Punkt MC03: The $699 Dual-Personality Privacy Phone Explained

TL;DR: The Punkt MC03 is a $699 privacy smartphone assembled in Germany, running AphyOS (based on GrapheneOS). It splits your phone into a locked-down “Vault” with Proton apps and a sandboxed “Wild Web” for regular Android apps. Solid hardware — 120Hz OLED, removable battery, expandable storage — but the $9.99/month subscription after year one and proprietary OS layer deserve scrutiny.

From Dumbphones to Data Vaults: Punkt’s Unlikely Evolution

If you’ve been following the privacy phone space for more than a few years, you might remember Punkt as the Swiss company that made beautiful, expensive dumbphones. Founded in 2008 in Lugano, Switzerland by Norwegian entrepreneur Petter Neby, Punkt partnered with legendary designer Jasper Morrison to create the MP01 — a minimalist GSM phone that did exactly two things: calls and texts. It was gorgeous. It was impractical. And it developed a cult following among digital detoxers and design nerds.

The MP02 followed in 2018, upgrading to 4G and adding Pigeon, a messaging app built on the Signal protocol that gave the feature phone encrypted communication.

Then Punkt pivoted. The MC02 arrived in early 2024 with the first version of AphyOS, and now the MC03 — unveiled at CES 2026 — is shipping in Europe, with US availability expected this spring.

The trajectory tells a story: Punkt realized that asking people to give up smartphones entirely was a losing battle. Instead, the MC03 tries to answer a different question: What if a smartphone respected your privacy by default, without requiring you to be a security researcher to set it up?

It’s an ambitious pitch. Let’s see if the reality holds up.

The Vault and the Wild Web: Two Phones in One

The MC03’s defining feature is its dual-environment architecture, and it’s genuinely clever in concept.

The Vault is your phone’s secure home screen — a stripped-down, monochromatic interface housing only Punkt-approved, privacy-vetted applications. This is where your sensitive life lives: email, calendar, cloud storage, password management, and messaging. New for the MC03, these aren’t Apostrophy’s own half-baked alternatives anymore. Punkt has partnered with Proton to bring the full suite into the Vault: Proton Mail, Proton Calendar, Proton Drive, Proton VPN, and Proton Pass. The Swiss-to-Swiss partnership makes strategic sense — both companies are building businesses around paid privacy rather than ad-funded surveillance. Threema, the Swiss encrypted messenger, also lives here.

Apps in the Vault operate under maximum privacy restrictions by default. No third-party tracking, no data profiling, no background data leakage. The Vault is intentionally minimal — Punkt wants it to feel calm, focused, and private.

The Wild Web is one swipe away and looks much more like a conventional Android home screen. Here, you can install any Android app — Instagram, Uber, your banking app, whatever you need. During setup, there’s a toggle to enable the Google Play Store and limited Google services, which is far simpler than the painful setup process on the MC02.

The key distinction: Wild Web apps run in sandboxed environments with heightened permission controls. A feature called Ledger acts as a real-time monitor, visualizing what each app is doing with your data and even tracking the energy impact of installed applications (Punkt calls this the “Carbon Reduction” view). Users can see what data an app wants, grant or deny access granularly, and change those decisions at any time.

The idea is that your sensitive data (the stuff in the Vault) is architecturally isolated from whatever data-hungry apps you’ve installed in the Wild Web. Think of it as a curated, enforced version of Android’s work profile concept — but with a UX designed for people who don’t know what a work profile is.

It’s an appealing model. Whether the isolation is as strong as the marketing implies is a question we’ll return to.

AphyOS: What’s Actually Under the Hood?

Here’s where things get complicated — and where critical scrutiny matters most.

AphyOS is developed by Apostrophy, a Swiss company closely linked to Punkt (both share founder Petter Neby). According to multiple sources, AphyOS is built on GrapheneOS, which itself is built on AOSP (Android Open Source Project). Android Authority’s hands-on described it as “a heavily customized version of GrapheneOS with Android running at the core.”

This lineage matters. GrapheneOS is one of the most respected security-focused mobile operating systems, with a strong track record of independent auditing, open-source development, and transparent security practices. It runs on Google Pixel phones specifically because Pixels have the best hardware security features available on Android.

