Exclusive: A review of the Blackphone, the Android for the paranoid

Based on some recent experience, I’m of the opinion that smartphones are about as private as a gas station bathroom. They’re full of leaks, prone to surveillance, and what security they do have comes from using really awkward keys. While there are tools available to help improve the security and privacy of smartphones, they’re generally intended for enterprise customers. No one has had a real one-stop solution: a smartphone pre-configured for privacy that anyone can use without being a cypherpunk.

That is, until now. The Blackphone is the first consumer-grade smartphone to be built explicitly for privacy. It pulls together a collection of services and software that are intended to make covering your digital assets simple—or at least more straightforward. The product of SGP Technologies, a joint venture between the cryptographic service Silent Circle and the specialty mobile hardware manufacturer Geeksphone, the Blackphone starts shipping to customers who preordered it sometime this week. It will become available for immediate purchase online shortly afterward.

Specs at a glance: Blackphone

SCREEN 4.7″ IPS HD

OS PrivatOS (Android 4.4 KitKat fork)

CPU 2GHz quad-core Nvidia Tegra 4i

RAM 1GB LPDDR3 RAM

GPU Tegra 4i GPU

STORAGE 16GB with MicroSD slot

NETWORKING 802.11b/g/n, Bluetooth 4.0 LE, GPS

PORTS Micro USB 3.0, headphones

CAMERA 8MP rear camera with AF, 5MP front camera

SIZE 137.6mm x 69.1mm x 8.38mm

WEIGHT 119g

BATTERY 2000 mAh

STARTING PRICE $629 unlocked

OTHER PERKS Bundled secure voice/video/text/file sharing, VPN service, and other security tools.

Dan Goodin and I got an exclusive opportunity to test Blackphone for Ars Technica in advance of its commercial availability. I visited SGP Technologies’ brand new offices in National Harbor, Maryland, to pick up mine from CEO Toby Weir-Jones; Dan got his personally delivered by CTO Jon Callas in San Francisco. We had two goals in our testing. The first was to test just how secure the Blackphone is using the tools I’d put to work recently in exploring mobile device security vulnerabilities. The second was to see if Blackphone, with all its privacy armor, was ready for the masses and capable of holding its own against other consumer handsets.

We found that Blackphone lives up to its privacy hype. During our testing in a number of scenarios, there was little if any data leakage that would give any third-party observer anything usable in terms of private information.

As far as its functionality as a consumer device goes, Blackphone still has a few rough edges. We were working with “release candidate” versions of the phone’s operating system and applications, so it would be unfair to judge their stability too harshly. But since the Google ecosystem of applications (Chrome, Google Play, and other Google-branded features) was carved from PrivatOS, a privacy-focused fork of KitKat, it may feel like a step backward for some Android users—and a breath of fresh air for others.

Full Story: Exclusive: A review of the Blackphone, the Android for the paranoid | Ars Technica.

Chinese gov’t reveals Microsoft’s secret list of Android-killer patents

For more than three years now, Microsoft has held to the line that it has loads of patents that are infringed by Google’s Android operating system. “Licensing is the solution,” wrote the company’s head IP honcho in 2011, explaining Microsoft’s decision to sue Barnes & Noble’s Android-powered Nook reader.

Microsoft has revealed a few of those patents since as it has unleashed litigation against Android device makers. But for the most part, they’ve remained secret. That’s led to a kind of parlor game where industry observers have speculated about what patents Microsoft might be holding over Android.

That long guessing game is now over. A list of hundreds of patents that Microsoft believes entitle it to royalties over Android phones, and perhaps smartphones in general, has been published on a Chinese language website.

The patents Microsoft plans to wield against Android describe a range of technologies. They include lots of technologies developed at Microsoft, as well as patents that Microsoft acquired by participating in the Rockstar Consortium, which spent $4.5 billion on patents that were auctioned off after the Nortel bankruptcy.

