Built for Business - Learn more about BlackBerry KEY2
  1. EricArden's Avatar
    How is BlackBerry's version of Android more secure than other android phones?
    09-22-19 01:45 PM
  2. conite's Avatar
    How is BlackBerry's version of Android more secure than other android phones?
    http://help.blackberry.com/en/securi...y-Guide-en.pdf
    09-22-19 01:49 PM
  3. zer0ten's Avatar
    It's actually not.
    John Albert and Paulelmar18 like this.
    09-22-19 02:06 PM
  4. EricArden's Avatar
    according to that brochure from above I can see how BlackBerry has added an extra layer of security to the Android OS.

    However, this appears to be exclusive to tampering. Meaning, someone trying to hack into your phone is unlikely to do so.

    This is good and all, but not sure how this helps us "consumers". Most of us don't have people wanting to hack our phones.

    This has always been my gripe with BlackBerry promoting the "security" angle because quite frankly, the majority of users (over 60% of current BlackBerry users) use their phones for non-business.

    Point I'm trying to make is "security" means very different things to business people than it does to consumers. Consumers really want privacy.

    Can BlackBerry Android help prevent these scenarios?

    1) stolen debit / credit card info that was entered on a browser?

    2) does BlackBerry Android help reduce ads?

    3) does BlackBerry android prevent facebook and other social media apps from accessing my contacts, pics, and browser history?

    4) does BlackBerry Android help prevent virus, malware, firmware, or spyware?

    5) is data compromised if I connect to public Wi-Fi?
    09-22-19 04:27 PM
  5. howarmat's Avatar
    according to that brochure from above I can see how BlackBerry has added an extra layer of security to the Android OS.

    However, this appears to be exclusive to tampering. Meaning, someone trying to hack into your phone is unlikely to do so.

    This is good and all, but not sure how this helps us "consumers". Most of us don't have people wanting to hack our phones.

    This has always been my gripe with BlackBerry promoting the "security" angle because quite frankly, the majority of users (over 60% of current BlackBerry users) use their phones for non-business.

    Point I'm trying to make is "security" means very different things to business people than it does to consumers. Consumers really want privacy.

    Can BlackBerry Android help prevent these scenarios?

    1) stolen debit / credit card info that was entered on a browser?

    2) does BlackBerry Android help reduce ads?

    3) does BlackBerry android prevent facebook and other social media apps from accessing my contacts, pics, and browser history?

    4) does BlackBerry Android help prevent virus, malware, firmware, or spyware?

    5) is data compromised if I connect to public Wi-Fi?
    You are very correct that for the normal person the extra security isnt going to mean much. Its there and does protect you though. the DTEK app monitors the user of permissions and informs you of what uses what BUT doesnt stop any of it. That is still left up to the user and changing the android built in settings.

    And yes your 1-5 list doesnt really have much better protection on a BB Android over say a Pixel.

    At the end of the day I would still say that BBM devices are safer over over most of the other manufactures out there of android. Sammy and Google devices would be right next to them though as they have better support of the OS over BBM devices at this point
    BigAl_BB9900 likes this.
    09-22-19 04:39 PM
  6. chetmanley's Avatar
    according to that brochure from above I can see how BlackBerry has added an extra layer of security to the Android OS.

    However, this appears to be exclusive to tampering. Meaning, someone trying to hack into your phone is unlikely to do so.

    This is good and all, but not sure how this helps us "consumers". Most of us don't have people wanting to hack our phones.

    This has always been my gripe with BlackBerry promoting the "security" angle because quite frankly, the majority of users (over 60% of current BlackBerry users) use their phones for non-business.

    Point I'm trying to make is "security" means very different things to business people than it does to consumers. Consumers really want privacy.

    Can BlackBerry Android help prevent these scenarios?

    1) stolen debit / credit card info that was entered on a browser?

    2) does BlackBerry Android help reduce ads?

