1. BBUK14's Avatar
    I'm aware that when Android apps become much easier to get, we will have to pay attention to the risk of viruses, but what is the general risk?

    What is the risk of malware, etc. from BlackBerry world?

    What is the risk from android apps?

    What is the solution?

    Posted via CB10
    11-30-13 04:03 PM
  2. qbnkelt's Avatar
    Hi!!! Welcome aboard!

    This will be a very interesting thread. I'm grabbing some hot chocolate and settling in.
    11-30-13 05:23 PM
  3. fromhereonend's Avatar
    I agree... Look forward to the discussion

    Posted via CB10
    11-30-13 05:45 PM
  4. southlander's Avatar
    From BlackBerry World -- zero or close to it. From 3rd party Android app stores -- depends I'd say. Amazon should be safe. 1Mobile... ummmm. I ain't using it. Each app store you'd have to evaluate one by one. Even so any Android app with Android intended malware should just "infect" the Android user environment. Which with the ART having access to the radio, mic, etc. still isn't good.

    As for how vulnerable BB10 the OS is to the Android RT as an attack vector to get into BB10 -- someone with some very in depth knowledge on that will need to chime in.
    11-30-13 05:45 PM
  5. Richard Buckley's Avatar
    BlackBerry has had their own technology and TrendMicro scanning applications not just for malware, but also for applications that work in ways not disclosed to the user. So I would not have any concerns with applications in AppWorld.

    Many people have made the point that the Android Player is sand boxed from the OS and that this limits what male ware can do. On a BlackBerry device, all applications are sand boxed from the OS, not just Android applications. This, and the experience BlackBerry has in system security does afford a greater degree of protection from malware than on other platforms. There is a lot that malicious software can do that does not require compromising the operating system. Stealing contact information, sending spam, participating in a distributed denial of service attack, stealing credentials from poorly designed password keepers, sending SMS messages or making phone calls to premium rate destinations, fraudulently inflating online advertising impressions. The list is only limited by the imagination of malware authors. Many of these activities can make money for the creators without adversely affecting the owner of the infected phone. Some of these techniques were found in applications on Google Play.

    If you have been using BlackBerry devices for a while, you will recall the days when there was no application store and users could install applications over the air (OTA) from any source. The nature of BBOS prevented these programs from doing a lot of damage, but if the user could be convinced to give the proper permissions a lot of mischief could be done. Except for side loading (a term that has been applied to what is essentially the same process that developers use to test applications) the only place to get applications for BB10 is BlackBerry World. With the upcoming ability to install APKs OTA more ports of legitimate Android applications will be available in BlackBerry World, but in the rush to get the latest trending applications many users will expose themselves to malware.

    If you only run official versions of the OS, and only get your applications from BlackBerry World you are probably about as safe as you can be. If not you may be at risk of hosting malicious software.
    southlander and app_Developer like this.
    11-30-13 08:09 PM
  6. SlcCorrado's Avatar
    Just grab Max Mobile Security and rest easy. On sale for 8 bucks at the moment

    http://appworld.blackberry.com/webst...ntent/21747714
    11-30-13 08:19 PM
  7. Benjamin_NYC's Avatar
    Close to zero, I'd think.

    Posted via CB10
    11-30-13 08:51 PM
  8. Omnitech's Avatar
    Many people have made the point that the Android Player is sand boxed from the OS and that this limits what male ware can do. On a BlackBerry device, all applications are sand boxed from the OS, not just Android applications. This, and the experience BlackBerry has in system security does afford a greater degree of protection from malware than on other platforms. There is a lot that malicious software can do that does not require compromising the operating system. Stealing contact information, sending spam, participating in a distributed denial of service attack, stealing credentials from poorly designed password keepers, sending SMS messages or making phone calls to premium rate destinations, fraudulently inflating online advertising impressions. The list is only limited by the imagination of malware authors. Many of these activities can make money for the creators without adversely affecting the owner of the infected phone. Some of these techniques were found in applications on Google Play.

    Good points. I would only add the following:

    • There is no guarantee that pre-screening apps finds all malicious apps
    • "Sandboxing" likewise does not guarantee that malware cannot exploit the OS, though it certainly helps



    All you have to do is remember what happened during the cross-platform BBM rollout, where a bunch of fake BBM apps appeared on Google Play, to be reminded that automatic app checking (which Google makes a lot of noise about how they do this), is not the perfect solution to fake or malicious apps.

    I have no idea how good Max Mobile Security is. It just happens to be the only A/V app available for the platform at the moment. IE if it doesn't at the very least detect/block/remove longtime known commercially-produced trojan malware like FinFisher/FinSpy (which can exploit Blackberry devices), then I would consider it next to useless.
    11-30-13 11:12 PM
  9. pvphooman's Avatar
    OK. So you don't have to worry much of a virus shutting down your phone.

    But a real concern should be the "vector" apps designed to upload your contacts, files, pictures, camera, microphone, location etc.. they exist in BlackBerry World and are rampant in Android. It's on the user who decides to install such spy software...but the typical and reasonable user does not know of its dangers..
    IMO, it could be a potential lawsuit because consumers aren't aware of the archiving and actual use of their data. Do we get to audit our retrieved personal data...? No... by the term of service, you give the developers the rights to your data...did u sell yourself out to use a fart flashlight or social media app? Anti virus won't catch this.

    Z10STL100-3/10.2.1.1055 | CB10
    11-30-13 11:48 PM
  10. Omnitech's Avatar
    OK. So you don't have to worry much of a virus shutting down your phone.

    There is still the possibility of this. The following is a detailed security analysis of BB10 running on a Z10, done in May 2013. The author points out some theoretical ways that the OS could be exploited or jailbroken, but did not pursue trying to actually do that.

    https://www.sec-consult.com/fxdata/s...alysis_v10.pdf

    Here's some examples of OS vulnerabilities (or potential vulnerabilities) discovered in BB10. (So far BlackBerry has announced on at least 2 different occasions in 2013 about potentially exploitable flaws, last I am aware of was in September 2013, a vuln in Link was patched this month)

    Infosecurity - BlackBerry Issues Four Security Advisories for BB 10 Devices
    BlackBerry warns of possible exploit with Z10 and PlayBook - BlackBerry Forums Support Community
    BlackBerry 10 Hit with First Security Exploit - Gadget Lab
    BlackBerry 10 exploit requires too “specific chain of events” to be serious, says Zscaler - 19 Jun 2013 - Computing News
    Inside the Security Model of BlackBerry 10 | Threatpost | The First Stop For Security News

    Here's a weakness in BlackBerry Link's security that was discovered in late September, and just patched this month by BlackBerry:

    Tavis Ormandy: QNX
    BlackBerry Patches Vulnerabilities in BlackBerry Link | Threatpost | The First Stop For Security News

    Last but not least, Intel's McAfee unit reports Android malware is growing at a rapid pace as of August 2013:

    Android mobile malware rebounds in Q2, reports McAfee



    In short: yes there is a definite possibility of malware compromising your device, no it is not a high likelihood at this point unless you are, say, a Tibetan activist, an Al Qaeda operative, someone known to deal with a lot of money, don't have a habit of keeping your OS and utilities updated, or install software from insecure sources. Or just have bad luck.
    Vilory and SurajBH like this.
    12-01-13 01:00 AM
  11. BBUK14's Avatar
    Thanks, folks!

    Posted via CB10
    12-01-13 03:41 AM
  12. qbnkelt's Avatar
    Very interesting thoughts.

    Sent from whichever BBM carrying device I happen to grab, via Tapatalk
    Last edited by qbnkelt; 12-01-13 at 04:06 AM.
    12-01-13 03:53 AM
  13. Thud Hardsmack's Avatar
    Biggest worry for me would be getting an app that sends info home for malicious purposes or tracks location. If it's from BlackBerry World there's an added danger of your data being accessible to these apps and being able to manipulate them. So one really really needs to pay attention to the permissions for apps. If it's a native app the permissions should selected individually from Security. Android apps run in a sandbox, so while they can definitely upload anything they're programmed to do, they can't delete or mess around with the OS. Example being that files and contacts are accessible in the runtime, deleting a file or a contact from there doesn't have any affect on the "real" data.

    Sorry if that seems a little rambly, mental faculties are shutting down for the night. (yawn)

    Posted via CB10, Z10STL100-4/10.2.1.1055
    12-01-13 04:22 AM
  14. Richard Buckley's Avatar
    Android apps run in a sandbox, so while they can definitely upload anything they're programmed to do, they can't delete or mess around with the OS. Example being that files and contacts are accessible in the runtime, deleting a file or a contact from there doesn't have any affect on the "real" data.


    Posted via CB10, Z10STL100-4/10.2.1.1055
    Have you already forgotten about the Animoog fiasco?

    Posted via CB10
    12-01-13 08:07 AM
  15. Omnitech's Avatar
    Have you already forgotten about the Animoog fiasco?

    IIRC that was just a matter of placing its files in an unexpected place, wasn't it?

    I'm not sure that amounts to an example of something that could exploit the OS in the classic sense of the word.

    In general, the places in the filesystem that BlackBerry restricts writing/viewing only by system processes still would not have been modifiable by that software.

    Whereas in OS's which have poor or nonexistent privilege separation (ie all processes are "root", essentially), they will be a potential malware haven. Examples include Microsoft Windows prior to the NT series (ie Windows Me, 98, 95, 3.x and prior), MSDOS, or any "rooted" OS such as jailbroken iPhones or Android devices with user-customized ROMs.
    12-01-13 08:25 AM
  16. Thud Hardsmack's Avatar
    Have you already forgotten about the Animoog fiasco?

    Posted via CB10
    I did.

    So I just tried this - I created a fake contact and checked my pictures folder ; then running ADW launcher, I deleted a photo in Gallery and that fake contact through the People app. Then I checked my Contacts app and pictures folder, both were still there.

    Hopefully that carries some weight. Could be there's a difference between direct-install apk's and ported apps via BlackBerry World; I was under the impression ports are merely converted apk's, unless there's some additional tweaks for running on BB10 that give direct access to the OS. The brief searching on Animoog didn't tell me much beyond it messing up the Documents folder.

    Posted via CB10, Z10STL100-4/10.2.1.1055
    12-01-13 08:39 AM
  17. anon(2313227)'s Avatar
    The same threat is in every OS. The ***User***
    12-01-13 08:41 AM
  18. Lostfile's Avatar
    This is a great thread. I remember BlackBerry talking about the 'sandboxed' runtime, but there is always somewhat of a threat if you're constantly downloading iffy apps.
    12-01-13 09:06 AM

Similar Threads

  1. How bad is the Q10 browser?
    By lcchick in forum BlackBerry Q10
    Replies: 47
    Last Post: 12-12-13, 08:36 PM
  2. BBM not working on Bell anyone else having this problem?
    By don145 in forum General BBM Chat
    Replies: 47
    Last Post: 12-03-13, 11:15 AM
  3. Differences on the update of the blackberry q10 software
    By Mindrakez in forum BB10 Leaked/Beta OS
    Replies: 3
    Last Post: 11-30-13, 04:12 PM
LINK TO POST COPIED TO CLIPBOARD