An Indiegogo campaign has teamed up with secure webmail provider Tutanota and manufacturer Elephone to offer a new smartphone that promises users “the first truly secure and private Android smartphone without any compromises.” The UnaPhone Zenith is based on UnaOS, a radical fork of Android that has been optimised for privacy.
The UnaOS software
The most striking thing about this Operating System is that not only does it not use any Google apps (“Gapps) or Services, but that it does not permit you to install any third party apps! As the promotional video (above) explains,
“You can afford to lose your mobile games, not your personal data. To avoid unauthorised intrusions into your security and privacy you must separate work and play. UnaPhone is designed to meet your communications needs, such as email, text messages, and voice calls… not your gaming needs.”
There is certainly a great deal of truth in this, as many mobile apps and games constitute a privacy nightmare. The removal of Google apps and Google Play Services is also a very sensible security measure, as Play Services in particular gives Google the ability to perform extensive low-level surveillance on users’ devices.
The phone instead includes a thoughtfully selected range of open source apps that focus on communication, productivity, and security. These include Tutanota + additional email client with PGP, Callprotector encrypted comm app, Encrypted SMS, Stingray Detector, Complete Office suite, Text editor, Music, Video, Equalizer and DSP, Web browser, Proprietary VPN + OpenVPN support, Conversations, Notepad, Pdf, Wifi file transfer, Dictionary, Sound recorder, Camera, Phone and Contacts, Calculator, Gallery, Calendar, Clock, File Manager, Flashlight, FM radio, Offline GPS, Pedometer, Notes, and more (40+).
UnaOS is a “hardened” version of Android 6.0 that patches “all known” vulnerabilities, and encrypts both the phone and any external storage (up to 256 GB MicroSD cards are supported). Please note, however, that all Android phones have hardware issues that are not easy to simply “patch”. See below for further discussion about this.
The UnaPhone Zenith hardware
The phone is priced at $439 for Indiegogo backers, and will have a retail price of $539. This is pretty average for a midrange Android phone, and the UnaPhone’s specs look very decent:
- Processor: 64bit 2.0GHz Octa Core
- Display: 5.5” Full HD (1080×1920), LPS OGS panel
- GPU: Mali-T860 700 Mhz
- RAM: 4GB
- Internal storage: 32 GB
- External Storage: up to 256 GB MicroSD
- Camera: Sony 13MP IMX256 sensor rear camer, 8MP with wide angle lens front camera
- SIM: Dual (2x) Micro SIM
- Mobile connectivity: 2G/3G/4G – up to 150Mbps downlink
- WLAN: 802.11a/b/g/n, 2.5G/5G
- Battery: 3000mAh non-removable, with quick charge and wireless charging
- Connections: USB Type-C
These specs are not likely to have power-user owners of flagship devices such as the Samsung Galaxy S6 quaking in their boots, but should provide a snappy experience that will keep most users very happy. This is even more true when you consider that games cannot be played on the device, arguably making any additional processing power a complete waste!
Given that the UnaPhone Zenith is being developed in partnership with Elephone, it should come as little surprise that it appears very similar (in terms of both looks and specs) to the Elephone P9000 Helio.
This is no bad thing, as the P9000 Helio has received some very positive reviews, although it does retail at half the price of the UnaPhone. It also means that we can have a great deal of confidence in the claim that “the UnaPhone Zenith is ready to be manufactured and guaranteed to ship.”
It is estimated that Indiegogo backers will receive the phone in September, and that it will become generally available soon after.
Not (currently) open source
The UnaOS itself is currently proprietary (closed source) software. The Indiegogo page states, “but we plan to open the source code of UnaOS in the future.” UnaOS Support informs me that the code has to be audited before it can be made open source, but that a time frame for this is not yet known.
It is great to hear that the code will be audited, but I would not feel comfortable recommending this phone until the process has been completed and the code open sourced. Please see Why Open Source is so Important for a discussion on why this is the case.
Una Inc Lmt. is a UK company
NSA sidekick GHCQ has been performing mass surveillance on Britain’s’ citizens for years, a situation that the upcoming “Snoopers Charter” will formalise into law. Among many other terrible things, the Investigatory Powers Bill effectively mandates that all encryption products include a backdoor that the UK government can access (and introduces savage legal penalties for anyone who alerts users to this fact!).
How this will all play out in practise remains to be seen, but it is probable that international tech companies will be able to simply ignore such demands. Una Inc Lmt., the company behind the UnaPhone, however, is based in the UK. It is therefore very difficult to see how it will be able to avoid government demands that it backdoor its product. I put thus this to the UnaOS Support team, and received this answer,
“We completely understand your concerns, but we have acted proactively. As a UK company we abide by UK laws so we invite you to consult https://unaos.com/compliance. We do not store nor we have access to any encryption keys. The storage encryption is done locally on the device, and not shared anywhere, the “communication encryption” are not done by us, are achieved end-to end, and so this makes impossible for us to intercept the communications or implement any backdoor, and so abide by any request is not possible for us.
