Skip to content
Published June 1, 2018

The Gemini is a fantastic device for working and being productive on the move, but when it comes to security it’s pretty much a stock Android device.  So how would you go about creating a Black Edition Gemini?  First of all, what is a Black Edition?  This is terminology that has emerged in the last few years to describe super-secure mobile devices, and several custom smartphones have met with some, if limited success.  They won’t leak data, they can’t be tracked, and they assure you privacy on the move.

They can be very limiting however and you’ll only want a Black Edition device if you have a high need for security, such as if you work in a highly sensitive industry or for a secretive government department.  They can be difficult to configure too, and even harder to guarantee security on.  Previously I’ve written about how you can Manage Security on your Gemini in which I touched upon Black Edition settings, but it’s worth giving them their own article as well.

Essentially you need to deactivate anything on the device that leaks data, or that can be used to track you.  This means not signing into the Gemini using a Google Account unless the settings for that account are very tightly locked down, and you can manage your Google account security online, or instead singing in using something secure like a Microsoft Azure work account.

You also need to deactivate settings on the Gemini such as Location tracking, found in Settings > Location, and only install a very few, very trustworthy apps.

To prevent people snooping on your online activities you’ll need a VPN (Virtual Private Network).  This masks your data traffic from snoopers, your cellular provider, and your ISP by bouncing them around a different server (or servers) elsewhere on the planet.  VPNs also encrypt all of the data transmitted from and to your device, for added security.  I use the highly acclaimed Nord VPN, though many other services are available.

Then we come to files and data.  The Gemini PDA does not come with hardware encryption, so any data stored in the Gemini’s 64GB internal storage will not be encrypted, and you should definitely not use a MicroSD card with the device as it can be easily removed.  Many encryption apps and tools exist for Android that range from free to paid for, but it’s always best to read reviews and descriptions before choosing which one will suit you best, as each will have different functionality, and operate in different ways.

Also if there are any online services you can use that already support encryption, such as WhatsApp, these will offer added protection for your online activities.  Lastly you need to make sure that the Gemini is protected by a strong and secure password, backed up by two-factor authentication, and that you don’t set a PIN or a pattern unlock which are much less secure.  A secure password should be a minimum of twelve characters in length and include both upper and lower-case characters, numbers, and symbols.

With all this in place you can be reasonably confident of being able to use your Gemini in complete privacy.  Remember however that technology moves quickly, and malware writers and hackers are always first with new technologies and techniques.  You should always keep your Gemini’s Firmware up to date, which you can do in Settings > About phone > Firmware update, never turn on the Developer options or sideload any apps as these actions can compromise your security, and using a good third-party security suite can help with your security as well.

Just remember though that in these days of Internet communications, and hacking, no matter how you configure your Gemini, or what you install on the device… there are never any guarantees of complete security.

9 Comments

  1. m0ntala m0ntala

    I thought for a moment that this article was going to tell us how to obtain a ‘limited edition’ black gemini pda, but nevertheless I am sure that a lot of users will find it interesting, and pick up a few useful tips!

    • I’ve actually seen a black Gemini. It was meh! :/

  2. Rod H - Merritt, BC, Canada Rod H - Merritt, BC, Canada

    You say “any data stored in the Gemini’s 64GB internal storage will not be encrypted, and you should definitely not use a MicroSD card with the device.” The card does not emanate RF so data can’t be queried. When holding data the card can be removed from the device. Data on the card can be easily encrypted.
    Question: what is the issue with using a microSD card?

    • Just because a MicroSD card can be easily removed. Perhaps I should have been more explicit about this (article now edited) 😀

  3. Rod H - Merritt, BC, Canada Rod H - Merritt, BC, Canada

    The card can be easily removed. So can the whole Gemini!

  4. Tom Tom

    I don’t understand the article. You say you want to explain how to create a “Black Edition” Gemini – so it is supposed to be a mobile device secured by common industry practices (almost every phone and laptop nowadays can easily enable full disk encryption).
    – Why is this not enabled by default like on many other devices?
    – I can’t find the necessary steps in your article – “don’t use microsd” and “don’t use internal storage neither” don’t help me in securing my device. How can I enable full disk encryption?

  5. The only thing that would keep these small form devices in any “security” niche is by having a fluid Os, which means it has to be non-persistant by default.

  6. jthenley jthenley

    So has the device got a Trusted Platform Module (TPM)? and a secure signed firmware built on SE Linux, developed in a trusted software house? or was it made in China and a distributed with a Debian build that has default software repositories pointing to Russia and MediaTek binary drivers in the kernel that is an old (end of life Feb 17) 3.18 kernel that Planetcom or their 3rd party developers that put Russian distro’s as their default update source will need to provide securit patching for for any new vulnerabilities found in the kernel. Don’t get me wrong, I love the device, and people should definitely use VPN and encryption etc to secure their data but I think it might be a bit of a stretch to suggest it could be used as it in a security environment! If we can get fully open source up to date kernel that would be a good start. And as someone noted, if you can get to the SD you can get the device. The data stored on the SD is as insecure as the device because you can just reboot it and dump the firmware with Wwr_MTK and SP Flash tool.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: