Offline+ seems to be a software kill switch not hardware 😥

So I was testing the camera with a 3rd party app and the camera works even while offline+ is active as long as the app is open before enabling. I thought this was a hardware switch but its clear its software only which makes the switch pointless. I assume the wireless radios and mics operate similarly too

That’s super disappointing. Having a hardware kill switch was a huge attraction for this device. You’re right, it is pointless, I don’t understand why they would do that.

I just ran that same test myself to verify. I had the Open Camera app open, hit the switch, and the camera was still working. I can’t find a way to replicate it with other hardware. The mic did cut out as soon as I hit the switch while testing it and so did my wifi, even if it was actively in use, but even just being able to replicate it on the camera raises concerns and proves it’s not a hardware level kill switch.

Please keep up your reviews, analysis, debugging and nice-to-have lists but this has been discussed already (you can also search for FCC in this forum to find a link to U.S. Certification docs and more PDFs than you want to read):
What Does Offline+ Mode Actually Disconnect?
Now, I will agree that perhaps the marketing slicks didn’t quite match the actual reality of the phone, but so far I have not taken a sledge hammer to my Kompakt (and no, if there were insurmountable issues, I would not sell it to some unsuspecting soul–bad karma).

From the slick (User Manual):
3. Offline+
Gain focus and tranquillity while ensuring privacy and zero radio frequency emissions by disconnecting the antenna and microphones
and disabling the camera, WIFI and Bluetooth.

Odd that they chose to mix and match doing some things at the hardware level and other things through software.

@jordan Our team said that the GSM module and microphones are blocked on hardware level. Rest on software (camera, WiFi, Bluetooth).
Are you able to USE the sideloaded camera?

Make sense to use both hardware and software. Some apps might be enjoyed offline, like chess.

Not sure what apps the Mudita has enabled offline right now, but later appropriate apps could be enabled offline via an OS update. Their approach leaves the door open.

How does that make sense? The most secure way would be for it to all happen on the hardware level. What does chess have to do with this?

From your comment, I don’t think you understand why this could be a problem.

The ‘offline’ cuts off the Mudita from the outside world via turning off the communication elements of the hardware.

That would still leave the Mudita compute element available for non connected activities, like Chess, reading, or some other applications… I am not wise enough to know if there are security issues with playing chess offline, but I guess anything is possible…

If ‘offline’ turned off the entire Mudita at the hardware level, then the Mudita would just be a dead lump of plastic.

Chess are chess, camera, Wi-Fi and BT could be cut off at the hardware level same as the GSM module, why not?

In the other hand, I’m ok with the way it is as I’d still keep the phone away for any serious conversation.

Thinking of the worst case scenarios, the camera is rather useless in a backpack, at the paranoid level one could argue that Offline+ will not prevent the OS or the hardware module from “sensing” anything in the air to store the historical record of detected networks and devices which, in turn, allows to trace movement (see https://wigle.net/ for example). But I believe it’s possible to test this out.

There’s one important thing to consider in all this, @urszula, @bone_naga. When you toggle Offline+ and go to Settings → Network and Internet, the phone says that you gotta flip the switch on the side to connect the antenna again. I believe that without antenna being connected it is far more difficult to sniff any surrounding networks, if possible (compare to playing a hardware AM/FM radio with rod antenna unscrewed).

I actually really wish the camera worked in offline+ mode, and to be honest, bluetooth. It would be really nice to be able to configure this so I can still be ‘offline/disconnected’ but still wander around taking photos and listening to things on bluetooth etc.

Oh well thats good to know at least! I wish those were also on a hardware cut too but I guess the mics and cellular would be my main concerns. Yeah I can use a sideloaded camera app while in offline+ but only if I open the app before toggling offline+

I don’t know why you keep bringing up Chess. This has nothing to do with the Chess app. No, there’s not a problem with using Chess offline or reading ebooks offline. That has nothing to do with what we’re talking about. A hardware disconnect vs a software disconnect won’t change your ability to use offline apps.

The issue is that anything disconnected by software can theoretically be reconnected by software. This is part of the reason why people are taught not to trust the normal “airplane mode” option if they truly want privacy. But if the hardware itself was disconnected by that switch, no amount of software exploits or backdoors would be able to beat that.

Puts a tin foil hat on
And with the software “disconnect” there is always a chance that the phone may gather information (from camera, from GPS and so on…) and then resend it after you flip the switch back on
At least the mics are cut from the hardware…
Takes tin foil hat off

That’s not even tin foil hat stuff, that’s exactly what Google Play Services do if you put your phone in airplane mode.

WLAN only + Wireshark can help verifying this. I remember how surprising it was when someone left Windows 10 dormant over night in its early days and telemetry became apparent.
Camera and GPS can be overcome to a degree probing these while the device is in Offline+ would be worthless. For camera, pocket is enough; for GPS, some sort of ekhem tinfoil wrapped around (or some pricey professional RF insulation pouch), is that correct?
However, I wouldn’t spiral down that road unless we find something out which is unlikely IMO.
I’ll try to perform some tests once I get my beloved wireless access point back, I’ll be able to run tcpdump directly on it.

Yeah if we end up having to put the phone in a faraday pouch, that seems like it would defeat the purpose of having an offline+ mode.

GPS I have mixed feelings about. With the stock apps, it shouldn’t be sending your coordinates anywhere (phone GPS is receive only, your GPS usually gets sent out via WLAN or cell data by apps). But the stock apps are so unhelpful that it’s pretty much a requirement at this point to sideload additional apps.

Only Weather and Maps are allowed access to GPS. Unless there was a backdoor or a sideloaded app, nothing should be there.
I get your point on the sideloaded apps, then it would be a matter of whether a certain app is polling GPS and sends the whole data as soon as it gets its connection back, and what the destination is (Google, proprietary service, anything else).
I’d have to think what apps that are worth sideloading (besides HERE WeGo or alike) may need access to location and might potentially send this out somewhere.

So, I talked to our team about this and this looks like it’s an unfortunate side-effect of sideloading. It’s difficult for our team to predict exactly how the phone will behave with third-party apps. However, they are aware of this. Thanks for pointing it out.

I totally understand that they can’t predict how every sideloaded app would work, but to me it seems like that’s all the more reason this should have been done at the hardware level. It’s very easy to predict what will happen if the camera or other hardware function no longer receives power.

It is what it is now, but probably something they should keep in mind for the next phone down the line.