Is the world ready for a more secure smartphone designed to better protect your privacy? Encrypted communications firm service Silent Circle seems to think so, having teamed up with specialty phone vendor Geeksphone to offer the Blackphone, the prime selling point of which is data security. Essentially, a set of cryptographic and other security-enhancing services are bundled into a phone with a modified version of the Android OS.

In the hands of sophisticated users, the Blackphone could help placate companies’ mobile security worries. However, the phone will not entirely eliminate the bring-your-own-device challenge that many enterprises face. One thing it can do, however, is help illuminate the real mobile security challenge: the human factor.

Building Around Security and Privacy

As Fast Co.Labs‘ Luke Dormehl reports, Phil Zimmerman, the creator of Pretty Good Privacy, set out to provide a set of Android apps to enhance smartphone privacy and data security. His company, Silent Circle, ended up working with Spain-based Geeksphone to provide hardware specifically tailored to support the desired software features.

According to Sean Gallagher of Ars Technica, at the heart of the Blackphone is PrivatOS, an OS based on Android 4.4 KitKat. This system gives users much finer control over the permissions the OS provides to the apps running on it.

Blackphone also comes with a bundle of software and subscriptions to security-oriented services such as Silent Circle’s “Friends and Family” offerings, virtual private network (VPN) service Disconnect and SpiderOak secure cloud storage.

Is Blackphone Security for the Sophisticated?

Reviewers who have tested preproduction versions of this phone have been impressed by its suite of privacy and security tools, though its overall performance as a smartphone is only fair to middling. Given that this is the first effort to provide robust mobile security in a consumer-level package, the early results are highly creditable.

There are some inherent limitations. Like all software, Blackphone’s security software is potentially subject to zero-day vulnerabilities. Ironically, if Blackphone gains only niche interest, it will be largely safe from hackers, who will attack more widely used products. If it catches on, however, hackers will be that much more motivated to crack it.

Even aside from potential zero-day vulnerabilities, the Blackphone or similar devices will not entirely put security worries to rest. A brief perusal of the Fast Co.Labs and Ars Technica articles hints at the real challenges of mobile security, with mentions of proxy servers, public keys and VPNs. Security-minded readers will recognize these terms and have at least a general notion of how they relate to privacy and data security.

Read: 4 Essential Ways to Protect My Mobile Applications

However, most mobile users have never heard these terms and are in no rush to learn them, let alone adopt more secure usage habits. As one commenter at Ars Technica noted, no one on his contact list was subscribed to the secure services he used. Often, they were remarkably unwilling to learn or try these more secure tools. While Blackphone can extend some protection to the other end of a call or Internet connection, it cannot create security consciousness.

That is the true enterprise security challenge: creating security consciousness without browbeating people, which doesn’t work very well anyway. Blackphone is one more potential security tool, and a good one for sophisticated users, but no tool can provide security by itself.

More from

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…