And cost, and choice of OS, and quality.
We’ve been asked a number of times, “Why do you use phones from Google, Apple, and BlackBerry? Couldn’t you make a secure phone yourselves? A device that you control 100%?” And the simple answer is:
Sure we could but we believe making our own device wouldn’t be worth it.
Looking at the industry, we know there are competitors who offer their own devices (or, to be accurate, devices they re-brand as theirs) and even make their own versions of Android as a “secure mobile OS”. We understand the rational behind their strategy, but we disagree with making your own devices (or OS) when you are a communications app company is the path to better security.
Plus side of offering our own device
There are real benefits to making your own device, or customizing an off the shelf device to your needs. You could make a basic device with a hardware keyboard instead of software. You could remove the internal microphone, Bluetooth, and GPS chips for tighter security. Maybe instead of front and rear cameras, you only include one on the back of the device. Snowden shows that removal is the surest way to securing those:
Edward Snowden has spoken out about intelligence agencies having tools that turn your microphone and camera on remotely without you knowing. Ergo if you have a phone without an internal microphone (so you use headphones with a microphone to talk) or a single camera than can be easily covered, you are more secure. This is why we work so hard to make Sky ECC the most secure phone available–so many people want to steal your data.
All of these are possible. And you could do this through any number of Android handset makers, even without needing to offer a modified version of Android. However there are tremendous downsides to offering your own device. From cost and quality, to features and security, making and offering your own phone comes with enough headaches and problems that it’s just not worth it.
Downside: Cost, Quality, and Features
The first of the downsides is the cost and quality issue. Apple, Google, and BlackBerry make millions of phones. They manufacture at a scale where costs come down because they buy parts in such tremendous volumes. They can also afford to design and fabricate their own custom chips. The specialized security chips and processors in Google, Apple, and BlackBerry devices aren’t available to other manufacturers. While the latest iPhone is expensive, it might cost double if Apple only made a few hundred or few thousand devices.
Economies of scale are real and have a huge effect on not just cost, but quality as well. To keep costs down, the device will have to use lower quality materials. Budget Android devices always have:
- Lower quality plastic bodies
- Cheaper screens
- Less durable buttons
- Smaller storage
- Low-quality speakers and microphones.
You get what you pay for—cheap phone, cheap materials. Today’s iPhones, Pixels, and KeyONE devices can last years. The iPhone 6 is five years old now, but is still a capable device (until iOS 13 comes out). How many budget phones do you see lasting five years before needing to be replaced (and even then only if you need the latest OS)?
Not many, I can tell you that.
If we wanted to make a phone as durable and high-quality as an iPhone, the cost would be astronomical. And astronomical without very many benefits over an iPhone either. While build a phone as good as the iPhone when the iPhone already exists?
Features lacking in custom phones
Now let’s talk about features, because things like:
- The latest camera tech, like iPhone is putting in the iPhone 11
- Low-energy Bluetooth
- Support for 4G and 5G networks
- WiFi chips that can use the latest bandwidth-boosting tech
Aren’t features we could put into a device we made ourselves. If you want great features, you have to either increase the cost or decrease the quality (and usually both). You can’t build a camera system like this at a small scale and make it affordable:
Introducing the new triple-camera system on iPhone 11 Pro. Pre-order on 9.13. Expand for more. pic.twitter.com/cPH86lZvcC— Apple (@Apple) September 10, 2019
The big players will always be able to offer a better quality device, with better features, at a lower cost than a small company trying to manufacture and sell something on their own. That’s just not a space we want to play in.
Downside: Choice and Options
Let’s say we were to make our own device. Let’s even say it’s okay quality and the cost is within reason (say between $500-1000). How many different models do you think we could offer?
One, maybe two.
Probably a single screen size and maybe offer (maybe) a couple of storage size options. That’s about the best a company our size would be able to support. In comparison, because we use stock devices from Apple, Google, and BlackBerry customers have a choice of (roughly) eight different device models. As new models come out, we can test and offer them to customers.
We aren’t constrained by what we’re able to produce—we leverage the offerings of companies who can afford to offer a wide range of devices.
This discussion started with the premise that if we made our own device it would be more secure. On the surface that would seem to make sense. We could control what goes into the device. We could ensure what we say is installed is only what’s installed.
Or could we?
As we talked about in our post on “Why your Device is Essential to your Privacy and Security”, a Chinese maker of budget Android devices was the victim of a classic supply chain attack where Triada malware was included in the core OS firmware (therefore even if you did a factory reset the malware would be reinstalled). The manufacturer followed the standard practice of using an outside firm to develop a custom module for its own version of Android, but the manufacturer got more than they bargained for—and customers wound up paying the price.
Saying we could:
- Source all the pieces and parts of a device
- Build it ourselves
- Know for certain everything is secure—is a stretch.
In reality, if we offered our own device, we’d buy devices from a manufacturer that meet our specifications. We wouldn’t really be making the device ourselves, just buying something someone made for us.
Even if we inspected devices—taking them apart and looking at the chips—it wouldn’t be practical to do that with every device. We couldn’t feasibly open, inspect, and reassemble all the devices and ship them to our reseller Partners in a timely manner. The Sky ECC office is cool, but it’s not this:
How secure devices are secured
When we’re asked why we use the devices we use, we don’t answer with “bEcaUSe iPhONeS, piXeLs and KeYoNEs R KEwl…” we answer “these devices have advanced security chips that ensure nothing has been tampered with and will disable itself if there is evidence of tampering.”
