The App Gap and supply chains: Purism CEO on what’s ahead for the Librem 5 USA
Interview In June, Purism began shipping a privacy-focused smartphone called Librem 5 USA that runs on a version of Linux called PureOS rather than Android or iOS. As the name suggests, it’s made in America – all the electronics are assembled in its Carlsbad, California facility, using as many US-fabricated parts as possible.
While past privacy-focused phones, such as Silent Circle‘s Android-based Blackphone failed to win much market share, the political situation is different now than it was seven years ago.
Supply-chain provenance has become more important in recent years, thanks to concerns about the national security implications of foreign-made tech gear. The Librem 5 USA comes at a cost, starting at $1,999, though there are now US government agencies willing to pay that price for homegrown hardware they can trust – and evidently tech enthusiasts, too.
We first wrote about the Librem 5 smartphone in 2017, considering it a privacy-centric device with a Linux OS. The Librem 5 USA, as noted, tries to use American companies with US fabrication « whenever possible. » It has a 5.7-inch 720×1440 screen with 3GB of RAM, 32GB of storage, and a user-replaceable 4,500mAh battery.
The goal is to produce a phone that can be trusted from the hardware to the OS and apps, something that Apple and Google have become vocal about, too.
The Register spoke with Todd Weaver, founder and CEO of Purism, about how things are going.
Weaver said Purism is about two weeks away from actually holding stock and selling phones, which isn’t something the company, which began with crowdfunding, has previously had to do. In the past, people have pledged funds with orders, and it has later fulfilled them; now it’s building inventory in anticipation of sales.
« We’re actually transitioning to holding stock and pushing sales, » he explained. « We’ve never had to do that before. We’ve never had to do outbound sales. »
The phone, to start at the hardware level on up, all the way to the operating system, is our manufactured hardware
Previously, said Weaver, the company’s growth has been a result of inbound requests for its products based on the material it has published about its projects.
« The phone, to kind of start at the hardware level on up, all the way to the operating system, is our manufactured hardware, » said Weaver. « It runs on a CPU that is not normally in phones. »
That would be a quad-core Arm Cortex-A53 i.MX8M running at 1.5GHz. Weaver said Purism isolated the device’s baseband modem from Wi-Fi and Bluetooth « so that you can actually turn it off with a hardware kill switch. That basically becomes the ultimate in security. »
A key thing to realize here is that baseband modems are effectively small computers running in handsets and handle the cellular communications; if a modem is compromised or made to run rogue firmware, it can potentially take over the rest of the device, hence Purism’s desire to isolate it, if the user so wishes. In fact, it has three hardware kill switches: one to cut off Wi-Fi and Bluetooth, one for cellular, and one for the microphone and cameras. All three will cut off GPS, too.
The main printed circuit board assembly (PCBA) is made by Purism in the US, and its microprocessor, from Dutch semiconductor maker NXP, is also made stateside.
The chip, Weaver explained, « is normally in airplanes, in commercial-grade devices, and in cars. It’s a quad-core CPU. But the reason we had to do that was we wanted to properly isolate. So in every other phone that’s made, the baseband modem – the cellular modem – is attached to memory and CPU. Fundamentally the carriers have firmware access that’s lower than the operating system. »
To make the phone secure, Weaver said, to protect privacy and individual freedoms, Purism had to consider security at the hardware level and move up the stack.
« There are all sorts of ways that has to be solved, » he said. « We solve it from the hardware, software, applications, data, and even services. »
The point, said Weaver, is to be able to just take the device and have peace of mind and control over your own digital life.
« We started in 2014, initially just crowdfunding laptops, » said Weaver. « My goal was to produce phones. But I knew that I had to increment through because we had to show that we can manufacture devices. We can do hardware, software, and services. Our model is very similar to Apple in that regard – we produce hardware and we have an operating system that’s married to it, so that it works.
« And then we also include services that fully respect you. If you had an iPhone or an Android phone and a Purism phone like Librem 5 sitting all next to each other, the iPhone will leak probably about three gigabytes of data without doing anything. Android devices are worse. Ours will leak exactly zero bits – nothing is sent without your explicit interaction, to make a request for weather information or browsing the web. »
Research last year suggested Android and iOS beam back telemetry to base even when users opt out of these transmissions, and a complaint was raised in 2020 over what appeared to be Android’s mysterious wireless data transfers.
While working toward phone manufacturing with the release of the Librem laptop, mini PC, and servers, Weaver explained his company was refining PureOS, its Linux distribution. « It’s our operating system that doesn’t have any mystery code in it, » said Weaver. « It’s all the source code, from the bootloader on up. »
Purism’s quest against Intel’s Management Engine black box CPU now comes in 14 inches
Purism, said Weaver, has been working on modifying the PureOS Linux kernel to conserve energy when idle.
