This week's no-longer-secret news about the forthcoming update for the Blackphone operating system clued us in on the "spy-proof" smartphone's new app store and additional security layers.
Its timing, set for early 2015, couldn't be better given the rash of stealthy malware that has targeted both enterprise and individuals through mobile devices, especially Android.
It's gotten to the point where Google's own Android security chief called anti-virus software for the most popular - and popularly targeted - operating system a waste of time.
We chatted with Blackphone CEO Toby Weir-Jones about his company's plans to make the most secure Android-based device and eliminate the need to carry two phones in your pocket.
How does Blackphone app store solve the problem of our information being more at risk?
Toby Weir-Jones: The app store is going to be interesting as far as Android stores are concerned. There are lots of app stores for Android, but they're not curated in the way that we're familiar with from the Apple experience. One of our goals is to bring some transparency and also some rigors to that vetting process.
It'll allow the user to have much more confidence in if they choose to use an app, say, for managing their travel itineraries or keeping track of their social media accounts. If they get that app from the Blackphone, they have a measure of confidence that it does what it says it does and nothing else than what it says it does. Strangely, that's largely missing from the current Android app store landscape.
What do Silent Spaces bring to the table that's new?
TWJ: With Silent Space, you don't have to accept two phones in your pocket as a solution to this problem of keeping your professional and personal life completely separated. The enterprise approach right now involves sandboxing tools, and some of them are quite effective for what they do, but ultimately you're still limited to whatever the sandbox environment enables when it runs the application layer on your phone.
Spaces gives you completely separate and distinct personalities down to the kernel level. You might choose to implement a rule that the only network connectivity into space is through a VPN. Whereas in the public space, you can use mobile data, Wi-Fi, etc. if you're not storing any sensitive information in that public space anyway. We're going down to kneral level firewalling, and making these options available as a fundamental part of the phone rather than simply an app that you install at some point in the future.
What does Silent Spaces look like?
TWJ: You end up with a new widget that's in your notifications bar and lets you switch between the two different Spaces. Then there's an admin interface to modify the permissions associated with a space. You simply drag down to choose any of the activate Spaces that are on the phone.
They are, as far as the user experience is concerned, completely separated instances: different wallpaper, different ringtone configurations and email configurations. You might have an app in each of the two Spaces, but in space No. 1, the app might have one set of configurations and in Space No. 2, it might have a completely different set.
You might have two different instances of a Mail Client rather than having a single universal mailbox, which always gives rise to the risk that you send something to or from a personal address with a sensitive work attachment. With Spaces, there's no risk of that because you end up with two different mailboxes altogether.
How many Silent Spaces can you have?
TWJ: It's going to be two. In the future, there may be more, but we're also tying it to the capability to the current hardware platform looks like and what it's performance potential sounds like. We'll start with two, get people used to the idea and see where we take it from there.
How easy is it to switch between the two Spaces?
TWJ: You pull down the notifications bar and there's one icon for each Space. You just one-touch the Space you want and the phone switches over instantly. You're dropped right back into that homescreen for the Space.
How is Silent Spaces different from Samsung Knox Workspace?
TWJ: Knox was much more of a classic app layer sandboxing technology. And that was one of the problems they had getting adoption on the enterprise side. What we're seeing now is that some of the kernel stuff that they've done is what's been folded into the Android code base, which is cool. It's always good to see advances on the fundamental operating system.
But what you didn't have was the immediacy of totally separate personalities on the phone. You had things that were nominally safe because they were within the Knox controls, and the presumption was that everything else outside of that was dangerous and unchecked.
Maybe, as a consultant, you have one space for client A and one space client B. They're still equally secure and protected. They are simply totally separated, and that's really the key. You've got all of the functionality of the entire phone and the entire operating system to you in each of the two secure Spaces, but the protections that keep the data from migrating between the two is enforced at kernel level rather than at app layer.