The list of patents was apparently produced as part of a Chinese government antitrust review relating to Microsoft’s purchase of Nokia. Microsoft described the results of that review in an April 8 blog post, writing that the Chinese Ministry of Commerce (MOFCOM) “concluded after its investigation that Microsoft holds approximately 200 patent families that are necessary to build an Android smartphone.”

To suggest the lists are the “conclusion” of the Chinese government is unusual phrasing. It’s unlikely anyone other than Microsoft itself would have the expertise and resources needed to sift through its thousands of patents and decide which ones they believe read on Android.

More likely, Microsoft was compelled to produce the list to appease Chinese regulators, who feared that the software giant could become more aggressive with its patents after the Nokia purchase. It seems equally likely that Microsoft wouldn’t be too thrilled about the patents being published on a public webpage. In fact, the English-language version of the MOFCOM site about the merger doesn’t have the patent lists.

Doing transparency, the hard way

While Microsoft’s blog post talks about hundreds of patent “families,” the lists published by MOFCOM make it clear that most of those “families” appear to be one-patent “households.”

The Chinese agency published two lists on a Chinese-language webpage where it laid out conditions related to the approved merger. The webpage has an English version, but it doesn’t include the patent lists. There’s a longer list [MS Word Doc] of 310 patents and patent applications and then a shorter list [MS Word Doc] of just over 100 patents and applications that MOFCOM focused on. The shorter list appears to be a subset of the longer list, divided into families connected to Microsoft technologies like the exFAT file system and Exchange ActiveSync, denoted as patent group 24(EAS) in the short list.

The longer list is divided into three sections: 73 patents that are said to be “standard-essential patents,” or SEPs, implemented in smartphones generally, followed by 127 patents that Microsoft says are implemented in Android. The final section includes another section of “non-SEP” assets, which includes 68 patent applications and 42 issued patents.

Full Story Chinese gov’t reveals Microsoft’s secret list of Android-killer patents | Ars Technica.

Canonical bug report suggests audacious Ubuntu for Android project may be dead

The idea was audacious: Combine Android, the most popular mobile version of Linux, with Ubuntu, the leading Linux desktop operating system, on a single smartphone that swapped between the two depending on whether the device was docked. Alas, Ubuntu for Android seems to have moved off the active roster as Canonical focuses on its own Ubuntu Touch project, and a new exchange on a Ubuntu project-tracking website seems to suggest Ubuntu for Android may be dead.

Matthew Paul Thomas, an interface designer with Canonical, opened a bug report on Launchpad.net, stating that “[The website] describes Ubuntu for Android as ‘the must-have feature for late-2012 high-end Android phones’. Ubuntu for Android is no longer in development, so this page should be retired.”

Well, that sounds ominous. (The thread in question has been scrubbed from Launchpad, but you can still see a Google-cached version of it.) Canonical developer Anthony Dillon then asked web director Peter Mahnke to check on the situation. Here’s Mahnke’s reply:

“We do check if this and the tv page should be kept on the site. currently the answer is yes. I have removed the 2012 text.”

I’ve asked Canonical to comment on the status of Ubuntu for Android.

If the project is indeed joining Ubuntu One in the deadpool, it can’t quite be called a surprise. Canonical has yet to convince phone makers to preload Ubuntu for Android on phones, while phones running on the company’s Ubuntu Touch OS are slated to hit the streets this very year, after thirst for the OS was fueled by Canonical’s massive Ubuntu Edge smartphone crowdfunding campaign. There are only so many hands to go around, after all.

via Canonical bug report suggests audacious Ubuntu for Android project may be dead | PCWorld.

Android snagged 62 percent of tablet market in 2013

Android and Samsung Electronics were the big winners in the tablet market last year, as sales grew by 68 percent, according to market research company Gartner.

Worldwide sales of tablets to end users totalled 195.4 million units, fuelled by sales of low-end, smaller screen devices, and purchases by first time buyers, the company said Monday.

Android has become the biggest tablet operating system with 62 per cent of the market. In 2012, Google’s OS trailed Apple’s iOS by a margin of about 8 million tablets, but by the end of last year had turned that into a 50 million-unit lead.

