The Android-Based "CryptoPhones" Are Coming


Here’s some good news in early 2014 about the whole NSA mass spying situation – companies that are building ultra-secure smartphones are starting to pop-up, because now they will have a substantial market of people, not just from government officials, who I’m sure will take their mobile conversations’ security a lot more seriously from now on (most of them were just using regular phones), but also from regular people who care about not letting governments spy on them.

Some of these companies are the French security gear manufacturer Bull SA, and the German GSMK, who’s actually been making such secure phones for over a decade. Bull SA has recently launched the Hoox m2 smartphone, which costs a whooping $2760, for which you get not very impressive specs from a regular smartphone point of view: 4.68″ display, 960×540 resolution, quad core Cortex A5, 1GB of RAM and a 5MP camera.

That sounds about mid-range, at best. However, the main purpose of these phones is security, and they’re offering built-in biometric sensors to make sure nobody but you can use the device, and they also have software-based encryption, and will encrypt all phone calls, SMS and e-mails.


Then there’s GSMK, the German contractor, who has recently launched the CryptoPhone 500, another custom Android-based phone with a focus on security. CryptoPhone was actually recommended by Jacob Appelbaum (works on the anonymity tool Tor), at the 30C3 hacker conference recently, as a secure solution for private calls (along with Moxie Marlinspike’s RedPhone app for all Android phones).

The CryptoPhone 500 is based on Galaxy S3 hardware, has two-layer AES256 encryption for secure messaging and VOIP calls, and a baseband firewall, which they say guarantees 100 percent against over-the-air attacks.

“Five years ago, businesses were asking me why I was so paranoid,” says Bj¶rn Rupp, GSMK’s founder. “Now they’re all nodding when you give the presentation.”

That alone tells us that there is going to be a lot more demand for such phones in the future, and the good news is that we won’t have to pay $3,000 for such a phone, because I believe many of the features (even hardware features) will trickle down to “normal” phones too. It won’t happen overnight, though. It might take a few years before we start seeing much of that security in normal flagships.

We’re already starting to see authentication through biometrics on phones, and there’s a lot more attention given to secure messaging as well. CyanogenMod for example has recently said that it will encrypt all messages in CM11 and beyond, between CM users, or between CM users and TextSecure users (since it’s using Moxie Marlinspike’s new TextSecure protocol).

Right now, that’s your best bet for inexpensive security, and hopefully CyanogenMod will integrate Moxie’s RedPhone application, too, so every phone call you make is encrypted. Even mid-range phones will be getting LTE next year, and it doesn’t use that much data for a minute of conversation