Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,740,547 Members 45,863 Now Online
XDA Developers Android and Mobile Development Forum

Blackphone opinions???

Tip us?
 
d1rX
Old
#11  
Member
Thanks Meter 5
Posts: 66
Join Date: Aug 2012
The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path
 
SaintCity86
Old
#12  
SaintCity86's Avatar
Senior Member
Thanks Meter 163
Posts: 665
Join Date: Oct 2013
There Is nothing you can do to stop identity theft.

Nothing.

And there is nothing you can do to do the government from tapping your lines.

You want a safer form of communicating, send Voice recordings over text.

That's an entirety separate warrant, and harder to get. Other than that. It's hopeless

You've Just Been Tapatold ♧♢dbombROMv3.4♤♡

My Theme ( Taking Requests )
http://forum.xda-developers.com/show....php?t=2658527
₩îňťëř Χ ǜmįņğ
 
repat
Old
#13  
Junior Member
Thanks Meter 0
Posts: 10
Join Date: Jul 2010
Location: Hamburg

 
DONATE TO ME
Quote:
Originally Posted by d1rX View Post
FFOS seems to be on the right path
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.

Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].

I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.

Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.

Quote:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.

Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]

[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org
 
Autocad_man
Old
#14  
Junior Member
Thanks Meter 0
Posts: 6
Join Date: Mar 2014
if they want to spy on us they can ... that's it...
 
_cx
Old
#15  
Junior Member
Thanks Meter 0
Posts: 1
Join Date: May 2014
Question More info?

Hi all - looking for more info on this phone - just joined XDADev to post this.

Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?

Any help is appreciated!

Best,
-Cx
 
E:V:A
Old
#16  
E:V:A's Avatar
Recognized Developer
Thanks Meter 1705
Posts: 1,302
Join Date: Dec 2011
Location: -∇ϕ
The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.

Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...

We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.

Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.

So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.

Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands

[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode

Want to know when your phone is getting tracked or tapped?

Help us develop the IMSI Catcher / Spy Detector!
(To be part of the EFF & The Guardian Project toolsets.)
_______________________________
If you like what I do, just click THANKS!
Everything I do is free, altruism is the way!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
I do not answer support related PM's.

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Play Your Hits and Learn the Lyrics with NextGen Music Player

There are plenty of music players for Android available in Play Store. They … more

Control Your Toast Notifications with SlicedToasts

Toasts are delicious, even in their Android flavor. In Android, toast doesn’t lead … more

Rotation Lets You Take Full Control of Your Device’s Orientation Settings

To be brutally honest, the native options for screen … more

Change the Alarm Icon in the Status Bar with Xposed

It’s hard to find a more hated object than your alarm clock. They wake us up nearly … more