Sailfish os installation on your phone. Sailfish OS will be installed on feature phones

We often write about mobile OS security, publish information about found vulnerabilities, describe security weaknesses and hacking methods. We wrote about spying on Android users, and about malicious applications that are built directly into the firmware, and about the uncontrolled leakage of user data to the manufacturer’s cloud. Which of the modern mobile platforms is the most secure for the user - or at least the least unsafe? Let's try to figure it out.

What is security?

We can’t talk about device security without defining what we actually mean. Physical data security? Protection from low-level analysis methods with the extraction of a memory chip, or simply protection from curious people who don’t know the password and don’t know how to deceive the fingerprint scanner? Transferring data to the cloud - is it a plus or a minus from a security point of view? And to which cloud, to whom and where, what data exactly, does the user know about it and can it be disabled? How likely is it to catch a Trojan on one platform or another and lose not only your passwords, but also the money in your account?

Security aspects of mobile platforms cannot be considered in isolation from each other. Security is a comprehensive solution that covers all facets of device use, from communications and application isolation to low-level data protection and encryption.

Today we will briefly describe the main advantages and problems in all modern mobile operating systems that are at least somewhat widespread. The list includes Google Android, Apple iOS and Windows 10 Mobile (alas, Windows Phone 8.1 can no longer be called modern). BlackBerry 10, Sailfish and Samsung Tizen will be a bonus.

Oldies: BlackBerry 10

Before we begin describing the current platforms, let's say a few words about BlackBerry 10, which has already retired. Why BlackBerry 10? At one time, the system was actively promoted as the “most secure” mobile OS. In some ways this was true, in some ways it was exaggerated, as always, in some ways it was relevant three years ago, but is hopelessly outdated today. Overall, we liked BlackBerry's approach to security; however, there were some failures.

• Microkernel architecture and trusted boot system are truly secure. During the entire existence of the system, no one received superuser rights (by the way, they tried several times, including in serious offices - BlackBerry was not always an outsider).
• It is also impossible to bypass the password to unlock the device: after ten unsuccessful attempts, the data in the device is completely destroyed.
• There are no built-in cloud services and no targeted surveillance of the user. Data is not transferred externally, unless the user decides to install a cloud application himself (services such as OneDrive, Box.com, Dropbox are optionally supported).
• Exemplary implementation of corporate security policies and remote control through BES (BlackBerry Enterprise Services).
• Reliable (but optional) encryption of both the built-in storage and memory cards.
• There are no cloud backups at all, and local ones are encrypted using a secure key linked to the BlackBerry ID.

• Data is not encrypted by default. However, the company can activate encryption on employee devices.
• Data encryption is block, peer-to-peer; there is no concept of security classes or anything even remotely reminiscent of Keychain in iOS. For example, Wallet app data can be retrieved from a backup.
• You can log into your BlackBerry ID account simply with a username and password; Two-factor authentication is not supported. Today such an approach is completely unacceptable. By the way, if you know the password for the BlackBerry ID, you can extract the key, which will be used to decrypt the backup created associated with this account.
• Factory reset protection and anti-theft protection are very weak. It can be done by simply replacing the BlackBerry Protect application when assembling the autoloader or (up to BB 10.3.3) downgrading the firmware version.
• There is no MAC address randomization, which allows you to track a specific device using Wi-Fi access points.

Another bell: BlackBerry willingly cooperates with law enforcement agencies, providing the maximum possible assistance in catching criminals who use BlackBerry smartphones.

In general, with proper configuration (and users who choose BlackBerry 10, as a rule, configure their devices quite competently), the system is able to provide both an acceptable level of security and a high level of privacy. However, “experienced users” can negate all the advantages by installing a hacked version of Google Play Services on their smartphone and receiving all the delights of “Big Brother” supervision.

Exotics: Tizen and Sailfish

Tizen and Sailfish are clear market outsiders. Underdogs even more so than Windows 10 Mobile or BlackBerry 10, whose share fell below 0.1%. Their safety is the safety of “elusive Joe”; little is known about her only because few people are interested in them.

The extent to which this approach is justified can be judged by a recently published study in which about forty critical vulnerabilities were discovered in Tizen. Here we can only summarize what has been known for a long time.

• If serious independent research has not been conducted, then it is impossible to talk about the safety of the platform. Critical vulnerabilities will not be revealed until the platform becomes widespread. But it will be too late.
• There is no malicious software only due to the low prevalence of the platform. Also a kind of protection.
• Security mechanisms are insufficient, absent or described only on paper.
• Any certifications only say that the device has passed certification, but say absolutely nothing about the actual level of security.

