Direct updates keep Blackphone users safe against current threats

Share this article

One of the common historical complaints of Android users has been the slowness of smartphone vendors to provide updates. It’s not uncommon to find relatively new Android devices that are as much as a full release behind the latest available version of Android. However, if you are running a Blackphone with Silent OS (the security enhanced Android OS from Silent Circle – called “PrivatOS” for Blackphone 1), you get fast firmware updates, at a higher frequency than almost any other Android phone. The reason is simple: we want our users to be protected against the latest security vulnerabilities.

A GRANULAR APPROACH

The Open Source foundation of Android implies that there are continuous updates from the community to any of its projects (Android is comprised of more than 400 individual software projects!). Normally, smartphone vendors prefer to wait to give users firmware updates until several of these projects are up to date, stable, and packaged in a new Android release. At Silent Circle, we prefer to use a more granular approach in favor of security and agility, and when any of the Android software projects requires an update related to security – such as a patch over an SSL library – we get the ball rolling to get this deployed to our users’ phones as quickly as possible.

BYPASS CUSTOMIZATION UPDATES

Another factor that contributes to the typical delay in Android updates is customization. Manufacturers tend to include a lot of customization in their Android implementations, especially at the user interface level. These user interface customizations often mean that vendors can’t apply updates to Android projects directly, but instead require a lot of modifications and testing before being released. Silent OS focuses our enhancements to Android on the security level, and tries to leave the higher Android software layers, including user interface, with minimum alterations. This enables us to apply changes faster than others.

DIRECT OVER THE AIR UPDATES

Finally, once an Over The Air (OTA) update is ready to go, there is the deploy phase. In many cases, smartphone vendors are tightly tied to mobile carriers, and these carriers want to test and approve what comes in into an OTA update. Sometimes the mobile carriers even host the update servers from where the OTA is deployed. It’s not a secret that the change control speed of these “big boys” is far from agile. Silent Circle is, and will remain, committed to providing updates directly to our users, served from our fully controlled OTA server, dramatically reducing the average deployment times for OTA updates.

COMMITTED TO PRIVACY & SECURITY

All this, combined with the continuous hard work of our engineers, enable us to maintain the commitment we made to our users concerning OTA updates: solving critical security vulnerabilities in less than 72 hours, major in less than 30 days, and minor in less than 60 days. By comparison, other smartphones get as few as one or two updates per year, and there’s no guaranteed turnaround time for security patches. Silent Circle remains committed to privacy and security, and our fast OTA updates are yet another way we deliver just that.

Share this article