The Android camp led by Samsung sold almost 121 million tablets, for a 61.9 percent share, compared to 53.3 million units and a 45.8 percent share in 2012. Apple’s tablet sales increased from 61.5 to 70.4 million units, but because the overall market grew faster, the company’s share dropped from 52.8 percent to 36 percent.

“Apple’s strong fourth quarter helped it maintain the top position among the manufacturers.”

Microsoft’s Windows tablet sales improved but the share remained small at 2.1 percent, with shipments growing from 1.2 million to 4 million units. To compete, Microsoft needs to create a more compelling ecosystem for consumers as well as developers across all mobile devices, Gartner said.

Apple’s strong fourth quarter helped it maintain the top position among the manufacturers. Samsung, ranked in second place, had the biggest growth of the worldwide tablet vendors, at 336 per cent. The expansion and improvement of its Galaxy tablet portfolio, together with a lot of marketing, helped Samsung shrink the gap with Apple.

Samsung sold 37.4 million tablets for a 19.1 percent slice of the market.

The rest of the top 5 was made up of Asus, Amazon.com and Lenovo. Of those three companies, Lenovo did particularly well with tablet sales growing by 198 per cent to 6.5 million units, or a 3.3 percent market share. The company’s success was due to a combination of new tablet models launched during the second half of last year, and sales of its Yoga model and its Windows tablets doing particularly well, Gartner said.

However, Lenovo is still behind Asus, with 11 million units sold, and Amazon, with 9.4 million. Asus’ market share grew from 5.4 percent to 5.6 percent, while Amazon’s share declined from 6.6 percent to 4.8 percent.

As the tablet market becomes even more competitive, this year it will be critical for vendors to improve user experience, technology and ecosystem value beyond just hardware and cost, Gartner said.

via Android snagged 62 percent of tablet market in 2013 | PCWorld.

Sony launches the Xperia Z2 with “world’s best mobile camera”

At Mobile World Congress 2014, Sony has announced their new flagship Android smartphone, the Xperia Z2, which is a small update to the Xperia Z1 but packs what the company claims is “the world’s best mobile camera”.

The design of the Xperia Z2 is similar to the Z1, although Sony has bumped the screen real-estate up to 5.2-inches (from 5.0-inches) through the inclusion of an all-new display. The company has ditched the eIPS LCD in favor of a traditional 1080p IPS panel, which reportedly fixes issues such as poor viewing angles and color accuracy that we alluded to in our Xperia Z1 review.

Internally the SoC used has seen a minor bump up to a Snapdragon 801, complete with a 2.45 GHz quad-core Krait 400 CPU and a faster-clocked Adreno 330 GPU. There’s also 3 GB of RAM, 16 GB of storage, a microSD card slot, LTE and a 12.16 Wh (3,200 mAh) battery inside.

The camera on the Z2 which Sony calls the “world’s best” is physically identical to the Xperia Z1: a Sony-made 1/2.3″ 20.7-megapixel sensor combined with an f/2.0 27mm-effective lens. There doesn’t appear to be OIS, which may affect low-light images, although increased processing power now allows the sensor to capture 4K video at 30 frames per second.

Other features include full IP55 and IP58 water resistance, and digital noise cancelation built into the phone as well as the supplied earphones. The Xperia Z2 is 8.2mm thick, 158 grams heavy and will launch globally in March 2014.

via Sony launches the Xperia Z2 with “world’s best mobile camera” – TechSpot.

E-Z-2-Use attack code exploits critical bug in majority of Android phones

Recently-released attack code exploiting a critical Android vulnerability gives attackers a point-and-click interface for hacking a majority of smartphones and tablets that run the Google operating system, its creators said.

The attack was published last week as a module to the open-source Metasploit exploit framework used by security professionals and hackers alike. The code exploits a critical bug in Android’s WebView programming interface that was disclosed 14 months ago. The security hole typically gives attackers remote access to a phone’s camera and file system and in some cases also exposes other resources, such as geographic location data, SD card contents, and address books. Google patched the vulnerability in November with the release of Android 4.2, but according to the company’s figures, the fix is installed on well under half of the handsets it tracks.