Apple and Google have their own custom security chips separate from the device processor. BlackBerry incorporates the same technology into the device processor itself. These are proprietary security solutions other people can’t put into their own devices. While Android devices can use APIs to tap into newer generations of chips, these protections aren’t nearly as strong as on-chip protections.
It’s because security is essential to the integrity of Sky ECC that we only use devices with on-chip security and cryptographic systems. The security chips provide:
- Secure memory
- Kernel protections
- Brute force protections
- Port protections
- The ability to unlock via passcode without the passcode stored on the device
And a few other tricks that ensure if something tries to mess with a device, the device messes back by rendering itself unusable (aka “bricked”).
These advanced chips aren’t things many companies have the skill or money to develop and produce. If we built our own device, we would have to rely on basic software and firmware protections offered with Android—and we have already seen how well that has worked out in the past.
Devices like the BQ Aquaris are used as “secure” devices by some companies. Granted it’s a nice looking phone, but it isn’t a secure phone. Our security looked at these devices and found they lack any form of tamper resistance at the chip-level. Chip-level tamper resistance ensures your device can’t be compromised with malware or rootkits that make your device completely vulnerable to attack—even if there is an MDM installed on the device. For example chip-based tamper resistance makes sure when you boot your phone you device can’t be rolled back to a less secure version of the OS. Apple and Google patch iOS and Android all the time, but if a hacker can roll your phone back to a version without a security update—you’re hooped.
Downside: OS Issues
When we launched Sky ECC for iOS last year, it was tremendously popular. Customers had been asking for an iOS version for years. If we made our own device, we’d be limited to offering Android-based devices and would not be able to service customers who prefer an iOS device to an Android device. We wouldn’t be able to offer the broadest selection of best-in-class secure devices on the market like we do now.
There are no products running iOS not manufactured by Apple. Custom devices means using Android. To us that’s just not how to help more people have secure communications.
Furthermore, if we wanted to a customized secure device, we’d probably want to take the extra step and create a customized version of Android to add more security features than stock Android has. As we’ve seen with the Triada malware, this can end up doing the exact opposite.
That risk doesn’t even get into the challenges of keeping something customized secure, keeping it updated, and just keeping it running.
Downside: Lack of Oversight
“Wait,” you say, “how do you know these devices from Apple, Google, and BlackBerry are secure? Do you just take their word for it?”
Nope. First off everything we do with Sky ECC is based on a “zero-trust” philosophy. While we respect all these manufacturers, and we’ve researched the security hardware and software, we fundamentally don’t trust any devices. We build in layers of protections so even if the device was compromised—even by the manufacturers themselves—our application and your messages stay secure.
Then there is what I call the “big target” argument. Apple, Google, and BlackBerry have millions of eyes on them. People are always looking into the devices, into the OS, into every facet of these ecosystems to see if there are vulnerabilities or something suspect going on. We believe this attention can help to keep manufacturers honest. If nothing else, the attention helps bring bugs and vulnerabilities too light that can be patched.
Great news for hackers, #Apple has changed the rules of its Bug Bounty Program:— The Hacker News (@TheHackersNews) August 9, 2019
✅ Increased maximum payout to $1 million
✅ New Targets: #iOS, macOS, watchOS, tvOS, iPadOS, iCloud
✅ Pre-Jailbroken #iPhone for hackers
✅ 50% extra bonus
Details ➤ https://t.co/6cNZuThpGw pic.twitter.com/9i7T3eyiAu
Even still, we don’t trust them. Your security is too valuable to us for blind trust. That’s the mantra of zero-trust policies.
Downside: Support, Updates, and Recalls
If we made our own device, we’d become a device manufacturer first, communications company second. Supporting device issues—they happen, factory defects, warranty issues, other hardware problems—and custom OS issues would be a tremendous job. Something that would detract from our job of providing the most secure communications app and network you can buy.
And what if we found a problem with a batch of devices? Big companies can afford to issue recalls and replace devices. A small company with its own device would face severe financial consequences doing that. If it’s a bad batch of screens, customers might be able to live with it—not that they should have to—but what if there is a problem with the chips or firmware that is a security threat? Would a company with tight margins recall the devices or just risk the problem not affecting many people?
Then there is supporting and updating Android itself. Android 10 was just released. You get new features and security updates, and Google phone users don’t have to wait. People with devices from other manufactures have to wait until Android 10 is fully tested and vetted on their devices before releasing to customers.
The same goes for important security patches. Our customers can get security patches right away, they don’t have to wait for us. Can the same be said of third party devices?
Distracting us from what we do well
In the end, Sky Global makes Sky ECC to be the most secure communications solution available. We looked at making our own devices and we found we simply couldn’t make a:
- Better device than Apple, Google, Blackberry
- More secure phone than what’s out there
- Range of models
- iOS phone as Android is all that’s available
- Pricepoint comparable to the big companies
They have the facilities, the supply chains, the economies of scale, and support for making world class, secure devices. We can’t beat them at that game.
So we don’t. We use the best devices available to our advantage.
We concentrate on making a secure app, creating a reliable secure network, and knowing how we can make already secure devices even more secure for our customers. That’s what we’re good at. That’s what we can control.
And that’s why we don’t make our own devices.