Jolla Sailfish

The situation with Sailfish is ambiguous. On the one hand, the system seems to be alive: from time to time, some devices are announced based on it, and even Russian Post has purchased a large batch of devices with an prohibitively high price tag. On the other hand, users are offered to pay the price of a strong average Android device for a model running Sailfish, which has the characteristics of a cheap Chinese smartphone three years (!) ago. This approach will work in the only case: if the models on Sailfish are purchased for budget money, and then distributed to lower-level government employees. Of course, with this approach, the participants in the transaction are not at all interested in thinking about any kind of security.

And even the presence of government certificates does not provide any guarantee, just as open source code does not provide it. For example, the Heartbeat vulnerability was discovered in the firmware of routers, the source code for which was in the public domain for more than ten years. In the Android operating system, which is also open source, new vulnerabilities are discovered regularly.

Exotic OS means a lack of infrastructure, an extremely limited set of devices and applications, underdeveloped means of managing corporate security policies and more than questionable security.

Samsung Tizen

Samsung Tizen stands somewhat apart from other “exotic” platforms. Unlike Ubuntu Touch and Sailfish, Tizen is a fairly common system. It controls dozens of models of Samsung smart TVs, as well as smart watches and several budget smartphones (Samsung Z1–Z4).

As soon as Tizen became noticeably widespread, independent researchers took up the system. The result is disappointing: in the first months, more than forty critical vulnerabilities were found. To quote Amichai Neiderman, who conducted the Tizen security study:

This may be the worst code I've ever seen. All the mistakes that could have been made were made. It is obvious that the code was written or reviewed by someone who does not understand anything about security. It's like asking a high school student to write software for you.

In general, the conclusion is clear: using an exotic, little-used system in a corporate environment is an open invitation to hackers.

Apple iOS

We will praise Apple. Yes, this is a closed ecosystem, and yes, the price tag is not comparable to the technical capabilities, but nevertheless, devices running iOS have been and remain the most secure of the common commercial solutions. This mainly applies to the current generation models of the iPhone 6s and 7 (and, perhaps, SE).

Older devices have less safety margin. For older iPhones 5c, 5s and 6, there are already ways to unlock the bootloader and attack the device password (you can contact the developers, Cellebrite, for details). But even for these outdated devices, hacking the bootloader is labor-intensive and very expensive (Cellebrite charges several thousand dollars for the service). I think no one will break my or your phone in this way.

So, what do we have today? Let's start with physical security.

1. All iPhones and iPads iOS 8.0 and higher (and currently iOS 10.3.2, which is even more secure) use such strong protection methods that even their manufacturer both officially and actually refuses to retrieve information from locked devices. Independent studies (including from the ElcomSoft laboratory) confirm Apple's claims.
2. iOS has (and does work) a data protection system in case of theft or loss of the device. Mechanisms for remote data erasing and device locking are available. A stolen device cannot be unlocked and resold if the attacker does not know both the password for the device and the separate password for the owner’s Apple ID account. (However, everything is available to Chinese craftsmen, and tampering with the device’s hardware can bypass this protection... for iPhone 5s and older devices.)
3. Multi-level data encryption out of the box is perfectly designed and implemented. The data section is always encrypted; a block cipher is used with keys that are unique for each individual block, and when a file is deleted, the corresponding keys are deleted - which means that it is basically impossible to recover deleted data. The keys are protected by a dedicated coprocessor included in the Secure Enclave system, and they cannot be pulled out from there even with a jailbreak (we tried). When you turn it on, your data remains encrypted until you enter the correct password. Moreover, some data (for example, passwords to websites, email downloaded to the device) is additionally encrypted in the Keychain secure storage, and some of it cannot be retrieved even with jailbreak.
4. You can't just plug your iPhone into your computer and download data from it (except photos). iOS provides the ability to establish trusted relationships with computers. This creates a pair of cryptographic keys that allows a trusted computer to make backup copies of the phone. But even this possibility can be limited using corporate security policy or the proprietary Apple Configurator application. The security of backups is ensured by the ability to set a complex password (the password is required only to restore data from a backup copy, so it will not interfere with everyday use).

iPhone unlocking is done at a fairly safe level. To unlock, you can use either a standard four-digit PIN code or a more complex password. The only additional way to unlock the device is with a fingerprint. Moreover, the implementation of the mechanism is such that an attacker will have very few opportunities to use it. The fingerprint data is encrypted and will be deleted from the device’s RAM after shutdown or reboot; after a while, if the device has never been unlocked; after five unsuccessful attempts; after some time, if the user has never entered a password to unlock the device.

iOS has an option that allows you to automatically delete data after ten failed login attempts. Unlike BlackBerry 10, this option is controlled at the operating system level; For older versions of iOS (up to iOS 8.2), there are ways to bypass it.

