Blackberry 10 Security questions/concerns

I'm well aware that BB10 is suppose to be one of the best (if not the best) platform for the security conscious. However there seem to be a few things that even on the latest 10.3.1 official OS concern me. Would be interesting to hear peoples thoughts, see if my concerns are shared, and see what others recommend.

1. There doesn't seem to be a way to specify customer DNS servers for 2/3/4G mobile network. I typically use custom DNS servers which block things such as google analytics and doubleclick, as well as known phishing and spyware sites. I'm on T-Mobile USA. There don't seem to be settings anywhere to use a custom DNS server except on WI-FI. As a workaround I created a VPN profile to my office and specified my custom DNS in the profile. Then I just stay connected to the VPN all the time. This works! Seems like a crazy workaround though.

2. The browser has a setting to completely disable cookies and also has a "private" mode which it's my understanding dumps any cookies or anything as soon as the browser is closed. This is good except if you turn cookies off there is no exemption for websites you cant use with cookies off. Also you cannot default the browser to start in "private" mode by default. I haven't found a good work-around for this except to use a third party browser which seems to be just an OK solution. What do you all do?

3. I have location disabled for everything except Maps. I have BB protect disabled. I do not use android apps that require location permission and never opened the Amazon appstore. I am aware that when you open the Amazon appstore it asks for location permission and then always runs in the background and there is no simple way to revoke permission after you give it. WTF Blackberry?.... Anyways back on topic... When I reboot my phone and sometimes randomly when i'm not using maps I see the GPS symbol... Why?

Any feedback, suggestions, questions or input is MUCH APPRECIATED!

Originally Posted by compuboy04

I'm well aware that BB10 is suppose to be one of the best (if not the best) platform for the security conscious. However there seem to be a few things that even on the latest 10.3.1 official OS concern me. Would be interesting to hear peoples thoughts, see if my concerns are shared, and see what others recommend...

1) No information, clearly you know a lot more about security than I do.

2) I've seen several users request private browsing by default and people always reply that they use third party browsers to do this, which you're already doing! But I have bad news and good news. The bad news is I haven't heard of a private browsing by default feature for the native browser but the good news is I've heard that in 10.3.2 the private browsing toggle is in the left menu which is much more accessible (fewer steps) than in 10.3.1: http://forums.crackberry.com/blackbe...l#post11408052

3) (These are more personal opinions) :
- I love BB Protect, I would never disable it; I've recovered a phone because of this feature before.
- I really like the addition of the Amazon Appstore with 10.3.1, I don't know why anyone would want it disabled, but this might come back to your greater security knowledge.
- I also occasionally get the GPS/location symbol in the top corner when I'm not using these services but it usually goes away and I don't notice any battery drain or lack of functionality or anything when it's there so it doesn't really bother me.

I don't know if any of this information was of any use to you but there's my two cents.

Any feedback is appreciated! Good to hear about the toggle. Hopefully that's correct.

A lot of features on smartphones and computers have a tradeoff.. you have to give up some privacy or personal information in order to use whatever the service is. Sometimes its worth it, other times not. It depends on the person and the company in question. For me, I don't trust amazon to be able to get my location anytime they want so I don't allow the appstore to run and load APKs directly if I want android apps. It's really a shame you cant disable location on appstore because if you could I would use it!

The GPS thing is more about why the heck is something getting my location than a battery thing

Originally Posted by compuboy04

Any feedback is appreciated! Good to hear about the toggle. Hopefully that's correct.

A lot of features on smartphones and computers have a tradeoff.. you have to give up some privacy or personal information in order to use whatever the service is. Sometimes its worth it, other times not. It depends on the person and the company in question. For me, I don't trust amazon to be able to get my location anytime they want so I don't allow the appstore to run and load APKs directly if I want android apps. It's really a shame you cant disable location on appstore because if you could I would use it!

The GPS thing is more about why the heck is something getting my location than a battery thing

I'm sure that not being able to disable location for Amazon was a condition of allowing access. Amazon data-mines the crap out of its customers. This is simply illustrated by searching on Amazon while being logged in, you'll get emails from them suggesting products. Do I think something nefarious is going on, no but Amazon wants to know all about you to target products to you just like Google wants to know all about you to target ads.

