X

Silent Circle Blackphone 2 review: A potent phone for the paranoid and privacy-minded

Silent Circle's security and privacy-centric Android-based smartphone.

zack-whittaker-hs2016-rtsquare-1.jpg
Zack Whittaker
zack-whittaker-hs2016-rtsquare-1.jpg

Zack Whittaker

Writer-editor

Zack Whittaker is a former security editor for CNET's sister site ZDNet.

See full bio
8 min read

CNET editors pick the products and services we write about. When you buy through our links, we may get a commission.

There are two things certain in life -- death and taxes. But you can take a bet on a third: There's almost nothing that's unhackable.

a-hero.jpg

Silent Circle Blackphone 2

The Good

The Blackphone 2 is the most secure smartphone you can get your hands on today, and it doesn't scrimp on features or functionality. It's a normal Android phone at heart, with a toughened security shell.

The Bad

Lacking encrypted email and security certifications makes this a tough sell for some businesses, including government users.

The Bottom Line

The Blackphone 2 delivers the most secure consumer smartphone for the privacy-minded, but it will have an uphill battle against more established players for government and corporate markets.

In the wake of revelations of government surveillance and a nearly endless stream of reports of hacks and data breaches, there's a reason to be paranoid. All too often hackers or spy agencies find a way into the most popular devices, but that's where Geneva-based secure phone maker Silent Circle wants to make it almost impossible.

Blackphone 2, the company's second-generation security phone, builds on the successes of its debut incarnation by bolstering privacy and security features, while not compromising on what many want in a modern smartphone. It's available to buy now direct from Silent Circle for $799. This model is optimized for North America, with versions for the UK and the rest of the world coming soon. The US price equates to about £525 or AU$1,140.

Silent Circle Blackphone 2: An Android phone with a privacy twist (pictures)

See all photos

Anyone who's wanted to adopt a more secure approach to his or her online activity quickly encounters a harsh reality: Setting up strong security is rarely easy. Most of the best security and privacy apps and services are many years old, having stood the test of time. Pretty Good Privacy (PGP) for encrypted email, for instance, is now in its third decade. Built in a time when user experience and ease-of-use wasn't considered, nowadays they seem clunky or impossible to use.

With that in mind, the Blackphone 2 streamlines and simplifies how it wants its users -- primarily business users and the core privacy-minded consumer market -- to think about security, making it almost immediately more appealing than most other security-focused products.

Is this a hack-proof phone? It's not and it doesn't pretend to be, said Javier Aguera, Silent Circle chief scientist, at a meeting in London. But by patching up the conventional ways that a hacker (or government spy) can attack, in securing your data the Blackphone 2 goes far beyond any other smartphone on the market today.

Editors' note: We'll be finalizing this review with ratings in the near future, once we finish battery testing.

Secure to the core

By far the most important feature of the phone is its security. The Blackphone 2 acts like any other Android phone, but with a twist. It runs Silent OS, an enhanced version of the Android 5.1.1 Lollipop operating system, which adds a number of additional security features to the device. (Silent OS is the renamed successor to the "PrivatOS" used on the previous Blackphone.)

This second-generation phone also includes for the first time Google's own services, like Drive, Gmail, Photos and even the Play app store -- meaning you can download all manner of mainstream third-party apps. That might have some people scratching their heads. An unfortunate truth is that many of the apps and services you use are not working in your favor, by containing security flaws or sucking up your valuable data to better serve ads. So how can Google's services, which collect vast sums of data from its users, coexist with a privacy-based phone?

b-1a.jpg
Enlarge Image
b-1a.jpg
The Blackphone 2 has everything you need in a consumer phone, including a strong 13-megapixel camera. It does the job well, but there are better phones on the market for taking pictures. Zack Whittaker/CNET

The key to the Blackphone 2's success is a security umbrella feature, which combines a series of granular controls without compromising the overall experience.

Take the new (and aptly named) Security Center, which sits in the bottom-right of the home screen, ready to take orders from you -- rather than individual apps calling the tune. The goal of this central port of call is twofold. First, it helps you separate and compartmentalize apps and services. Secondly, it offers an overarching and comprehensive set of controls over your phone's features and functionality, superseding all other options buried deep in the phone's settings.

There's also the new Spaces feature, which allows you to build isolated, secure areas. Similar to setting up a new user profile on a computer, the Blackphone 2 has a bevy of finely tuned options that customize the space's apps, settings and even networks to connect to, and the space's lock-screen passcodes. The feature cuts off your data from other spaces, meaning if an app (which all too often can come with backdoors or malware) is compromised, it can't get access to anything else outside that space.

That means you can have a dedicated space for that sketchy game you downloaded and make sure it doesn't touch those mission-critical apps, such as your bank, mobile wallets or email accounts. If you're particularly averse to Google's data collection, you can create a walled-off space away from the stock Android or Google apps. Think of it as the incognito mode in the Chrome browser extended to other apps as well.

Without a user manual or step-by-step instructions, it took a while to understand the full potential of these spaces. It may take some experimentation and fiddling, but it's hard to misstep or get lost, thanks to the general simplicity of the spaces' design. You can easily switch spaces from the pull-down menu, or even the lock screen.

Enlarge Image
Silent Circle's Blackphone 2 is, essentially, an ordinary Android phone, but with a series of security features aimed at the privacy-minded. Zack Whittaker/CNET

There's a set standard in Silent Circle's books for what default security and privacy should look like, but the level of customization and choice is refreshing. Silent Phone, the company's flagship encrypted voice- and video-calling and messaging service, comes preloaded on the device. The stock Android phone and messaging apps remain on the home screen, giving you the option to make unencrypted phone calls or send a standard text message.

