There's no such thing as a phone that 'cannot be hacked' - the rich and powerful use the same phones as anyone else, and they're just as vulnerable


No Gmail, no App Store — using an ultra-secure smartphone is like 'taking a step back into the 1990s'

No Gmail, no App Store — using an ultra-secure smartphone is like 'taking a step back into the 1990s'

is So-called "hardened" phones, like Purism's Librem 5 phone and Communitake's IntactPhone, have a variety of built-in security measures that aren't commonly found on smartphones. They also run on custom software built with privacy in mind. But those benefits come with compromises: There's no Google Maps, no Gmail, no Instagram, and most important, no access to Google's enormous app store. They also won't come with the flashy new features found on today's newest smartphones, like a triple-lens camera.

"You think about high-profile people, they want the cool toys too," Charles Henderson, the global head of IBM's X-Force Red security team, said to Business Insider. "If you're telling somebody, 'Hey, I've got this great phone that does half of what your current phone can do,' then that's not exactly the best sales conversation to have."

Few people know this better than Todd Weaver, the CEO of Purism, which makes laptops, services, and a smartphone optimized for security and privacy. The company's Librem 5 smartphone runs on Purism's own operating system, which is based on Linux instead of Google's Android, and includes physical switches for turning off the phone's microphone, cameras, GPS, cellular, and Wi-Fi functionality.

The phone began shipping to early backers in September, and the mass production model was originally slated to begin rolling out between March and June of this year. But it may be delayed due to supply chain constraints resulting from the coronavirus.

The Librem 5 doesn't have access to Google's Play Store and instead runs on the much smaller PureOS store, which only includes apps without third-party ads and trackers based on open-sourced code. That means those using the Librem 5 will probably have to access popular services like Uber, Facebook, and Instagram though the phone's web browser, which sandboxes individual web pages so that these services don't have access to any other data on your phone beyond what's required to carry out the task at hand.

Even after just a few moments using the current version of the Librem 5, it's apparent that it's a stark contrast from most modern smartphones made by companies like Apple, Motorola, Samsung, and others. It's noticeably thicker, the apps are limited, and the software itself is less polished.

"Using a minimalist phone is kind of like taking a step back into the 1990s," Marc Rogers, a white-hat hacker and head of cybersecurity at Okta, an enterprise identity management service, said to Business Insider."You've almost got a feature phone again, and it's hard to give up some of those features." (Insider Inc., the publisher of Business Insider, is an Okta client.)

Weaver says that Purism has shipped hundreds of units of the Librem 5 since its September launch and estimates that number will jump to 50,000 by the first half of 2020. That's a far cry from the millions of iPhone units Apple sells in a single weekend. Apple no longer discloses iPhone unit sales, but back in 2015 it said it had sold more than 13 million units of its iPhone 6S and 6S Plus during their first weekend on the market.


Challenging the giants

Challenging the giants

Weaver's goal with the Librem 5 isn't necessarily to appeal to everyone; it's to challenge the dominance of large firms like Apple, Google, and Facebook, all of which have come under increased scrutiny in the past year over the power and influence they hold in the industry, as well as the ways they handle consumer data.

"It always comes down to control," Weaver said. "To break up that [iOS and Android] duopoly ... you have to give control to the individual."

His company's audience, he said, is a combination of parents looking for a privacy-oriented device for their child, software developers, C-suite executives, and enterprise clients. But incidents like the Jeff Bezos hack or the Equifax data breach from 2017 usually lead to a spike in traffic to Purism's website and a bump in sales. Rogers also said that after the Bezos hack, two venture capitalists reached out to him asking about the possibility of building a secure phone.

But even beyond the limitations that come with a privacy-oriented phone, it's difficult for any newcomer to challenge a smartphone market that's dominated largely by Samsung, Apple, and Chinese tech giant Huawei. Apple and Samsung each claimed 18% of the market share in the fourth quarter of 2019, according to Counterpoint Research, while Huawei claimed 14%, Xiaomi, Vivo, and Oppo each claimed 8% and Lenovo claimed 3%. No other smartphone maker accounted for a significant enough share of the market to break out in Counterpoint's analysis.

"Short of government regulation that reshapes the market, it seems really unlikely and difficult in this market for a challenger to build any kind of scale business other than a really expensive niche device," said Frank Gillett, a vice president and principal analyst for research firm Forrester who follows the technology industry and mobile device market.


What the rich and powerful do to protect their phones instead

What the rich and powerful do to protect their phones instead

Embracing a specialized device like the Librem 5 or other similar products may not be the right choice for most people, including billionaires like Bezos, who reportedly uses an iPhone X.

A more likely solution, particularly for high-net-worth individuals, is to carry a temporary burner phone while traveling, rather than using your primary smartphone that houses all of your sensitive data, according to Mike White, senior vice president and practice lead for security firm Hillard Heintze's private client and family offices division.

White also said he suggests that his clients use the phone of someone else that wouldn't be as high-profile or public-facing, like an assistant, to conduct extra sensitive communications.

While his clients haven't expressed much interest in ultra-secure devices like the Librem 5 or Communitake IntactPhone, he has recommended using a satellite phone in some circumstances for those looking for enhanced security while traveling to remote locations. Even so, the satellite phone is usually meant to serve as an alternative to their primary phone, not a replacement.

But above all else, being cautious about opening unknown files and sharing personal information are among the most effective ways for anyone to protect their smartphone, public figure or not. After all, the Bezos attack came from a video file that was shared through social media, and Corcoran was almost scammed out of hundreds of thousands of dollars because a thief was able to spoof her assistant's email address.

"There's a certain degree of human error, if you will," said White. "You could make the most secure device in the world, but if the device allows you to download that attachment and that attachment has malware, you're going to be infected."

Some of the best measures anyone can take on a daily basis, says White, is to practice strong password management and keeping apps and software up to date. That's because while some people may be willing to compromise on having a phone that has the latest hardware and apps for enhanced privacy protections, the vast majority likely won't.

"There's an interesting analogy you can use," says Gillett. "If you substituted 'phone' for 'automobile,' the question would be, would we all ride around in armored vehicles?"