U.S. Markets close in 1 hr 19 mins

The Big Problem with the Secure New Smartphones of the Snowden Era: Other Phones

Rob Pegoraro
Contributing Editor
Yahoo Tech

BARCELONA—It’s been a rough few years for having confidence in your communication, thanks to all the things we’ve learned about government surveillance and previously-unknown vulnerabilities in our software.

That also means there’s a business opportunity for companies to try to solve those problems. Here at Mobile World Congress, I’ve seen three separate phones that come armored with layers of encryption to protect your content and your conversations.

One of them has already found surprising success: the Blackphone, which maker Silent Circle said Monday had booked $750 million in sales since its debut at last year’s MWC. This year, Silent Circle unveiled a successor to that device, the $649 Blackphone 2, as well as a Blackphone+ tablet that can be used as a phone.

All those devices run a customized version of Android that offers encrypted Web browsing and online storage, plus the ability to restrict anyone app’s access to your data. They also ship with encrypted calling and texting applications from the Geneva and National Harbor, Md.-based company.

I’ve tried those apps, and they’re vastly easier to use than most encryption software. They also come from a team with serious cryptography credentials: Phil Zimmermann developed Pretty Good Privacy and then spent half a decade getting hounded by the Feds for it, while Jon Callas wrote Apple’s disk-encryption software before joining the company.

But like many other secure-communications apps, Silent Circle’s require the same software on the other end.

That means if you buy a Blackphone 2 and try to call or text somebody using the other two secure phones I saw here, your words will go over the air in the clear unless the recipient first installs Silent Circle’s apps.

And on one of those two phones, that may not even be an option. The GranitePhone, an Android-based device being developed by the Sao Paolo, Brazil, firm Sikur, offers encrypted calls and texts to other owners of the same device. But like the Blackphone, it won’t include access to the standard Google Play Store, which will presumably preclude installing Silent Circle’s apps when this phone ships for $799 or so sometime this summer.

Then there’s Kaymera. This Herzlyia, Israel-based firm takes standard Android phones—today, the Samsung Galaxy S 5 and LG’s Nexus 5—and wrapping them in its own encryption and security software. They include some thoughtful features: You can set a “panic PIN” that you enter if forced to unlock the phone, and which then alerts a designated contact.

As with Blackphones and the GranitePhone, calls and texts are encrypted to other people using the same software; otherwise, they’re not. Since Kaymera’s system keeps Google’s Play Store, its business and government owners can still install Silent Circle’s apps.

Beyond suffering from the same interoperability hangups that have held back end-to-end encryption of e-mail –– while it’s not too hard for mail providers to use “TLS” encryption to scramble messages in transit, providing the same protection for saved e-mail at either end requires additional software –– these three firms also share an inability to fix basic weaknesses in mobile networks on their own.

If you put any of their phones on the signal generated by a “Stingray” cell-tower simulator, any unencrypted traffic will be scooped up by that device. The same thing would happen if you put in one of the SIM cards the National Security Agency and the United Kingdom’s GCHQ could have compromised when they broke into the corporate networks of the SIM manufacturer Gemalto.

To deal with that, the entire wireless industry has a great deal of work to do. In the meantime, the best news for your security as an individual customer is not the arrival of specialty devices like these three, but the increasing use of encryption on mass-market phones—and the wider deployment of login technologies like fingerprint scanning and maybe even retina scanning that make it easier to keep your phone locked when it’s not in your hand.

Email Rob at rob@robpegoraro.com; follow him on Twitter at @robpegoraro.