Armadillo Phone 2 combines our custom hardware, operating system, applications and network into one simple solution: the most secure smartphone you can buy.


We never have access to data on your Armadillo Phone or the messages you send. Armadillo Phone’s software has been hardened at every level to prevent cyber attacks. Improved storage encryption better protects your files. Decentralized networking allows you to host your own communications offline. Create unlimited users, each with their own data and apps. If you're forced to unlock your Armadillo Phone, you can login as a fake user without an attacker noticing. Use incognito mode to create a temporary user that's erased when you logout. Indicators show you when data is being transferred online, or when your cameras or microphone are active.


  • Armadillo Chat: High-security instant messaging.
  • Control: End-to-end encrypted MDM.
  • Install: Download new apps.
  • Radio Sentinel: Prevent cellular attacks.
  • RAM Sentinel: Prevent forensic attacks.
  • Theft Sentinel: Prevent theft.


Secure software needs a secure device to run on. We chose the Pixel 3A for Armadillo Phone 2 because of its excellent hardware security features such as secure boot, guaranteed firmware updates and the "Titan M" security chip. Armadillo Phone guarantees a secure supply chain by disassembling and inspecting hardware for you. Armadillo Phones are shipped with tamper-evident seals, so you can detect if your package was opened during delivery. You can choose to have your cameras or microphones physically removed.


  • Armadillo Armor: A case that blocks your cameras and microphones. LEARN MORE
  • Armadillo Beacon: Syncs with the Theft Sentinel app to prevent theft.
  • Armadillo Pouch: A bag to place your devices inside that blocks all signals, including Wi-Fi, cellular, Bluetooth and GPS. LEARN MORE
  • Armadillo Shield: Prevents attackers from viewing your screen. LEARN MORE
  • Armadillo SIM: International 4G SIM card. LEARN MORE




Security patches from newer versions of the Linux kernel have been backported to Armadillo Phone. These include FORTIFY-SOURCE-STRING-STRING, HARDEN-BRANCH-PREDICTOR, INIT-ON-FREE-DEFAULT-ON, INIT-ON-ALLOC-DEFAULT-ON, INIT-STACK-ALL, BUG-ON-DATA-CORRUPTION and many more. Entropy for kernel userspace ASLR has been increased to mitigate memory corruption exploits.


Android's build process has been strengthened, including improvements for stack probes, bounds checking, frame pointers and automatic variable initialization. The compiler toolchain and libc have been hardened. The malloc implementation has been replaced with hardened_malloc, which is further tuned to enhance security and increase quarantine space. Cross-user interactions have been blocked at the framework level, to prevent leaks.


Historically, the Android media stack has been very vulnerable, so Armadillo has hardened it to resist attacks. The oldest, least used and riskiest codecs have been removed ( such as H263 and software codecs ). "Scudo", which is the hardened memory allocator for Android codecs, has been expanded in scope and hardened. The mediadrmserver and drmserver have been removed. MMS auto-retrieval is permanently disabled to mitigate remote attacks.


TLS multiplexing prevents leaking protocol metadata and bypasses firewalls. Network time is synchronized using TLS, instead of NTP. Name resolution is done using DoT ( DNS over TLS ), instead of plaintext DNS. TLS session tickets are disabled to prevent tracking across connections. The browser is only enabled in low security mode. Through software security policies, you can disable networks like Wi-Fi, cellular or Bluetooth.

Share your VPN connection with devices connected to your Armadillo Phone's hotspot, turning your Armadillo Phone into a hardware VPN.


Armadillo OS has improved Android's storage encryption by encrypting the metadata of each user separately. So even if your Armadillo's hardware security is compromised, revealing a user's password won't affect the security of other users metadata.

Armadillo doesn't require a primary user to unlock the phone before the rest can be unlocked. Instead, all users are treated as secondary users and the primary user is permanently disabled.

On first boot, a random amount of "fake users" are generated with a random amount of data, to help prevent attackers from detecting real users.

Scrypt KDF work factors have been strengthened ( from 15:3:1 to 19:4:1 ) to resist bruteforcing.


Unsafe software components have been removed to prevent vulnerabilities. This includes tracking software used by Google and third-parties. Dangerous permissions (like internet or location access) given to the Camera and Contacts apps have been removed. Safe default settings have been set, such as requiring strong passwords, hiding notification content and disabling biometrics. If your Armadillo Phone is remotely wiped, it won't indicate it's erasing your data. Enabling developer options has been disabled. The ability to toggle Wi-Fi, Bluetooth or airplane mode from a locked phone has been disabled.