    3) does BlackBerry android prevent facebook and other social media apps from accessing my contacts, pics, and browser history?

    4) does BlackBerry Android help prevent virus, malware, firmware, or spyware?

    5) is data compromised if I connect to public Wi-Fi?

    Anytime we cross a border, our phones are subject to seizure and inspection. Blackberry Android is very good against commercial device cracking software. (Ie, There is no public information stating BB Android or BB10 for that matter has been compromised by these commercial services, however iOS is compromised all the time and LG and Samsung's flagships can be unlocked).

    So that's the security side. As you mentioned, the average consumer doesn't care about security, but some care about privacy - let's be honest, 99% of people don't care about either.


    To answer your questions:

    1) stolen debit / credit card info that was entered on a browser?

    Blackberry Ltd does not provide their own Browser anymore like on BB10. So that leaves it up to the user to chose a browser they trust.

    Do not use chrome.

    Firefox and Tor Browser are the only two I'd recommend with additional extensions to kill trackers and ads.

    When it comes to debit / credit card info, that is 100% on the user and how reckless they are with their data on sketchy websites.

    2) does BlackBerry Android help reduce ads?

    Blackberry Android does not help reduce ads, HOWEVER, of all the Android devices on the market, it has the lowest levels of data collection and "phoning home" that I've seen.

    If you monitor the connections coming out of a Samsung or Huawei device, you will see what I'm talking about.

    Of course, Android out of the box is plagued by Google Play Services. This alone will send about 300mb to 2gb of data home to Google every month while in use, and around 1.5gb / year if the device is left on in a completely stock state without use.

    There are ways to stop this.

    Check these threads out if you're interested.

    De-Googling your Phone
    https://forums.crackberry.com/blackb...esome-1114355/

    Disabling System Apps using ADB
    https://forums.crackberry.com/blackb...ethod-1168996/

    Tor with Netguard Firewall
    https://forums.crackberry.com/blackb.../#post13333600

    These techniques are not unique to a BB Android device, however when coupled with the hardened device security I described earlier, it makes BB Android one of the most secure and private devices you can buy.

    3) does BlackBerry android prevent facebook and other social media apps from accessing my contacts, pics, and browser history?


    If you choose to install those applications, then DTEK will alert you if they do so. As was mentioned by howarmat, it's up to the user to be smart about allowing that to happen in the first place.

    Make sure to clear your cookies between websites. This will reduce browser tracking by the likes of Facebook and Google.

    A Firefox/Tor extension exists to do this automatically called CookieAutodelete and I recommend it.

    4) does BlackBerry Android help prevent virus, malware, firmware, or spyware?

    Because BB Android cannot be rooted, unlike LG, Samsung, iOS (Apple recently messed up a security update which permitted jailbreaking again) etc, it is resistant to rogue applications. Only BB signed firmware can be loaded onto the device.


    If the techniques I mentioned in 2) are used, then you can make your device connections anonymous via Tor, download the app, isolate it from the internet using Netguard, start it and see what connections it attempts to make using Netguard again, and which permissions it asks for via DTEK.

    Using something called Lucky Patcher, you can also remove permissions from most apps including their internet access (some apps will break and fail to start if this is tried).

    If that app makes connections to servers or ad farms or trackers you don't want, then you can block those individually using Netguard, leaving the legitimate connections free to access the internet anonymously via Tor.

    5) is data compromised if I connect to public Wi-Fi?

    Depends, and this applies to every device on the planet.

    If you connect to any wifi network, then anyone on that network can see what you are browsing. If your connections are HTTP only and not HTTPS, then they can see the content.

    This applies to both open and secured wifi networks.

    Only way to protect yourself from local wifi snooping is via VPN or Tor, or Both combined.

    VPN will just kick the can down the road to the VPN provider, who could technically snoop on everything you're doing and if you signed up with a credit card, they know who you are.

    Tor on the other hand will make your usage anonymous - only the exit node will see what you are doing but they wont know who you are.


