- I was wondering what does this Sandboxing for the Android apps do exactly. The android apps can access the contacts I think and pictures, not sure what else but how does the sandbox work exactly to prevent the android apps from sharing information or keep the device secure? When some android apps pop up in the background without permission do they share any info with google? I know google isn't a security threat but all the same just want to understand the limitations the Sandbox sets for these Android apps.
Nothing to do with App permissions.08-10-15 03:12 AMLike 0 -
1. Didn't get Bishkin's joke
2. Can't take Bishkin's joke
You are welcome to add more.
"But I say this to you, love your enemies and pray for those who persecute you;" - Matthew 5:4408-10-15 04:01 AMLike 0 -
-
For example, we know that the Android runtime does have access to BlackBerry Hub, as well as settings that control the device's hardware.
We also know that BB10.3 is setup to recognise and install .APK packages as if they were native .BAR packages. Prior to installing, BB10 runs a security check on the file if you wait long enough. This however is easily skippable.
Truth be told, we simply DO NOT KNOW how much of a security compromise the Android runtime is on BlackBerry 10.
This however may prove to be mute in the next few months if BlackBerry's rumoured plans to migrate to Android come to fruition.08-10-15 09:48 AMLike 0 - If something is 'sandboxed', that doesn't automatically mean there aren't any security implications to what platform the sandboxed runtime is on.
For example, we know that the Android runtime does have access to BlackBerry Hub, as well as settings that control the device's hardware.
We also know that BB10.3 is setup to recognise and install .APK packages as if they were native .BAR packages. Prior to installing, BB10 runs a security check on the file if you wait long enough. This however is easily skippable.
Truth be told, we simply DO NOT KNOW how much of a security compromise the Android runtime is on BlackBerry 10.
This however may prove to be mute in the next few months if BlackBerry's rumoured plans to migrate to Android come to fruition.
This is why I don't like to call this approach "sandboxing" which conjures up ideas of walled in playgrounds. BB10 doesn't need need sandboxes because all the sharp knives and dangerous power tools are kept locked away in the tool shed.The_Passporter and Joshu42 like this.08-10-15 11:54 AMLike 2 -
And yes, I share your dislike of the term 'sandboxing', primarily because it seems to be termed here as a one-stop security guarantee, which of course it is not.
Posted via CB1008-10-15 01:42 PMLike 0 - But that's exactly what I'm getting at with my previous post. I don't classify security exclusively as the ability to compromise core native system code. The fact that a fairly old mobile OS runtime has access to the parts of BB10 that handle personal data is by definition going to be an individual risk.
And yes, I share your dislike of the term 'sandboxing', primarily because it seems to be termed here as a one-stop security guarantee, which of course it is not.
Posted via CB10
Z10STL100-3/10.3.2.2252 SR 10.3.2.2168The_Passporter likes this.08-10-15 04:32 PMLike 1 - But those avenues for acting maliciously are common to BB10, iOS and Windows as well. If you give an application permission to read your contacts, it can send the to a server for nefarious purposes. BlackBerry Guardian, if you use it, does a lot to protect you from Android applications that do this. If you only get your native applications from BlackBerry World you are protected there as well. But this can't be perfect. If an application has a valid reason to upload your contacts, but then also uses them for undisclosed purposes you have still been victimized. There isn't much any echo system can do to prevent this other than ban such applications when they are found out. No sandbox will ever protect you from this, just like no door lock will protect you from a thief you let into your home.
Z10STL100-3/10.3.2.2252 SR 10.3.2.2168
BB10 doesn�t come with Google Play Store access or Google Services. Amazon Store compatibility is a mixed bag, and BlackBerry devices are blacklisted on many apps. Users are positively encouraged to find alternative means to obtain (often illegally) APK Apps, obtain modified commercial APKs etc. The Android runtime is there to provide a partial solution to the 'app-gap', but the tradeoff is that BlackBerry have little-to-no control over what actually ends up running on their devices. This is not the case with WP, iOS, or Android devices running the Google ecosystem.
BlackBerry Guardian is skippable - the scan is optional, and we do not genuinely know its effectiveness anyway.
Furthermore, this is an old Android build. Is it impossible for an exploit via the Android runtime to install a little background process that has access to sensitive data? I'm not so confident.
The Android runtime sits invisibly on a BB10 device. We never know exactly what it is doing, and we have very little control over what it does. We do not have access to background processes, and an ability to terminate them in the same way that Android users do.
I see where you're coming from but I'm not convinced, sorry. Might have to agree to disagree.
Posted via CB10The_Passporter likes this.08-10-15 05:22 PMLike 1 - kbz1960Doesn't MatterFYI I am not an IT professional. That said:
I have been busy doing some research and have come across some pertinent information regarding the end of the line for network security. This would be the user and the phone. As some have stated the phone is not the most important part but from what I have read all parts can be equally as important for a secured and layered ecosystem of security.
