07-14-15 03:12 PM
64 123
tools
  1. JstAntherAnimal's Avatar
    Your phone, their network.

    Posted via CB10
    07-09-15 10:59 PM
  2. playfoot's Avatar
    Your phone, their network.

    Posted via CB10
    So does that mean there is a very serious security issue? Or that is in response to roaming on another network question?
    07-09-15 11:06 PM
  3. uber_geek's Avatar
    AT&T will force updates as well. They have pushed several updates to my wife's S3 without giving us the opportunity to run a backup.

    My position is I'm good as long as I stay ahead of them which usually isn't too hard. Then I choose the time of my upgrades and always run a backup first.

    Posted via CB10
    07-09-15 11:12 PM
  4. Richard Buckley's Avatar
    So does that mean there is a very serious security issue? Or that is in response to roaming on another network question?
    That means you probably have to accept updates to make your phone either compliant with their network requirements or their responsibilities to regulators.



    Z10STL100-3/10.3.2.798 SR 10.3.2.516
    rthonpm likes this.
    07-10-15 09:13 AM
  5. ZeroBarrier's Avatar
    You raise a very good point.

    Even ignoring any EUA that states a carrier has the right to unilaterally make changes, and such significant sweeping changes so that the phone is significantly modified, this means the capability exists to access the phone at any time.

    This is a serious blow to BB's vaunted security. If the technology, the key, the encryption or by whatever means such an override is possible is known to or falls into the hands of a nefarious entity . . . The mind boggles.

    As with my previous question above, I would hope to have an answer a simple user like me might be able to understand.
    This is completely incorrect. Verizon is able to force an update on the device because the manufacturer (BlackBerry in this case) wrote the code into the OS to handle such an event.

    This isn't a Windows computer where you can choose to stay on XP indefinitely. If an update is released such as 10.3.2 that has code that becomes mandatory in one way or another, then it will be forcefully pushed on to every device that isn't turned off or otherwise disconnected from either a carrier signal or to the Web via WiFi.

    Posted via CB10
    07-10-15 02:47 PM
  6. syplex's Avatar
    This is completely incorrect. Verizon is able to force an update on the device because the manufacturer (BlackBerry in this case) wrote the code into the OS to handle such an event.
    And the point is that this has security and transparency of ownership concerns. The owner of the device should control what is installed on it. There may be EUA's that cover network connectivity, and this is usually covered by updating the baseband or low level firmware that is on the device --- NOT the device operating system. While I think that the owner of the device should have control over this as well, I think an agreement with the network service provider to update the baseband or low level firmware for network access is fine. However, updating the operating system should be up to owner as it has security and privacy implications.

    This isn't a Windows computer where you can choose to stay on XP indefinitely. If an update is released such as 10.3.2 that has code that becomes mandatory in one way or another, then it will be forcefully pushed on to every device that isn't turned off or otherwise disconnected from either a carrier signal or to the Web via WiFi.
    I don't see any reason why a phone should be treated differently than a Windows computer. I purchased and own my phone just like my computer. Lets say my computer connects to the Internet via Verizon, they don't have any control over updating my computer's OS or firmware. Microsoft passes out updates but guess what? I can choose to disable updates. The do have control over the network access equipment portion (ie, a DOCSIS modem), but that would be the equivalent of the baseband / low level firmware on the phone. If there is a "mandatory" or "regulatory" required change, the onus is on the owner of the device to comply, not some third party. Just like if my car has a regulatory update or recall it is up to me to take it in and get it updated. The car manufacturer can't go to my house and change out my seats or airbags or GPS etc without my permission.
    peter0328 likes this.
    07-10-15 05:23 PM
  7. Richard Buckley's Avatar

    ...
    I don't see any reason why a phone should be treated differently than a....
    Have you read your agreement with your carrier yet? It will either say that they can do that, in which case there you are. Or it will say that they can't, in which case you should be expending your efforts making that case to them. Or possibly a court.

    Arguing with people who have given you their best advice on the issue won't change anything.

