P PrivacyPhones
Guide

The Unplugged UP Phone: Why We Don't Recommend It

An investigative look at the Unplugged UP Phone — the $989 'privacy' device backed by Blackwater founder Erik Prince. We examine the outdated hardware, closed-source OS, questionable leadership, and why a Pixel with GrapheneOS is a far better choice.

TL;DR: The Unplugged UP Phone costs $989 for outdated 2021-era hardware running a closed-source, unauditable Android fork called LibertOS. It’s co-founded by Erik Prince, the Blackwater military contractor founder, with technology leadership tied to Israeli surveillance firms. GrapheneOS has called it “a clear-cut scam.” A Google Pixel with free, open-source GrapheneOS delivers superior privacy, better security, and modern hardware for hundreds less. Avoid the UP Phone.

What Is the UP Phone?

The UP Phone is a smartphone marketed as “the ultimate privacy-focused” device by Unplugged, a company co-founded by Erik Prince — the billionaire best known for founding Blackwater, the private military contractor infamous for the 2007 Nisour Square massacre in Baghdad that killed 17 Iraqi civilians.

First announced in June 2022 and not actually reaching customers until 2024, the UP Phone promises “free speech, privacy, and security” untethered from Big Tech. It runs LibertOS (recently rebranded to UnpluggedOS), a proprietary fork of Android, and ships with a suite of in-house apps including an encrypted messenger, VPN, and antivirus tool.

The phone was relaunched in August 2025 at a price of $989 — only $10 less than an iPhone 16 Pro — with an additional annual subscription fee of $129.99 (or $12.99/month) after the first year for continued access to Unplugged’s privacy services.

On paper, it sounds compelling. In practice, nearly every detail raises serious concerns.

The Hardware: Old, Overpriced, and Insecure

The UP Phone’s specifications tell a story the marketing doesn’t want you to read.

The device runs on a MediaTek Dimensity 1200 chipset — a processor that launched in January 2021. As of this writing, that makes it a five-year-old chip. The rest of the spec sheet follows suit: a 6.67-inch OLED display, 8GB of RAM, and a 108-megapixel main camera. These were mid-range specifications in 2021. In 2026, they’re the internals of a $150-250 phone.

For context, the OnePlus Nord 2, which used the same Dimensity 1200 chipset, can be found on the secondhand market for $150-250. Unplugged is charging nearly $1,000 for comparable hardware.

But this isn’t just a value problem — it’s a security problem. In the world of mobile security, outdated hardware is a liability:

  • Firmware support: Chipset manufacturers like MediaTek provide firmware updates and security patches for a limited window. The Dimensity 1200 is well past its prime support period. MediaTek has announced extended 8-year support — but only for its newest flagship chipsets (Dimensity 9400 and 8400), not legacy chips like the 1200.

  • Known vulnerabilities: Older chipsets accumulate known, publicly documented vulnerabilities over time. Without active firmware patches from the chipset vendor, these vulnerabilities remain open, regardless of what the operating system layer does.

  • Baseband security: The cellular modem (baseband processor) is one of the most critical attack surfaces on any phone. It handles raw radio communication and operates with deep system privileges. When baseband firmware stops receiving updates, the phone becomes vulnerable to radio-level attacks that no operating system patch can fix.

As mobile security expert David Richardson of Lookout told MIT Technology Review: “There’s such a high volume of vulnerabilities that Android is disclosing and patching on an ongoing basis that you really do need to stay on top of all of those.” For a small startup using aging hardware, that is an enormous — perhaps insurmountable — challenge.

The phone does include one genuinely interesting feature: a hardware kill switch that Unplugged says “physically disables circuits” to cut all power. Christoph Hebeisen, director of security intelligence research at Lookout, acknowledged this is a real capability, though he noted it’s “not relevant for most users.” It’s a niche feature that doesn’t compensate for the fundamental hardware deficiencies.

LibertOS: The Closed-Source Problem

The core of any privacy phone’s claim lives in its operating system. Here, the UP Phone makes a critical error that undermines its entire premise: LibertOS (now UnpluggedOS) is closed-source and proprietary.

This is the single most important fact in this entire review. Let us explain why.

In the privacy and security community, there is a foundational principle: trust requires transparency. When a company asks you to trust them with your most sensitive communications and personal data, the minimum standard is that independent researchers can examine the code to verify those claims. This is not optional — it is the bedrock of how security works.

