Files
wdmUI/docs/02-products/sovereign-phone-overview.md
T

4.3 KiB

Sovereign Phone · product overview

Pitch

The Sovereign Phone ("Teléfono Soberano") is a digital sovereignty appliance in a pocket form factor — a secure personal node and portable private workstation, not "yet another private Android". It combines local-first computing, minimal external trust, hardware modularity, and practical anonymity into a device that is usable, elegant, professional, and pragmatic.

The combination that makes it distinctive: privacy + self-hosted infrastructure + local AI + resilient communications + hardware modularity. The tone is deliberately safety-first, not prepper cyberpunk — it targets professionals who want sovereignty without the paranoid aesthetic of the privacy niche.

Philosophy

  • Local-first: process on device whenever possible; sync is opt-in; cloud dependency is minimized, never assumed.
  • Minimal external trust: the user controls what data leaves the device, explicitly and granularly.
  • Real Android compatibility: built on the mature Android app ecosystem. Avoids immature mobile-Linux platforms (Librem / Purism, PinePhone) as the primary platform.
  • Modularity: functional separation at the hardware level (compute vs radio), extensible over time.

System base

  • Built initially on GrapheneOS over supported hardware (Pixel / Samsung across different phases).
  • Phase 1 on the Samsung Galaxy S25 (already acquired) does not replace the OS — instead it hardens configuration and stack on the stock device.
  • Local-first architecture: on-device processing by default, optional synchronization, minimal cloud footprint.

Privacy & anonymity

Conceptually inspired by GrapheneOS, Blackphone, and "sovereign phone" approaches.

  • Zero / minimal telemetry.
  • No mandatory Google.
  • Sandboxed apps.
  • Separate profiles: work, real identity, testing, anonymity.
  • Per-app firewall.
  • Private DNS.
  • Optional VPN / Tor.
  • Granular sensor control.
  • MAC randomization.
  • Storage scopes.
  • USB / peripheral deny (port lockdown).
  • Automatic reboots to return to BFU (before-first-unlock) state.

Radio & communications

A distinctive part of the concept — reducing the power and exposure of the traditional smartphone baseband.

  • Secondary radio via USB-C dongle.
  • Logical separation between compute and radio / modem.
  • Reduced baseband exposure.
  • Future multi-radio capability.
  • Support for alternative networks and resilient communications.

Sovereign infrastructure

The device leans on user-owned, self-hosted infrastructure rather than third parties:

  • Own NAS.
  • Own app servers.
  • Self-hosted services.
  • Local RAG / document system.
  • Selective synchronization.
  • Decentralized / lightweight identity.
  • User-controlled encrypted backup.

Integrated AI

The phone is not only secure/private — it is AI-augmented, with explicit control over what crosses the cloud boundary:

  • Small local LLM for quick tasks.
  • Optional cloud LLM for heavy tasks.
  • "Smart librarian" assistant.
  • Local document indexing.
  • Local RAG.
  • Explicit control over what leaves the device for the cloud.

Differentiators

Vs Sovereign Phone differentiator
GrapheneOS (alone) Adds self-hosted infrastructure, local AI, and a radio-separation hardware path on top of the hardened OS
Blackphone / Silent Circle Modern stack + local AI + sovereign infra + non-paranoid, professional UX
Murena / /e/OS Stronger anonymity model + resilient comms + local-first AI
PinePhone / Librem Real Android compatibility instead of immature mobile Linux as primary platform

Roadmap

Phase 1 — existing compatible devices. Hardened stock hardware (Galaxy S25 as first target). Short lead time. Initial run: ~4 phones for QA/dev, ~100 units for early adopters.

Phase 2 — custom phone. Built around the MediaTek Dimensity 9300, with deep integration of the radio/privacy stack, more sovereign hardware, and stronger functional separation between compute and radio/modem.

Status

Concept / early design. Phase 1 anchored on hardening the acquired Galaxy S25. Hardware modularity (USB-C radio dongle) and the local-AI + self-hosted infrastructure stack are the defining workstreams. Sources of conceptual inspiration: GrapheneOS, Blackphone, Murena, local-first-phone and sovereign-data-network communities.