[Tre Lawrence]

REALLY? Unless it's a pay app and even some of those are sketchy. Have you used android and android apps? Because if you have, then why would you make a false statement like that and the other false statements in the rest of that post.

It's accurate.

[joeldf]

It's accurate.

I don't know. There is a history to that thought. There are plenty of lazy android app developers who don't really pay much attention to the permissions they let the app ask for. Many apps ask for permission to access everything by default (really lazy developers), but actually access very little.

The more conscientious developers do tend to limit things to just what they need to run. Some have learned over time such that an update might sometimes actually state that certain permission requests were removed "because it really wasn't needed"

Posted via CB10

[DenverRalphy]

I don't know. There is a history to that thought. There are plenty of lazy android app developers who don't really pay much attention to the permissions they let the app ask for. Many apps ask for permission to access everything by default (really lazy developers), but actually access very little.

The more conscientious developers do tend to limit things to just what they need to run. Some have learned over time such that an update might sometimes actually state that certain permission requests were removed "because it really wasn't needed"

The permissions don't just pop in by default. The developers have to make a conscious decision to put each of the permission requirements into the app. There's no "give me all permissions" option.

[joeldf]

The permissions don't just pop in by default. The developers have to make a conscious decision to put each of the permission requirements into the app. There's no "give me all permissions" option.

Then I may have miss-read something to that effect several years back. I thought that some android toolkits had that option at the time - back in the Ice Cream Sandwich days. It sure seemed like many apps asked for pretty much everything under the sun with no reason for half of them. Today, there does seem to be much less of that old shot-gun approach.

Posted via CB10

[dejanh]

The permissions don't just pop in by default. The developers have to make a conscious decision to put each of the permission requirements into the app. There's no "give me all permissions" option.

The entire approach that Google took to permissions is wrong. They left the control of the permissions fully to the developers, a large percentage of who either don't care, are lazy, or lack knowledge on what permissions they actually need. They are supposed to be correcting this in Android M, letting the developers decide what permissions they think that they need and transferring the responsibility back to the user to actually decide which permissions to give to the app. This is in line with what iOS and BlackBerry 10 do and will make Android a lot more palatable.

[Cynycl]

The entire approach that Google took to permissions is wrong. They left the control of the permissions fully to the developers, a large percentage of who either don't care, are lazy, or lack knowledge on what permissions they actually need. They are supposed to be correcting this in Android M, letting the developers decide what permissions they think that they need and transferring the responsibility back to the user to actually decide which permissions to give to the app. This is in line with what iOS and BlackBerry 10 do and will make Android a lot more palatable.

I think most if not all people would agree with you. I am seriously hoping that BBRY does do something to make android more secure and force every other device maker to do the same as well as put pressure on Google to do more to move choice to the end user and away from the developers. At the very least it will make devs spell out the basis of their permission requirements in great detail like the best devs already are doing.

Knowledge is better than simple choice

[chickenman18]

How about everyone take a deep breath, calm down and wait and see what gets launched when BlackBerry feels the time is right? Debating issues that may or may not exist makes for great drama, but little substance.

Posted via the CrackBerry App for Android

[Dunt Dunt Dunt]

How about everyone take a deep breath, calm down and wait and see what gets launched when BlackBerry feels the time is right? Debating issues that may or may not exist makes for great drama, but little substance.

Posted via the CrackBerry App for Android

Where is the fun in that?

And at this point, I think more points to Android being the OS for BlackBerry than BB10.

[Ecm]

How about everyone take a deep breath, calm down and wait and see what gets launched when BlackBerry feels the time is right? Debating issues that may or may not exist makes for great drama, but little substance.

Posted via the CrackBerry App for Android

[WARN]
Let's make it official. If "we" can't wait for official news about what's happening, let's at least take a step back and skip the personal comments. Keep it civil.[/WARN]

[BCITMike]

Sharing of all kinds is a feature in Android that trumps all other platforms IMO.

An app cannot share with a contact or write to internal storage or access location data, ect... without notification of this ability and permission to do so.

There are countless perfectly legitimate reasons for apps to access your contacts with permission in very specific instances evoked by the user.

I get it... People don't read.
People go to shady websites download all manner of malware.
People speed click through permission
People allow additional junk software to install on their devices after getting a pop up from some ad.

But... It asked if you wanted to install Super PC Andro-Mega Booster™
Why did they accept?
It asked you if you wanted to download
WHY?

People will install calendar apps with in app purchases, or wallpapers that need access to contacts... WTF

I treat my Android Phone like my Windows PC...

No scuzzy websites with illegal NBA streams. No PC driver programs or free flash games. I use adblocking, VPN services, common sense...

The Android FUD is overblown.

It's funny... It's almost as if more security/ privacy focused consumers might be more attracted to Android due to the system level security enhancements that can be implemented independent of device carrier and manufacturer.

!

Wait, wut? I'm not up on the latest Android security, but there have been a few times where apps can leech data from other apps without your knowledge. BB10 has the best sandboxing and sharing framework, AFAIK.

These aren't even the ones I'm thinking of, I'm supposed to be doing work stuff and don't have time to use google-fu.

https://bluebox.com/technical/androi...vulnerability/
https://threatpost.com/details-surfa...-in-ios/114365

[anon(9353145)]

The permissions don't just pop in by default. The developers have to make a conscious decision to put each of the permission requirements into the app. There's no "give me all permissions" option.

I think that's true of the majority of devs, certainly the ones for the big name apps. But there are a few more unscrupulous people that will try to take advantage (like the kid who wrote the fake paid Anti-virus app that was #1 on Google Play for weeks, or some of the flashlight devs who ask for everything)...

Anyway, it's nothing but good that they're including it in Marshmallow, even if it is somewhat hidden. Android users who pay attention to the permissions and care about these things will now have the ability to selectively turn off permissions that they feel an app doesn't need. And if it breaks the app, then so be it, that's between the individual and/or the dev. I think it will make for a better curated Play Store in the end.

Good fences make good neighbours, lol.

[crackbrry fan]

I think that's true of the majority of devs, certainly the ones for the big name apps. But there are a few more unscrupulous people that will try to take advantage (like the kid who wrote the fake paid Anti-virus app that was #1 on Google Play for weeks, or some of the flashlight devs who ask for everything)...

Anyway, it's nothing but good that they're including it in Marshmallow, even if it is somewhat hidden. Android users who pay attention to the permissions and care about these things will now have the ability to selectively turn off permissions that they feel an app doesn't need. And if it breaks the app, then so be it, that's between the individual and/or the dev. I think it will make for a better curated Play Store in the end.

Good fences make good neighbours, lol.

I have to LOL. The new Android M will "allow" you to control the "Permissions" this after years millions of users have had all their data already stored in Databases over the years. Kind of like closing the barn doors after the horses have bolted.

Posted via CB10

[anon(9353145)]

I have to LOL. The new Android M will "allow" you to control the "Permissions" this after years millions of users have had all their data already stored in Databases over the years. Kind of like closing the barn doors after the horses have bolted.

Posted via CB10

But that would apply to more than just Android (and mobile), no? Think about retail and loyalty cards, credit / debit card purchases, etc. If you're talking about aggregating data, that's a whole other can of worms that's much bigger (and probably a separate thread).

Point being, they're adding it to M. I agree though, long overdue.

[Kurdis Blough]

Wait, wut? I'm not up on the latest Android security, but there have been a few times where apps can leech data from other apps without your knowledge. BB10 has the best sandboxing and sharing framework, AFAIK.

These aren't even the ones I'm thinking of, I'm supposed to be doing work stuff and don't have time to use google-fu.

https://bluebox.com/technical/androi...vulnerability/
https://threatpost.com/details-surfa...-in-ios/114365

Android article is over a year old but correct me if I'm wrong this vulnerability involves installing fraudulently signed apks from unofficial sources. You use blackmart/ aptoid/ ect... You asked for it.

I wasnt referring to IOS but that article seems to suggest a similar scenario.

!

[lift]

I have to LOL. The new Android M will "allow" you to control the "Permissions" this after years millions of users have had all their data already stored in Databases over the years. Kind of like closing the barn doors after the horses have bolted.

Posted via CB10

PERFECTLY written. Thank You.

[extisis]

I have to LOL. The new Android M will "allow" you to control the "Permissions" this after years millions of users have had all their data already stored in Databases over the years. Kind of like closing the barn doors after the horses have bolted.

Posted via CB10

hey Jasper-Ng, this.

[BCITMike]

Android article is over a year old but correct me if I'm wrong this vulnerability involves installing fraudulently signed apks from unofficial sources. You use blackmart/ aptoid/ ect... You asked for it.

I wasnt referring to IOS but that article seems to suggest a similar scenario.

!

Dates aside, I'm just going from memory over the years of sandbox exploits I hear about in the press. Not using an Android, it was merely an FYI exercise, but feel free to spend some time on it, you'll only find MORE exploits.

https://securityintelligence.com/new...ent-injection/

It's irrelevant if the user installed an app to make use of the exploit, the point is the exploit shouldn't happen in the first place. That is the point of a sandbox, to protect you from the malicious apps, however they may get on there. Otherwise, there is no point of having a sandbox, other than to add extra hassle for co-operating apps.

There are plenty of apps that get through to Play that are malicious: Certifi-gate flaw in Android remote support tool exploited by screen recording app | PCWorld

[Dunt Dunt Dunt]

Most of the Android issues I hear about... could be limited with proper Enterprise Policies. Policies that would need to control the WHOLE device and not just the "work" side. But then we don't know what BlackBerry is doing to secure Android.

