Tools For Digital Sovereignty: Smartphones [2023]
Smartphones present a challenge when it comes to digital sovereignty due to dependency on things like location tracking and internet communications. But there are solutions. Part 4 of 6.
So far in this series, we have primarily looked at examples of tools that promote digital sovereignty on home computers and laptops. In this piece, I would like to focus on smartphones and their relation to digital sovereignty. Smartphones present an interesting challenge when it comes to digital sovereignty, in that so many of its functions are heavily dependent on things like location tracking and internet communications.
I will present two different solutions to the smartphone conundrum; one involves ditching smartphones altogether, and one involves looking at seeing whether existing devices can be retro-fitted with software that better promotes digital sovereignty.
Option #1: The "No-Smartphone" Route
There are compelling reasons to ditch smartphones altogether, aside from reasons surrounding digital sovereignty. This includes reducing exposure to wireless electromagnetic frequencies or reducing the need to mine dangerous heavy metals to make new technology, to name a few. But where digital sovereignty is concerned, there is an argument to be made that no level of additional software and privacy will be enough to achieve a suitable standard of sovereignty with the kind of smartphones we are currently using.
In a 2016 paper, Edward Snowden, a former NSA employee who broke the whistle on digital surveillance of the US population by its government, detailed the countless ways in which, even with secure software, smartphones can be hacked and abused. This isn’t restricted to individuals with malicious intent though; the likes of GCHQ in the UK have ways of turning on phones remotely, bypassing encryption and “hiding” its presence on someone’s smartphone if they try to see if any harmful programs are installed. As Snowden sums up in a 2019 Twitter thread:
“[As] long as your phone is turned on, even with "location permissions" disabled, the radios in the phone that connect it to all the nice things you like are screaming into the air, reporting your presence to nearby cell towers, which then create records that are kept forever.”
As such, there is certainly value in examining how we can live without smartphones. After all, it is more than possible, and we have managed almost all of our existence as a species just fine without needing them. That said, I can certainly see people making the argument of “Well, I need a smartphone for my work” and similar lines of reasoning. I would be tempted to ask such people the following: are there alternatives to using a smartphone that would help you in your daily life? For example, if navigating to and from places is a concern, how about using your computer to look up and make note of the directions beforehand, or even use a physical map? This might be more effort, but I would ask what cost the added “convenience” of a phone really is, and whether that’s really a cost worth paying.
I don’t own a smartphone, and haven’t in a little over a year. I have a small Nokia 105 that I bought for a price far less than a modern smartphone for the times when I need to make calls or texts. There is no internet capabilities on the device whatsoever. And yet, here I am, perfectly fine and, if nothing else, happier that I’m not constantly distracted by YouTube on my phone. I’m also not the only contributor to Over To The Youth who has found success with this decision.
That said, I do have some contacts in my life that are insistent on using WhatsApp for communications. For these people, I have what’s called an “emulator” running on my main computer. Emulators are programs that create a self-contained environment that can “pretend” to be a different system, like a smartphone. Certain distributions of Linux (with a little bit of additional setup) support Waydroid, which allows my computer to behave like a phone and run a phone operating system without affecting the rest of my computer. As such, I can have WhatsApp installed and running on my computer. For my lifestyle, this system works perfectly fine as a substitute for needing an actual smartphone. We will explore more solutions of this nature – solutions that reduce our need to use as much digital technology as we do – in Part 5.
Option #2: The "Smarter Smartphone" Route
In the same 2019 Twitter thread we mentioned earlier, Edward Snowden said he simply couldn’t use a smartphone due to how likely it would be that someone could track him down – even if he uses security-hardened software. However, he does give some pointers on how he would set up a smartphone, if he were to use one. This includes the following things:
Using GrapheneOS as the operating system
Turning off cell network, internet and Bluetooth when not in use
Ensuring all internet communications go through the Tor network
Use a “firewall” to manage which apps can communicate over the internet
Blocking ads and trackers when browsing the internet (and better yet, avoid browsing the internet unless absolutely necessary)
Using a password manager
Never use email as a means of regular communication – only as a temporary tool to register for websites requiring them
Some of these points speak for themselves, and some we have touched on in previous parts of this series, like the Tor network. But, there’s a few points worth covering in more detail.