    So all that to say, device privacy really comes down to the user and what they choose to install on the device.

    If the user is concerned about privacy, then do the following:

    Disable Chrome
    Disable Google Play Store
    Disable Google Play Services
    Disable BB Telemetry
    Disable Qualcomm Telemetry

    Buy and Install Netguard from the website. www.netguard.me (no google play required)

    Install Tor Browser, Firefox and Orbot (can find these on their respective websites or F-Droid or by using a google app store emulators like Yalp or Aurora)

    On Tor and Firefox, install the following extensions:
    uBlock Origin
    Privacy Badger
    CookieAutoDelete

    Avoid applications - try to access the services you need via their website, this reduces your device's exposure because 99.9% of apps have trackers and data collectors in them.

    Leave your Wifi and Bluetooth turned off unless you are actively using them. This will stop wifi and bluetooth triangulation.

    Set your device to use the GPS only for location - no Cellular, wifi or bluetooth.
    Again leave you gps off unless you are using it.

    That pretty much sums it up. Again, this can be done on any Android device to varying degrees of success (Trying to get a clean device on Samsung or Huawei is difficult to begin with because of all the bloatware). But only BB android has the OS hardening mods which make it impossible to root and safer against unauthorized access.
    Last edited by chetmanley; 09-22-19 at 05:41 PM.
    09-22-19 05:25 PM
  7. EricArden's Avatar
    Anytime we cross a border, our phones are subject to seizure and inspection. Blackberry Android is very good against commercial device cracking software. (Ie, There is no public information stating BB Android or BB10 for that matter has been compromised by these commercial services, however iOS is compromised all the time and LG and Samsung's flagships can be unlocked).

    So that's the security side. As you mentioned, the average consumer doesn't care about security, but some care about privacy - let's be honest, 99% of people don't care about either.


    To answer your questions:

    1) stolen debit / credit card info that was entered on a browser?

    Blackberry Ltd does not provide their own Browser anymore like on BB10. So that leaves it up to the user to chose a browser they trust.

    Do not use chrome.

    Firefox and Tor Browser are the only two I'd recommend with additional extensions to kill trackers and ads.

    When it comes to debit / credit card info, that is 100% on the user and how reckless they are with their data on sketchy websites.

    2) does BlackBerry Android help reduce ads?

    Blackberry Android does not help reduce ads, HOWEVER, of all the Android devices on the market, it has the lowest levels of data collection and "phoning home" that I've seen.

    If you monitor the connections coming out of a Samsung or Huawei device, you will see what I'm talking about.

    Of course, Android out of the box is plagued by Google Play Services. This alone will send about 300mb to 2gb of data home to Google every month while in use, and around 1.5gb / year if the device is left on in a completely stock state without use.

    There are ways to stop this.

    Check these threads out if you're interested.

    De-Googling your Phone
    https://forums.crackberry.com/blackb...esome-1114355/

    Disabling System Apps using ADB
    https://forums.crackberry.com/blackb...ethod-1168996/

    Tor with Netguard Firewall
    https://forums.crackberry.com/blackb.../#post13333600

    These techniques are not unique to a BB Android device, however when coupled with the hardened device security I described earlier, it makes BB Android one of the most secure and private devices you can buy.

    3) does BlackBerry android prevent facebook and other social media apps from accessing my contacts, pics, and browser history?


    If you choose to install those applications, then DTEK will alert you if they do so. As was mentioned by howarmat, it's up to the user to be smart about allowing that to happen in the first place.

    Make sure to clear your cookies between websites. This will reduce browser tracking by the likes of Facebook and Google.

    A Firefox/Tor extension exists to do this automatically called CookieAutodelete and I recommend it.

    4) does BlackBerry Android help prevent virus, malware, firmware, or spyware?

    Because BB Android cannot be rooted, unlike LG, Samsung, iOS (Apple recently messed up a security update which permitted jailbreaking again) etc, it is resistant to rogue applications. Only BB signed firmware can be loaded onto the device.


