Sovereign Smartphone: To Enjoy Freedom We Have to Control Our Phones

TL;DR

This paper advocates for a new smartphone architecture that enhances user control and privacy by leveraging trusted execution environments, aiming to reduce dependency on dominant OS ecosystems like iOS and Android.

Contribution

It proposes a novel smartphone architecture utilizing trusted execution environments to transfer control back to users, maintaining compatibility with existing ecosystems.

Findings

Design based on trusted execution environments for ARM and RISC-V

Analysis shows potential for increased user control and privacy

Compatibility with current smartphone ecosystems is maintained

Abstract

The majority of smartphones either run iOS or Android operating systems. This has created two distinct ecosystems largely controlled by Apple and Google - they dictate which applications can run, how they run, and what kind of phone resources they can access. Barring some exceptions in Android where different phone manufacturers may have influence, users, developers, and governments are left with little to no choice. Specifically, users need to entrust their security and privacy to OS vendors and accept the functionality constraints they impose. Given the wide use of Android and iOS, immediately leaving these ecosystems is not practical, except in niche application areas. In this work, we draw attention to the magnitude of this problem and why it is an undesirable situation. As an alternative, we advocate the development of a new smartphone architecture that securely transfers the control back to the users while maintaining compatibility with the rich existing smartphone ecosystems. We propose and analyze one such design based on advances in trusted execution environments for ARM and RISC-V.