GrapheneOS & Phone Operating Systems
Just as we discussed different operating systems for computers in the last part of this series, there are also different operating systems for mobile devices. By far the most prevalent of these are Google’s “Android” system and Apple’s “iOS” system. Apple’s iOS, while including some privacy features, has many other forms of trackers built in and has zero transparency on how the code processes data due to its closed-source model. Android is, technically, an open-source project. However, it requires the use of additional third-party, closed-source software to work properly in many cases. Most commercial Android devices will also ship with uninstallable software called “Google Play Services”, which is notorious for collecting all sorts of data. Phones running specialised operating systems built with Linux (see Part 3) are probably better suited to users who are very comfortable with Linux on computers. That said, they do exist, such as in the Librem 5 from the company Purism. This phone also has physical switches to cut power from the microphone and camera when not in use, has easily-replicable parts (unlike most smartphones) and is the only phone recommended by the Free Software Foundation, who we have mentioned in previous parts.
So what about GrapheneOS – the operating system mentioned by Snowden? This is a modified version of the Android Open Source Project, doing away with the closed-source parts of commercial Android phones and instead adding in a long list of additional privacy features. This can be installed on compatible systems for those with technical know-how, or some providers offer devices pre-installed with GrapheneOS, such as the Above Phone.
As the usual Google parts – including Google apps – have been removed, phones like the Above Phone seek to fill the functional gap left by the absence of these services with free, open source alternatives. Some of these are documented on the Above Phone’s page as featured apps, including some familiar names for those who have read the previous instalments of this series, like Jitsi. Other notable apps include Organic Maps, a Google Maps replacement based on the community-driven OpenStreetMap project, and F-Droid, a replacement App Store dedicated to open-source software. Having a security-hardened smartphone also makes it easier to do things like make Bitcoin payments when on-the-go, using a wallet like Electrum, Mycelium or Phoenix. This is something that the no-smartphone route struggles to achieve without having dedicated devices in place of a smartphone.
Using A Firewall
“Firewalls” are pieces of software that blocks or allows internet communications between one computer and the web. Taken to the extreme and abused by a central authority, we can see something like the “Great Firewall of China”, where a government is allowed to filter what internet communications its citizens have. That said, there are ways of getting round this, such as through using VPNs.
For individual users, however, firewalls can be used to block any attempt by malicious actors (whether individual or organised) to harvest data from a device via the internet. These are generally installed on separate devices that act on a whole home network rather than on our personal devices. Tools like OPNsense can combine firewalls with other security features like the aforementioned VPN for a more secure browsing experience, all controlled by the individual. There are similar approaches to this idea for some personal devices though, such as the ability to control network permissions for each individual app on GrapheneOS systems.
Using A Password Manager
Password managers – as the name implies – are pieces of software that can automatically generate, store and remember passwords for the websites and services someone may use. At first, the idea of having all your passwords stored digitally online might scare some, however a well-designed password manager can keep these passwords secure through the following means:
Generating random passwords that are difficult for other computers and hackers to “crack”
Using high-level encryption keeps any piece of software or any external service from being able to see what your password is, even when they are hosted online centrally, or in a decentralised manner.
Some highly-regarded password managers across both mobile devices and computers include Bitwarden, which is a featured app for the Above Phone, KeePassXC, which stores passwords offline, or Liso, which utilises a decentralised means of storing passwords on the web in an encrypted format.
Conclusion
Regardless of which approach appeals to you more, I hope I have demonstrated that the current ways many people may use a smartphone falls short of the standard of digital sovereignty that, in my view, we should all be asking for. Thankfully, there are remedies available for many of these downfalls that, with a little effort, can significantly increase someone’s level of digital sovereignty.