    If the techniques I mentioned in 2) are used, then you can make your device connections anonymous via Tor, download the app, isolate it from the internet using Netguard, start it and see what connections it attempts to make using Netguard again, and which permissions it asks for via DTEK.

    Using something called Lucky Patcher, you can also remove permissions from most apps including their internet access (some apps will break and fail to start if this is tried).

    If that app makes connections to servers or ad farms or trackers you don't want, then you can block those individually using Netguard, leaving the legitimate connections free to access the internet anonymously via Tor.

    5) is data compromised if I connect to public Wi-Fi?

    Depends, and this applies to every device on the planet.

    If you connect to any wifi network, then anyone on that network can see what you are browsing. If your connections are HTTP only and not HTTPS, then they can see the content.

    This applies to both open and secured wifi networks.

    Only way to protect yourself from local wifi snooping is via VPN or Tor, or Both combined.

    VPN will just kick the can down the road to the VPN provider, who could technically snoop on everything you're doing and if you signed up with a credit card, they know who you are.

    Tor on the other hand will make your usage anonymous - only the exit node will see what you are doing but they wont know who you are.


    So all that to say, device privacy really comes down to the user and what they choose to install on the device.

    If the user is concerned about privacy, then do the following:

    Disable Chrome
    Disable Google Play Store
    Disable Google Play Services
    Disable BB Telemetry
    Disable Qualcomm Telemetry

    Buy and Install Netguard from the website. www.netguard.me (no google play required)

    Install Tor Browser, Firefox and Orbot (can find these on their respective websites or F-Droid or by using a google app store emulators like Yalp or Aurora)

    On Tor and Firefox, install the following extensions:
    uBlock Origin
    Privacy Badger
    CookieAutoDelete

    Avoid applications - try to access the services you need via their website, this reduces your device's exposure because 99.9% of apps have trackers and data collectors in them.

    Leave your Wifi and Bluetooth turned off unless you are actively using them. This will stop wifi and bluetooth triangulation.

    Set your device to use the GPS only for location - no Cellular, wifi or bluetooth.
    Again leave you gps off unless you are using it.

    That pretty much sums it up. Again, this can be done on any Android device to varying degrees of success (Trying to get a clean device on Samsung or Huawei is difficult to begin with because of all the bloatware). But only BB android has the OS hardening mods which make it impossible to root and safer against unauthorized access.
    Wow, that's some great info. Thank you for your time.
    I'm sure other people will stumble upon this threat and will appreciate the info.
    chetmanley likes this.
    09-22-19 08:18 PM
  8. pgg101's Avatar
    How is BlackBerry's version of Android more secure than other android phones?
    Two OS behind and most of us K2 users are still on the July patch. So I'd say not very.
    09-22-19 09:29 PM
  9. chetmanley's Avatar
    Two OS behind and most of us K2 users are still on the July patch. So I'd say not very.
    Being on Android 9+ doesn't seem to be protecting Samsung very well.

    https://cf-media.cellebrite.com/wp-c...Notes_7.23.pdf

    Industry-First: Lock-Bypassing Physical Support for Exynos driven Samsung
    Galaxy S9 and Samsung Galaxy S8 devices
    As Samsung continues to dominate the smartphone market with over 32% global market share, the need to extract new or previously untapped digital evidence and prepare for future evidence produced by the next generation of Samsung devices continues to be a Cellebrite mission, as we seek to grow the list of supported devices.

    Cellebrite is pleased to be the first vendor to introduce a lock-bypassing physical extraction for the Exynos driven Samsung Galaxy S9 series running all operating system versions. This includes the most recent Android 9 Pie operating system, which has a usage share of close to 11% worldwide .*

    In UFED 7.23, you will notice that we have added updates to our ground-breaking Samsung Exynos Decrypting bootloader capability. With this update you can now perform lock bypassing physical exaction on 10 new device models of Samsung with the Exynos chipset.
    Edit:

    So despite these flag ships having more current OS versions, they are not necessarily more secure because they are still vulnerable to rooting / have insecure boot loaders.