What about user surveillance and leaks?

iOS has disable synchronization with the cloud through Apple's own iCloud service. In particular, the following are usually stored in iCloud:

• device data backups;
• synchronized data - call log, notes, calendars, passwords in iCloud Keychain;
• passwords and history of visiting resources in the Safari browser;
• photos and application data.

All types of cloud synchronization in iOS can be disabled by simply turning off iCloud and deactivating iCloud Drive. After this, no data will be transferred to Apple servers. Despite the fact that some mechanisms do not work very intuitively (for example, to turn off call synchronization you need to disable iCloud Drive, which is actually intended for synchronizing files and photos), completely turning off cloud services completely disables synchronization.

iOS has a mechanism to prevent tracking (the system can present random Wi-Fi and Bluetooth module identifiers to the outside world instead of fixed real ones).

Okay, but what about malware? In iOS, the possibility of installing malicious software is virtually eliminated. There were isolated cases (through applications built using hacked development tools), but they were quickly localized and fixed. Even then, these applications could not cause much harm: in iOS, each application is securely isolated both from the system itself and from other applications using a sandbox.

It should be noted that iOS implemented granular control over application permissions a long time ago. You can individually allow or deny each application such things as the ability to work in the background (there is no such option in “pure” Android!), access to location, notifications, and the like. Having these settings allows you to effectively limit surveillance by applications that have made such surveillance their core business (this applies to both Facebook-class applications and games like Angry Birds).

Finally, Apple regularly updates iOS even on older devices, almost instantly (compared to Android) fixing found vulnerabilities. In this case, updates arrive simultaneously to all users (again, “unlike”).

Interestingly, starting from version 9, iOS is also protected from man-in-the-middle attacks involving certificate interception and substitution. And if the Elcomsoft laboratory managed to reverse the iCloud backup protocol in the 8th version of the system, this was not possible in newer operating systems due to technical reasons. On the one hand, we receive a guarantee of the security of the transmitted data; on the other hand, we have no way to reliably verify that “extra” information will not be sent to the servers.

Continuation is available only to members

Option 1. Join the “site” community to read all materials on the site

Membership in the community within the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!

Hello everyone, I haven’t been here for a long time :) I’ll say right away that the article is not mine, just a copyright for general development :) Do not install Google Play if you don’t trust Google services. Do not attempt the procedure if you are not sure that you can do it. You do all the actions given in the article at your own peril and risk, bearing full responsibility for the further operation of the device. The text is written for informational purposes.

Preparation

Before installation you must have:

1. Access to the Jolla Store;
2. Internet connection (WLAN/WiFi or mobile network);
3. "File manager" application, which you can install in the Jolla Store;
4. Starting from version Sailfish OS 1.0.4.20, the ability to install third-party programs: settings - system - unverified programs - allow installation of third-party programs.

Installation

2. Go to the section: Settings - system - developer mode. And select a mode. If you have access to the Jolla Store, the Terminal application will appear in the list of applications;

3. Activate "Developer Mode";

4. Activate "Remote connection" and set a password, or generate one;

5. Using Jolla Phone, download this archive: http://bit.ly/1IjsdF9. The file will be downloaded to the /home/nemo/Downloads directory;

6. Open the terminal application that was installed in the second step. If you are registered as a developer, then the input line will contain a $ sign;

7. Go to the downloads directory: to do this, enter cd ~/Downloads ;

8. Unzip the file: enter unzip gapps-jb-20121011-signed.zip ;

9. Get root access: enter devel-su 10) You will need to enter the password that was set in step 4. Enter it and click Tip: The "$" sign will change to "#". So you have received root access! Be careful!

10. Navigate to the target directory: enter cd /opt/alien/system/app ;

11. Copy the files one by one (you won’t need the rest unzipped: Enter one by one:

cp /home/nemo/Downloads/system/app/Phonesky.apk .

cp /home/nemo/Downloads/system/app/GoogleLoginService.apk .

cp /home/nemo/Downloads/system/app/GoogleServicesFramework.apk .

