Hi. I wanted to write this to the Fairphone team but couldn’t find a contact address, and it’s too long for a tweet. I know this is firstly a forum between users, but I’m hoping that posting here might at least be a first step.
Context: I am not yet a Fairphone owner, in fact not even a smartphone owner as I’m very unhappy with the way the market has evolved into a state where users are not really in control of the devices they bought. I can’t see myself using a standard Android device except for testing purposes. Needless to say, Apple and Windows devices are even less of an option. I appreciate that Fairphone went further than mainstream phone makers towards opening their phone to its users, and reading the latest blog post on Fairphone’s approach to software has made me more hopeful that the new Fairphone might offer a degree of freedom that will enable me to fully embrace it. I am a software developer, but know next to nothing about hardware. I’m also a volunteer at Digitalcourage, a German NGO that deals with digital rights, but here I’m writing personally.
I am writing about something I’ve seen on a page from the Tor project about Android security and privacy. I quote from Mission Impossible: Hardening Android for Security and Privacy | The Tor Project
If you truly wish to secure your mobile device from remote compromise, it is necessary to carefully select your hardware. First and foremost, it is absolutely essential that the carrier’s baseband firmware is completely isolated from the rest of the platform. Because your cell phone baseband does not authenticate the network (in part to allow roaming), any random hacker with their own cell network can exploit these backdoors and use them to install malware on your device.
While there are projects underway to determine which handsets actually provide true hardware baseband isolation, at the time of this writing there is very little public information available on this topic. […]
The page then goes on to discuss some seemingly exotic and inconvenient ways of achieving this separation. This is clearly an issue that is not yet served well and would need more attention from hardware makers. I understand that the Fairphone project is dependent on its suppliers, but I was wondering if there is a chance that this issue could be raised with suppliers as part of the search for the next Fairphone platform.
Thanks for reading, and for any replies.