AphyOS takes GrapheneOS as a base and adds Punkt’s dual-environment UX, the Ledger system, and integration with Proton and Threema services. Apostrophy claims the system is “fully auditable, allowing businesses and governments to verify data flows, security protocols, and compliance standards at every layer.”

But here’s what’s missing: AphyOS itself is not open source in the way GrapheneOS is. You can’t download the source, build it yourself, or independently verify what Apostrophy has added (or removed) from the GrapheneOS base. The “auditable” claim appears to refer to enterprise audit capabilities, not public code review. For a product whose entire value proposition is trust, this is a significant gap.

GrapheneOS lead developer Daniel Micay has previously raised concerns about forks and derivatives that trade on GrapheneOS’s reputation without maintaining its security properties. Whether AphyOS maintains the full hardening of GrapheneOS, particularly around verified boot, exploit mitigations, and sandboxing — is not independently confirmed.

In fairness, Punkt is not the only company building proprietary layers on top of open-source security projects. But when you’re asking $699 plus a subscription for privacy, the burden of proof is higher.

The Subscription Question

The MC03 costs $699/€699/CHF699/£610 and includes 12 months of AphyOS service. After that, you pay:

$9.99/month on a monthly plan
$129 for 3 years (~$3.58/month)
$199 for 5 years (~$3.32/month)

Punkt’s justification is straightforward: “If you don’t pay for the product, you are the product.” The subscription covers AphyOS updates, the Digital Nomad VPN, 5GB of cloud storage, email and messaging services, the Data and Carbon Ledger, privacy apps like Threema, and ongoing security maintenance.

This is philosophically coherent. Running privacy infrastructure costs money, and a subscription model aligns the company’s incentives with the user’s interests rather than with advertisers.

But what happens if you stop paying? This is where it gets uncomfortable. According to multiple reports, including GSMGoTech’s review, “an inactive subscription doesn’t just limit extras — it deactivates basic functions, severely hampering the device’s usability.” Reddit users have confirmed that “without an active subscription, certain core services and privacy features will be limited.”

In other words: you buy a $699 phone, and if you stop paying the subscription after year one, your phone becomes significantly less functional. This isn’t like a VPN subscription expiring — it’s your phone’s core operating system features being locked behind a paywall. That’s a model borrowed from Whoop (as PCMag noted), and it’s deeply controversial.

Over five years of ownership, you’re looking at $699 + $199 = $898 minimum, or $699 + $599 = $1,298 at monthly rates. That’s flagship pricing for mid-range hardware.

Hardware: Finally Competitive

The MC02’s biggest weakness was its mediocre hardware. The MC03 fixes this comprehensively:

Spec	MC03
Display	6.67” AMOLED, 2436×1080, 120Hz, 550 nits
Processor	MediaTek Dimensity 7300 (octa-core)
RAM	8GB
Storage	256GB + microSD up to 1TB
Battery	5,200mAh, removable/replaceable
Charging	30W wired, 15W wireless
Cameras	64MP main, 32MP selfie
Durability	IP68 dust/water resistance
SIM	Nano-SIM + eSIM
Assembly	Gigaset factory, Bocholt, Germany

The removable battery is the standout feature. In 2026, finding a smartphone with IP68 water resistance and a user-replaceable battery is essentially unheard of. For privacy-conscious users, a removable battery also means you can physically cut power to the device — something no software toggle can guarantee.

The Dimensity 7300 is a solid mid-range chip — not flagship, but more than capable for daily use. The 120Hz OLED display is a massive upgrade from the MC02’s dreary 60Hz IPS panel. Android Authority’s hands-on called the MC03 “a legitimate improvement across the board.”

Manufactured at Gigaset’s facility in Bocholt, Germany, the MC03 carries a European-assembly story that complements its Swiss-software positioning.

Pigeon: From Feature Phones to… What?

Pigeon was Punkt’s custom messaging app for the MP02, built on Signal’s open-source code and using the Signal protocol for end-to-end encryption. It was open source (available on GitHub), compatible with Signal Desktop, and specifically designed for the MP02’s tiny screen and limited interface.

On the MC03, Pigeon’s role is less clear. With Threema in the Vault and the ability to install Signal (or any messaging app) via the Wild Web’s Play Store access, Pigeon feels like a legacy product from the feature phone era. Punkt’s MC03 marketing focuses on the Proton suite and Threema rather than Pigeon.