When it comes to IT strategies, layering security makes sense for the Android environment. If you look at the mobile security stack in layers (starting from the bottom up) as network/carrier layer, hardware layer, operating system layer, and application layer, the chances of exploits increase as you climb up the ladder. Enterprises also have less control the lower we go in the stack which brings me to the phones hardware and software in the hands of the users.
iOS
iOS device users can install apps that have not been vetted by Apple, after jailbreaking their devices. Apparently there are ways and tools to do a silent kind of iOS jailbreak app that manages to hide the jailbroken status of the device, which would allow attackers to take advantage of a device. Attackers can then target iOS and Android devices through similar means, including SMS or through Wi-Fi hotspots
iOS devices can also be targeted through websites. The attack requires a user to visit a web page on their iPhone or iPad. If that user installs a hostile configuration profile, then the enterprise is at risk for intercepted traffic, fake app installation, sophisticated phishing, and APTs,�.
Android
The Android ecosystem has two main security risks, according to mobile security experts:
�The Google Play Store (apps are not vetted as well as iTunes store)
�The fragmentation of devices and OS versions
The Android platform does have some serious factors to consider and that would be as you may have guessed it, fragmentation. There are multiple versions of Android in the market, even on current devices. Manufacturers often make their own changes and patches to Android, so they could be behind Google's latest version of the current update release. To make matters worse, carriers and manufacturers may not update their devices' Android version when Google does, or they take months or even years to do so.
Android is possible to be secured yes but it is definitely more complicated and workload heavy. The IT specialist can try and apply all the security restrictions he or she wants but by limiting the functionality of the phone they risk pushing the end user into unsafe practices like non compliance cloud services.
Conclusion
In the end I find that if I were an IT professional ( there are IT professionals like there are window installers. Sometime you get a new window and it ends up leaking) I would choose to combine BlackBerry's hardware and phones software with BES10 for the easiest most secure solution since BlackBerry devices have not yet been exploited by rooting or jailbreaks. With no hardware or software vulnerabilities there is less risk involved. As one person commented that it just make it easier to manage due to less complication and we all know that with too much complications in (which can be ongoing) there is greater chance for error. After all it only takes one employee to decide he can do what he wants to cause a leak in your window
Sticking with what Mr. Chen says. And hope this is a decent answer for OP.
Posted via CB1008-10-15 09:19 PMLike 0 -
BB10 doesn’t come with Google Play Store access or Google Services. Amazon Store compatibility is a mixed bag, and BlackBerry devices are blacklisted on many apps. Users are positively encouraged to find alternative means to obtain (often illegally) APK Apps, obtain modified commercial APKs etc. The Android runtime is there to provide a partial solution to the 'app-gap', but the tradeoff is that BlackBerry have little-to-no control over what actually ends up running on their devices. This is not the case with WP, iOS, or Android devices running the Google ecosystem.
BlackBerry Guardian is skippable - the scan is optional, and we do not genuinely know its effectiveness anyway.
Furthermore, this is an old Android build. Is it impossible for an exploit via the Android runtime to install a little background process that has access to sensitive data? I'm not so confident.
The Android runtime sits invisibly on a BB10 device. We never know exactly what it is doing, and we have very little control over what it does. We do not have access to background processes, and an ability to terminate them in the same way that Android users do.
I see where you're coming from but I'm not convinced, sorry. Might have to agree to disagree.
Posted via CB1008-11-15 07:09 AMLike 0 -
I know this isn't security issues but this is my answer. I think the BB10 OS has much promise and look forward to what is to come.
Sorry had to edit my answer to YES. I guess I misunderstood the question but I think you got what I meant.
Posted via CB10Last edited by The_Passporter; 08-12-15 at 08:38 AM.
kbz1960 likes this.08-12-15 08:06 AMLike 1 - Just would like to say thank you to both you guys for offering your opinions on the Sandbox for android and how it works from both your perspectives. This does still clear things up for me and others to broaden our understanding. :-)
Posted via CB1008-12-15 12:07 PMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
What's all this about BlackBerry security
« Why hasn't my P9982 STK100-1 received an update notification 10.3.2?
|
Why Can't I Update BB10 via Link? (screenshot included) »
Similar Threads
-
How do I turn on my keyboard light and keep it on (BlackBerry Q10)?
By CrackBerry Question in forum BlackBerry Q10Replies: 3Last Post: 08-19-15, 10:51 AM -
How do I go about setting up a Blackberry Enterprise Server Express?
By CrackBerry Question in forum EnterpriseReplies: 1Last Post: 08-02-15, 02:19 PM -
Blackberry best Dictionary with IPA.
By Patrick Vo1 in forum BlackBerry PassportReplies: 1Last Post: 08-02-15, 12:54 PM -
How do I close BlackBerry Blend on my PC?
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 08-02-15, 10:50 AM
LINK TO POST COPIED TO CLIPBOARD