Some Android Apps can have their permissions turned off from Android Settings in 10.3 (The Runtime update allowed it)

https://static.dyp.im/Jc3BkdPPyI/8d4...2c2265f74a.png

Yea Amazon appstore cant though at least on a stock BB Passport with no modifications running 10.3.1.2576

Originally Posted by compuboy04

Yea Amazon appstore cant though at least on a stock BB Passport with no modifications running 10.3.1.2576

I suppose you could try downloading it from amazons website, overwriting it then trying

Just tried that. Good suggestion. It installs and asked me to update, which I did. It then requests file and location permissions. I cant deny location or it wont open

Originally Posted by compuboy04

Just tried that. Good suggestion. It installs and asked me to update, which I did. It then requests file and location permissions. I cant deny location or it wont open

I meant installing it like you did then try using Android Settings, it might appear in the Location list

Oh the android settings app.. Yea read about that. Does it actually work? Also whats the apk called for it?

Originally Posted by compuboy04

Oh the android settings app.. Yea read about that. Does it actually work? Also whats the apk called for it?

It certainly does work, it's in here: http://forums.crackberry.com/android...g-page-965257/

For # 1 I'm pretty sure no device allows you to use custom DNS for 3/4G unless of course you know of a way to do this, share it.

On boot the location is used so your device acquires the signal from the nearest antenna, basically is related to your mobile network connection.

Good info!
Hmm will just use the VPN workaround for now. Seems kina silly but I guess the average person wouldn't know how to set it properly

I use Evolution Browser or Firefox case by case.
Both can block ads, Firefox is actually highly customizable to reduce the attack surface for tracking.

Edit: You observe the GPS only on reboots, okay, I see there is an answer already in this thread.

Posted via CB10

Yea it's just on reboots. What ealvnv said makes sense. I never heard of this before but assume he knows. I don't have location off. I just have it disabled for everything except maps

For the extra permission granularity android has the xposed framework - something like xprivacy feeds garbage data to apps, you can set them to what you like (Easter island for gps is always fun), as well as restricting apps etc. On an app by app basis. Not looked into dns configuration, would be interested to hear if you know more. On bb10 you don't get that sort of configuration options. Unless perhaps through Bes configuration? Re the gps on startup yeah its tho find the network - again, you can configure that using xprivacy - but it's android so only peripheral to this discussion, thought id add it for completeness. If anyone can add more I'd love to hear it!

Sent using tapatalk!

that xprivacy addon/app/framework sounds quite interesting since what you describe is just what was my first thought when gaining awareness about all the data-collecting going on these days.
sure these buggers get some data of me, but I wish to decide what data :)
do you have any further reference on how to install xprivacy onto bb10.3?

Posted via CB10

On a related issue involving privacy, app permissions and location services, can an app that is an Android port, which requires location services as a permission (this can't be turned off b/c it's a port), access my location if I have location services turned off?

Posted via CB10

Originally Posted by antiplex

that xprivacy addon/app/framework sounds quite interesting since what you describe is just what was my first thought when gaining awareness about all the data-collecting going on these days.
sure these buggers get some data of me, but I wish to decide what data :)
do you have any further reference on how to install xprivacy onto bb10.3?

Posted via CB10

Unfortunately it's only for rooted android - I wouldn't use android unless it's locked down.

I don't believe there is anything similar on bb10, it would require root access and that in itself makes the device vulnerable (though that can be locked down also). Xda-developers has all the info on this.

I'm not sure, but one would imagine Bes would allow better granular control of the device - someone with better experience could come in there?

I have a passport, my go to device, and don't use android apps, social media or the cloud. In my work there have been times where I have to switch vpn access to openvpn (something bb10 doesn't, for some stupid reason, support - even though people have been cursing for it since bbos7) and I configured a galaxy s5 to be fully locked down.

I would like to see more granular permission control, along with openvpn/Commercial vpn support come to bb10 - BlackBerry like to say they're the most secure after all.

Sorry I can't be of more help, hopefully someone more knowledgeable will chime in. I believe android app control apps can be sideloaded, though that's for android apps only... Interesting topic, this! I too want control over my privacy! Ask me if you want to know anything - I've got nothing to hide but I do have the right to exercise reasonable privacy and the right to due process!

Originally Posted by dosto

On a related issue involving privacy, app permissions and location services, can an app that is an Android port, which requires location services as a permission (this can't be turned off b/c it's a port), access my location if I have location services turned off?

Posted via CB10

My understanding is that if you have bb10 location services turned off globally (using the main toggle in settings) then it's off - the app may not function properly until you turn location on. That's how I understand it...

This is why I'd like to see more granular controls, our the ability to spoof, virtually or whatever. In that respect android apps are a liability.