The Tracfone LG L15G recently dropped to $10 at Walmart, so I picked one up. As expected, the hardware is incredibly simple and accessible.
During my (very easy) work on this, I kept thinking: Why would anyone spend $700 on a “secure phone” (Silent Circle) when I can spend $10 on this one and take the microphone and camera out? It really depends on which security feature we’re looking at, and in this case, with the LG, it’s hardware security. At the very least, Silent Circle should make it very easy to physically remove specific, high-risk sensors. This LG still has Rotation Vector and Accelerometer senors, and I don’t know where those are located. Even still, compared to my Nexus 6, this is an extremely simple device to “secure”.
Ars Technica reviewed the LG Sunrise. While they are quite right about how “cheap” it is, I got the feeling like they have no appreciation for easy to hack devices, especially ones as powerful as Android.
Reasons to keep a $10 Android around:
- Create an anonymous document drop with any Android (albeit “NetGuard” is not available for Android 4.4.2)
- Create an anonymous Signal phone number w/ Android
- Run a Tor relay with Orbot
- Compartmentalize social media, or a dedicated, anonymous social media management device (device ID separation)
- Among countless others
The end result, achievable within 5 minutes of work, resulted in the removal of the microphone, the front-facing sensors, the rear camera, and the rear speaker. I could have taken out the primary earphone too.
Processor and Sensors
CPU: Qualcomm Snapdragon 400
Architecture: 2x ARM Cortex-A7 @ 1.19 GHz
Process: 28 nm
Clock Speed: 300 MHz – 1.19 GHz
CPU Load: (CPU 1 idles at 300 MHz with the second turned off. Idle load was 10-20%)
GPU Vendor: Qualcomm
GPU Rendered: Adreno 305 @ 400 MHz
GPU Clock Speed: 300 MHz
GPU Load: (Idles at 0%)
Scaling Governor: on demand
Model: LGL15G (y25_trf_us)
Screen Size: 3.46 inches
Screen Resolution: 320 x 480 pixels
Screen Density: 166 dpi
Total RAM: 420 MB
Available RAM: (Idle, 150 MG (35%)
Internal Storage: 1.80 GB
Available Storage: 1.49 GB (82%)
Android Verson: 4.4.2
API Level: 19
Build ID: KOT49I.LGL15G10f
Java VM: Dalvik 1.6.0
OpenGL ES: 3.0
Kernel Architecture: armv7I
Kernel Version: 3.4.0+(LGL15G10f.1419269528)
Root Access: (I rooted this test device just to see if I could, but I don’t recommend it)
LGE Accelerometer Sensor
LGE Rotation Vector Sensor
The only tool that I needed to open up the phone and do most of the work was a simple crosshead screwdriver.
The disassembly was trivial as I didn’t need any tools (after the screws were removed).
To disconnect the system board from the back of the LCD screen, just disconnect the top right (earphone) and bottom left (home buttons) cables.
The rear camera simply disconnects. The front-facing sensors needed a moderate “push” (with the screwdriver) to disconnect.
The microphone needed a moderate “pull” (with the pliers) to disconnect.
As the Ars Technica review mentions, the hardware is very simple. The system board demonstrates that.
The rear speaker was easy to disconnect simply by removing the connecting wires. I didn’t have a good reason to remove this speaker. In my defense, I didn’t actually know (or test) if there was another microphone here. Plus, the vibrator is still attached.
After all this, the phone booted up without issue. Buy a headset and make end-to-end encrypted calls with Signal, with or without using cell service.
Android 4.4.2 is pretty bad. Using Signal would help defend against Stagefright.
CVE-2015-3828 (not vulnerable)
CVE-2015-3876 (not vulnerable)
Apps I was able to disable
Favorite contacts Widget
Google Backup Transport
Google Calendar Sync
Google Contacts Sync
Google One Time Init
Google Partner Setup
Google Play Books
Google Play Games
Google Play Movies & TV
Google Play Music
Google Play Newsstand
Google Text-to-speech Engine
LG VoiceCommand Speech Pack
Market Feedback Agent
Mobile Device Management
My Account Downloader