'Secure Spaces' ROM Brings Multi-Domain Isolation, 'Hidden Spaces' To Nexus 5

Graphite Software, which makes the Secure Spaces software for the Blackphone 2 (and soon for some Alcatel Touch and Coolpad devices), announced a downloadable Secure Spaces ROM for the Nexus 5, as well.

Secure Spaces, which was made more popular this year by Silent Circle's Blackphone, enables Android devices to create multiple secure environments that can isolate users' personal apps from banking apps or from their gaming or work apps. This improves both security and privacy, as the Secure Spaces don't communicate with each other, so malware that invades one Space can't (easily) enter another.

Domain Isolation

There are multiple ways to isolate data and apps, whether it's through ARM's TrustZone, type 1 hypervisor virtual machines (where you can run up to two standalone Android operating systems on a device at the same time), type 2 hypervisor VMs (which is the typical VM on a host solution), or through OS-level virtualization technologies such as Secure Spaces.

Graphite Software believes that OS-level virtualization is the best compromise between the four, because the hypervisor solutions, while more secure, have too much performance and memory overhead for a typical smartphone. This can also lead to lower battery life.

The company claimed that ARM's TrustZone solution also requires too much work to be implemented properly, and each implementation is different for each chip used in a device. Users also need to trust the device OEM not to put some hidden third-party apps in the "Secure World" that would invade their privacy.

However, TrustZone can also be used in conjunction with Secure Spaces for assistance with cryptographic operations, key storage, and integrity verification. Therefore, the two are more complementary than competing solutions, but one is more low-level, and the other is higher-level.


All Secure Spaces have their own AES-256 encrypted filesystems, which are tied to user credentials and are locked by the users' own PIN numbers, patterns or passphrases.

The isolation employed by Secure Spaces is bi-directional, which means code in one Space can't affect another Space. In comparison, apps from TrustZone's Secure World can have full access to the RAM and storage of the device. Secure Spaces' strong bi-directional isolation means that you can install apps with many permissions in one Space, such as games or flashlight apps, without having to worry about them stealing information from your personal, work or banking Space. You could even install Facebook, with its many permissions, in a Space that has no contacts, and Facebook won't get access to any of your contacts.

Graphite Software also offers companies the ability to provide their customers with downloadable Spaces, for a more immersive experience for their brand. For instance, we recently saw that Pepsi is making its own phone to promote its brand and offer its customers a better "Pepsi experience." However, many people may not trust a "Pepsi phone" to be a good smartphone in general, whether it's because of the hardware, software or its own tracking for advertising purposes.

This ends up hurting both Pepsi's goals and those of the customers who buy the Pepsi phones. Instead, the company could create a downloadable Space for them. Then, that "Pepsi experience" would only be contained in the downloaded Space, without affecting in any way the rest of the phone. Of course, this also means phones that support Secure Spaces need to become more popular for a company such as Pepsi to consider doing this.

Until then, a more practical use case will be companies giving their employees Secure Spaces-enabled phones and then having the IT admin remotely download some Spaces with their own level of security.

Other privacy-related uses could also include using a more privacy-friendly browser such as Orfox, or end-to-end encrypted applications such as Signal. This is also the method employed by Silent Circle's Blackphone, which starts the Silent Phone and other pre-loaded privacy apps in their own "Silent Space."

Hidden Spaces

One other feature of Graphite Software's Secure Spaces is that you can create a "Hidden Space," as well. The Hidden Space is invisible to the OS and everyone else accessing your phone, which could be useful to store your most sensitive information, whether work-related or personal. Many countries also allow warrantless searches of devices at the border, and this type of solution can help protect your data in such situations.

The Hidden Space can only be accessed through a downloadable Graphite Software app from the Play Store, which can be a calculator app or a clock app (more options will be available in the future). You can use these apps along with a code or gesture known only to you to load the Hidden Space. Hidden Spaces offer a way to quickly "wipe" them as well, if needed. There's also an API, which allows developers to create their own custom access methods for Hidden Spaces.

The Secure Spaces ROM is now available only for the Nexus 5 and can be flashed like any other custom ROM. The .zip file and the flashing guide are available on the Secure Spaces website.


Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.

You can follow him at @lucian_armasu. Follow us on Facebook, Google+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.