What we do know, is that BB10 sales.... S U C K! And are still falling. So it really doesn't matter if Android isn't as secure as we would like it to be, the alternative isn't keeping BB10 going... it's slowly watching the company go out of business. Cause right now all those other wonderful potential IoT product aren't in a position yet to do anything for revenues or profits. Chen has to stop the negative cash burn from hardware and yet keep revenue up and provide something that well help BES sales to grow. And give himself time to allow growth in the new areas.

[lnichols]

What we do know, is that BB10 sales.... S U C K! And are still falling. So it really doesn't matter if Android isn't as secure as we would like it to be, the alternative isn't keeping BB10 going... it's slowly watching the company go out of business.

If you released a $449 Classic running Android, a $275 Leap running Android, and a $599 Passport running Android, sales would still suck!

Posted via Z30

[Dunt Dunt Dunt]

If you released a $449 Classic running Android, a $275 Leap running Android, and a $599 Passport running Android, sales would still suck!

Posted via Z30

I do think Android is something to build on. BB10 was dying, even before Chen pulled the plug on it, so no amount of marketing or carrier good will was going to improve sales. With Android things "could" change.

Now I ageee, the if BlackBerry is going to become another Andrid OEM.. they'll have a hard time competing in the Hardware/Price game. But that is why I think this is still just an Enterprise move... and one that might not be meant to win a war, but just delay the eventual surrender.

[lnichols]

I do think Android is something to build on. BB10 was dying, even before Chen pulled the plug on it, so no amount of marketing or carrier good will was going to improve sales. With Android things "could" change.

Now I ageee, the if BlackBerry is going to become another Andrid OEM.. they'll have a hard time competing in the Hardware/Price game. But that is why I think this is still just an Enterprise move... and one that might not be meant to win a war, but just delay the eventual surrender.

It's a transition phone to prove they can deliver an Enterprise security experience on an OS they don't own. Once they either prove it, or fail miserably when the device gets hacked, the hardware is done. They will sale software for iOS and Android if successful, or fold all together if they fail. Me wanting only BB10 from BlackBerry, won't be buying a phone from them with another OS, or investing further in BB10 once they release a phone with another OS.

Posted via Z30

[Dunt Dunt Dunt]

It's a transition phone to prove they can deliver an Enterprise security experience on an OS they don't own. Once they either prove it, or fail miserably when the device gets hacked, the hardware is done. They will sale software for iOS and Android if successful, or fold all together if they fail. Me wanting only BB10 from BlackBerry, won't be buying a phone from them with another OS, or investing further in BB10 once they release a phone with another OS.

Posted via Z30

And Windows.... on the BlackBerry Experience page they also list good old Windows. But yeah I bet that is at the bottom of the list of things to do.

I have to wonder how much effort is going into the UI... if this is a planned one or two time hardware release and then let Android OEM take over. They wouldn't put too much effort into the UI, and would focus on the Experience Suites. If they put a lot of effort into the UI and securing Android in the background (somehow), then I think Chen "plans" to go forward with Android on hardware that BlackBerry sells.

But I honestly think yet again... too late. Really think Enterprise has move past BlackBerry - as sales seem to support they have moved on to other devices and even EMMs. Sure they could come back, and maybe a more secure BlackBerry will bring them back. But if it takes a year for Enterprise and Governments to test and approve a move to a BlackBerry/Android device... will their still be a BlackBerry hardware department?

So it might depend on how many consumers and old BlackBerry lovers there are out there that will give the SLIDER and other DroidBerry devices a try. And that will come down to Pricing and Performance.... and a lot of marketing.

Chen has opened a new door that does have potential. And in a way, created a excuse for the next few quarters to be negative as they will be in a "transition phase".... yet again.

[KingOfQwerty]

And Windows.... on the BlackBerry Experience page they also list good old Windows. But yeah I bet that is at the bottom of the list of things to do.

I have to wonder how much effort is going into the UI... if this is a planned one or two time hardware release and then let Android OEM take over. They wouldn't put too much effort into the UI, and would focus on the Experience Suites. If they put a lot of effort into the UI and securing Android in the background (somehow), then I think Chen "plans" to go forward with Android on hardware that BlackBerry sells.

But I honestly think yet again... too late. Really think Enterprise has move past BlackBerry - as sales seem to support they have moved on to other devices and even EMMs. Sure they could come back, and maybe a more secure BlackBerry will bring them back. But if it takes a year for Enterprise and Governments to test and approve a move to a BlackBerry/Android device... will their still be a BlackBerry hardware department?

So it might depend on how many consumers and old BlackBerry lovers there are out there that will give the SLIDER and other DroidBerry devices a try. And that will come down to Pricing and Performance.... and a lot of marketing.

Chen has opened a new door that does have potential. And in a way, created a excuse for the next few quarters to be negative as they will be in a "transition phase".... yet again.

You are right. Nothing is magic. BBRY has to work hard even to make a quick buck for 4/6 quarters. And they could have done the same thing on BB10 also (except apps).

Its absolutely smoke and mirrors.