I got into one of my sooper-sekrit James Bond moods a while back which put me down the path of trying to obtain and maintain a disposable phone for clandestine communications - I specifically call it a disposable phone and not a burner since infosec dorks are touchy about the term "burner phone", but also because the point of maintaining this phone over an extended period means it is not temporary like a true burner phone. Since the point of this phone was for intermittent communications as opposed to being my daily driver, I didn't need much in terms of computational grunt to send Signal messages and make the occasional call. I was sort of stumbling in the dark when I started but I think I came up with a decent checklist for finding suitable hardware:
- Must have a removable battery (mitigates potential baseband exploits)
- Must be capable of running current version of Android (11) with possibility of running future version (12)
- Must be relatively inexpensive (Helps reinforce disposability)
- Stretch goal - should be possible to buy in person in the US (I haven't heard of anyone tying IMEIs to specific online purchases, but better safe than sorry)
- Stretch goal - should be able to flash custom ROMs (to avoid default bloatware/potential trackers)
For all the moaning I've heard over the years about the dearth of phones with removable batteries, I was surprised at how many I found when specifically looking for them - it's nowhere near the number of phones on the market but I thought I'd be able to find maybe two at most.
Thanks to Samsung actually caring about updates there are three Samsung phones that should get access to Android 12:
I say "should" since I can't find anything saying the updates have actually landed yet. Additionally, I couldn't find anyone actually selling the Xcover 4s, the Xcover 5 is only available in the US through eBay and the Xcover Pro slightly strains the inexpensiveness requirement at $380 from Amazon as I write this.
The combination of many of HMD/Nokia's low-end phones having removable batteries and the company's pledge to provide at least two years of support for its phones means a surprising number of HMD/Nokia phones also make the cut:
One thing to note is that while the lower-end C phones will only get Android 12 because HMD/Nokia said they would, the Nokia 1.3 is an Android One phone meaning it has to get two years of updates - but given how tardy the company is on releasing Android 11, this "required" update isn't looking so likely.
Purchasing the 1.3 and C01 Plus is actually possible on Amazon now, but I can't find the C1 available anywhere and it seems the C2 hasn't been officially released yet - a bit strange then considering that means it's running a version of Android half a year out of date.
The problem with these phones is they are too unpopular to be supported by custom ROM makers and my sooper-sekrit communications will need more than stock Android or Android Go, so digging for some phones that also have custom ROM support turned up these:
The downside of these phones is reviews suggest the Teracube isn't really worth the $299 it costs to buy it, and the Fairphones are in no way inexpensive (the cheapest one I found on eBay was nearly $600).
If this blog post has a conclusion, I think it's that I put far too much effort into things that don't matter and a cheapo prepaid phone from any big box store/drugstore with a removable battery is likely sufficient. Given HMD/Nokia's spotty update history, if I had to pick up a YOLO phone today it'd probably be a Galaxy Xcover 5 or a Fairphone 3 if I could find one used for cheap and really wanted custom ROM support. None of these phones are avaiable in any US store I could find so I would have them online, using a cutout if I wanted to feel more like James Bond.
As for what service I would use on my YOLO phone, hopefully I will have some more information on that in the future.