12. After all the steps, your terminal window will look like this:

bash-3.2$ cd ~/Downloads bash-3.2$ unzip gapps-jb-20121011-signed.zip inflating: (… many, many lines …) Inflating: system/usr/srec/en-US/symbols

bash-3.2$ devel-su Password:

bash-3.2# cd /opt/alien/system/app

bash-3.2# cp /home/nemo/Downloads/system/app/Phonesky.apk .

bash-3.2# cp /home/nemo/Downloads/system/app/GoogleLoginService.apk .

bash-3.2# cp /home/nemo/Downloads/system/app/GoogleServicesFramework.apk .

13. Reboot your device;

14. Open the "File Manager" application;

15. Go to the /opt/alien/system/app directory. The directory always opens in /home/nemo/, so tap the dot in the top left twice. There you can go to the desired directory with the application;

16. Tap the Phonesky.apk file. A window with file data will open;

17. Swipe down from top to bottom to open the menu at the top and select Install. The installation of Google Play will begin;

18. Using the File Manager application, delete unnecessary files.

You can read the original version of the article here: http://bit.ly/1ojJXue

The Jolla company, which develops Sailfish OS, unexpectedly announced the third version of its operating system. The presentation was held in Barcelona as part of MWC 2018.

In connection with this event, we decided to continue talking about alternative Android and iOS mobile operating systems. We looked at it earlier. Now it’s Sailfish’s turn.

What do Nokia and Intel have to do with it?

It's a long story. It started 13 years ago. Then, in 2005, good old Nokia was famous for its, and the model was not yet famous for its indestructibility. In those May days of the mid-2000s, the Finnish manufacturer presented its Nokia 770 pocket computer. It was a revolutionary device: it caught the Internet via Wi-Fi! There were VoIP and Google Talk services.

The tablet supported the Jabber protocol! God, how much nostalgia there is in these words! The tablet went on sale in November 2005. The 770 ran on the first version of Maemo - 2005OS. Later Nokia N800, N810, and then N900 came out. All of them were managed by Maemo.

Maemo interface on Nokia N900

From Finland we are moving to the USA. In 2007, netbooks with Intel Atom processors were released. The company wants to promote these devices, which requires an operating system that is not very resource-intensive. Windows is not suitable - Microsoft is stupidly uninterested in Atom. Then the Moblin project appears. The name is short for Mobile Linux. As you might guess, the new operating system was designed for mobile devices. It was based on open source Linux.

Moblin interface

Eight years ago, in February 2010, Nokia and Intel announced they were joining forces. The jointly developed operating system is called MeeGo. Then it was announced that Nokia N8 would be the last smartphone to run on Symbian OS (another Nokia operating system that was installed on more devices), and N9 would be released running MeeGo.

Nokia N9 on MeeGo

It was very cool: users could choose between devices on iOS, Android, Windows Phone, MeeGo, or even buy a BlackBerry! But, unfortunately, such an idyll did not last long.

In 2011, Nokia unexpectedly shut down MeeGo. The project was no longer developed, despite the popularity of the Nokia N9. Thus, the first smartphone on this OS version also became the last.

Part of the team involved in the development of MeeGo left Nokia to create their own company. They named her Jolla. The team was unable to obtain control of most of the patents for the operating system, so many of its elements had to be developed anew. For example, design.

What did Jolla try to leave with?

The company emphasized multitasking and openness. During the first presentation, they promised to release an SDK for development by third-party application developers. An operating system that's highly customizable and supports the multi-core processors of the future.

Special emphasis was also placed on the interface. Thus, Mark Dillon, co-founder of the company, said the following: “The Sailfish OS interface is unique in that the device can only be used using gestures.” From any application, swipe right to open the notification center. Bottom to top - a list of installed applications opens. There were a lot of gestures. All of them replaced the usual buttons. Manufacturers of Android smartphones are now trying to come to this and abandon on-screen buttons, which “eat up” a significant part of the screen.

In 2012, the company announced its Jolla smartphone. It went on sale a year later. The device had an unusual appearance. It seemed like it was glued together from two different smartphones. A little later, the Jolla Tablet was announced, but then the company encountered financial difficulties. The tablet was not released.

How does Jolla live now?

Since then, the company has decided to focus on its operating system, Sailfish OS. For example, firmware development for the Nexus 4 and OnePlus One smartphones was carried out directly within Jolla.