LibertOS is built on the Android Open Source Project (AOSP), which is the de-Googled base of Android available to anyone. Unplugged claims to have added proprietary “enhancements” on top of this foundation. In early investor pitches obtained by MIT Technology Review, the company even claimed these enhancements were “based on knowledge not available to the public (zero-days).”

Let that sink in: a company claiming to protect your privacy also claims to have built its security on top of secret vulnerability knowledge. In legitimate security practice, hoarding zero-days is the hallmark of offensive security firms — the companies that build surveillance tools, not the ones that protect against them.

Without open-source code, you cannot verify:

  • Whether the OS actually strips out all telemetry and tracking
  • Whether the “encrypted” messenger is properly implemented
  • Whether the VPN actually keeps no logs
  • Whether there are any backdoors — intentional or accidental
  • Whether security patches are actually applied promptly and completely

As the F-Droid community noted when the phone was discussed: “Both the OS and apps are proprietary.” Users on the r/privacy subreddit echoed this concern: “Everything about this is proprietary, there is nothing that you as the user or community at large can vet.”

Compare this to GrapheneOS, which publishes every line of code openly, undergoes constant scrutiny from independent security researchers, and consistently delivers security patches within days of Google’s monthly releases. That’s what real privacy engineering looks like.

The Erik Prince Factor

Let’s address the elephant in the room: does it matter who founded the company?

Yes. Unequivocally, yes.

Erik Prince founded Blackwater (later renamed Xe Services, then Academi) in 1997. Under his leadership, the company became the largest private military contractor for the U.S. State Department, securing government contracts from 2001 to 2009. Blackwater’s history includes:

  • The 2007 Nisour Square massacre in Baghdad, where Blackwater contractors killed 17 Iraqi civilians and injured 20. Four guards were convicted of murder and manslaughter (though they were later pardoned in 2020).
  • A $49.5 million settlement in 2012 to resolve charges of arms trafficking violations.
  • An FBI investigation in 2020 into additional arms trafficking violations.
  • Documented instances of threatening U.S. government investigators examining the company’s conduct.

Prince has been a figure in the private military and intelligence world for decades. He has proposed privatizing the war in Afghanistan with mercenaries, modeled on the British East India Company. He has been linked to surveillance operations and intelligence gathering across multiple continents.

This background matters for a simple reason: privacy is fundamentally a trust relationship. When you buy a privacy phone, you are trusting the manufacturer with your most sensitive data, your communications, your location, and your digital life. The founder of one of history’s most controversial private military and surveillance contractors is asking you to hand him that trust — while keeping the source code closed so you can’t verify anything.

Unplugged appears to be aware that Prince’s involvement is a liability. As How-To Geek noted, the company’s website doesn’t mention him anywhere, though he “still actively promotes the phone on his podcast and in media appearances.”

The Surveillance Industry Connections Run Deeper

It’s not just Prince. MIT Technology Review reported that Unplugged’s day-to-day technology operations have been run by Eran Karpen, a former employee of CommuniTake — the Israeli startup that gave rise to the NSO Group, creators of the infamous Pegasus spyware used by governments worldwide to surveil journalists, activists, and political dissidents.

At CommuniTake, Karpen built the IntactPhone, marketed as a “military-grade mobile device.” He is also a veteran of Israel’s Unit 8200, the signals intelligence and cyber espionage division that is the country’s equivalent of the NSA.

So the UP Phone’s technology leadership includes someone with direct ties to the firm behind the most notorious commercial spyware in history, overseen by the founder of the world’s most infamous private military company. And they’re asking you to trust their closed-source code with your privacy.

As one Reddit user on r/PrivacyGuides put it: “Somehow the guy who invented Pegasus malware who is serving as UP Phone’s CTO suddenly had a change of heart and wants to protect your data.”

The Marketing: Bold Claims, Thin Evidence

Unplugged’s marketing history reveals a pattern of extraordinary claims that experts have consistently debunked.

In early investor pitch decks obtained by MIT Technology Review, Prince claimed the UP Phone was “impenetrable” to surveillance, with a messenger service that was “impossible to intercept or decrypt.” The company marketed “government-grade encryption” — a term that, as the company later admitted, “doesn’t resonate well with our community.” (It’s also meaningless: governments use the same standard encryption as everyone else.)

The pitch deck also described plans for server farms “on a vessel” in an “undisclosed location on international waters, connected via satellite to Elon Musk’s StarLink.” An Unplugged spokesperson told MIT Technology Review that “they benefit in having servers not be subject to any governmental law.”