“This vulnerability is kind of a huge deal,” Tod Beardsley, a researcher for Metasploit maintainer Rapid7, wrote in a recent blog post. “I’m hopeful that by publishing an E-Z-2-Use Metasploit module that exploits it, we can maybe push some vendors toward ensuring that single-click vulnerabilities like this don’t last for 93+ weeks in the wild. Don’t believe me that this thing is that old? Just take a look at the module’s references if you don’t believe me.”

The WebView vulnerability allows attackers to inject malicious JavaScript into the Android browser and, in some cases, other apps. In turn, it helps attackers gain the same level of control as the targeted program. The easiest way to exploit the bug is to lure a vulnerable user to a booby-trapped webpage. Within seconds, the site operator will obtain a remote shell window that has access to the phone’s file system and camera. In some cases, the exploit can also be triggered by performing a man-in-the-middle attack while the victim is on an unsecured Wi-Fi network. By hijacking the app’s update process, attackers can gain control over the same resources already granted to the app, including permissions such as access to SD cards and geographic data.

Popping a shell

The threat is closely related to one Ars wrote about in September. In addition to making the native Android browser included in vulnerable versions of the mobile operating system susceptible, the weakness can also affect third-party apps developed with older code libraries. Readers can see a video of the newly released Metasploit exploit module in action here. The resulting command shell can do anything the native Android browser can do.

Rapid7’s Beardsley raises a good point about the proliferation of devices still running out-of-date versions of Android with known security vulnerabilities. Indeed, it’s not hard to find big-name sellers offering handsets that are vulnerable right out of the box. Ars has chronicled the checkered, slow history of Android updates before, as well as efforts by civil liberties groups to force US regulators to take action. Until carriers and sellers can be counted on to provide security updates for all their customers, the best bet for Android users is to use a Google-managed device such as the Nexus 4, which provides timely security updates directly from Google.

via E-Z-2-Use attack code exploits critical bug in majority of Android phones | Ars Technica.

Report finds iOS apps riskier than Android apps

How many apps do you have on your smartphone or tablet right now? Well, take that number, and multiply it by 0.9. That’s about how many of your apps are a potential security concern according to a new study from Appthority.

The Appthority Reputation Report for Winter 2014 was compiled using data from the cloud-based Appthority App Risk Management Service. Appthority performed static, dynamic, and behavioral app analysis of 400 paid and free apps spanning iOS and Android to assess the relative security and risky behavior of the most popular apps.

Appthority found that 95 percent of the top 200 free apps on iOS and Android exhibit at least one risky behavior. That number drops to 80 percent for paid apps—an improvement, but four out of five paid apps exhibiting risky behavior is hardly something to cheer about. Appthority also discovered that iOS apps are riskier overall than Android apps—91 percent contain risky behavior as opposed to 83 percent on Android.

They risky behaviors vary, but include things like location tracking—found in 70 percent of the free iOS and Android apps—weak authentication, sharing data with ad networks, accessing the contact list, or identifying the user or UDID.

“Appthority found that 95 percent of the top 200 free apps on iOS and Android exhibit at least one risky behavior. ”

There are a couple significant caveats to the idea of iOS being a greater risk. First, Android apps have a much higher presence of accessing the UDID or identifying the user. Apple took steps to prevent developers from accessing UDID information on iOS mobile devices—but some developers have found ways to circumvent those rules.

The other thing that separates Android from iOS is that, although there are more iOS apps that exhibit risky behavior, the Android apps tend to collect more information about the user and the user’s mobile activities than their iOS counterparts.

To sum up, a higher percentage of iOS apps include risky behaviors than Android apps, and paid apps are generally less risky than free apps.

The differences in many cases are small and semantic, though. The fact that iOS has a higher percentage than Android may offer some small consolation to Android users, but the fact that nearly all of the apps on both major mobile platforms exhibit at least one risky behavior should be a red flag for both app developers and mobile device users—as well as for Apple and Google themselves.

