John McAfee unveiled the plans for his “first truly private smartphone” in Newsweek yesterday. He believes his device is the “most hack-proof phone” ever created. The $1,100 Android phone, called the McAfee Privacy Phone, was created through a partnership with cybersecurity firm MGT. It’ll feature physical switches that allow the user to physically disconnect the battery, antennas for Wi-Fi, Bluetooth and geolocation, the camera, and the microphone. McAfee also tells Newsweek that it’ll be able to identify and then not connect to a Stingray or any other IMSI catcher device. It also features a web search anonymizer.
None of this sounds like it’ll make a meaningful difference for users. Hardware isn’t the problem when it comes to mobile privacy. Software is the key to securing a phone, whether the threat is remote malware or invasive cloud services. McAfee’s device runs Android, which means it’ll be as vulnerable as any other device to undisclosed bugs. Plus, without a first-rate security team behind it, it's hard to say how often the phone will be patched against the latest threats
Software vulnerabilities are an issue
Physical switches might give users peace of mind, but it also means that anyone else could switch the camera or microphone on and off, so long as they have physical access to the device. As for the Stingray protections, McAfee doesn’t elaborate on how his technology works. I’m assuming it’s a software feature. Existing apps already attempt to identify suspicious cell towers, and it's not clear how McAfee plans to improve on them. I’m also unsure how software could force a phone to not connect to that cell tower when the whole idea of a Stingray is to dupe a phone.
McAfee isn’t the first guy to try and profit off people’s fear of hackers, but unfortunately for him, privacy-focused hardware just isn’t that good of a business. Lots of companies have attempted and failed to enter the privacy phone market. Silent Circle’s Blackphone is likely the most recognizable device, and the company is reportedly millions of dollars in debt after its launch. Sirin Labs debuted a $16,000 privacy-centric Android phone last year, and it, too, has gone basically nowhere. BlackBerry consistently attempts to sell its devices to businesses over its privacy protections, and, as we all know, the company is in such dire straits that it’s licensing its name to the highest bidder.
All of this is to say good luck with your phone, John McAfee, because the market is already saturated with privacy phone failures.