The Blackphone 2 runs apps as any other Android phone. But apps remain a persistent problem. Though checked for malware and nefarious nasties, they stand as one of the biggest issues for Android devices (and other platforms, to be fair) to allow hackers in. All too often they demand access to your personal data, even when they're not apparently necessary for the app to function. Refuse, and the app may not work. The Blackphone 2 has a trick up its sleeve, where it intercepts the app's request for personal user data and blocks access to it, allowing you to then decide based on your privacy settings.

It isn't just what you see that's keeping your data secure; it's also what you don't see. Blackphone 2 has its memory encrypted from the very first time to turn it on, making it almost impossible to descramble its contents without the correct passcode. (iPhones have a similar encryption feature, but on the Android side, only Google's Nexus devices are encrypted by default.)

Security patches and bug fixes remain by far the most important mechanism for securing not just phones, but any devices. Silent Circle aims to patch vulnerabilities as soon as they come in. By partnering with Google and setting up its own bug bounty program, the company aims to jump on flaws as they come in.

"Any critical vulnerability that is public, we aim to fix within 72 hours," said David Puron, Blackphone vice-president of engineering, which he said can translate to as little as a week from disclosure to patching.

The BlackBerry factor: Will you switch?

When you think phone security, you might think BlackBerry. Despite its dwindling market share and declining user base, it remains a favorite in big business and government, thanks to its various security certifications.

Silent Circle said it's "working" towards government and military certification, such as FIPS 140-2 for government networks handling low-level classified material, but declined to comment publicly on its progress. That paves the way for rival phones, such as Samsung Knox-enabled devices and some Apple iPhones, to barge in ahead of the Blackphone 2.

There's also one potentially deal-breaking element missing: encrypted email. The Blackphone 2 supports Google Apps and Android for Work, as well as the usual email services, including Microsoft Exchange. That's because in part there isn't one that stands up to the mark -- at least just yet. As with the first Blackphone, the company has shied away from offering an app because of the dangers associated with the legal problems that Lavabit -- the email service favored by Edward Snowden -- encountered in 2013. That said, there are encrypted email options available through the separate Silent Store, which offers verified apps known to be secure and private, but in any case, it's another feature where BlackBerry dominates its rivals.

Making Silent Circle's job a little tougher perhaps, BlackBerry has confirmed it will soon roll out an Android smartphone of its own, running its own BlackBerry security software. That could work in BlackBerry's favor, but also potentially for the Blackphone 2.

Silent Circle says it has the advantage over BlackBerry is its "zero-knowledge" approach to user data. It can't see your data, ever, unlike -- so the Blackphone maker claims -- BlackBerry can, which has in recent years appeased governments by offering access to portions of its users' communications.

"Almost every product we make, makes it impossible for us to play any role even when forced by law enforcement or governments," said Aguera.

Design and feature set

Just as much thought was put into the design of this phone as what goes in it. The Blackphone 2 is as haunting to look at as its name might suggest, donning a back-to-front glossy, glass-like black finish.

It's marginally larger than its predecessor at 5.5 inches diagonally -- the same size and 1,920x1,080-pixel resolution as the iPhone 6 Plus and 6S Plus. Its curved corners and lightly textured edges makes it easy to hold, despite being on the larger size. But good luck keeping smudges and fingerprints off the glossy back panel. The phone can get grubby quickly.

c-sidebar1.jpg
Enlarge Image
c-sidebar1.jpg
The smartphone rivals the BlackBerry in almost every way, but does it have the chops to take on a government and enterprise favorite? Zack Whittaker/CNET

Blackphone 2 lands with a 1.7GHz octa-core Qualcomm Snapdragon 615 processor and 3GB of RAM. That's a step back from the Snapdragon 800-series you'll find in more cutting-edge phones in this price range, but -- quite honestly -- if you're looking to play games, this isn't the phone for you, anyway.

There's 32GB of internal storage, which is expandable with up to 128GB via a microSD slot (designed for non-encrypted files such as movies and music). The rear-facing 13-megapixel camera performed well, but images compared to the iPhone 6 were not as well composed. There's also a 5-megapixel front-facing camera for video calling on the go. Wi-Fi connects on 802.11 a/b/g/n and the newer ac bands.

In real-world testing, the phone lasted most of the day on moderate to heavy use on its full-charge of its meaty 3,060-mAh battery. (We're still conducting our looping video battery rundown test, and will update here when we have full results.)

Bottom line

The Blackphone 2 is an elegant handset that packs a privacy punch and a whole lot of potential.

There's no other Android phone on the market that appeals to the security-minded on a consumer or small to medium-sized business level -- except the BlackBerry, which on paper at least still holds the advantage. As for enterprise support, the Blackphone 2 can be remotely managed through common mobile device management (MDM) services, like Citrix and Soti.

The Blackphone 2 is also a better phone than its predecessor, with a bigger screen and access to the full Google Play app store. That means you don't need a second phone for all those daily smartphone conveniences -- music, video, social media, games and so forth -- should you choose to indulge.

From a security standpoint, the various ways in which the phone could be attacked have been mitigated as much as possible, and far exceed other efforts in the smartphone market. As for privacy, the device puts the weight of work on itself, while putting the onus of choice and preference in your hands.

It's a winning combination. But whether or not the Blackphone 2 can pick up where the BlackBerry began to fail remains, for now, a big unknown.