Since Snowden’s 2013 revelations about spying by US government agencies, projects advocating the protection of user data have not ceased to flourish. One of the most recent is the UP Phone, a phone touted by the founder of startup Unplugged Systems, Erik Prince, as ultra-secure with an impenetrable operating system. But is there a foolproof operating system in the world of computer security?
Erik Prince, the American businessman, former US Navy officer known for founding the mercenary force and the US private military company Blackwater, famous for the 2007 murder of 17 Iraqi civilians in Baghdad and injuring 20 others and also for threatening Iraqi investigators government, has embarked on a new project, that of providing truly secure phones with unparalleled privacy. Last June, during a pitch deck (or more simply during a fundraiser presentation) that aimed to raise 5 million dollars, Erik Prince was not without praise for presenting his phone as the solution. final for all those who wish to free themselves from Apple and Google for the confidentiality of their data. But what is it really?
As features, the phone incorporates the following specifications:
Operating system: Free
Screen: AMOLED ~ 6.5″ with Gorilla Glass, HD+ 1080×2340
SIM Card: Double
Processor: MTK Dimension Octa Core
Rear camera: 48MP multiple rear camera (main) with flash
Front camera: 16MP
Biometrics: fingerprint sensor
Sensors: Compass + G-sensor + Light sensor + Proximity sensor
WiFi: 2.4GHz + 5GHz 802.11 ac/a/b/g/n
Bluetooth: BT 5.1
USB: USB Type-C
At first glance, we see that the UP Phone (aka Unplugged) boasts the most mundane for a phone in 2022. Where its team and particularly Prince want to excel is at the security level. So, the first thing that comes to mind is having more details about the operating system. The LibertOS supporting the UP phone has nothing to do with the 3rd party operating system. Those who were hoping for this, therefore, will have to move on. It is quite simply a proprietary version of Android. Confident that this version of Android is more secure than the original, Prince said during his presentation that the phone and its operating system are ” impenetrablesurveillance, interception and tampering, and its messaging service is marketed as “impossible to intercept or decipher”. He also explained that the device is protected by“Government-grade encryption“. And to increase data security, you can define a unique code that erases all your data and alerts your emergency contacts, the company argues. Please note that all these descriptions are just statements. available.
To raise the bar even further, Prince said that Unplugged’s systems and services must be hosted on a global network of server farms so they “can never be taken offline.” To achieve this, the company would consider resorting to a server farm installed in several countries, such as Israel, Cyprus, Switzerland, the United Arab Emirates, etc., and even “on a ship” located in a “undisclosed location in international waters and connected via satellite to Elon Musk’s StarLinkBut after asking for clarification on these claims, the company explains that they are considered long-term options for the company to enjoy servers that are not subject to government laws.
After that presentation, many online commentators were quick to dismiss it as a confusing mix of impossible-to-keep promises, nonsense platitudes, and pure fiction. “Words and phrases like ‘government grade’ and ‘impenetrable’ are rightly derided online by the IT security community because we know they are used to mislead people.says Nicholas Weaver, a cybersecurity researcher at the International Computer Science Institute. With Google’s Android version, we already know that it’s impossible for the company to keep its system at a zero failure level. That’s why security updates are regularly released to close gaps discovered over time. Even Apple, which jealously guards its system’s source code, is not without its mobile devices glitches. It’s no wonder, then, that security experts who evaluated Unplugged’s promises found them unrealistic and sometimes even misleading. For David Richardson, vice president of mobile security company Lookout, “no device is impenetrable, this has been proven over time“. Allan Liska, cyber intelligence analyst at cybersecurity firm Recorded Future, adds that no matter the level of encryption, “It’s a phone, and the way phones work is triangular in cell towers, and there’s always latitude and longitude to know exactly where you are.” “Nothing you do on the phone is going to change that.“, he adds.
Above the operating system, the company Unplugged features a set of proprietary applications designed to protect user data. We have apps like UP Store, UP VPN, UP Antivirus, UP Messenger, UP Storage, UP Sonar PI. With these Unplugged featured apps, your data is not monetized, sold or shared with anyone. To access this suite, you must first download the APK from the UP Store and install it from an unknown source. A clarification to be made, however, these applications are paid.
Also, one fact that raises some concerns is the fact that the UP Phone looks a lot like the Liberty Ghost Phone that was announced in a tweet in May and then deleted. But the connection between these two phones doesn’t end there. Liberty Ghost Phone promotes the Unplugged suite on its own website, and both phones run the LibertOS Android fork that incorporates “government-grade” security, although details of that security level are not available. The Liberty Ghost Phone’s specs are almost identical to those of Unplugged. Like Liberty, UP Phone is available for pre-order. The Liberty Ghost Phone costs $850 versus $849 for the UP Phone. With these close ties and the doubts this raises, Unplugged would have said to reassure people of “Liberty are indeed our partners. They are selling a special edition of our phone with some unique tweaks for their devices (like brand case, some pre-installed apps, etc.)“. But for some, the team behind the UP Phone would be the same as the Liberty Ghost Phone.
Another intriguing fact is that Unplugged’s day-to-day tech operations are run by Eran Karpen, a former employee of CommuniTake, the Israeli startup that spawned the now infamous hacking firm NSO Group. There, Karpen designed the IntactPhone, which the company called a “military-grade mobile device”. He is also a veteran of Israel’s Unit 8200, an agency that carries out cyber espionage and is the national equivalent of the NSA. Besides Prince, Eran Karpen is the second person to have ties to private intelligence companies. If you feel like going to the cashier to purchase the UP Phone, other phones like the Librem 5 or Munera, to name a few, are available and have the same goals of getting rid of two mobile giants, Google and Apple, to give back to users. control over your data.
UP Phone is scheduled to be released on November 22, 2022.
Is that you?
What comments do you have on the security arguments put forward to sell the UP Phone? overrated? True and attainable?
Do you think Unplugged Systems will be able to release the UP Phone as planned? Or do you think it’s a dead project?
Murena, the privacy-friendly Android smartphone arrives, an idle Android phone reports location information to Google 340 times in a 24-hour period
Librem 5 USA: Purism starts shipping its privacy-friendly US-made smartphone, an “alternative to big tech offerings”
LineageOS 18.1 is available and brings Android 11 to over 60 smartphones, including some older Samsung devices
Android phones constantly spy on their users and transmit sensitive information to the OS developer as well as third parties, according to a study
microG project: a re-implementation of proprietary Android apps and libraries, by the Android community