How to specifically prevent programs from accessing the internet?
- What could the malware do though?
There is a difference. Apps like Secure Browser, I had to go through a 1 month testing, major analysis etc to get it approved. And they did do a code analysis on it to make sure I'm not taking private info.
But let's assume someone builds a malware injection. What can that malware do they couldn't have just done right off the bat? Like they could just include it in the release.
Posted via CB from my LE07-13-13 01:56 PMLike 0 - The reason why I am saying this. Is iOS has malware apps. They have the code from day 1 in a disabled state. On day 90 it enables itself. Once enabled it makes a thousand 1 dollar in app purchases for apps you don't even have. Then disables itself.
Android has the same only it uses malware as a background process. It so harvest data from SMS and email to steal bank transfers etc.
RIM doesn't have that problem because they require user prompt validation for in app. And apps can't run in the background. I just don't see malware injection bring a risk you don't have today. The malware could just as easily be dormant.
The malware still can only access your game statistics and my documents you know what I mean?
Posted via CB from my LE
Well BB is definitely less popular now, but it seems they've joined iOS and Android in the low security aspect and decided to throw that one out the door and let apps get unlimited internet access and who knows what else.
And you said prompting validation? We all know by now they dont need to do this for internet access. Didnt prompt. Cant change anything about it either. Finally running in the background? Well... welcome to OS 10.2 - the latest and greatest in background running apps. The malware developers are drooling over this. Now you get unlimited access to internet plus background processes. All on a platform everyone and their mother thinks implicitly is a hard shell and impenetrable - so nobody would know to look.
Red flags all over. They need to clamp down internet access control ASAP and also let users decide whether programs are allowed to do background processes.
I can tell you, my first choice for both cases is no by default. I dont want any apps getting internet access unless I specifically opt them in. I dont care that it bricks the software. I also dont like the idea of background processes. Never have since my early days using Windows. I keep that thing locked tight and I intend to do so for my phone if at all possible.07-13-13 02:01 PMLike 0 - Sorry by prompting I mean to make appworld purchases for you.
And yes this is what worries me about 10.2 as well.
I've reviewed all the security models as I build a lot of apps. And I don't feel exposed. But I do see a lot of single points of failure.
Posted via CB from my LE07-13-13 02:18 PMLike 0 - Were you a BB user before?
Yes and thats why some people still prefer the BB. But it seems they are moving to the mainstream, in which case they lose that advantage. Its almost like BB throwing away the keyboard phones for future devices. Thanks but I will be out. Iphone >>>>>>> Z10. Sorry, Im only here for the Q10. Same with the security aspects. If they are like iOS where app security is questionable, then what the hell, if device security is down the drain anyway, and you throw away the keyboard phone, I guarentee you even I will be an iPhone user.
The old BB allowed you to choose permissions with a much higher degree of control. So in many ways, this is a move BACKWARDS by not allowing more control.
I also cant even see an option to have internet switched off from permissions.
There's a big difference mot only between the bb10 and bbos, but also between app development, you think it's a step backward and your allowed your opinion, bit many apps need certain permissions to run like it or not, some people can't handle change. feel free to switch back to bbos.
Posted via CB1007-13-13 02:19 PMLike 0 - Assessing the security of a platform also means knowing a lot about how the platform functions. No complex system is going to be without vulnerabilities but there are things that you can do that actually reduce the vulnerability and things that may appear to but don't.
An application can't upload malware to itself after it has been installed because the executable code has to be in the cryptographically verified part of the application sandbox. Changing any of that will break the signature and the OS will not load the application. Android doesn't do this, as we have seen due to problems with the cryptography 99% of Android phones can't even validate the APKs from Google Play. Now that's done by a separate application. These two systems differ in this respect because BlackBerry chose security as the primary principle, Google chose performance.
On BlackBerry an application can not simply avoid running certain code for the first 90 days to get malware past inspection in BlackBerry World, There are two reasons: the initial scanning very probably includes static analysis of the code, and code coverage tests (BlackBerry isn't stupid), and they are continuously re-scanning the applications: BlackBerry Works with Trend Micro to Expand Protection for Customers Against Malware, Privacy Issues in Third-Party Applications | CrackBerry.comSDTRMG likes this.07-13-13 04:12 PMLike 1 - Assessing the security of a platform also means knowing a lot about how the platform functions. No complex system is going to be without vulnerabilities but there are things that you can do that actually reduce the vulnerability and things that may appear to but don't.
