A number of flaws in the Blackphone include an inability to update apps individually, to open PDF or Word documents and some information disclosure vulnerabilities.
According to Net Security, the team analysed the device running version 1.0.2 of PrivatOS, which is built on Android, and comes pre-installed with a suite of privacy-enabled applications such as Silent Circle’s Silent Phone, Silent Text, and Silent Contacts for secure calling, text messaging, and contact storage, and the Security Center app that allows users to control app permissions. All these apps have been built by the companies behind Blackphone (Silent Circle and Geeksphone).
The team also found problems in the 150+ pre-installed root certificates into the system credential storage, meaning the device is trusting a significant number of certificate authorities. They can be disabled, but it’s a tedious job that has to be done manually. Luckily, the creators of Blackphone have been open to pruning that list, and have collaborating with Bluebox researchers on this and a change is expected in future updates.