Is there any sandbox, vm, mobile phone OSes like Qubes but for that platform or a mobile phone made for security ?.. What’s ported to other platforms ?
1 Like
There isn’t a direct equivalent of Qubes OS for mobile phones yet, due to a few limitations:
- Hardware Virtualization
- Resource Demands
I reply here through this was 2 years old post
1 Like
there is https://grapheneos.org/
3 Likes
Privacy Phone, might not be high security.
Read the support forum on this before purchasing. There are people who have already waited a long time to get phone. And . . . .
Purism also sells a privacy software package, Meant to interface with their chosen OS, and on their laptops.
While someone on their forum pointed out the VPN they -front for is one- some question the Privacy/Security bona-fides of, but I do not know why.
Librem computers can also be configured to use Qubes.
Only if you are a hacker type, and uses Linux, (not Qubes) Pine Phone.
Not sure if it is easily accomplished with the hardware they have now.
If you want to help put Qubes on their devices?
1 Like
I wouldn’t touch any of the Librem products, laptop or phone.
2 Likes
We have a dedicated topic to discuss Purism: https://forum.qubes-os.org/t/discussion-on-purism. I don’t understand all the hatred.
2 Likes
I would rather help port Whonix or Kicksecure to the Librem 5.
1 Like
Your message is borderline flood in my opinion. Security for which threat model is lacking?
What if I don’t trust any hardware and want to make sure I’m not tracked at a protest or important meeting? Librem 5 will protect me with the kill switches. What if I want to access my email without revealing my password to a thief or even the OS? The secure card on Librem 5 allows to achieve that.
Which other phone can do that?
1 Like
Security for which threat model is lacking?
Practically most if not all threat models out there.
What if I don’t trust any hardware and want to make sure I’m not tracked at a protest or important meeting?
If you don’t trust the hardware, don’t use it. Or if you do, turn off the phone. It’s not like the Librem 5 can magically hide your location you if you use cellular connection. The killswitches are far less important on something like an Android phone (and especially a Pixel running GrapheneOS), which has much stronger sandboxing for apps and can actually control their access to the microphone, wifi/bluetooth scanning, GPS, and in the case of GrapheneOS - sensors.
Also, for more trustworthy hardware - you should avoid something as insane as a Librem 5: the FSF’s relationship with firmware is harmful to free software users | Ariadne’s Space
What if I want to access my email without revealing my password to a thief or even the OS?
Android/iOS, and they do it significantly better than PureOS. One example that easily comes of the top of my head on apps snooping on each other is the X11 socket on the Librem.
1 Like
I do not trust Google or Big Tech for securing smartphone hardware, especially for performing sensitive work such as political action.
2 Likes
This is just FUD.
Suggesting not to use any hardware can’t be serious. It’s almost impossible to live without a phone nowadays, and also it’s unnecessary, because Librem 5 exists.
It can reliably hide your location whenever you need it, which is easily verifiable, unlike for any other phone, by looking at the published schematics. If you are serious about tracking, a blind trust in Google’s hardware (a tracking company!) is not reasonable in my opinion, unless you explicitly trust it for some reason. But the latter is far from “most if not all threat models”.
How can I verify the Google’s sandboxing? Is there schematics available? Are all drivers and firmware FLOSS? With kill switches these all are not even necessary, and I can be sure it works as intended.
Did you read my message above? The password is not stored on Librem 5 at all and can’t be extracted by any means, because it’s on the smart card. There is no stronger protection than this, prove me wrong.
1 Like
I do not trust Google or Big Tech for securing smartphone hardware, especially for performing sensitive work such as political action.
Let’s get this straight - you do not trust a a phone with proper firmware updates, a secure element for rate limiting and attestation, a verified boot chain, but you will trust a phone which can’t even handle firmware properly as described in the post let alone the other stuff?
I’d still prefer a 4G router plugged into an old laptop. Graphene OS is nice but the hardware is still Google. You can’t de-google the hardware, only the software.
Why are you just magically distrusting Google hardware but putting trust in a random old laptop? Do you seriously think the old laptop can handle IOMMU better than a Pixel?