Unfortunately the Investigatory Powers Bill is a threat and has to be treated like this. Mass surveillance and backdoors are not the solution to fight threats, granting security. The Governments should be able to see the damage they are going to do, and most importantly putting people’s life in danger by their unreasonable requests, is not the right way to act! Companies have to adapt and be prepared to make changes, and if needed, move to countries that does not adopt such laws, and respect privacy.
If the bill will become law, we already have an effective contingency plan in place, and probably more tech companies that value their users and want to protect their privacy will act the same way like we will. Our users will never be affected by any mass surveillance bill or law. We are working hard to deliver the best security and privacy features to our users, and we will do everything to maintain the current state.”
This does all sound very upbeat. I am pleased to see that the devs are aware of the issue, and are taking proactive measures to address it. The Snoopers Charter is a major threat to privacy (especially if that privacy is provided by UK companies). It is, however, too early to foresee how the situation will develop.
Over the Air (OTA) updates
A problem with even the best open source software is that even if the code has been fully audited (which is very rarely the case) and can be considered 100 percent trustworthy, it is possible that updates will include malicious code. This could be done by to criminal hackers, or a government bribing or legally coercing a company to publish updates that compromise its security. This is an even bigger problem on smartphones, where OTA updates are “pushed” to end users.
The UnaPhone partially solves this issue by running all updates through an encrypted OTA channel. This ensures that users have the latest version of all software installed on their phone, and should prevent the possibility of criminal hackers compromising the update process. It is still theoretically possible, however, that Uni Inc Ltd. could be forced by the UK government to backdoor its product at any time via OTA updates.
The baseband processor
All modern Android phones include a propriety chip known as the baseband processor, which manages all radio functions (all functions that require an antenna). It is well known in security circles that this can effectively act as a backdoor.
It (theoretically) allows any ISP to bypass the encryption used on a mobile phone in real-time, allowing them to readily access all content on that phone in cleartext (by simply accessing the content as it becomes encrypted/decrypted).
I contacted UnaOS Support over this issue, and received the following reply,
“Yes, that’s correct, it’s more or less impossible to achieve real baseband isolation since nowadays all decent SoCs come with the baseband modem embedded. For that reason we’ve developed our so called “paranoid mode” that is a mode where the baseband modem is completely deactivated, basically transforming the phone into a “WiFi only” device. Of course all GSM functions don’t work anymore, but then you can connect through OTG an external modem with a sim card to call, text etc. That way the baseband is really isolated from the rest of the phone, since it’s located in the external modem, and peace of mind is effective! It’s a bit cumbersome of course, but for the moment that’s the only way until the day we can afford to manufacture our own soc where, unlike all current SoCs, the modem will be isolated from the SoC.”
This is a long way from perfect, as to fully secure the phone you must completely disable all GSM (mobile network) connectivity. I am nevertheless impressed that UniPhone has made a serious attempt to address the issue, something that (as far as I know) other “secure” smart phones (such as the BlackPhone) have not.
The SIM card
Another problem that affects all smartphones is the security of the SIM card,
“Oh, and if you plug that enormous hole [the baseband processor issue], you get to the SIM card, yet another processor that you have zero control over, but which has access to enough juicy data to compromise your privacy. I highly recommend everyone to watch a talk from 30C3 by Karsten Nohl, where he shows a live attack on an improperly configured SIM card that remotely implants a Java app on the SIM card which continuously sends your cell ID (your approximate location) to the attacker by short message (without notification to the application processor, e.g. Android or iOS).”
Putting the UniPhone into “paranoid” mode” will help address this issue, but again means losing all cellular capabilities. UnaOS support is also keen to point out that,
“We have a IMSI (Stingray) detector in place capable to detect all Stingray interceptions attempts, silent SMS and also SS7 network attacks. Our developers are working to implement an automatic “kill switch” so when an attack is detected, it will automatically switch the device to “offline” (plane) mode.”
Again, this sounds great!
The UnaPhone Zenith appears a brave attempt at solving the smartphone conundrum: they are amazing pieces technology that most of us cannot now bear to live without… but they are a privacy nightmare! I am particularly impressed that real effort has been made to address the major hardware security problems present in all modern smartphones.
The UnaPhone is also pretty decent on the hardware front, although you will pay a fairly steep premium for the additional security it offers. This is hardly unreasonable given the research and development that has gone into making a new and secure OS, but is worth noting.
Assuming that all code is open sourced before the product actually ships to Indiegogo backers (and certainly before the phone hits the open market!), there is a great deal to recommend the UnaPhone Zenith. The developers have clearly gone to great lengths to consider and address every possible angle of attack on users’ privacy. Some of the solutions are of necessity somewhat partial, but the care put into them leaves me very impressed.
The pink elephant in the room is that Uni Inc Ltd. is a UK company. I find it difficult to see how the UniPhone will not be backdoored by the UK government under the powers granted it by the upcoming Investigatory Powers Bill. The developers’ considered response to this, however, gives me some reassurance that a solution might be found should the Bill pass into law…