- I found this interesting.
Web Security Analysis of 12 BlackBerry 10 Applications | FileArchiveHaven
A very good read on some apps which have good and bad Security. Also goes into why they are secure or not secure.
Thanks to the !Geeks United BBM channel for the link.
C00122408
Posted via CB1002-09-15 06:51 AMLike 13 -
- A lot of "Apps For" on this list... which is the same for most any platform, and one of the big reason that many today avoid "Apps For Apps". Thankfully we at least have the unofficially options for getting many of the original apps so we don't have to use these.02-09-15 08:27 AMLike 0
- Bla1zeCB OGActually, the App for Apps, are likely among the safest because they're all just app generator apps lol. Of course, they're utterly useless but they're safer than pretty much anything else as you know it's just going to some stupid blog site anyway. The 'developers' (using the term loosely) behind those can't inject any outside code really.02-09-15 08:28 AMLike 0
- I'm more interested on the difference between iGrann and Insta10
How come iGrann could perform IG stuff internally almost cleanly compared to Insta10? Is it because the former doesn't use any form of spoofing (it can directly utilize IG API's??) or third party advertisements whatsoever (making it effectively funded by actually buying the app?).
While Insta10 basically uses a remote server to spoof say... an iOS or an Android client plus it uses third party advertisements as a source of funds? Though I would appreciate Nem has control over the connection between client and the AWS server to be at least encrypted and scrambled and then the connection sent to IG servers for handshake from the said server at least follows IG's security standards.
I mean sure third party apps and all but at least the backend should tighten up a bit. We don't want to hear stories of snooping data within transits.I just find iGrann "cleaner" and it does the same job... just sayingAnilu7 likes this.02-09-15 08:43 AMLike 1 - Actually, the App for Apps, are likely among the safest because they're all just app generator apps lol. Of course, they're utterly useless but they're safer than pretty much anything else as you know it's just going to some stupid blog site anyway. The 'developers' (using the term loosely) behind those can't inject any outside code really.
For me all this means just developers being more open and transparent about their apps..
Check Out TechCraze02-09-15 08:44 AMLike 2 - I'm more interested on the difference between iGrann and Insta10
How come iGrann could perform IG stuff internally almost cleanly compared to Insta10? Is it because the former doesn't use any form of spoofing (it can directly utilize IG API's??) or third party advertisements whatsoever (making it effectively funded by actually buying the app?).
While Insta10 basically uses a remote server to spoof say... an iOS or an Android client plus it uses third party advertisements as a source of funds? Though I would appreciate Nem has control over the connection between client and the AWS server to be at least encrypted and scrambled and then the connection sent to IG servers for handshake from the said server at least follows IG's security standards.
I mean sure third party apps and all but at least the backend should tighten up a bit. We don't want to hear stories of snooping data within transits.I just find iGrann "cleaner" and it does the same job... just saying
Posted via CB1002-09-15 08:46 AMLike 0 -
Check Out TechCraze02-09-15 08:48 AMLike 0 - I don't think that user meant apps that are named 'apps for' I think he was referring to the fact that some of the apps listed in the article are third party apps ( the original meaning of 'apps for xxxx') however I don't think this article speaks against third party apps in general, it's just highlighting that as users (and in particular BlackBerry users) we need to be aware of exactly what apps are doing with the data we freely give them, as the article states, there are legitimate uses, and less so... what we don't want is a developer taking advantage of the lack of a native app and not just charging users for its use, but then going on to data mine (not referring to any in particular'
For me all this means just developers being more open and transparent about their apps..
Check Out TechCraze
Basically I think we all have to understand that our DATA is very valuable to to developers and advertisers, so we have to be careful of what apps we use.... and this requires that we trust where the apps are distributed from (3rd party apps stores, random download from some fourm, or official app store) and who the developer of the App is (big company with a lot of eyes on it or a small unknown developer).02-09-15 08:54 AMLike 2 - Bla1zeCB OGI don't think that user meant apps that are named 'apps for' I think he was referring to the fact that some of the apps listed in the article are third party apps ( the original meaning of 'apps for xxxx') however I don't think this article speaks against third party apps in general, it's just highlighting that as users (and in particular BlackBerry users) we need to be aware of exactly what apps are doing with the data we freely give them, as the article states, there are legitimate uses, and less so... what we don't want is a developer taking advantage of the lack of a native app and not just charging users for its use, but then going on to data mine (not referring to any in particular'
For me all this means just developers being more open and transparent about their apps..