Perhaps most remarkably, in November 2023, Prince claimed on his podcast that if Israelis had been using Unplugged phones, many casualties from the October 7 Hamas attack could have been prevented. As The Intercept reported, mobile security experts flatly rejected this claim. Allan Liska of Recorded Future explained: “Mobile geolocation is based on tower data triangulation and there is no level of operating system security that can bypass that.” Privacy researcher Zach Edwards added that the features Unplugged touts “can be replicated on most phones just by tinkering with settings.”

Unplugged has since walked back its most extreme claims, but the pattern reveals a company willing to exploit fear to sell a product — including invoking a terrorist attack to market a phone.

What Security Researchers Actually Say

The consensus among security researchers is damning:

  • GrapheneOS, the most respected privacy-focused mobile OS project, has labeled the UP Phone “a clear-cut scam,” stating it “lags significantly behind on security patches, lacks fundamental security features, and is far worse than using an iPhone.”

  • David Richardson (Lookout): No device is impenetrable. Maintaining a unique Android fork requires resources that few companies outside tech giants can provide.

  • Allan Liska (Recorded Future): “When I worked in US intelligence, we penetrated a number of phone companies overseas. We could easily track people based on where they connected to the towers. So when you talk about being impenetrable, that’s wrong.”

  • Nicholas Weaver (International Computer Science Institute): “If I need a really secure device it is going to be an iPhone, running Signal, with Lockdown Mode enabled and all cloud synchronization disabled.”

  • Christoph Hebeisen (Lookout): “Smaller companies are unlikely to match the scale of the development and security teams larger players such as Google or Samsung have at their disposal, and as such, discovery and fixing of vulnerabilities can be slower.”

Not a single independent security researcher we found in our research has endorsed the UP Phone.

Price vs. Value: The Numbers Don’t Lie

Let’s lay out the comparison plainly:

UP PhonePixel 9 + GrapheneOS
Price$989 + $130/year subscription~$799 (or less on sale), no subscription
ChipsetMediaTek Dimensity 1200 (2021)Google Tensor G4 (2024)
OSClosed-source LibertOS/UnpluggedOSOpen-source GrapheneOS
Security patchesUnknown cadence, questionable timelinessWithin days of Google’s monthly releases
Source codeProprietary, unauditableFully open, publicly auditable
Security endorsementsNone from independent researchersWidely recommended by privacy and security experts
Firmware supportAging chipset, unclear support timeline7 years of updates from Google
Verified bootUnknownFull verified boot chain

For roughly the same money — or significantly less — you get a modern device with a transparent, independently verified operating system, current security patches, and years of guaranteed support.

If budget is a factor, a Pixel 8a or even a used Pixel 8 with GrapheneOS will provide dramatically better privacy and security than the UP Phone at a fraction of the cost.

Our Verdict: Avoid

We do not recommend the Unplugged UP Phone. Our reasoning is straightforward:

  1. The hardware is outdated and represents a genuine security liability, not just poor value.
  2. The operating system is closed-source, making every privacy claim unverifiable.
  3. The leadership includes the founder of a notorious military contractor and a technology executive with ties to the company behind Pegasus spyware.
  4. No independent security researcher has endorsed the product.
  5. The price is unjustifiable when superior, transparent alternatives exist.
  6. The marketing history includes debunked claims, impossible promises, and exploitation of tragedy.

This isn’t a close call. The UP Phone asks you to pay a premium price for outdated hardware, trust a closed-source operating system with your most sensitive data, and place your faith in people whose professional histories are defined by military contracting, surveillance, and weapons trafficking.

Privacy is too important to take on faith. It must be verifiable. The UP Phone offers no way to verify anything.

What to Buy Instead

If you’re serious about mobile privacy, the path is well-established:

  1. Buy a supported Google Pixel (Pixel 8 or newer for the best security features)
  2. Install GrapheneOS — it’s free, open-source, and installation takes about 15 minutes via their web installer
  3. Use Signal for encrypted messaging
  4. Use a trustworthy VPN like Mullvad or IVPN

For a comprehensive breakdown of your options, from budget picks to maximum security, see our Privacy Phone Hierarchy guide, where we rank every approach from stock iOS tweaks to fully hardened GrapheneOS setups.

Your privacy deserves transparency, not marketing. Choose accordingly.