    Z10STL100-3/10.3.2.798 SR 10.3.2.516
    bungaboy likes this.
    07-10-15 05:56 PM
  8. syplex's Avatar
    Have you read your agreement with your carrier yet? It will either say that they can do that, in which case there you are. Or it will say that they can't, in which case you should be expending your efforts making that case to them. Or possibly a court.

    Arguing with people who have given you their best advice on the issue won't change anything.
    The point is none of this would be possible if BlackBerry hadn't given a backdoor to the provider(s) to violate settings on the device. If the device is a secure device, BlackBerry shouldn't give access and it wouldn't matter what the EUA was, because it wouldn't be possible to alter user's data. If a cellular provider had an end user agreement that said they could read your email and remote files at any time without notice or alter their contents, BlackBerry wouldn't simply allow it as it completely violates their business proposition and security. The EUA is between the user and the provider. If the provider cannot execute actions the user permitted in the EUA because of phone model or software or security, that's their problem. BB doesn't have to make their phone comply with the user agreement. But for fun I looked it up.

    We may change your wireless device's software, applications or programming remotely, without notice. This could affect your stored data, or how you've programmed or use your wireless device.
    A very liberal reading of this agreement has serious security implications, so a security conscious phone company like BlackBerry isn't going to simply allow wanton access to the phone by the provider because they happen to have written it into their EUA. Instead they will restrict access and keep their phones secure. However they did not do this in the case of honoring phone settings so it makes you wonder how much access they give the network provider.
    07-10-15 07:05 PM
  9. thurask's Avatar
    ITT: muh freedomz

    A very liberal reading of this agreement has serious security implications, so a security conscious phone company like BlackBerry isn't going to simply allow wanton access to the phone by the provider because they happen to have written it into their EUA. Instead they will restrict access and keep their phones secure. However they did not do this in the case of honoring phone settings so it makes you wonder how much access they give the network provider.
    And you don't think that there's any agreement between Verizon and BlackBerry stipulating such a thing? Anything that gives the entity that administers first line technical assistance to the userbase some power over the update process?
    bungaboy likes this.
    07-10-15 07:54 PM
  10. moody's Avatar
    I wasn't trying to be helpful. I was trying to maintain some civility. And it was much better than banning you for evading the swear word filter or issuing forums infractions. Any other comments you like to add to the subject or do you wish to continue back seat modding?
    Oooo Bla1ze got sassy & went all Peevish. I wonder if he knows how hot he is when he gets sassy and goes all Peevish.
    Pdinos3 and bungaboy like this.
    07-10-15 08:22 PM
  11. playfoot's Avatar
    To Syplex, yes. This is to what I was referring. While it would be impossible to know, I would like to understand the agreement between BB and the carriers. Does it mean the carriers can at their sole discretion, at anytime make changes to the OS, the end users data, etc.?

    If yes, it would be a fairly large hole in the BB's theory of security.....
    syplex likes this.
    07-10-15 09:04 PM
  12. syplex's Avatar
    And you don't think that there's any agreement between Verizon and BlackBerry stipulating such a thing? Anything that gives the entity that administers first line technical assistance to the userbase some power over the update process?
    Freedom is popular. There may be some agreement as you describe, however it can be limited to what I described, low level network access firmware or baseband code. This is how Apple does it (including on Verizon) with their Carrier Settings Updates. From what I understand they have partitioned their software into a portion that contains carrier updates and fixes for network access etc, and a portion for OS software which is controlled by Apple where the user has control over whether or not to install. So BB could do it differently but appears to have chosen to do it this way. Maybe they didn't build a second layer into the system to account for carrier updates. This makes me wonder how Verizon and other carriers get code changes like radio and apps into the OS and crypto signed so the device will allow it to run? I would think that BlackBerry guards the signing keys heavily, which might mean carriers have to send the final package to BB before it gets signed.
    07-10-15 09:15 PM
  13. crucial bbq's Avatar
    The only reason why I knew I was getting this update was because I got a low battery message preventing the install. Otherwise ot would've updated fully on to own.