This isn’t necessarily a problem — Signal and Threema are both excellent encrypted messengers — but Punkt’s “own” encrypted messaging story is less central than it once was.

The Elephant in the Room: Why Not Just Use GrapheneOS?

This is the question that haunts every Punkt review, and it’s the one the privacy community has been asking most loudly.

A Google Pixel 9 costs around $350-400. GrapheneOS is free (see our What is GrapheneOS? beginner’s guide if you’re new). You can create work profiles to separate personal and untrusted apps, install the full Proton suite yourself, add Molly (a hardened Signal fork), use any VPN, and manage permissions through GrapheneOS’s built-in privacy controls.

Total cost: ~$400, no subscription, fully open source, independently audited, running on hardware with superior security features (Pixel’s Titan M2 chip, verified boot chain).

As one Reddit commenter bluntly put it: “It’s €12 a month for a skinned, significantly less secure fork of GrapheneOS.”

That’s harsh, but not wrong on the technical merits. GrapheneOS on a Pixel offers stronger verified boot, faster security updates, full source transparency, and hardware security features that the Dimensity 7300 doesn’t match.

But here’s the counter-argument: Most people will never install GrapheneOS. The MC03’s value proposition isn’t “better security than what experts can build themselves.” It’s “accessible privacy for people who would otherwise just use a stock Samsung or iPhone.” The Vault/Wild Web UX makes the privacy trade-offs visible and manageable without requiring technical knowledge. The Proton integration is pre-configured. The VPN is built in. The whole thing works out of the box.

If you’re reading privacyphones.com, you’re probably capable of setting up GrapheneOS yourself (our step-by-step setup guide makes it straightforward). But if you’re recommending a phone to a privacy-curious family member? The MC03’s out-of-box experience is genuinely compelling — provided you can stomach the subscription.

Who This Is For

Consider the MC03 if you:

Want privacy-by-default without DIY setup
Value European manufacturing and Swiss software jurisdiction
Need a removable battery (a rarity in 2026)
Appreciate the Proton ecosystem and want it pre-integrated
Are willing to pay a subscription for privacy infrastructure
Want a phone that actively discourages mindless scrolling via its Vault-first design

Skip it if you:

Can install and maintain GrapheneOS yourself (better security, lower cost)
Object to subscription-locked phone functionality on principle
Need flagship performance or camera quality
Want a fully open-source, independently verifiable software stack
Distrust proprietary layers on top of open-source security projects
Are on a budget (the 5-year total cost exceeds $900)

Red Flags Worth Watching

We’re intrigued by the MC03. But intellectual honesty demands flagging concerns:

Proprietary OS layer: AphyOS is not fully open source. You’re trusting Apostrophy’s modifications without the ability to verify them. For a privacy product, this is ironic.
Subscription lock-in: Your $699 phone becomes a brick-lite if you stop paying. Core functionality is gated behind recurring fees.
Unproven security claims: No published independent security audits of AphyOS’s modifications to GrapheneOS. “Auditable” is not “audited.”
MediaTek security: The Dimensity 7300 lacks the hardware security features of Google’s Tensor/Titan M2 combination that GrapheneOS relies on.
Small company risk: If Punkt or Apostrophy go under, your subscription-dependent phone could become an expensive paperweight.
eSIM limitations: Reports suggest eSIM profiles may be pre-locked to select North American carriers.

The Bottom Line

The Punkt MC03 is the most interesting privacy phone to launch in years. Not because it’s the most secure — it isn’t — but because it’s the first to seriously attempt making privacy accessible without completely sacrificing the modern smartphone experience. The Vault/Wild Web dual-environment is a clever UX metaphor that makes privacy trade-offs legible to normal people. The Proton partnership is smart. The hardware is finally good enough. The removable battery is a genuine differentiator.

But “interesting” and “recommended” are different words. The subscription model raises legitimate concerns about ownership and lock-in. The proprietary OS layer undermines the transparency that should be foundational to any privacy product. And for anyone willing to spend 30 minutes with a Pixel and a USB cable, GrapheneOS offers objectively stronger security at less than half the price.

We’ll be doing a full review once the MC03 reaches US shores this spring. Until then, consider this a cautiously optimistic preview — with emphasis on the cautious.

The MC03 is available for pre-order now at punkt.ch for €699/$699, with European deliveries underway and US shipping expected Spring 2026.