[conite]

most apps are probably a distraction.

Posted via CBX

My main banking app requires Google Play Services.

The new Microsoft Office Suite requires Kitkat.

These are both musts for me.

PassportSQW100-4/10.3.2.2789

[wingnut666]

google in your banking app.......shudder

what a world indeed



Posted via CBX

[Tre Lawrence]

most apps are probably a distraction.

For those easily distracted.

[ssbtech]

My main banking app requires Google Play Services.

The new Microsoft Office Suite requires Kitkat.

These are both musts for me.

PassportSQW100-4/10.3.2.2789

Posted via CB10

[Tre Lawrence]

google in your banking app.......shudder

what a world indeed

Has nothing to do with Google in a "banking app."

Don't waste shudders on unfounded fears LOL.

[conite]

Posted via CB10

I'm not referring to the old Office Mobile.

I'm talking about the new suite. Only Kitkat.

PassportSQW100-4/10.3.2.2789

[ssbtech]

What's the difference?

[conite]

What's the difference?

Bit of a thread derail, but:
http://www.cnet.com/products/microsoft-office-android/

I subscribe to Office 365, so it's a big deal for me.

PassportSQW100-4/10.3.2.2789

[Thud Hardsmack]

Bit of a thread derail, but:
http://www.cnet.com/products/microsoft-office-android/

I subscribe to Office 365, so it's a big deal for me.

PassportSQW100-4/10.3.2.2789

Not that big of a derail, I believe that would be available on that Priv thing that someone claimed isn't a BlackBerry.

[conite]

I believe that would be available on that Priv thing that someone claimed isn't a BlackBerry.

Indeed it is. Hope FedEx delivers mine today.

PassportSQW100-4/10.3.2.2789

[ssbtech]

[QUOTE=conite;12072807]Bit of a thread derail, but:
[url]http://www.cnet.com/products/microsoft

*Quote broke, missing stuff....*
[QUOTE]

That's understandable, and I also subscribe to Office 365 Home. That's why I bought a Dell Windows 8 tablet for $250. I can't imagine using Office on a phone.

[Tre Lawrence]

What's the difference?

Relatively to the full suite (which I do use on phone and tablet), Office Mobile is less robust.

[wingnut666]

so...are we all feeling it now? the end is nigh.

Posted via CBX

[gariac]

A general comment on banking via an app. You have no clue if TLS is used, and if so, used properly. You are far more secure using the browser since TLS one that software has been flogged thoroughly.

Though in the case of IOS, the goto fail fubar negated any hope of browser security. In fact, if you run apps on IOS written in Objective-C, they can escape the sandbox, so the entire platform is not secure. It has to do with the dynamic library call scheme of Objective-C. Newer apps written in Swift don't have this problem.

Speaking of things built into bb10, the most useful as far as I'm concerned is the samba server and the ethernet over usb. There are IOS samba apps, but here again, you really don't know if they are secure.


Posted via CB10

[southlander]

People won't buy a product they haven't heard of. Marketing is key. Sigh. In a hold on to my Z10 till Feb and I'm off to the Passport.

Posted via CB10

And they'll return one that fails to meet expectations.

Posted via the CrackBerry App for Android

[ray689]

And this couldn't have gone into one of the other thousand whining threads because?

Also speak for yourself 40 % even by forum only standards is a marginal at best quota.

That wins you a majority government in Canada lol.

Posted via the CrackBerry App for Android

[app_Developer]

A general comment on banking via an app. You have no clue if TLS is used, and if so, used properly. You are far more secure using the browser since TLS one that software has been flogged thoroughly.

Banks are very sure that security in app is better than any browser, which is why many of us allow transactions in app that we won't allow anymore in browsers.

[texn884]

wingnut is still pissed over the playbook also i bet and will never recover, and now it BB10 what next?

