NovaCustom announces SHIFTphone with iodéOS: Security community concerned
On November 12, Dutch-based computer manufacturer NovaCustom announced that they are selling a configurable version of the SHIFTphone 8.1, a modular smartphone similar to the Fairphone, with iodéOS pre-installed. However, many in the privacy and security community have raised concerns about the operating system's track record.
Best known for their V54 and V56 series of modified Clevo laptops, NovaCustom is one of few European OEMs that sells customized privacy-focused computers. They are a financial contributor to the HEADS firmware project, which enables certain Qubes OS devices to resist evil-maid and bootloader attacks, and their V54 lineup is officially Qubes-certified. Their decision to sell smartphones is reminiscent of startups like Purism that develop similar device ecosystems.
It appears that NovaCustom will be replacing the stock Android operating system on the SHIFTphone by pre-installing iodéOS 6, which itself is a fork of Lineage OS 22.
iodéOS is a privacy-focused Android custom ROM which replaces Google Play Services with microG, a free and open-source wrapper for Google Play which replaces Google's proprietary client code with open-source alternatives, though notably it does not replace Google's server-side APIs by default. iodéOS is also limited by their usage of LineageOS 22 to Android 15 QPR1 and security updates up to November 2024.
This announcement was met with mostly negative feedback within the Privacy Guides community. Although some members defended NovaCustom's decision as a way to support smaller companies with limited funding, others criticized the move as conflating privacy with security. The developer of the (now-defunct) DivestOS project questioned NovaCustom for supporting iodéOS because of its alleged lack of support for the latest version of Chromium WebView, and telemetry to Google via SUPL and hardware provisioning.
In their official blog post, NovaCustom justified their decision to choose iodéOS over GrapheneOS because of its accessibility to users concerned about "Big Tech tracking." They criticized GrapheneOS for supporting only Google Pixel devices, and praised iodéOS for being a balanced solution for users:
iodéOS is different. It is open source at [sic] well, but more minimalistic. In addition, it is technically less complex since microG and the Aurora Store are pre-installed by default. This allows you to install Play Store apps anonymously, while blocking Big Tech tracking as much as possible.
iodéOS offers the perfect balance between privacy, security, and user-friendliness. And that is exactly what we value at NovaCustom.
Their original announcement also included comparisons to other operating system choices, including GrapheneOS, but it was since updated to remove those statements following feedback from Privacy Guides.
A follow-up reply from NovaCustom's founder, Wessel klien Snakenborg, reveals that a partnership with the GrapheneOS project was attempted, but failed due to significant costs involved. According to NovaCustom, GrapheneOS estimated a successful hardware partnership would require the following:
[ … ] Our understanding is that it costs something like 5 million USD for licensing everything and then perhaps around 1 million USD per year of support where Qualcomm can provide that for up to 8 years after they consider the platform to have launched.
NovaCustom did not wish to resell currently-supported Google Pixel devices either, stating:
Depending on Google for the delivery of hardware isn’t a good idea either in our opinion. That way, you still make yourself dependent on big tech and you feed your enemy.
In his post to the Privacy Guides community, Snakenborg noted that NovaCustom was open to questions and feedback about the announcement. At the time of writing, community members had posted some specific questions for NovaCustom which have not yet been addressed.
maltfield
Subscriber Discussion