    Posted via CB10
    07-10-15 09:29 PM
  14. thurask's Avatar
    This makes me wonder how Verizon and other carriers get code changes like radio and apps into the OS and crypto signed so the device will allow it to run? I would think that BlackBerry guards the signing keys heavily, which might mean carriers have to send the final package to BB before it gets signed.
    From what I know, BB sends a candidate build to the carrier's testing team. After some time, the carriers send their testing feedback back to BB, who takes a stab at those issues for the next build they send over for testing. When the carrier gives the thumbs up after enough good builds, the build is made available on BlackBerry servers and thus for customers of that carrier to download.

    As for carrier apps, those are either packed within a special OS image (Verizon) or downloaded OTA (everyone else). Sending a carrier update request via Sachesi/some other app returns the list of bars available for that device model on that carrier, which can include carrier software (My Verizon/etc). The same list of apps is returned when the phone makes the update request, since it's checking the same API.
    07-10-15 09:34 PM
  15. kgbbz10's Avatar
    I don't know if you heard of this guy Snowden, but with his help the Guardian has pretty much told the entire world (well those that actually listen) that this corporate company called the NSA along with 4 other corporate companies all have backdoor access to every phone, computer (including 90% of linux), smart meter, let's just say every piece of electronic equipment that connects to the Internet. And they use that back door to obtain every piece of information that passes through it, and they save all of that information into giant data centers.

    What I'm trying to say is... duh they are spying on everyone wake up already.

    BBClassic10
    bungaboy likes this.
    07-10-15 09:40 PM
  16. Richard Buckley's Avatar
    The point is none of this would be possible if BlackBerry hadn't given a backdoor to the provider(s) to violate settings on the device. If the device is a secure device, BlackBerry shouldn't give access and it wouldn't matter what the EUA was, because it wouldn't be possible to alter user's data. If a cellular provider had an end user agreement that said they could read your email and remote files at any time without notice or alter their contents, BlackBerry wouldn't simply allow it as it completely violates their business proposition and security. The EUA is between the user and the provider. If the provider cannot execute actions the user permitted in the EUA because of phone model or software or security, that's their problem. BB doesn't have to make their phone comply with the user agreement. But for fun I looked it up.



    A very liberal reading of this agreement has serious security implications, so a security conscious phone company like BlackBerry isn't going to simply allow wanton access to the phone by the provider because they happen to have written it into their EUA. Instead they will restrict access and keep their phones secure. However they did not do this in the case of honoring phone settings so it makes you wonder how much access they give the network provider.
    No. The SIM card is controlled by the carrier and gives the carrier a great deal of access and control over your phone. And as others have said the builds that get forced out are built by BlackBerry. Do you think any other carrier has any different terms? Do you think it hasn't always been that way from the very first phones? Do you think if a phone maker came up with a phone that couldn't be updated as required by the carrier would simply not provide services to that phone. Recall that AT&T at one time unilaterally changed accounts to BlackBerry service when they found that the used was using a BlackBerry.

    The way cell phones work, the phone is an extension of the carrier's network. A small number of misbehaving phones can have a significant impact on the operation of the network. That is why carriers won't allow a device on their networks in significant numbers until they have been fully tested. And why they control updates.

    Z10STL100-3/10.3.2.798 SR 10.3.2.516
    bungaboy likes this.
    07-10-15 10:03 PM
  17. peter0328's Avatar
    Problem with this whole discussion is if you have an STA100-3 which has never had a Verizon SIM inserted, it will still be forced this mandatory update even on WiFi. Verizon takes ownership for this forced update though.

    That is a problem.

    Posted via CB10
    Richard Buckley likes this.
    07-10-15 10:25 PM
  18. thurask's Avatar
    That is a problem.
    It would be, if the Verizon SIM was the only way for Verizon to find it on any network.

    Since it's a Verizon phone, the phone's IMEI is already on Verizon's whitelist (how CDMA operates; no whitelist, no regular service). Sub-LTE speeds don't require a SIM card, since it can connect to the Verizon CDMA network as long as the device is properly set up with Verizon.

    Even then, given the experiences of people who end up with Verizon phones in India (of all places), they are receiving this mandatory update far from Verizon's network, so I assume Verizon's database of its own devices has something to do with it.