[th.1977]

I feel your pain. However, it's kind of like if Five Guys Burgers and Fries stopped making their own fresh burger patties and started buying and using frozen burger patties they purchased from McDonald's instead because they were cheaper and the best selling burger patty in the world. They would still be Five Guys, but the change would leave a bad taste in the mouths of those who had eaten at their establishments because they preferred the taste and quality of the Five Guys burgers to the McDonald's burgers.

Yes 100% yes

Posted via CB10

[gariac]

Banks are very sure that security in app is better than any browser, which is why many of us allow transactions in app that we won't allow anymore in browsers.

http://business-reporter.co.uk/2015/...n-unencrypted/

Please tell me you are not really an app developer.

Look, most people don't understand TLS. Seriously they may think they do, but they don't. It is far simpler to use the browser encryption, since those who do code browsers actually aren't clueless. Further all the mainstream browsers have a database of untrusted certs, though a programmer than knows what they are doing shouldn't need that database since they only are using a small number of certs.



Posted via CB10

[app_Developer]

http://business-reporter.co.uk/2015/...n-unencrypted/

Please tell me you are not really an app developer.

Look, most people don't understand TLS. Seriously they may think they do, but they don't. It is far simpler to use the browser encryption, since those who do code browsers actually aren't clueless. Further all the mainstream browsers have a database of untrusted certs, though a programmer than knows what they are doing shouldn't need that database since they only are using a small number of certs.

I can't speak for banks which don't have proper security teams reviewing and testing their work. I would say, though, that if your bank can't properly secure their apps, you probably don't want to use their mobile website either.

For those of us who do take security seriously, we have more options in apps than we do in browser. You mention one (cert pinning), but there are many other things we can do in apps that we can't do within the browser to protect our customers (and ourselves since we bear the largest part of the cost of fraud)

Then of course we measure fraud rates on all channels and we set our transaction thresholds accordingly. I can tell you many large banks allow higher risk transactions on apps than we do on the browser. Why? Because we can measure actual fraud activity on both channels at scale.

[wingnut666]

maybe start a new thread about banking app security? that's some scary stuff that I was completely unaware of.

this thread is about the 'blackberry priv' taking over CB10, and the fact the the device is a huge disappointment, and not up to blackberry standards....mainly due to the fact that it does not run a blackberry operating system, which is the heart of bb.

the 'powers that be' in these forums must've been paid.


Posted via CBX

[Ecm]

the 'powers that be' in these forums must've been paid.


Posted via CBX

CrackBerry is a BlackBerry-centric site. Regardless of members' individual opinions, the Priv is a BlackBerry device and will be covered here. There has been no dropping of BlackBerry 10 content from the site, but there may be less news about it to report � as happened with BBOS when BlackBerry 10 replaced the Legacy OS.

[gariac]

I can't speak for banks which don't have proper security teams reviewing and testing their work. I would say, though, that if your bank can't properly secure their apps, you probably don't want to use their mobile website either.

For those of us who do take security seriously, we have more options in apps than we do in browser. You mention one (cert pinning), but there are many other things we can do in apps that we can't do within the browser to protect our customers (and ourselves since we bear the largest part of the cost of fraud)

Then of course we measure fraud rates on all channels and we set our transaction thresholds accordingly. I can tell you many large banks allow higher risk transactions on apps than we do on the browser. Why? Because we can measure actual fraud activity on both channels at scale.

Yet the security researchers who don't have any agenda other than truth find bugs in banking software. Further, you can claim no fraud occurred with your app as the vector, but attribution is the most difficult thing in security, well next to proper implementation of encryption. ;-)

I never cease to be amazed at hacks once demystified, and these are often hacks I initially deemed BS.

I use RSA keys on my critical finances. Even then one was social engineered around, though an exploit where my email was hosted helped in the scam.

Posted via CB10

[Bogdan Tudor Dan]

What about the ability to root an Android device? Is that possible with the BlackBerry Priv? Most of Android fans I know they told that what they like on the Android OS is the fact that the apps can change the behaviour of the OS. Where is the privacy in that case?

Posted via CB10