An application can't upload malware to itself after it has been installed because the executable code has to be in the cryptographically verified part of the application sandbox. Changing any of that will break the signature and the OS will not load the application. Android doesn't do this, as we have seen due to problems with the cryptography 99% of Android phones can't even validate the APKs from Google Play. Now that's done by a separate application. These two systems differ in this respect because BlackBerry chose security as the primary principle, Google chose performance.
On BlackBerry an application can not simply avoid running certain code for the first 90 days to get malware past inspection in BlackBerry World, There are two reasons: the initial scanning very probably includes static analysis of the code, and code coverage tests (BlackBerry isn't stupid), and they are continuously re-scanning the applications: BlackBerry Works with Trend Micro to Expand Protection for Customers Against Malware, Privacy Issues in Third-Party Applications | CrackBerry.com
You mean you cant have this code be uploaded as encrypted text, have the program decrypt and read the text which gives instructions on what to send over the net using features already hard programmed into this virtual machine or emulator? I dont think you'd need to neccesarily 'recompile' the app for such a function to work. Afterall its no different than an app reading an email or some text. No changing of the software would be needed. And I'm not even an app developer.
If someone wants to do something, they can. I think history has proven that much. Often its a just a matter of time before someone outsmarts the system in place. Certainly though, not giving users the ability and choice to block certain apps from unneecessary access doesnt help with the security aspect of the device does it? I really cant see how giving some third party app (not BB native apps) full data access can be a good thing for security and privacy. I really dont. This isnt a case where a program can ask for security updates itself so needs constant net access (like google chrome does). Many of these third party apps in app world simply do not need internet to function. Yet, you have no idea what each program does after you download them. They can be accessing data, uploading and downloading from your phone and you wouldnt have a clue nor can you do anything about it. Tell me, how does a puzzle app or one of many stupid 'tips' apps need internet access?07-15-13 01:51 PMLike 0 -
You mean you cant have this code be uploaded as encrypted text, have the program decrypt and read the text which gives instructions on what to send over the net using features already hard programmed into this virtual machine or emulator? I dont think you'd need to neccesarily 'recompile' the app for such a function to work. Afterall its no different than an app reading an email or some text. No changing of the software would be needed. And I'm not even an app developer.
If someone wants to do something, they can. I think history has proven that much. Often its a just a matter of time before someone outsmarts the system in place. Certainly though, not giving users the ability and choice to block certain apps from unneecessary access doesnt help with the security aspect of the device does it? I really cant see how giving some third party app (not BB native apps) full data access can be a good thing for security and privacy. I really dont. This isnt a case where a program can ask for security updates itself so needs constant net access (like google chrome does). Many of these third party apps in app world simply do not need internet to function. Yet, you have no idea what each program does after you download them. They can be accessing data, uploading and downloading from your phone and you wouldnt have a clue nor can you do anything about it. Tell me, how does a puzzle app or one of many stupid 'tips' apps need internet access?
The truth is that every version of iOS and Android so far released have been Jailbroken or Rooted. iOS is getting better, Andoid just isn't. Once broken or rooted there is usually an application that can do the work for the technically unsophisticated. As you point out, if I can write an app that can root your android phone, I can wrap that in a gambling application and own your android phone. If you don't like the BB10 security model, and I get that you don't, your best bet would be Windows Phone 8. Microsoft finally seems to understand and have made a robust secure OS. I don't know if apps need permission to use the net, you'ld have to find that out for yourself.
I have contacts on the BlackBerry Security Emergency Response Team. If you find an application approved in BlackBerry World that does what you suggest I will introduce you to them.07-15-13 04:48 PMLike 0 - Hey guys I was looking for some inspection software web sites and I got this one. It seems better than others. Can anyone please check this one for me. Here home inspection software the site. Thank you.10-22-13 05:03 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
How to specifically prevent programs from accessing the internet?
Similar Threads
-
Easytune, the suspicious new kid
By LtHavoc21 in forum BlackBerry 10 AppsReplies: 11Last Post: 10-19-13, 12:32 PM -
App to download videos?
By Blackman91 in forum PlayBook Apps & GamesReplies: 9Last Post: 07-26-13, 03:52 AM -
How do you check for all background processes and programs running?
By pappymappylappy in forum BlackBerry 10 OSReplies: 10Last Post: 07-17-13, 10:44 PM -
Where does the Playbook keep downloaded podcasts?
By DaveTheA in forum PlayBook Apps & GamesReplies: 6Last Post: 07-13-13, 12:17 PM -
How to remove calender notifications from lock screen?
By cpeterson19 in forum BlackBerry 10 OSReplies: 4Last Post: 07-13-13, 09:42 AM
LINK TO POST COPIED TO CLIPBOARD