« A lot of the things Android initially did to Linux, we are doing to mainline Linux, so that we can actually have these things idle down better, » he said. « Basically, it’s a better way to do nothing. »
He also said the processor tends toward the toasty side. « We pushed really hard with NXP, modified a bunch of Linux kernel development, so that we could get that cooler. It’s just that CPU runs hot. The next iteration, we’ll be using probably I.MX9 … that’s still probably two years away. »
Weaver also said some thought is being given to the possibility of soldering the currently modular modem in place, which would allow for thinner devices and would please government agencies that see a removable component as a security issue.
Asked what sorts of things are possible with a Librem phone that Android and iOS devices don’t offer, Weaver cited the way tethering works. Mobile providers often charge extras for tethering, but with a Librem 5 phone data is just data. He also pointed to disk encryption with user-controlled keys and chat applications that can handle multiple protocols, such as SMS, MMS, XMPP, and Matrix.
For people who want an alternative to Android or iOS, Weaver said it’s an easy sale. « I almost have to back them off to say that, you know, not all your apps are going to run there, » he said. « It’s got calls, text messaging, browsing the web, a calculator, but not Snapchat. »
It’s got calls, text messaging, browsing the web, a calculator, but not Snapchat
Given the benefit Apple and Google get from their respective app stores, it’s not surprising that Purism is trying to deal with what Weaver calls « the App Gap » – the vast number of mobile apps not available on PureOS at the moment.
« Initially, we developed a lot of the core applications, » said Weaver. « We also wrote a library that allows for all the existing GNU/Linux-based applications to shrink down and run on our mobile phone. So by doing that, you don’t have to write a new application, it’s just include our library, and it will now work on the phone. »
That takes some effort, Weaver conceded, and Purism has produced documentation and helped Linux developers adapt their existing apps.
Purism is also enhancing its PureOS Store by partnering with a group that’s funding Interledger, an open payment network federation system.
« We’re actually going to be adding to PureOS Store, which is equivalent to Apple’s App Store or Google’s Play Store, where we allow for people to charge a subscription or charge for an app, » said Weaver. « And then we also have the ability to pay bounties even, for apps that are really needed that aren’t yet developed. So basically, the solution to fill the App Gap is cash. »
« You have to incentivize developers by ‘Hey, you can get paid,' » he elaborated. « The ecosystem grows and also actually puts money towards that effort. Our business model – by selling hardware with high enough margin, having services that are attached – allows us to basically reinvest to fill the App Gap. »
Privacy has always been a tough sell in the tech industry, at least in a mass market context. But over the past decade, the Snowden revelations about the extent of government information gathering, constant privacy scandals, the online ad industry’s unrepentant intrusiveness, pushback against Big Tech and surveillance capitalism, and the always sorry state of data security have buoyed interest in privacy. Add to that trade tensions with China and the supply chain nationalism that has followed, not to mention competition and privacy regulations emerging in the US, UK, and EU, and it looks like an opportunity.
« We’re not make-or-break off any one of those issues, » said Weaver, « but by fundamentally targeting civil liberties, individual freedoms, and privacy rights, then all of those things come out, and as they do, we see an influx of sales. »
« We have devices in every letter-agency in the US and some governments from outside the US, » said Weaver. « And those devices can vary from air gap laptops, to phones and even phone service. »
- California’s attempt to protect kids online could end adults’ internet anonymity
- FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
- Ubuntu Touch OTA-23 is coming: Do you have one of the older model phones that can test it?
- America edges closer to a federal data privacy law, not that anyone can agree on it
Weaver declined to discuss Purism’s financial situation in detail, but said the Librem 5 crowdfunding campaign raised $2 million.
« Since then, we’ve grown by triple digits year over year and even during COVID-19, we had a growth year, » he explained. « So overall, our sales have continued to increase. And we’ve grown mostly from revenue, but we’ve also taken on north of $12 million in investment. »
Weaver said the total available market is huge – billions of people have cell phones.
‘When you’re looking at somebody who cares about privacy rights, or they care about ‘I don’t like Big Tech,’ or ‘I don’t like the duopoly a mobile phone the space,’ or ‘I don’t like the intrusion,’ or I would like to advance civil liberties,’ every one of those areas is a potential customer, » said Weaver. « And those areas are immense. So we have not had a demand problem. We have had a supply problem, from parts to actual availability.
« We lost probably about two years on specific parts to actually manufacture this device in the US. China still has a shortage. We’ve never had that lack of interest. Once we get to the point of actually holding stock, then we’re going to be able to resume promoting. »
Soon, then. ®