    Posted via CB10
    bungaboy likes this.
    07-11-15 12:15 AM
  19. Richard Buckley's Avatar
    Problem with this whole discussion is if you have an STA100-3 which has never had a Verizon SIM inserted, it will still be forced this mandatory update even on WiFi. Verizon takes ownership for this forced update though.

    That is a problem.

    Posted via CB10
    Hadn't considered the CDMA angle that Thurask pointed out.

    The other side of this coin is at least with a BlackBerry you don't have a hardware kill switch that the carrier can flip on you. As far as I am aware that is irreversible. So the mandatory upgrade isn't reversible either, but the phone still works. If you buy a second hand phone, then the seller reports it lost or stolen to get a replacement under insurance (or maybe it was lost or stolen in fact). Once the carrier throws the kill switch it is a brick.

    I understand why people are upset with the way Verizon handled this, and I think they could be done better. Maybe at this point some Verizon employees are starting to think that they could have done it better. But the only recourse is to complain to them and/or leave for another carrier.

    But if you are squeamish about the carriers' ability to update your software your only recourse is to do without a cellphone.

    Z10STL100-3/10.3.2.798 SR 10.3.2.516
    bungaboy likes this.
    07-11-15 07:31 AM
  20. peter0328's Avatar
    It would be, if the Verizon SIM was the only way for Verizon to find it on any network.

    Since it's a Verizon phone, the phone's IMEI is already on Verizon's whitelist (how CDMA operates; no whitelist, no regular service). Sub-LTE speeds don't require a SIM card, since it can connect to the Verizon CDMA network as long as the device is properly set up with Verizon.

    Even then, given the experiences of people who end up with Verizon phones in India (of all places), they are receiving this mandatory update far from Verizon's network, so I assume Verizon's database of its own devices has something to do with it.

    Posted via CB10
    Yeah, I'm saying it's an issue if the mobile network is turned off (not connected to Verizon) yet you are forced to apply it due to the database.

    Since you aren't a Verizon customer (in theory) you haven't agreed to their device software update terms.

    Posted via CB10
    07-11-15 08:58 AM
  21. syplex's Avatar
    I understand why people are upset with the way Verizon handled this, and I think they could be done better. Maybe at this point some Verizon employees are starting to think that they could have done it better. But the only recourse is to complain to them and/or leave for another carrier.
    I'm not upset about the way Verizon handled this, I am upset on principle that they were able to do this at all. I actually like the update. BlackBerry's OS shouldn't allow forced updates against the preferences of the device owner.

    But if you are squeamish about the carriers' ability to update your software your only recourse is to do without a cellphone.
    Or apparently get an iPhone because somehow Apple has managed to separate OS updates from Carrier updates. And if BlackBerry worked in that way then they wouldn't have to violate device settings to give carrier updates. OS updates should be driven and controlled by the device owner and network specific updates (such as radios, network access, etc) could then be controlled by the carrier.

    If BlackBerry does indeed control the software updates, I wonder what kind of control they have over the process? Carriers have put un-deletable apps and icons in the past on the phone... what else can they do and what can BlackBerry say no to? Could BlackBerry simply said no, we aren't going to force an update? What if a Carrier wanted to ensure that no one on their network used a certain app or went to certain webpages, would BlackBerry simply comply and add in blacklists?
    07-13-15 12:38 PM
  22. Richard Buckley's Avatar
    Or apparently get an iPhone because somehow Apple has managed to separate OS updates from Carrier updates. And if BlackBerry worked in that way then they wouldn't have to violate device settings to give carrier updates. OS updates should be driven and controlled by the device owner and network specific updates (such as radios, network access, etc) could then be controlled by the carrier.
    Are you sure about that? A black box analysis of each system does not support that conclusion. iOS updates come from apple servers. BB10 updates come from BlackBerry servers. There are only really two major differences: all iOS devices of the same class get the same software; and all iOS devices get the updates at the same time. Both of those differences come down to clout. Apple initially gave AT&T exclusive access to the iPhone to get that kind of deal. Now that iOS devices are probably the biggest market segment for any carrier (on the basis of manufacturer) then can tell carriers that they have to allow a given update on a given day. Carriers could of course say no and face loosing the privilege of re-selling iPhones. But I'm sure that a carrier who was faced with failing to comply with applicable regulation would say no confident that all other carriers in that jurisdiction would also say no. Then Apple would be faced with being shut out of a market.

