This probably isn’t a bad idea for an open-source project.
Something akin to Graphene OS where there’s a constant drive to narrow the attack surfaces, but also removing any concessions related to installing apps or Google services entirely.
Basically, a phone that has access to encrypted messaging and the camera/mics under very controlled circumstances and that’s about it.
The restrictions would also limit the popularity enough that it would likely never be worth the cost of targeting, but also provide greater protection to the few people that really need that protection enough to make those sacrifices.
I'd love a phone with a bank of iPhone style mute switches, but each hooked up physically to disable the cellular radio, gps antenna, mic, camera and etc.
An open-source project is actually worse for security because the attacker can just read your source and find the exploits.
Assembly is a pain to understand even with the latest disassemblers. Cut that out and you’re cutting out 90% of the work.
Now sure in theory having it open source means good people will find the exploit. But have you ever found an exploit and reported it? Of course not. Only attackers are motivated to put thousands of hours of work into looking for vulnerabilities. Unless you pay someone to actually put the same work in, it being open source is meaningless.
Not publishing source code demotivates the white hats and "good people" more than the bad actors, IMHO. There's a reason a lot of cryptography-related libraries have open/available source code
> But have you ever found an exploit and reported it?
Yes, actually. It was for a project I had already contributed to, so I was just reading source code and stumbled upon a somewhat critical bug. The main problem there was figuring out how to fix it without breaking API, really.
Something akin to Graphene OS where there’s a constant drive to narrow the attack surfaces, but also removing any concessions related to installing apps or Google services entirely.
Basically, a phone that has access to encrypted messaging and the camera/mics under very controlled circumstances and that’s about it.
The restrictions would also limit the popularity enough that it would likely never be worth the cost of targeting, but also provide greater protection to the few people that really need that protection enough to make those sacrifices.