Reviewing the Security Ambiguities of the Iranian Daria Bond Phone
Multiple points of security risk and lack of transparency in the supply chain of the “Bond 5G” phone model under the Iranian brand “Daria”


In recent years, the name of phones with Iranian brands has once again been heard in the mobile market; products that, in official advertising, are sometimes presented as a sign of “domestic capability” and sometimes tied to the older idea of a “national phone” and a “national operating system.” This idea, of course, is not new. In past decades as well, there were attempts to produce an Iranian phone, and multiple projects were introduced under the label of a native or national operating system; projects that often either never reached the real market, or were pushed out of the consumer cycle after a while.
But several factors have brought this issue back to life: the sharp increase in the exchange rate and the growing difficulty of accessing foreign phones, the Islamic Republic’s effort to reduce dependence on foreign supply chains, and the desire to imitate models similar to China in managing the internet, data, and connected devices.
This is exactly where users’ main concern begins. The debate over an Iranian phone or a national operating system is not just about build quality, price, camera, or processing power. The more important question is how much such a device respects user privacy, what data it collects, who controls its software, where updates come from, and, ultimately, what network of institutions, companies, and telecommunications systems the device connects to.
The RaazNet research team, in cooperation with 7ASecurity, has reviewed the Daria Bond 5G phone from the perspective of supply chain risks, production origin, software transparency, customized operating system, distribution path, and the potential possibilities of surveillance and manipulation. This assessment was carried out using a black-box method; meaning that the technical team had access to one sample of the device, but did not have access to internal documentation, source code, the production process, firmware signing keys, or official access to the companies involved. The result of this preliminary review, conducted within a limited timeframe and with the aim of identifying signs of risk for Iranian users, is presented in the report below.
Download report: Daria Hamrah Report
This report does not show definitive infection or proven spying by this phone; but it lays out a chain of technical, corporate, telecommunications, and regulatory ambiguities that can be concerning for ordinary users and, for high-risk users, from journalists to civil activists and human rights defenders, could turn into a serious risk.
What do we know about the features of the Iranian Daria Bond phone?
Daria Bond 5G is the first smartphone by the Iranian brand “Daria Hamrah,” which entered the market in mid-1402 with claims of domestic design and outsourced production in China. This phone belongs to the mid-range category and is offered with a MediaTek Dimensity 7050 chipset, 8 GB of RAM, 256 GB of internal storage, a 6.78-inch curved Super AMOLED display with a 120 Hz refresh rate, a 4,700 mAh battery, and 66 W fast charging. Its main camera is 50 megapixels, accompanied by an 8-megapixel ultra-wide camera, a 2-megapixel macro camera, and a 16-megapixel selfie camera.
Daria Bond is shipped with the proprietary DariaOS operating system, based on Android, and one of its advertising pillars is connection to a Web3 ecosystem, an internal wallet, rewarding user activity, and offering dedicated cloud storage. On the surface, this product tries to position itself against mid-range phones such as Samsung’s A series and Xiaomi’s Redmi series through its high-quality display, glass design, and 5G support; but this very combination of hardware, customized operating system, cloud services, and scoring ecosystem raises important questions about the chain of trust and user privacy.
Is Daria Bond trustworthy?
In its official advertising, Daria Bond is introduced as a mid-range phone with a modern appearance and competitive specifications. But the main issue is not the display quality, the charging speed, or even the simple question of whether malware can easily penetrate this phone’s operating system or not. The more important question lies elsewhere: is the chain through which this phone passes trustworthy for an Iranian user, especially a high-risk user?
The answer from 7ASecurity’s investigation is cautious. The review conducted does not show definitive infection, active spyware, or proven manipulation on the Daria Bond phone. But the same report places a set of ambiguities and risks next to each other that cannot be ignored:
Physical production in China by a manufacturer whose name and structure are not clear.
A customized operating system and software ecosystem controlled by a company based in the United Arab Emirates.
Distribution in Iran through actors that operate within the Islamic Republic’s regulatory and telecommunications environment.
Use of the phone on a network where registry systems, SIM card authentication, lawful interception, and communication control systems are part of the everyday architecture.
In the Islamic Republic of Iran, where digital identity, SIM cards, device identifiers, and network access are linked together across different systems, this chain of trust becomes even more important.
When the production and software chain of a device is not transparent, every stage of this path can become a point of question. This question does not necessarily mean proof of abuse. But for a journalist, civil activist, lawyer, human rights defender, or any user who may be targeted by the Islamic Republic’s security agencies, lack of transparency is itself an operational risk.
What do the research findings on Daria Bond say?
The 7ASecurity investigation was conducted on one Daria Bond phone sample with the identifier Daria Bond DM-B50104. The method was black-box; meaning the technical team had access to one device, but did not have access to internal documentation, source code, the production process, signing keys, test users, or official access to the companies involved. The report itself states that the time allocated to the review was only 2.5 working days; a very short time for a full audit of a smartphone supply chain.
The findings of this investigation have four different confidence levels: proven finding, visible finding but unproven at runtime, assumption based on concerning indicators, and unknown status. Many of the main areas of the investigation fall into the level of “assumption based on indicators.” Put more simply, the report does not say that the danger has definitely happened; it says there are points that, without further access, cannot be fully verified, and this condition matters for the threat model of high-risk users.
