MLABS Secure Phone (Sidco Endorsed!)

I was sent a Secure Phone Pixel 6a from MLABS to test out. For the last month I have been extremely happy with the device and its default security features and ease of use out of the box. Anyone who is looking for a secured smartphone should go this route. A few of my favorite things;

Separate profiles. I really really dislike Google being all up in my business. This phone allows you to keep Google on a completely separate profile with no ability to access your data. There is another profile with a free open source app market called f-droid which I would recommend to any android user. I added another profile strictly for banking and another for games. This keeps everything containerized and secure.

Signal messenger , hardened browser and Orbot (TOR) is loaded up and configured out of the box meaning your browsing history and communications are extremely secure vs sms or using an encrypted messenger alone. WiFi connections are spoofed to avoid fingerprinting and managing permissions for apps is super simple.

And of course, the whole phone is encrypted all the way down to Private DNS.

I get about 2 days of battery life. Everything worked out of the box with my Verizon sim card (wifi calling is important to me)
You can checkout the FAQ from the OS devs here. The entire device is open source and very easy to use.

To keep this review fair the only thing I had to struggle to overcome was the default included keyboard. I am a fan of swipe (dragging your finger across the keyboard to type vs punching letters) and the ability to hold down a letter to get to the secondary key (vs hitting one of the symbol buttons to get to the numbers or symbols). Because the OS is stripped down even installing a keyboard that included swipe didn’t let me use the feature. I had to bake the swipe lib into the keyboard build itself and install it. Because I could control all permissions I am sure the keyboard has no internet access. Let me know if you need help installing OpenBoard with Swipe when you get your phone.

Use discount code HIGHSECURITY for 5% off. When you buy a phone I get a small commission which I will direct back into forum hosting costs.


@sidco so stoked to see you finally got one of these in your hands.

Thanks for the thorough and honest review

1 Like

Over-under on this being a similar situation?


It’s just a preconfigured/custom tweaked Android Open Source Project Google Pixel Phone with Graphene OS I believe. Convenience and fair pricing.

Spares you the tech experience of rooting and romming your phone.

Correct me if I’m wrong please. I respect the hustle to get people on aosp projects.


Graphene OS is the best!

Looks like Mlabs just reskinned it.

I would recommend going and paying cash for the phone at BestBuy or Walmart and sitting on it for 6 months before activation. ( No need to give credit card or any form of electronic payment that can be traced)

Make sure not to active it near your other phones to!

Graphene OS is my daily phone OS and love it!!!


I think customer service is worth paying for if you’re not into messing with your phones os / bootloader/ root. These days I’m too lazy to do any of that and just run fresh aosp. Idk what all they package together, preload, change etc but I know rom work is for the computer nerd who wants to diy.


You are dumb if you buy and use this. Every ‘encrypted phone’ ever has been glowing. Why would you trust this company with your liberty? Trust maths, open source encryption protocols such as PGP, not some new random ‘secure phone’ company.

Remember encrochat?


The difference is what it was prepackaged with: in this case a “chat app” was the honey pot.


Usa customers were not affected by the fbi phones being sold i do not believe. There is this pesky thing called the 4th amendment and probable cause that got in the way.

I was quite shocked wjen i saw the rest of the world was not similiarily protected


If a nation-state wants your data/info/messages, they’re gonna get it. They probably already have it.

Be glad you very likely aren’t interesting enough for anyone to give a fuck about what you’re doing

And you can consider Google and Facebook/Meta to have nation-state level resources.

There is fuck all real info on the mlabs website other than marketing copy.

“We pre-install all of these secure apps for you!”

And nothing else? How do we know? How can we verify that? Why should we trust the people running this company?

I sure wouldn’t. At best this looks like convenience in the form of security theater to me.

If you give a shit about your security, do it yourself. Hardening systems and devices properly takes time and effort. Understanding those systems and how they work is a good layer of protection in itself.

I’d take an off the shelf random android phone from a well-known manufacturer before these guys.

Factory reset it when you buy it. Remove whatever adware or bloatware that you can. A custom ROM might be a good idea. Install signal if you trust it. Use whatever else if you don’t.

I wouldn’t get too reliant on Signal - ever since they opened up to allowing crypto payments on their platform they painted a target on their backs. It’s only a matter of time before someone verifiable sends a payment for something the US government doesn’t like, and the feds move in. Signal is likely still secure. But it’s entirely possible that it isn’t.

Practice zero trust security. Don’t trust the device. Don’t trust the hardware. Don’t trust the firmware. Don’t trust the software. Don’t trust people you don’t know. Limit your exposure through any single vector.

Practice good opsec.

This is the way.


So we get hemp derived THC ads AND possibly compromised phone ads?

So heady.


What does “Sidco Endorsed!” even mean lol… Verified Endorsement


I have a pretty big trust issue, one of my largest concerns right off the bat with this system. I verified through wireshark the device is setup to use grapheneos update servers and grapheneos defaults on mostly everything. I Verified the apk hash were legit fdroid builds from my computer of the installed apps. I verified fdroid itself.
anyone familiar with GraheneOS knows there is a feature to check it against another GrapheneOS phone. This is called Device Integrity Monitoring. Tutorial | which doesn’t do a whole lot of the phone comes compromised but I already went through an update cycle and verified the update comes from grapheneos proper and passed an integrity check.

Open source gives you the ability to verify these things vs the loaded to the brim proprietary garbage the FBI handed out. I hate to name drop, you can look on the mlabs site yourself, the creator of Samsung Knox is the CEO and the other founders are real people who also happen to be in our industry.

I don’t own the equipment or knowledge to verify the actual hardware is in fact a pixel 6a and there isn’t a hardware backdoor but this isn’t a fly by night company that glows in the dark to me. Its a company selling grapheneos secured pixel devices with all open source apps. Thats something I can get behind aka endorse.

I was just speaking with another member here, and I firmly believe that there should be a published list of advertisers with their f4200 handle associated. It is only a matter of time before unscrupulous individuals decide to abuse the banner, and I believe accountability will start with the transparency of who is running the ad campaign.


I can get behind that

1 Like

I have been using this phone for about 6months now. I am not tech savy so i gave it to the people who build all my previous phones and it had all the features i had them do to all other’s already built in and very easy to use. I would do your own research but j am more than happy with it and am using it as i type this


I spent a lot of time thinking about this. If they had their repository with prebaked ROM open sourced and you could build it in a sanitized environment in a reproducable way (see gnu guix) pass a hash check and integrity check it would also ensure the phone wasn’t fiddled with in transit. Side effect being you would know 100% what code you are running and its verified with the ability for you to go eyes on. The goal isn’t to for grapheneos forked but to put it on a phone so the average non techie can use it, but skeptics can verify. In this case you wouldn’t need to trust the people running it or go through the integrity checks like I did, which can only go so far.

1 Like

Sure. That would let you have a certain level of trust with the software. From my understanding it is non-trivial to manipulate the software in a malicious way so that it will pass a hash and integrity check while still carrying the malicious payload, but possible.

The above doesn’t ensure that there is no hardware or other lower level adjustment being made. It also doesn’t ensure that the hardware they are buying doesn’t come with that as standard from Google.

The vendor putting out a canary notice with each update similar to how Qubes does would be not valueless to those who care about such things.

A third party security audit of their system, build process, installation, etc would also be a decent idea.

If that had all of those things in place I’d be less actively hostile to the product overall.

I’d still never buy one, but I’m not the target market.

1 Like