CommsBlack Mobile

← Back to CommsBlack Training

Module 02 — Device Security & Kits

🧩 1. Standard Device vs CommsBlack Kits

A normal smartphone is built for convenience and data collection. A CommsBlack device is built for control and predictability.

Aspect Standard device CommsBlack kit
OS & firmware Stock Android, vendor apps, unknown configuration history. GrapheneOS, curated hardware, repeatable configuration.
Attack surface Many preinstalled services and integrations. Minimal extras, hardened defaults, stripped-down services.
Threat model clarity Unclear what it’s hardened against. Explicit assumptions per kit (Shield, Shadow, Ghost).

🛡️ 2. Shield Configuration

Shield is a hardened daily-driver: familiar enough to live with, but far stricter than a stock phone.

Capabilities

  • Supports common apps with carefully set permissions.
  • Improved protection against common theft, malware and data brokerage.
  • Configured to reduce “background noise” data leakage.

Limitations

  • Still participates in your normal life — contacts, locations, habits.
  • Not intended for activities that must be strongly separated from identity.

🌒 3. Shadow Configuration

Shadow assumes higher scrutiny and more risk. It trades comfort for separation.

Capabilities

  • Lean app set focused on specific tasks.
  • Compartmented profiles to split roles cleanly.
  • Stricter network assumptions (e.g. Tor, dedicated VPN).

Limitations

  • Less convenience; more friction to do common tasks.
  • Requires more discipline to avoid “just this once” crossover.

👻 4. Ghost Configuration

Ghost is for operations that need the strongest practical separation you can reasonably maintain.

Capabilities

  • Heavily restricted apps, storage and network behaviours.
  • Designed for short-lived, tightly scoped tasks.
  • Assumes you are willing to sacrifice convenience for risk reduction.

Limitations

  • Not a general-purpose daily phone.
  • Cannot guarantee safety against the most capable state-level actors.

🚨 5. Theft & Seizure Basics

  • Prefer a strong PIN over biometrics where device seizure is a concern.
  • Enable auto-reboot or power-down habits when idle in risky settings.
  • After any loss or suspicious incident, assume visible data may have been copied and rotate accounts appropriately.