Nov 22, 2024, 12:12 AM

News:

Stay tuned as we migrate data from our old forum !


Privacy Centric Smartphone Operating Systems

Started by trilight, Apr 16, 2021, 07:22 PM

Previous topic - Next topic

trilight

Apr 16, 2021, 07:22 PM Last Edit: Apr 16, 2021, 07:40 PM by trilight
Privacy Centric Smartphone Operating Systems

Over the last couple of years, big tech's incursions into private consumer data have reached an all-time high. In light of excessive data mining, more and more people are becoming privacy conscious, and therefore looking for usable alternatives to today's popular software.

Privacy in Mobile Operating Systems

Such is the case with smartphone operating systems, which albeit seemingly private, often lack the necessary features that would otherwise lead to a higher degree of data protection. From usage statistics, to tracking and eavesdropping operations, today's smartphone operating systems fail to uphold proper privacy standards. The main challenge at hand is that the market lacks sufficient options, granted that together, Google's Android and Apple's iOS possess 99% of the mobile OS market share. While Apple has opted to market its iOS as privacy-centric, no cybersecurity expert would actually define it as a suitable OS with real integraded privacy control since it lacks the proper approach. Restricting users to control how data is processed, shared and used without crippling its features or usage are there for mostly commercial reasons.

What Makes a Mobile OS Private?

First and foremost, a company's promises mean nothing without proof, as marketing claims oftentimes exceed reality. In the case of smartphones, proof of privacy focus is easily attained through an open source OS, firmware and hardware.

Open source code is perhaps one of the core pillars of digital privacy, granted that it allows experts worldwide to channel their brainpower not only to verify how a system works, but also to further improve it. Collaborative efforts have created marvelous designs that have advanced global technology, leading to smarter, quicker, and better solutions.

The most optimal open source model entails 3-layer transparency - for the operating system, firmware and hardware. Together, these layers facilitate the study, modification, distribution, creation, and testing of all components that make up a mobile device. In the case of smartphone development, collaborative efforts could prove highly successful, as worldwide brainpower easily surpasses the potential of closed-source products designed by tech corporations. Of course, it goes without saying that actual security protocols must be implemented within the software architecture of open source smartphones. The enhanced transparency and collaborative effort provide a much needed boost to development, while establishing an unparalleled sense of user trust.

However, contrary to popular beliefs, privacy doesn't reside solely in the hands of the manufacturer or platform. Smartphone users must do their own due diligence to retain the best privacy provided by their smartphone OS, platform and available apps. For instance, do not blindly trust software that's available on Google Play and the Apple App Store. Too often malicious apps get through the standard checks and cause serious issues for users who download them. Think of financial damage, losing sensitive data or identity theft. This goes for any app platform including downloading apps straight from the source.

Similarly, the usage of privacy-invading apps must be limited. This is yet another privacy-exposing factor that's not directly linked to the smartphone manufacturer. Apps like Facebook and Google Services are infamous for their intrusive permissions and usage of behavioural tracking technology in hopes of building user profiles,  targeting the right ads and using the data for a multitude of other (internal) projects.

Exploring Privacy-Conscious Alternatives

It's often been said that privacy-conscious smartphones have a lower market share due to complicated user interfaces and lack of support for popular functions. Moreover, it's difficult to develop a fully-open source device, as legal constraints often stop manufacturers from relying solely on open source components.

Nevertheless, some alternatives exist:

Purism's Librem 5

Thinking of a security and privacy-focused phone, the Librem 5 innovates by separating the mobile modem from its system and memory, thereby taking the form of a module-based device. Running on the Linux-based PureOS, Librem 5 has made a name for itself as a highly-secure smartphone.

PinePhone

Developed by Pine64, the PinePhone is an open source smartphone that supports most of the Linux operating systems. With good enough specs, PinePhone users can rest assured as their data is neither tracked or controlled by 3rd parties. Unfortunately, the PinePhone's modem is based on closed-source firmware due to legal constraints. Cyber activists have hence developed open source firmware that can make calls, soon to be released to the public.

Tinker Phones*

Tinker Phones provides open hardware mobile devices that support a series of free and open source operating systems like Linux and others. Users are free to port their own OS, with the assurance that all hardware has been verified and scrutinized by an independent community.

* Tinker Phones might require a bit of a technical background and could be very useful for individual requirements instead of appealing to a large audience as of this writing.

GrapheneOS

We also have to mention GraphenerOS which has come a long way in being an alternative when it comes to a privacy centric smartphone operating system.

The following text is taken from their official website:

"
GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. GrapheneOS also develops various apps and services with a focus on privacy and security. Vanadium is a hardened variant of the Chromium browser and WebView specifically built for GrapheneOS. GrapheneOS also includes our minimal security-focused PDF Viewer, our hardware-based Auditor app / attestation service providing local and remote verification of devices, and the externally developed Seedvault encrypted backup which was initially developed for inclusion in GrapheneOS.

GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB peripherals, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.

As of this writing GrapheneOS has official support for the following devices:

Pixel 5 (redfin)
Pixel 4a (5G) (bramble)
Pixel 4a (sunfish)
Pixel 4 XL (coral)
Pixel 4 (flame)
Pixel 3a XL (bonito)
Pixel 3a (sargo)
Pixel 3 XL (crosshatch)
Pixel 3 (blueline)

The release tags for these devices have official builds and updates available. These devices meet the stringent privacy and security standards and have substantial upstream and downstream hardening specific to the devices.

Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree. Device support repositories for the Android Open Source Project can simply be dropped into the source tree, with at most minor modifications within them to support GrapheneOS. In most cases, substantial work beyond that will be needed to bring the support up to the same standards. For most devices, the hardware and firmware will prevent providing a reasonably secure device, regardless of the work put into device support.
"

Future Predictions for Private Mobile Devices

It has become apparent that without adequate effort, digital privacy will become a relic of the past. Companies engaging in profiling, tracking argue that access to private data is a prerequisite to providing features, but the dawn of open source and privacy-conscious smartphones is proving them wrong. In the future, tech enthusiasts worldwide may come together to work on the development of high-performance smartphones with adequate functions, laid out under a pleasant user interface that does not forgo data protection. With sufficient luck, such devices will be available commercially in countries worldwide as the major players lose a portion of their market share or adapt to a new reality.