The silliness of the Unplugged Phone was previously discussed here: https://news.ycombinator.com/item?id=32264372

To echo my comment on that thread, on their website: https://www.unplugged.com/upphone

The security report linked to at the bottom of their home page: https://www.unplugged.com/_files/ugd/d9d118_17133aa11fa944cd...

1. They are selling a "secure" phone, but their only advertised "security audit" is only for their mobile apps.

2. They are testing their mobile apps against a web app standard, the Open Web Application Security Project (OWASP) Top 10.

3. On the OWASP website: https://owasp.org/www-project-top-ten/ It is only advertised as being the "first step toward changing the software development culture within your organization into one that produces more secure code." Conformance does not mean you have achieved security, it means you have just started.

It is frankly hilarious that anybody would believe even a single word of what they claim with respect to security when they are proud of achieving certification to the lowest levels of security in the wrong field.

Their "Anti-Virus" app [1], is a GPL violating fork of my Hypatia [2] and they're even directly pulling databases from my server.

[1] https://www.virustotal.com/gui/file/a461f8194554fd92d83a1aff...

[2] https://github.com/divested-Mobile/hypatia

It's funny because we already saw this done a year ago, with the exact same pitch- the Freedom Phone.

Didn't a bunch of criminals buy a FBI trojan "secure" phone?

Well this dude's the opposite of that, but if opposite meant Russian FBI.