The real lesson to be found in this report is that app developers recognize the financial value of gathering user data, and that mobile apps in general have a long way to go in terms of security and respecting a user’s privacy.

via Report finds iOS apps riskier than Android apps | PCWorld.

Rumor: New Google Nexus 8 tablet to launch in April 2014

Some new rumors are suggesting Google’s next Nexus tablet will launch at the end of April. Dubbed the Nexus 8, this new tablet will be an evolution off the Nexus 7 tablets from the previous two years.

This story comes via unnamed suppliers in Asia, which claim Google is slightly re-focusing its tablet efforts. The Nexus 8, as the name suggests, will feature an 8-inch screen a small bump from the previous 7-inch versions. This version supposedly comes due to increased competition in the 7-inch form-factor market, as well as ever increasing numbers of phablet-type devices in the 5 and 6-inch range.

Google’s switch to an 8-inch format would better differentiate it from other products and put it in the same class as Apple’s iPad Mini. It would also set its rumoured device in the mid-range of tablet sizes, giving credence to other rumours that suggest Google may be dropping the Nexus 10 line altogether, the bigger premium version of the Nexus 7.

There isn’t much info on what the Nexus 8 tablet may feature under the hood, but it’s valid to assume we’ll see the latest and most powerful CPUs, increased RAM size and better screens. It will, of course, also be running the latest version of Android. As for whose manufacturing this new device, Asus seems like the strongest contender, having manufactured the previous Nexus 7 tablets, but LG and even HTC are rumored to also be candidates.

If this rumor turns out to be true and the Nexus 8 does indeed launch in April, we’ll likely see many more leaks in the coming weeks as we draw nearer to the launch announcement.

via Rumor: New Google Nexus 8 tablet to launch in April 2014 – Neowin.

Top Android tablets (February 2014 edition)

Introduction

Tablets are everywhere, and while Apple’s iPad – along with its little brother, the iPad mini – commands the most media attention, there’s no shortage of excellent Android alternatives to choose from.

Here are my top nine Android tablets for February 20142014 – and this month we have a couple of new entries.

All of the tablets features here are very capable, powerful workhorses, and are ideal not only for home users, but also for enterprise users or those looking for a BYOD tablet. Any one of these will give you an excellent Android experience, and, when combined with the right apps, will allow you to get a lot of work done when you\’re away from your desk.

Full Story: Top Android tablets (February 2014 edition) | ZDNet.

PC makers to rebel against Microsoft Windows at Consumer Electronics Show

Microsoft could find itself in a precarious position at the Consumer Electronics Show early next month in Las Vegas. That’s because a number of computer manufacturers are expected to unveil systems that can simultaneously run Windows and Google’s Android mobile platform according to two different analysts as reported by Computerworld.

Tentatively known as PC Plus, these machines will run Windows 8.1 as well as Android apps. Tim Bajarin of Creative Strategies said the initiative would take place through software emulation and was being backed by Intel. He wasn’t sure what kind of performance could be expected but it is their way to try and bring more touch-based apps to the Windows ecosystem.

Patrick Moorhead, principal analyst at Moor Insights & Strategy, independently said there were three possible implementations that could be used including dual-boot, software emulation or some type of virtualization-based solution. Either way, it would certainly make buzz at CES as OEMs will be trumpeting it.

It’s a desperate move by OEMs but as the saying goes, desperate times call for desperate measures. Manufacturers have seen the PC business shrink in size over the last couple of years as sales of smartphones and tablets have cannibalized the once-thriving industry.

If true, it’ll certainly be interesting to see how the initiative plays out. One scenario could see manufacturers move away from Windows for mobile devices like notebooks, instead opting for a true mobile OS. It’s no secret that Microsoft is working to further optimize Windows 8 to better meet the demands of all users but there’s still a lot of work left to be done.

via PC makers to rebel against Microsoft Windows at Consumer Electronics Show – TechSpot.