In 2016, the company licensed Sailfish OS for the Russian "Open Mobile Platform". Together, Sailfish Mobile OS RUS was released. The list of supported devices includes the Ermak OMP smartphone for government employees and corporate clients, as well as the Russian INOI R7 smartphone. Operating systems similar to the Russian licensed OS exist in Brazil, China and other countries.

Ermak WMD

The third version of Sailfish will be designed for more devices. At MWC they announced its appearance in the fall on the above-mentioned INOI R7, Sony Xperia XA2, Gemini PDA PDA, as well as on unnamed push-button phones with 4G support. Sailfish OS 3 will focus on security. For example, if the device is lost or stolen, the user will be able to remotely erase all data.

The operating system supports Android apps, but only if the user has paid $50 for Sailfish OS.

Sony Xperia XA2 with Sailfish OS installed

The dominance of two operating systems on the market is not the best situation for the user. In this case, the technological progress that we so dream of will be hindered by a lack of interest in development. The more choice there is, the better it will be for the chooser. We hope that Sailfish will develop as an alternative operating system and one day find its niche, which it will confidently hold.

I talked about Symbian OS itself and about Nokia, which was perhaps the main one in the history of this OS, especially at the end of its existence. In particular, I thought that if Nokia had been more agile, who knows, perhaps Symbian OS would have remained the dominant operating system on mobile devices and Android would not have conquered the market so easily. And Nokia would remain the flagship on the market and not Apple and Samsung.

People from Nokia thought the same thing; they did not accept the supremacy of Android and in 2011 created the Jolla company, and in 2012 the Sailfish OS operating system. In 2016, the Russian company Open Mobile Platform joined Jolla. Sailfish OS is based on a Linux kernel with a Qt and Mer add-on, and the interface and applications are made in QML and HTML5. The source code is completely open, which allows enthusiasts to modify the OS and install it on other smartphones. Sailfish OS has been customized by the community for many popular devices, some of which are listed below.

Device list

• X909 (find5)
• Oneplus One (bacon)
• Galaxy Nexus (maguro)
• Galaxy Note (n7000)
• Galaxy Tab 2 Wifi (p3110)
• Huawei Ascend P6 (hwp6_u06)
• Nexus One (passion)
• Nexus 4 (mako)
• Nexus 5 (hammerhead)
• Nexus 7 WiFi 2012 (grouper)
• Nexus 7 GSM 2012 (tilapia)
• Nexus 7 2013 WiFi (flo)
• Nexus 7 2013 GSM (deb)
• SGSIII Intl (i9300)
• SGS III 4G (i9305)
• Motorola Moto G 2013 (falcon)
• Motorola Moto G 2014 (titan)
• Huawei C8813Q/G525
• Motorola Photon Q (xt897)
• HTC Desire HD (ace)
• HTC Desire Z (vision)
• HTC Sensation (pyramid)
• Sony Xperia L C2105
• Sony Xperia SP (huashan)
• Sony Ericsson Xperia Pro (iyokan)
• Sony Xperia Z1 Compact (amami)
• Sony Xperia Z3 compact (aries/z3c)
• Huawei C8813Q/G525
• Samsung Galaxy Tab (P1000)
• Samsung Galaxy SIII Mini (GT-I8190)
• Sony Xperia Z (yuga)
• Samsung Galaxy XCover 2 (GT-S7710)
• ZTE Open C/Kis 3 (kis3)
• Xiaomi Redmi 1S (armani)
• Samsung Galaxy Tab 2 10.1 3G (GT-P5100)

[collapse]

U Jolla has its own smartphones/tablets, there are licensed onesdevices from other manufacturers.

Sailfish OS has the built-in ability to run Android apps on your Jolla smartphone. This way you can continue to use your favorite apps such as Instagram, Facebook, WhatsApp or Twitter.

The developers focus all their attention when using the device on gestures. From their site:

Swipe

MOVE WITH EASY

To return to the main screen from an application you are using, swipe from the edge of the screen to the center. To close an app, simply swipe down from top to bottom.

Check it out

CONVENIENT NOTIFICATIONS

Pull

PULL AND RELEASE SELECTING AN ACTION

Quickly turn on the camera, make a call and even more options in the top menu - pull from top to bottom.

The Open Mobile Platform (OMP) company is developing a new OS based on Sailfish OS - Sailfish Mobile OS RUS. They promise to release devices from Oysters and Jolla running Sailfish Mobile OS RUS on the Russian market by the end of the year, as well as the Ermak OMP industrial smartphone for corporate users and the public sector.