1. muhammri's Avatar
    Say there's vulnerability on android application, is the bb10 device installing the application having same risk like android os or it's not?
    Mind to elaborate more.

    Thanks

    Blackberry Passport
    01-04-20 11:49 PM
  2. app_Developer's Avatar
    Almost every security vulnerability that I’ve seen or heard of in an android app would also exist if you ran that app on BB10.

    Further, a BB10 user may not always be able to upgrade to the latest version of that app (which means you won’t have the latest security fixes) and the BB10 user may have had to download the app from a 3rd party App Store where the app could have been modified without the app developers knowledge. This situation is worse now that the Android env in BB10 has gotten so old.

    So in many cases I would argue the risk is actually higher. OS level exploits (which BB10 guards against) are actually not nearly as common as app level exploits (which BB10 provides no actual protection against other than the logo which makes people feel better I guess)
    01-04-20 11:52 PM
  3. muhammri's Avatar
    Will current ART on bb10 post any risk?
    What if we didn't install any android apps on bb10?
    Will bb10 such as passport and classic still the most secure device as what Chen stated in Dec 2018 during Toronto Global Forum?

    Blackberry Passport
    01-05-20 04:39 AM
  4. Thud Hardsmack's Avatar
    Will current ART on bb10 post any risk?
    What if we didn't install any android apps on bb10?
    Will bb10 such as passport and classic still the most secure device as what Chen stated in Dec 2018 during Toronto Global Forum?

    Blackberry Passport
    They may have been 7 years ago, but not today.
    01-05-20 05:29 AM
  5. rsrocha's Avatar
    Android apps run in a contained sandbox inside bb10. The android runtime has some access to your bb10 data like contacts, pictures and other only IF you grant permission to do so.

    But in general yes, the Classic and the Passport are one of the most secure devices because not running a lot of apps on them limits the security threat. Even the android layer is very well secured because as i said it runs in a secure sandbox.

    Posted via CB10
    01-05-20 05:44 AM
  6. Thud Hardsmack's Avatar
    Android apps run in a contained sandbox inside bb10. The android runtime has some access to your bb10 data like contacts, pictures and other only IF you grant permission to do so.

    But in general yes, the Classic and the Passport are one of the most secure devices because not running a lot of apps on them limits the security threat. Even the android layer is very well secured because as i said it runs in a secure sandbox.

    Posted via CB10
    A sandbox with full read access to data and no permission control without jumping through many hoops in an OS that isn't getting updates is not terribly secure.
    Mecca EL likes this.
    01-05-20 06:27 AM
  7. app_Developer's Avatar
    Android apps run in a contained sandbox inside bb10. The android runtime has some access to your bb10 data like contacts, pictures and other only IF you grant permission to do so.

    But in general yes, the Classic and the Passport are one of the most secure devices because not running a lot of apps on them limits the security threat. Even the android layer is very well secured because as i said it runs in a secure sandbox.

    Posted via CB10
    Well, sandboxes only provide protection against certain attacks. There are other exploits which work perfectly fine even within a sandbox.

    It’s also unrealistic to expect users to deny all privileges to Android apps when they install. Denying all privileges makes most apps sort of useless and I’ve never seen a user deny internet access to his apps.

    So I think it is a mistake to rely on the sandbox as some sort of magic solution to all security issues. A security conscious user should avoid old apps (because vulnerabilities become known to a lot of people after discovery) and should avoid third party app stores (because I have seen many apps modified to steal credentials for example)

    Btw, credential stealing in a type of attack against which a sandbox provides no real protection. Against normal people (not super high value individuals) this is attack you see in the real world because you can harvest a bunch of credentials which you can then sort and sell.
    Thud Hardsmack and Mecca EL like this.
    01-05-20 09:39 AM
  8. Dunt Dunt Dunt's Avatar
    Well, sandboxes only provide protection against certain attacks. There are other exploits which work perfectly fine even within a sandbox.

    It’s also unrealistic to expect users to deny all privileges to Android apps when they install. Denying all privileges makes most apps sort of useless and I’ve never seen a user deny internet access to his apps.

    So I think it is a mistake to rely on the sandbox as some sort of magic solution to all security issues. A security conscious user should avoid old apps (because vulnerabilities become known to a lot of people after discovery) and should avoid third party app stores (because I have seen many apps modified to steal credentials for example)

    Btw, credential stealing in a type of attack against which a sandbox provides no real protection. Against normal people (not super high value individuals) this is attack you see in the real world because you can harvest a bunch of credentials which you can then sort and sell.
    Avoid old apps and old operating systems.... If BB10 had remained in development, it would have gotten patches every few months as well.

    At this point BB10's main claim to security is it was never popular, so hackers should not bother. But then it did get used by a number of high risk targets - which makes me wonder what vulnerabilities might have been found but never released publicly.
    01-06-20 08:09 AM
  9. muhammri's Avatar
    Thanks all for the valuable input. Learn a lot from the response. Hope to see more input .
    As currently I still have kind like mind set bb10 is more secure than KEYone with last security updated in Apr'19 and some sort of feeling it still more secure than KEY2 which still receiving monthly security update.

    Not sure whether I did miss any, but post 10.3.3 version, thru my knowledge I didn't know any passport or classic devices has been hack to date. Neither heard about blackberry android as well.

    Blackberry Passport
    01-06-20 10:27 AM
  10. conite's Avatar
    Thanks all for the valuable input. Learn a lot from the response. Hope to see more input .
    As currently I still have kind like mind set bb10 is more secure than KEYone with last security updated in Apr'19 and some sort of feeling it still more secure than KEY2 which still receiving monthly security update.

    Not sure whether I did miss any, but post 10.3.3 version, thru my knowledge I didn't know any passport or classic devices has been hack to date. Neither heard about blackberry android as well.

    Blackberry Passport
    That's the point. It's not hacking that is the most worrisome threat - it's data harvesting from unscrupulous apps. BB10 doesn't protect you from that as well as a modern Android device.
    01-06-20 11:39 AM
  11. muhammri's Avatar
    Thank you @conite.

    Posted via CB10
    01-08-20 11:38 AM

Similar Threads

  1. Any good free printing app for os10 and Gdrive alternative?
    By Vasilios Patras in forum BlackBerry Classic
    Replies: 2
    Last Post: 01-09-20, 10:51 PM
  2. Android OS updates
    By CrackBerry Question in forum Ask a Question
    Replies: 17
    Last Post: 01-06-20, 06:06 AM
  3. Titan Android Passport clone is now released
    By JALUK in forum BlackBerry Android OS
    Replies: 1
    Last Post: 01-04-20, 04:19 PM
  4. bricked a Q5 while running autoloader
    By bbdoc54 in forum BlackBerry Q5
    Replies: 3
    Last Post: 01-04-20, 02:00 PM
  5. whatsapp for bb10 and apk files
    By philiz4600 in forum BlackBerry Q10
    Replies: 20
    Last Post: 01-04-20, 12:45 PM
LINK TO POST COPIED TO CLIPBOARD