    Now, really, what is BlackBerry supposed to do? Tell Verizon that they weren't going to ensure all Verizon BlackBerry devices were complaint with regulations. That would be a perfect excuse for Verizon to just turn off service to all BlackBerry devices.
    07-13-15 02:24 PM
  23. syplex's Avatar
    iOS updates come from apple servers. BB10 updates come from BlackBerry servers.
    Apple has Carrier Updates and iOS Updates. Two separate animals. BlackBerry seems to have just a single animal, OS+Carrier software update. I am talking about Carrier Updates, which are the ones that are sometimes mandatory. And I would imagine they might both come from Apple servers, that's not really the point.

    From Apple's site:
    Carrier settings updates are small files that can include updates from Apple and your carrier to carrier-related settings, such as network, calling, cellular data, messaging, personal hotspot, and voicemail settings. You may receive notifications from time to time to install new carrier-settings updates.
    On an Apple phone you can stay on the old iOS version and simply ignore OS updates. However, mandatory carrier updates cannot be ignored. This way the carrier can comply with what they need to and avoid attacks or bugs with the phone's radio or algorithms, but the user can keep their settings, apps, and features they like and upgrade if and when they feel like it. I would imagine Apple is not the only phone that works this way.
    07-13-15 03:06 PM
  24. Richard Buckley's Avatar
    Apple has Carrier Updates and iOS Updates. Two separate animals. BlackBerry seems to have just a single animal, OS+Carrier software update. I am talking about Carrier Updates, which are the ones that are sometimes mandatory. And I would imagine they might both come from Apple servers, that's not really the point.

    From Apple's site:


    On an Apple phone you can stay on the old iOS version and simply ignore OS updates. However, mandatory carrier updates cannot be ignored. This way the carrier can comply with what they need to and avoid attacks or bugs with the phone's radio or algorithms, but the user can keep their settings, apps, and features they like and upgrade if and when they feel like it. I would imagine Apple is not the only phone that works this way.
    Good to know. In this case however complying with the regulatory requirements needed deep changes in the OS to put the BBID challenge in the way the had. Even if they had a system like Apple, it probably wouldn't have been sufficient.

    Z10STL100-3/10.3.2.798 SR 10.3.2.516
    07-13-15 04:42 PM
  25. syplex's Avatar
    Good to know. In this case however complying with the regulatory requirements needed deep changes in the OS to put the BBID challenge in the way the had. Even if they had a system like Apple, it probably wouldn't have been sufficient.
    I question that because Apple has this same regulatory requirement, and they haven't forced any iOS updates, it is still up to the end user.

    In addition, I don't believe anything in the California killswitch law mandates that the software be forced to existing users:

    any smartphone that is manufactured on or after July 1, 2015, and sold in California after that date, shall include a technological solution at the time of sale, to be provided by the manufacturer or operating system provider
    And,

    Sold in California does not include a smartphone that is resold in the state
    It's clear the law does not require forcing updates to existing users. The new phones just need to have the new operating system installed, for sales in California. So Verizon/BB didn't even need to force the update to comply.
    07-13-15 05:21 PM
64 123

Similar Threads

  1. Is it hard to make the change from a Q10 to a Passport?
    By savelandia153 in forum Ask a Question
    Replies: 5
    Last Post: 07-07-15, 12:13 PM
  2. Mandatory upgrade? Interesting
    By hbelkin in forum Verizon Wireless
    Replies: 8
    Last Post: 07-06-15, 07:47 PM
  3. Looks like Verizon is going live with 10.3.2...
    By gkl in forum BlackBerry 10 OS
    Replies: 34
    Last Post: 07-06-15, 07:47 PM
  4. Replies: 3
    Last Post: 07-06-15, 01:57 PM
  5. Is it okay to charge passport overnight??
    By angyongyong in forum BlackBerry Passport
    Replies: 5
    Last Post: 07-06-15, 01:36 PM
LINK TO POST COPIED TO CLIPBOARD