    Blackberry themselves stated that even without the latest security patch, their devices are inherently more secure due to what they've done to their version of android.

    I wish BlackBerry could release updates at the same rate they had on the Priv, often beating even Google to the punch.

    But even as these devices pass the 2 year mark and we stop seeing regular security patches, I think we can be reasonably assured they are still secure devices due to the "OS hardening" BlackBerry performed on day 1.
    Last edited by chetmanley; 09-22-19 at 09:58 PM.
    BigAl_BB9900 likes this.
    09-22-19 09:34 PM
  10. Invictus0's Avatar
    Blackberry themselves stated that even without the latest security patch, their devices are inherently more secure due to what they've done to their version of android.
    Which is a meaningless statement given how much of Android's security model relies on patching. A BB Android device that isn't on the August 2019 patch for example is still vulnerable to the following exploits,

    BlackBerry Powered by Android Security Bulletin - August 2019

    If you compare this to Google's own August 2019 security bulletin, there are exploits that BB Android seems to stop but it doesn't negate the need for patching IMO.

    https://source.android.com/security/...019-08-01.html
    09-22-19 11:49 PM
  11. chain13's Avatar
    according to that brochure from above I can see how BlackBerry has added an extra layer of security to the Android OS.

    However, this appears to be exclusive to tampering. Meaning, someone trying to hack into your phone is unlikely to do so.
    This is exactly what I always think. Making the phone unlockable/unrootable/well encrypted will only secure the phone as a standalone device, to protect the phone in case someone trying to hack it in order to extract the data inside. That will do the job. But that scenario will only happen if you lost your phone, since it's hardly doable to hack/root/or unlock bootloader of the phone remotely through internet. That's why I think stock android also delivers the job (it has some sort of security layers by default).

    As consumer, the attacks we usually face are privacy pirating which related to apps or services that we're using. Stock android since Marshmallow had been included permission manager feature (like DTEK), to limit each app to access our personal data directly (contact, location, etc). The latest attack recently called joker virus who could bypassing "user agreement step", the attacker uses that benefit to register the user into scam subcription services without knowing. Some apps containing this virus have been removed from playstore, and users have been warned to uninstall related apps. Maybe next patch will close the issue. That's also a reason why I prefer having latest patch more than just hardening internals.
    09-23-19 03:10 AM
  12. conite's Avatar
    This is exactly what I always think. Making the phone unlockable/unrootable/well encrypted will only secure the phone as a standalone device, to protect the phone in case someone trying to hack it in order to extract the data inside. That will do the job. But that scenario will only happen if you lost your phone, since it's hardly doable to hack/root/or unlock bootloader of the phone remotely through internet. That's why I think stock android also delivers the job (it has some sort of security layers by default).

    As consumer, the attacks we usually face are privacy pirating which related to apps or services that we're using. Stock android since Marshmallow had been included permission manager feature (like DTEK), to limit each app to access our personal data directly (contact, location, etc). The latest attack recently called joker virus who could bypassing "user agreement step", the attacker uses that benefit to register the user into scam subcription services without knowing. Some apps containing this virus have been removed from playstore, and users have been warned to uninstall related apps. Maybe next patch will close the issue. That's also a reason why I prefer having latest patch more than just hardening internals.
    You're forgetting about BlackBerry Integrity Detection (BID).

    It will prevent programs from achieving root or elevated privileges.
    chain13 and BigAl_BB9900 like this.
    09-23-19 06:36 AM
  13. chain13's Avatar
    You're forgetting about BlackBerry Integrity Detection (BID).

