1. chetmanley's Avatar
    Hello,

    I thought it would be an interesting experiment to see how DTEK does against a purpose built GPS tracking application called Traccar. The tests were carried out first on a Priv, then a Key1 running the latest version of DTEK

    www.traccar.org

    They offer two versions of the app for Android - one of which is designed to be hidden from the target.

    The hidden version is labeled as "Device Settings" with an appropriate icon. Once opened and closed for the first time by the attacker, the app is removed from the app launcher, but it appears under device settings and can be uninstalled.

    The normal version is called Traccar and appears as such.

    Both generate notifications when running, but these can be turned off by the attacker.

    Both appear in DTEK's list of applications

    The only visible indication to the user would be the GPS icon in the notification tray next to the WIFI signal meter, but this doesn't always stay on even if GPS is being used.

    If the user dives into the security/location settings, they will see both as "recent location requests".

    ----
    I first tested the hidden version. Once the service is started, the GPS icon appears at the notification bar, indicating that it is accessing GPS. Under Settings -> Security/Location, it appears as a "recent location request" as "Device Settings".

    It also appears under Developer Tools -> Running Services as "Device Settings". Clicking this reveals "TrackingService" is running.

    However, DTEK does NOT record any GPS access attempts from this hidden version of Traccar. Foreground or Background

    ----

    I then tried their normal version. Just like the hidden version, the GPS icon appears in the notification bar indicating it is being used, and it too appears as a "recent location request" with a running service.

    But in this case, DTEK DOES record its GPS access attempts in the Foreground only when first the service is first activated. It doesn't appear to be detecting background events while the app is running.

    Thoughts? Maybe someone else would be willing to test this to see if they get the same results?


    @bbwng
    @BB_RobertL
    Last edited by chetmanley; 10-22-19 at 01:00 AM.
    10-22-19 12:37 AM
  2. Dunt Dunt Dunt's Avatar
    My taught... would need others to confirm your findings.


    But bottom line that's the problem with niche products that don't get tested by 3rd party security groups and that have very little support behind them. I suspect DTEK has been in maintenance mode for close to a year now....
    10-22-19 08:33 AM
  3. chetmanley's Avatar
    Isn't this the core reason for DTEK's existence though? If it can't spot a dedicated tracking application's access of location, then that's an issue. It begs the question, if it can't detect that, then what else might it be missing?
    gizmo21 likes this.
    10-22-19 09:42 PM
  4. Dunt Dunt Dunt's Avatar
    Isn't this the core reason for DTEK's existence though? If it can't spot a dedicated tracking application's access of location, then that's an issue. It begs the question, if it can't detect that, then what else might it be missing?
    In reading this thread... it clear that DTEK doesn't detect everything in some common apps. An app that is trying to hide, probable can.

    Sounds like DTEK can only report with Android tells it.
    10-23-19 10:08 AM
  5. chetmanley's Avatar
    In reading this thread... it clear that DTEK doesn't detect everything in some common apps. An app that is trying to hide, probable can.

    Sounds like DTEK can only report with Android tells it.
    I recalled that discussion so I started with the Priv and then tried my Keyone and both had the same issue. I was hoping it might be a Priv only issue but doesn't appear that way.
    10-23-19 11:22 PM
  6. gizmo21's Avatar
    In reading this thread... it clear that DTEK doesn't detect everything in some common apps. An app that is trying to hide, probable can.

    Sounds like DTEK can only report with Android tells it.
    No that particular other thread was about PRIV (or perhaps all 6.0.1 devices), where BlackBerry formerly removed support for Camera/Video detection even if it was still possible - which we proofed and DTEK was fixed.

    This thread here is about DTEK in general as far as I can see and not about not detecting GPS for all apps but only with apps which can hide usage in some kind.

    So a new and important issue, if it can be verified.
    Last edited by gizmo21; 10-28-19 at 03:29 PM.
    chetmanley likes this.
    10-27-19 03:18 PM
  7. Jake2826's Avatar
    @BB_RobertL

    Any comment or insight into what is going on with the situation above?

    Posted via CB10
    11-14-19 05:34 PM
  8. Zeddepher's Avatar
    Don't trust Android and never trust Google. That's a conclusion I came to long ago.

    •<[{ BlackBerry Passport SE }]>•
    11-14-19 06:22 PM
LINK TO POST COPIED TO CLIPBOARD