Unplugged Phone

JoeS

Does anyone have any info on this? I didn't see anything on the forum. I'm wondering how it compares with GOS. I see it's running on Android.

akc3n

JoeS

The reason it's not widely mentioned here or elsewhere is that it relies heavily on marketing theatrics and buzzwords, resembling the typical 'privacy phone' scam. Moreover, their single page bullet point summary of the audit report doesn't hold much significance.

JoeS

Good to know, thank you! I'm very loyal to GOS but wanted to know. It seems highly suspect given the background of the people behind it.

GrapheneOS

Nearly all privacy and security products are scams, with few exceptions. That's how the industry works.

GrapheneOS

Many open source projects are misleading users with false privacy and security claims too. It's not limited to proprietary products.

AlanZ

Yeah, nothing inspires more confidence than a "proprietary privacy OS" combined with an antivirus for a phone, lol.

GrapheneOS

Much more information became available. Unplugged began repeatedly spreading misinformation about GrapheneOS combined with false marketing for their product so we looked into it and determined that it's a clear cut scam. Unplugged Phone is a non-hardened, low-end MediaTek device running an outdated fork of AOSP. It has a MediaTek SoC from 2021 and no secure element. It's missing a bunch of basic hardware, firmware and software security features. It lags at least a year behind on Android releases and significantly behind on backported security patches. It will almost certainly begin falling much further behind and won't receive proper long term support.

They forked a bunch of open source apps including the incredibly unwise decision of using Element (Matrix) as a secure messaging app. Matrix is not a good choice for secure communications. It has it bolted on as an afterthought and it consistently has major breaches in the security of the encryption integration. They also used a fork of DivestOS Hypatia antivirus app for their antivirus. They aren't complying with the GPL licenses for a bunch of these apps which are GPL licensed or for the Linux kernel.

They're paying for partnerships to promote their product with a focus on marketing it to conservative Americans based on political ties and partnerships with podcasts, etc. rather than having any substance behind it. It's a blatant scam and they're completely ripping those people off while putting them at risk. Their devices lack basic defenses against data extraction and exploitation. They're far worse than using an iPhone rather than better. The only thing they have going for them is relative obscurity but that's not a viable security approach especially since they're trying to turn it into a successful product. It's a quite standard low-end MediaTek device running a non-hardened AOSP fork so it's not as if attackers need to develop new exploits specifically for it. They only need to test / adjust existing exploits for it without needing to overcome any significant additional security.

Unplugged's services are very sketchy and it's highly questionable that it's in any way more trustworthy than using Apple or Google services. They're not offering as much end-to-end encryption as Apple. The approach for their device itself along with the clearly false marketing for it shows that their apps and services are going to be quite problematic too beyond the ones people have looked into and found major issues with already. It's an entirely marketing driven approach to security with no substance behind it. We're quite comfortable calling this a scam, which is clearly what it is.