    It will prevent programs from achieving root or elevated privileges.
    Not sure about that, don't have one, I never tried. I always thought that elevated privileges is rooting the device (rootable), so basicaly I think it has nothing to do with joker's bypassing user agreement.
    Last edited by chain13; 09-23-19 at 09:18 AM.
    09-23-19 08:12 AM
  14. chetmanley's Avatar
    Which is a meaningless statement given how much of Android's security model relies on patching. A BB Android device that isn't on the August 2019 patch for example is still vulnerable to the following exploits,

    BlackBerry Powered by Android Security Bulletin - August 2019

    If you compare this to Google's own August 2019 security bulletin, there are exploits that BB Android seems to stop but it doesn't negate the need for patching IMO.

    https://source.android.com/security/...019-08-01.html
    I agree, these patches are very important. Especially for the 'krack' and 'blueborne' style threats that emerge every so often.

    But when compared to another android device that is on the same patch level, I think the BlackBerry android will be more secure by default because apps can't root the device and companies have yet to publically claim they can bypass the lock and access the data.
    09-23-19 09:15 AM
  15. thurask's Avatar
    They've never been publicly audited, have they? And most of their literature and publicly-accessible code dates to the Priv days, it remains to be seen just how much of that remains on the KEYx devices.

    I wish BlackBerry could release updates at the same rate they had on the Priv, often beating even Google to the punch.
    The main causes were probably a) keeping everything in-house (from how many TCL engineer signatures are in a KEYx OS dump the OS is at least a joint venture if not mostly on TCL's shoulders), and b) making major updates negotiable; while they at least managed getting Marshmallow on the Priv, it was a drawn-out affair through most of 2016, not to mention the precedent-setting lack of Nougat.
    elfabio80 likes this.
    09-23-19 09:55 AM
  16. BigAl_BB9900's Avatar
    Wow, that's some great info. Thank you for your time.
    I'm sure other people will stumble upon this threat and will appreciate the info.
    Ditto - this is the best side of CrackBerry (a community helping each other).

    Massive thanks to @chetmanley for taking time to draft all of that, and also to everybody else who is contributing to this (IMHO) important discussion.
    chetmanley and Jake2826 like this.
    09-23-19 12:22 PM
  17. johnsliderbb's Avatar


    Disable Chrome
    Disable Google Play Store
    Disable Google Play Services
    Disable BB Telemetry
    Disable Qualcomm Telemetry

    .
    Hi Chetmanley. Thanks a lot for your explanation. Concerning the 2 telemetry items mentioned above, which apps exactly you have to disable?
    09-25-19 03:47 AM
  18. chetmanley's Avatar
    Hi Chetmanley. Thanks a lot for your explanation. Concerning the 2 telemetry items mentioned above, which apps exactly you have to disable?
    Hey John,

    Sure thing, I've started keeping a list of the system apps which send telemetry here, along with the source from XDA explaining how to do it.

    Disabling System Apps - XDA method
    https://forums.crackberry.com/blackb.../#post13383176

    Cheers
    09-26-19 01:20 PM
  19. johnsliderbb's Avatar
    Found it, thanks!
    09-27-19 03:59 AM
  20. Ginowine's Avatar
    Interesting topic indeed.

    Posted via CB10
    10-07-19 05:00 PM

Similar Threads

  1. Replies: 13
    Last Post: 09-29-19, 05:49 PM
  2. How to Erase Everything on iPhone X Completely
    By Stephanie Medlock in forum Apple iPhone/iPad
    Replies: 1
    Last Post: 09-22-19, 10:55 AM
  3. How to connect to GetPocket account / access articles?
    By DudeBroz in forum BlackBerry PlayBook
    Replies: 0
    Last Post: 09-22-19, 08:23 AM
  4. my blackberry z10 can't run android apps anymore after installing. why?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 09-20-19, 03:36 PM
  5. How to delete text when it says 'Swipe gesture not available'
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 09-19-19, 03:16 PM
LINK TO POST COPIED TO CLIPBOARD