05-05-2022, 06:24 AM
I agree with tckosvic. Hanlon's Razor applies here. Shortcomings in Pinephone software functionality don't need to be blamed on malicious sabotage by outsiders. I'd never say the software developers are "incompetent" but it's a lot of work with limited resources, it's no wonder progress has been a bit slow.
That said the mere fact that mainline Linux smartphones are regarded as protecting privacy will I think make them a target of three letter agencies. To be honest if a nation state is targeting you specifically and really wants in, they are getting in whatever device you use. But we can defend ourselves against undirected attacks such as "dragnet" surveillance and most ransomware gangs.
The hardware "kill switches" do provide some protection if you meet their use case. Besides that, follow general good security practices. Install a minimum of apps to limit your exposure, this is I feel particularly critical for mainline Linux because most apps that run have access to everything your user account does.
Getting into more hypothetical ideas. There are SD card lockers that can render a microSD card read-only. Perhaps that could be used with an overlaying file system to provide an anti-tampering measure. The uSD becomes unwritable by the phone itself until it's unlocked by a separate hardware device. The idea is that an attacker who manages to exploit a code execution vulnerability is unable to change the installed software, impairing their ability to persist the attack.
That said the mere fact that mainline Linux smartphones are regarded as protecting privacy will I think make them a target of three letter agencies. To be honest if a nation state is targeting you specifically and really wants in, they are getting in whatever device you use. But we can defend ourselves against undirected attacks such as "dragnet" surveillance and most ransomware gangs.
The hardware "kill switches" do provide some protection if you meet their use case. Besides that, follow general good security practices. Install a minimum of apps to limit your exposure, this is I feel particularly critical for mainline Linux because most apps that run have access to everything your user account does.
Getting into more hypothetical ideas. There are SD card lockers that can render a microSD card read-only. Perhaps that could be used with an overlaying file system to provide an anti-tampering measure. The uSD becomes unwritable by the phone itself until it's unlocked by a separate hardware device. The idea is that an attacker who manages to exploit a code execution vulnerability is unable to change the installed software, impairing their ability to persist the attack.