Check Out TechCraze
Word. I gotcha. Sorry for the confusion Scalemaster.tinochiko likes this.02-09-15 08:55 AMLike 1 - Bla1zeCB OGEdit #2: I’ve been asked about the actual logs. Tomorrow I will cleanup the fiddler logs (no private data for you hack types) and release the logs in the morning. The source code and decompiled binaries I can’t share obviously, you are on your own to get those. But I’ll do up a little article with it so that anyone can see what data is being sent just by using a simple proxy like Fiddler. I’ll also share some of the http strings being assembled by the Kelly class and why this one server poses a huge risk to users.
^^ Waiting for this.LazyEvul and anon(4086706) like this.02-09-15 08:56 AMLike 2 -
- My Response to the (Web Security Analysis Of 12 BlackBerry 10 Applications) article
Nemory Studios: Response - Web Security Analysis Of 12 BlackBerry 10 Applications02-09-15 09:19 AMLike 2 - My Response to the (Web Security Analysis Of 12 BlackBerry 10 Applications) article
Nemory Studios: Response - Web Security Analysis Of 12 BlackBerry 10 Applications
But saying it's BlackBerry's fault or Snap Chat's fault doesn't change the fact that your Apps are getting poor ratings by a Security Analysis and that users data is vulnerable. Heck the original apps might not be rated all that high if they were on the platform, but they aren't.
But we all have to understand that developers have to make money... nothing is really free.02-09-15 09:32 AMLike 2 - IMHO if the actual connections themselves are not HTTPS then it's probably really that messed up on the part of the SDK's. Though there must be something that could be encapsulated and encrypted to make the design a bit more sensible.
Also, since this got out, might as well tell potential users that you are collecting data for Ads as a disclaimer (somehow you have to make a living). Of course paid users shouldn't be collected in the first place
Don't take this badly though but I'm sure some guys here are pretty edgy regarding being spied on and whatnot. People would be kinder if transparency is involved.02-09-15 09:32 AMLike 0 - Lol... why didn't they just title it: don't use Nemory Studios apps?
Kinda shady to pull ads and run them in the background though. That alone sets a pretty high level of suspicion for the rest of the app calls.
Posted via CB10CarbonKevin likes this.02-09-15 09:34 AMLike 1 -
BlackBerry advertised it, created a webcast for us, recommended it to use it.
And it's not only my apps uses it. there are thousands.
Also flurry02-09-15 09:47 AMLike 0 -
Hope you can clear it all up and can continue to work on apps. All part of a learning process I suppose.
Posted via CB10Gatmyer likes this.02-09-15 09:50 AMLike 1 -
Posted this before but here we go again.
Bb10 permission control doesn't have any user prompts etc for INTERNET.
I've been saying since the playbook, native bb10 apps are only as safe as the developer. Stealing information is easy for bb10 developers and even android developers now on bb10.
Bbos Internet permission could be set to prompt on every connection (you could set rules to what websites it could connect to)
None of these issues would be issues if users knew what connections were being made.
On first run on the app, Bbos would have told me that the app is trying to make http connections to servers I don't recognize.. and I wouldn't have granted the permission.
Edit: my post is a about BlackBerry, not nem or any other developer.
PassportSQW100-1/10.3.1.224302-09-15 09:56 AMLike 4 - Can you clarify what you just posted? Are you acknowledging that you are running ads in the background of your apps and are claiming that is how it is supposed to work because BlackBerry suggested the ad service?02-09-15 09:59 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 Apps
3rd Party BlackBerry App Security (Article)
« Aye - Multi-platform polling app new Update
|
Rainbow - Sync your data between cloud services LITE version »
Similar Threads
-
MeasureMe App New Promo Code
By Mohamed Abdelsalam in forum BlackBerry 10 AppsReplies: 28Last Post: 02-28-15, 01:48 AM -
My Q10 and TSA airport security.
By BB Adict in forum General BlackBerry News, Discussion & RumorsReplies: 36Last Post: 02-22-15, 01:41 PM -
Latest Youtube App [Working]
By robertopne123 in forum More for your BlackBerry 10 Phone!Replies: 20Last Post: 02-16-15, 11:16 AM -
Why has my BlackBerry Bold 9650 suddenly stopped ringing?
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 02-09-15, 06:25 PM -
ShopBlackBerry drops pricing on the BlackBerry Z30
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 0Last Post: 02-09-15, 01:22 PM
LINK TO POST COPIED TO CLIPBOARD