1 Like
This article is plainly false. Again, please stop spreading FUD. A quote from it:
This means that users of the Librem 5 phone are objectively harmed in three ways: first, they are unaware of the existence of the blobs to begin with, second they do not have the ability to study the blobs, and third, they do not have the ability to replace the blobs.
How to update Librem 5 firmware: Librem 5 firmware updates - Librem 5 - Purism community
Another quote from your link:
The irony, of course, is that Purism failed to gain certification at the end of this effort
This is false again: The FSF did not provide their decision about the Librem 5 yet.
1 Like
I briefly mention my use case on the Purism community forums:
I do not know what you are referring to in regards to “the post”.
This is just FUD.
How?
It can reliably hide your location whenever you need it , which is easily verifiable, unlike for any other phone, by looking at the published schematics. If you are serious about tracking, a blind trust in Google’s hardware (a tracking company!) is not reasonable in my opinion, unless you explicitly trust it for some reason. But the latter is far from “most if not all threat models”.
This is not how location tracking works, and the schematics doesn’t disprove it in any capacity.
There are several ways location tracking can happen:
- Via the IMEI/IMSI : You cannot do anything about this except turning on airplane mode.
- Via network location: Android has strict control over this (via the nearby devices permission). So long as you deny the nearby devices permission and use a VPN to hide your actual IP, an app cannot find your coarse location this way. You can turn on Wifi and still do not expose your location.
On the other hand, practically every package app installed directly on PureOS can just check for the access points around you, check their MAC address around you and you are screwed. See how iwlist works.
To make matters worse, Flatpak apps can see your network interfaces and associated IP addresses (including your real IP) if they have the network socket access. See: Install What IP on Linux | Flathub.
On another note regarding Flatpak apps (unrelated to location tracking), there are various sandbox breakouts with Flatpak in non-obvious ways like the dbus access, so good luck spending time figuring out which dbus is dangerous. Oh, and how could I forget, the fingerprinting surface via /sys available to them is massive. Want proof? Open a a shell in any Flatpak app and check /sys and have a field day.
Here is another point as to how “microphone killswitch” can’t provide you with any privacy when you need to talk on a Librem (and the point of having a phone is that you can talk, right? Right?)
- The vast majority of apps on Linux right now uses PulseAudio, including Signal, Matrix, your browser, games, and so on.
- PulseAudio has no concept of permission for audio in and out.
- Flatpak can only control access to the PulseAudio socket, it cannot control audio in and out of that socket.
- You need to grant access to the PulseAudio to apps which you wanna have audio playback.
- Everytime you turn off that killswitch to talk (like having a private conversation in Signal), every app with access to the PulseAudio socket - be it a Flatpak app with
socket=pulseaudioor an unsandboxed app - can record your conversation.
On the other hand, neither Android nor iOS have this problem, because they actually can control the microphone permission per-app.
How can I verify the Google’s sandboxing? Is there schematics available? Are all drivers and firmware FLOSS? With kill switches these all are not even necessary, and I can be sure it works as intended.
Since you like the fallacy that open source = trustable so much, let me point out the following:
- The app sandbox is done the AOSP source code. Yeah, if you wanna read that, go ahead.
- Are all drivers and firmware FLOSS? No, and neither are the firmware on a Librem.
1 Like
Does your “off grid” use case include actually talking on the phone from time to time?
Because if it does, the whole killswitch business cannot protect your private conversation at all (as I explained above regarding the PulseAudio socket business).
1 Like
Very infrequently. I prefer to be in control of my time and space whenever possible, and avoid mixing use cases.
See also:
How to update Librem 5 firmware: Librem 5 firmware updates - Librem 5 - Purism community
That is the update for the USB controller. Where is the actual firmware update for the baseband modem and the Wifi/Bluetooth cards?
What is verifying the integrity of these firmware? (Nothing, cuz you apparently can modify them).
Also, what happened to the your rail against “untrustable proprietary hardware/firmware”? Because clearly, these are just worse than Google hardware in every imaginable way while not being any more “free”.
1 Like
To reply to the OP, here is a blog article from Efani comparing various phones:
Something that caught my eye was the Bittium Tough Mobile 2C:
Relevant quote:
1 Like