Privacy of the Mudita Kompact

I’m cautious about the privacy claims of the Mudita Kompakt / Mudita OS K given that it’s derived from AOSP, which is written by Google originally. The claims I’ve seen are all unfounded and amount to “trust us, it’s been de-Googled.” There’s some credibility behind these claims with the hardware changes (Offline+) but no hard proof.

So I can’t trust those claims as a developer. I’d like at least another level of verification for the software. The lack of web browser helps, but I’m really cautious given phones are great surveillance devices. What hard proof supports the claim that Mudita OS K is “de-Googled” and free from trackers?

I’ve got some more specific questions if that helps:

  • What does the Kompact use for it’s time protocol, DNS server and geolocation services? It’s good that OpenStreetMap is used for maps.
  • When will Mudita OS K be open sourced? Community verification will help improve privacy (and security) I think.
  • What OS is Mudita Kompakt derived from? Is it straight from AOSP or does it use a different OS as it’s base (e.g., GrapheneOS, /e/OS, CalyxOS) ?

I’m debating pre-ordering the Mudita Kompakt. My alternative is using a Pixel with GrapheneOS / minimal launcher / no web browser. I think I prefer the Mudita Kompakt’s hardware, but the privacy issue is blocking.

8 Likes

I would like to know these answers as well!

2 Likes

I like that it’s being brought up, but at the same time I’d love to see what are any remaining suspected backdoors and tracking?
One can funnel all traffic through Wi-Fi and snoop the traffic to see if and what is being sent where.

Android is based on Linux and AOSP is open-source itself if I’m not wrong.

Security audit would be a nice thing if the OS is not going open-source.

Good point on DNS, but isn’t it assigned dynamically by the ISP or local DHCP server (in case of WLAN)? In that case, the answer will depend. And for local networks, most people are used to setting up this catchy quad 8 which is Google DNS indeed.

2 Likes

Modifying iptables and using Using a Hosts File To Make The Internet Not Suck (as much) for enhanced security make sense, hardcoding DNS such as 1.1.1.1/1.1.1.2/1.1.1.3 (or quad 9?) hopefully would work for all.

1 Like

@redbrick Welcome to the Mudita Community! We are glad you’re here. Thanks for all your questions. I’ll do my best getting the answers to your questions from our team because I, myself, am not super technical.

For the record, no.

@redbrick I’m back with the answers to your concerns:

Thanks for sharing your concerns — they’re totally valid, especially if you come from a development or security background. We get that “trust us” isn’t enough when it comes to privacy, especially with a device that’s derived from AOSP.

Let me walk through your specific questions and provide some clarity:

> What does the Kompakt use for its time protocol, DNS server, and geolocation services?

  • Time protocol: We use standard NTP (Network Time Protocol) with pool.ntp.org as the default. This is a decentralized, community-run pool — no Google or Big Tech involvement here.
  • DNS server: The Kompakt uses whatever DNS is provided by your mobile operator or Wi-Fi network. We don’t enforce any static or third-party DNS by default.
  • Geolocation: Kompakt relies solely on a multi-GNSS setup (GPS, GLONASS, Galileo, Beidou) — so location data comes directly from satellites. We’ve disabled A-GPS entirely, meaning your location never gets bounced through an external server. No Wi-Fi triangulation, no cell tower-based tracking, no Google location services. Your coordinates stay on-device.

> It’s good that OpenStreetMap is used for maps.
Absolutely — we’re fully using OpenStreetMap. No Google Maps SDK, no third-party ad libraries, just a clean, minimal map experience with no background data leakage.

> What OS is Mudita Kompakt derived from?
Kompakt runs on MuditaOS K, which is built from AOSP, but heavily stripped down and customized for our hardware and use case. We’re not using Graphene, Calyx, or /e/OS — our approach is different in that we’ve built a phone without a web browser, without Play Services, without Bluetooth or Wi-Fi scanning, and with a completely reimagined UI tailored for simplicity and privacy.

> Will MuditaOS K be open sourced?
We’ve addressed that here, but to summarize: for now, we don’t plan to open source MuditaOS K. We understand the community values verifiability, and we’re always open to feedback on how we can increase transparency without compromising the security or business sustainability of our platform.

That said, privacy is a core part of our mission. Our goal with Kompakt is to build a device that doesn’t leak data to third parties in the background — period. No preinstalled analytics, no background syncs, no hidden pings home. We’ve designed this for people who want more control, not less.

And we genuinely welcome ideas from the community — especially from devs like you. If there are ways we can do better or be more verifiable without compromising the minimal experience, we’re listening.

Thanks again for raising these points — it’s discussions like this that help keep us accountable.

7 Likes

Thank you so much for these answers, @urszula!

My much-beloved Pure took one too many tumbles the other day which led to the volume up button getting stuck under the case and the display light no longer working. I’ve been oscillating between buying another Pure from the Outlet and giving the Kompakt a try, but a major concern I had with the latter was Mudita OS K running on an Android base (de-Googled or otherwise). I suppose I’ll give the Kompakt a go with the 14-day money back guarantee, especially with the preorder pricing still available.

As an aside, on the topic of OpenStreetMap, I understand that the Maps app on Kompakt will have driving directions. Are there plans to implement transit-based directions as well?

3 Likes

Is it possible to run a vpn or change dns providers?

Thanks for the response @urszula ! Everything you mentioned sounds good – especially disabling of A-GPS, no Google APIs and no advertising. It sounds like the Kompakt is a privacy upgrade from my iPhone :+1: :+1:

we’re always open to feedback on how we can increase transparency without compromising the security or business sustainability of our platform.

Another way to address a lot of my privacy/security concerns is to have a third-party company perform a security/privacy audit, then publish the results and scope. Then I can see some detail on the vulnerabilities of the OS. I’d be interested in an evaluation of your claims in this thread.

I think that would satisfy your business concerns: your code base would stay private, and it’s probably help the developers catch some bugs too. Every OS has some vulnerabilities, I’d be very surprised if there were no vulnerabilities. A decent example is with 1Password’s security audits: Security audits of 1Password | 1Password Support

The Kompakt uses whatever DNS is provided by your mobile operator or Wi-Fi network. We don’t enforce any static or third-party DNS by default.

Can I configure the DNS and hard code a value (e.g., 1.1.1.1)? DNS is one of the primary reasons I use a VPN, I don’t want my ISP or carrier to see the websites I’m visiting (that’s how part of how they serve personalized ads). Of course, the lack of browser by default helps mitigate this issue.

5 Likes

@whyoungblood Currently there is no plan to transit information.

2 Likes

Understood—upon researching OpenStreetMap I saw that the platform itself does not (yet) support transit timetables, but that’s no biggie as I can just continue my current trip planning practices! It did encourage me to update some of the points of interest around me which were outdated, so I’m doing my part to make sure the maps on Kompakt are more up-to-date! Glad you all went with OpenStreetMap, because Here Maps is a nightmare to correct in comparison. :upside_down_face:

2 Likes