reply!
Any other feedback or information is welcome from you and others.
-
Some of us bought BP at DEF CON last year, but now mostly not in use. Mostly due to stability issues, apps not always working reliably, text messages that never arrive, etc. All problems of a 1.0 release. I think we gave up around OS v 1.04.
How is the current version? More reliable?
Leave a comment:
-
BlackPhone, BP1, PrivatOS, Do you own one? Do you use it? How do you use it?
Last year (DEF CON 22) BlackPhone were available for cash in the vendor area. Some people purchased some of these.
Background: BlackPhone is an attempt at providing a SmartPhone that includes privacy and security as two primary concerns. Their website: https://blackphone.ch/ (I do not work for them and do not receive any compensation for posting this.)
It ships (shipped as of now) with a fork of Android OS, they call "PrivatOS" and as of "today" the latest verison released for users to upgrade to use is 1.0.6. Several pre-installed apps to help with privacy and security are included. You are able to install new apps as "apk" manually, and there are many claims on how it is possible to install other "app stores" but that has several risks discussed elsewhere. (Sorry. I need to limit scope of discussion or this post will be too long.)
As of November and December of 2014, the vendor of BlackPhone announced plans to launch their own "App Store" early, 1st quarter of 2015:
URL1=http://www.forbes.com/sites/thomasbrewster/2014/12/09/blackphone-secure-alternative-to-google-play/ (12/09/2014 @ 10:10AM)
Other news stories have pushed back the date:Originally posted by URL1
URL2=http://www.mobileworldlive.com/blackphone-readying-silent-store-launch (Feb 17, 2015)
It ships with:Originally posted by URL2
* 2 mail clients (conventional "Mail" app with similar/same features as found in stock "Google Phone" and "K-9 Mail")
* "Silent Contacts" , "Silent Phone" , "Silent text"
* "SpiderOakBE" (Kind of cloud storage)
* "Secure Wireless" (a sort of closed-system, OpenVPN client (maybe better to say restricted?) which is only meant to be used with its VPN service that claims to help with privacy, though it is unclear how this would be possible with SSL traffic such as over https unless they somehow MitM encrypted traffic for inspection, which would have all the risks as seen with with "SuperFish"/Lenovo thing in recent news, assuming it does MitM encrypted traffic for inspection. If it doesn't, then it can't very well filter/protect users from information leakage over encrypted channels. I am making no claims that they MitM any encrypted traffic! This is a comment on risks that exist either way. Without inspecting traffic, I would expect they do not MitM encrypted traffic, but that is just a guess.)
It has several other apps, which I won't mention in this first post. You are welcome to mention those that you use, or don't and why.
I enjoy using RedPhone, TextSecure and OpenVPN apps on my *other* Android phone. However, these are not available by default on BlackPhone (yet.)
There is hope for OpenVPN on BlackPhone:
URL3=https://support.blackphone.ch/customer/portal/questions/9849678-openvpn (Last updated: Jan 12, 2015 08:01PM UTC )
However, for RedPhone and TextSecure:Originally posted by URL3
URL4=http://support.whispersystems.org/customer/portal/questions/8288314-blackphone (Aug 20, 2014 05:29AM UTC )
(After being asked: "Is it possible to install Red Phone app on the Blackphone? Any chance the app can be made available on the Amazon app store?")
Not great news. RedPhone has the advantage of End-to-End encryption widely available to nearly any Android phone with google play app installed and no barrier to entry with sign-up account and auto-detection based on phone number. The Silent-* apps have advantages of video with encryption and as I understand it, the possibility of dialing by account username instead of phone number to maybe help protect the phone number a person is calling from? (Not sure.)Originally posted by URL4
Much of this is old news. I am looking forward to a BlackPhone store, with hopes that some of the apps I like will be available there. (Sadly, there was a story that the first launch of the app store will have no apps available for purchase at first -- all apps initially will be free. I have paid for apps before, and would be willing to pay for apps again, especially those that I find useful. They say they will eventually offer payment for apps, which I see as good news and healthy for a market.)
Installation of apps as apk is fraught with risks such as validating the apk is from a trusted maintainer, not shipped with malware, and no system of notification when an update is available to address a security risk or include a new feature. Installing "App Stores" from other vendors is even more risky.Originally posted by URL2
What have you done with your BlackPhone? Did you just buy it, try it out, and then shelve it? Are you still using it? Did you install an app store? Which one? (Google Play? Amazon? Another? Which?)
Leave a comment: