SECURITY FEATURES

PIN SCRAMBLING

We have added a toggle for enabling PIN scrambling to raise the difficulty of figuring out the PIN being entered by a user either due to physical proximity or a side channel. 

NO ACCOUNTS REQUIRED

The devices (by default) do not require you to use/sign in to an account (for example a Google Account). If you need to use any app that is on the Google Play Store, we provide a Compatibility Layer (which is optional) that will allow you to use these applications without signing in to a Google Account.  

SUPPORT LONGER PASSWORDS

We have added support for setting longer passwords by default: 64 characters instead of 16 characters. This avoids the need to use a device manager to enable this functionality 

PRIVATE SCREENSHOTS

We have disabled the inclusion of sensitive metadata in screenshots (e.g. Location of Picture taken  local date, time and timezone offset). We do this by default in order to avoid leaking the time and quasi-location information through metadata that isn't visible to the user.  

AUTO REBOOT

Option to enable automatically rebooting the device when no profile has been unlocked for the configured time period to put the device fully at rest again. This as a result will put the device in the Before First Unlock state. In this unlock state the device will need the passcode to decrypt things like the contacts list.

LOCATION ACCESS INDICATOR

This enables the privacy indicator for location data access in addition to the standard Android camera and microphone indicators. This shows an indicator when an app the user has granted permission to access location requests location data. We also resolve various UX issues with this feature as it currently exists in stock android to get it into a highly usable state. 

Wi-Fi PRIVACY

Added support for per-connection MAC randomization and enables it by default. This is a more private approach than the standard persistent per-network random MAC used by modern Android. 

SANDBOXED GOOGLE PLAY SERVICES COMPATIBILITY LAYER (OPTIONAL)

A compatibility layer has been added, providing the option to install and use the official releases of Google Play in the standard app sandbox. Google Play receives absolutely no special access or privileges on the OS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access. Instead, the compatibility layer teaches it how to work within the full app sandbox. It also isn't used as a backend for the OS services as it would be elsewhere since the OS doesn't use Google Play even when it's installed.

NETWORK PERMISSION TOGGLE

We have added a Network permission toggle for disallowing both direct and indirect access to any of the available networks. The device-local network (localhost) is also guarded by this permission, which is important for preventing apps from using it to communicate between user profiles. Unlike a firewall-based implementation, the Network permission toggle prevents apps from using the network via APIs provided by the OS or other apps in the same profile as long as they're marked appropriately. 

SENSORS PERMISSION TOGGLE

Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions (Camera, Microphone, Body Sensors, Activity Recognition) including an accelerometer, gyroscope, compass, barometer, thermometer and any other sensors present on a given device. When access is disabled, apps receive zeroed data when they check for sensor values and don't receive events. The OS creates an easy to disable notification when apps try to access sensors blocked by the permission being denied. This makes the feature more usable since users can tell if the app is trying to access this functionality. 

STORAGE SCOPES

We have bundled 'Storage Scopes' as a fully compatible alternative to the standard Android storage permissions. Instead of granting storage permissions, users can enable Storage Scopes to grant the requested permissions in a highly restricted mode where the app can create files/directories in the user's home directory but can only access the files it has created itself. Users can then optionally add files and directories as storage scopes to permit the app to access files created by other apps. 

LOCATION DATA ACCESS INDICATOR

We have enabled the privacy indicator for location data access in addition to the standard Android camera and microphone indicators. This shows an indicator when an app the user has granted permission to access location requests location data. We also resolve various UX issues with this feature as it currently exists in Stock Android to get it into a highly usable state.

The indicator works the same way as the Camera and Microphone ones, showing a bright green icon when location access occurs which then gets minimised to a small bright green dot when the quick settings tray isn't currently opened. Android 12 already includes Location with the other standard runtime permissions in the privacy dashboard for viewing the history.  

PRIVACY APPS

We bundle secure apps with our OS. These applications are listed below

•  F-Droid (An App Store with Open-Source Apps) is pre-installed to our devices to allow you to install the apps you need whilst also safeguarding your anonymity.

• Aurora Store: This is an App Store which allows you to install apps directly from Google's Servers. This app hides your identity by spoofing your device ID and using an anonymous account to download apps. This as a result will allow you to download apps from Google's Servers without being logged in

• Signal Private Messenger: This open-source app allows you to make end-to-end encrypted phone calls, messages and safeguard your privacy, unlike apps such as WhatsApp 

• Molly Instant Messenger: A Fork of Signal Private Messenger that includes the ability to lock the app with a passphrase

• Briar: Secure Messaging, Anywhere. 

Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn’t rely on a central server - messages are synchronized directly between the users’ devices. If the internet’s down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the internet’s up, Briar can sync via the Tor network, protecting users and their relationships from surveillance. 

• Tor Browser: This app allows you to access the Tor Network through a browser

• Orbot: Routes all your device traffic through the Tor Network (disabled by default but can be enabled if you require it)

• Mullvad VPN: A VPN provider that does not log any user data. Doesn't even require an e-mail address [costs €5 a month but we provide the first month free] 

Note: devices-db is not affiliated with Mullvad VPN in anyway whatsoever. For more information, read the Terms

VANADIUM: HARDENED WEBVIEW AND DEFAULT BROWSER

The OS includes our Vanadium browser as WebView implementation provided by the OS and our default browser. Vanadium is a hardened variant of Chromium providing enhanced privacy and security, similar to how Our OS compares to AOSP. The Vanadium browser currently doesn't add many features but there are a lot of enhancements planned in the long term.  

PANIC ERASE

The OS offers numerous methods for wiping the device clean and returning it to its factory default settings. A quick tile, which will wipe the device in an emergency*, is one example of how this might be used. You can check out many more features of this functionality when you purchase our privacy devices.

*Read the Terms

NO MONTHLY ACTIVATION FEES

The security features we preload on our devices do not have any subscription fees. Once you purchase a device from us, the features will continue to function forever. No monthly activation fees. 

OTHER FEATURES

• Low-level improvements to the filesystem-based full disk encryption used on modern Android

• Improved user visibility into persistent firmware security through version and configuration verification with reporting of inconsistencies and debug features being enabled.

• Authenticated encryption for network time updates via a first party server to prevent attackers from changing the time and enabling attacks based on bypassing certificate / key expiry, etc.

• Proper support for disabling network time updates rather than just not using the results

• Hardened local build / signing infrastructure

• Seamless automatic OS update system that just works and stays out of the way in the background without disrupting device usage, with full support for the standard automatic rollback if the first boot of the updated OS fails

• Requires the unlocking of the device to access sensitive functionality via quick tiles (such as switching off Mobile Data and Flight Mode from lock screen)