One of the first points of ambiguity is the physical production of the phone. According to the report, Daria Bond phones are apparently made in China by an original design manufacturer, or ODM, but the name of this manufacturer, its ownership structure, and its security controls are not publicly clear. The problem is not simply production in China. Many reputable global brands also carry out part of their production in China. The issue is that, in the case of Daria Bond, the identity of the main manufacturer and the oversight mechanisms over the production line are not transparent.
This ambiguity makes risk assessment difficult. Without knowing the manufacturer, it is not possible to judge accurately the likelihood of low-level changes in firmware, security weaknesses caused by the production process, quality control, or the possibility of supply chain manipulation. The report does not present evidence of a hardware implant. The lack of transparency removes the possibility of independent verification. In supply chain security, this information gap can be as serious as a technical vulnerability.
The next layer is software. Daria Bond uses a customized Android-based operating system introduced under the name DariaOS, and its development and control are attributed to the Multi Ways ecosystem. On the surface, this is not unusual. Many phone manufacturers build their own customized version on top of Android. But trust in this layer depends on the transparency of the build process, independent auditing, the security of signing keys, the update release path, and clarity about default components.
In today’s phones, risk does not appear only in the form of an unknown application. The customized operating system layer, cloud services, default applications, system permissions, the remote update channel, and firmware signing keys are all part of the chain of trust. If these layers cannot be audited, the user cannot know what is running on the device, what data is being collected, what service connects to what server, and who has the ability to change the device’s software.
The report, in its initial review, did not find an immediate sign of malicious activity. But this statement must be read precisely. The absence of an immediate sign is different from proving that the device is clean. When full firmware extraction, deep bootloader review, long-term network traffic analysis, and full examination of the update mechanism have not been carried out, the cautious conclusion is only that, within the limited scope of the review, no definitive evidence of infection was observed.
The more serious risk appears when the phone enters Iran and the Islamic Republic’s telecommunications network. The report considers domestic distribution in Iran to be one of the high-risk stages of the chain. Irancell, as one of the sales channels for Daria Bond, is not just an ordinary seller; it is an operator that operates in the Islamic Republic’s legal and technical environment, whose shareholder includes enterprises controlled by institutions under the authority of the Islamic Republic’s leadership, and whose network, like the country’s other major operators, is subject to regulatory requirements, identity verification, data retention, and responses to official requests.
In such an environment, even if the device itself has not been manipulated, surveillance can happen at the network level. The operator can access communication metadata, approximate location, SIM card identifier, device identifier, and connection patterns. Systems such as Shahkar, Hamta, and SIAM also turn this link between the individual, SIM card, device, and network into part of the architecture of communication control. Here, the phone is not just a personal device; it is a component connected to an identity and telecommunications network.
What is the risk of using Iranian brands?
Over the past years, the Islamic Republic of Iran has tried to connect citizens’ digital communications to their real identities through different paths: national ID numbers, mobile numbers, device identifiers, user accounts, public service systems, and telecommunications infrastructure. When a phone enters this environment through an official route, the security question is not only whether there is malware on the device’s storage or not. The question is how this device is activated in a network that has already been designed for tracking, control, and legal or quasi-legal access to data.
The 7ASecurity report also maps out the possible manipulation chain step by step: production at the ODM, transfer to the UAE or Iran, software and ecosystem customization, domestic distribution, sale, after-sales service, and later updates. In such a chain, trust must be maintained at every stage.
Among these stages, software customization has a special position. If an actor can make changes at the operating system layer, in default applications, or in cloud services, there is no need to physically manipulate phones. Software control can take place through seemingly ordinary paths, such as updates, service activation, system permissions, or connection to a user account. The report does not prove this possibility, but it shows that without independent auditing, it cannot be ruled out.
For an ordinary user, this situation is at least a serious privacy concern. A citizen who uses a phone for calls, messaging, payments, photos, location, and access to government or private services effectively entrusts a large part of their digital life to the device. If the trust mechanisms in this device are not transparent, making an informed choice becomes difficult.
But for high-risk users, this issue reaches another level. A journalist who is in contact with a confidential source, a civil activist who faces summons or arrest, a lawyer working on security cases, or a human rights defender who stores information about victims cannot rely only on the absence of definitive proof of infection. At this level of risk, the security standard is stricter. The device must be trustworthy, not merely not yet accused.
Conclusion on Daria Bond’s security
The practical conclusion of the report should be read as cautious but serious. This report does not close the Daria Bond case. On the contrary, it provides a roadmap for the next investigation: full firmware extraction, deep operating system analysis, review of update channels, network traffic analysis over a longer period, legal and corporate verification of the ownership chain, and independent review of default applications and services. Until these steps are completed, no definitive judgment can be made about the full security of the device.
At the same time, the absence of definitive evidence of infection should not be mistakenly read as proof of the absence of infection. These two statements are different. The current report says that in the limited review conducted, infection was not proven. But at the same time, it says that the supply chain, software, distribution, and telecommunications environment of this phone are full of points that need clarification and independent auditing.
Daria Bond is an example of a larger issue that is becoming more serious every day in the Islamic Republic of Iran: the transformation of consumer devices, SIM cards, operators, registry systems, and digital services into components of a single architecture of identity and surveillance. In such an architecture, phone security cannot be separated from internet policy, telecommunications infrastructure, lawmaking, intermediary companies, and the supply chain.
For a high-risk user, the standard for choosing a phone should not be only price, camera, storage, or appearance. The main question should be: who built this device, who signs its software, where do the updates come from, what data leaves the device, under what requirements do the seller and operator work, and has any independent institution reviewed this chain or not?