[iUser]

Perhaps, but a new Android version doesn't always mean is more secure than a previous version.

Vulnerabilities will never end.

Also, even with the latest patches and updates, online browsing behavior and day to day use habits will also determine the level of exposure the device may have to any breach or attack.

We all just need to be careful how we use any device, regardless of any patch or update versions installed.

Some people suggest or imply that our devices are done with and to "move on" to a Samsung or Apple device.

Are those devices even secure at all?

BlackBerry KEYone and KEY2 devices will be more than ok to use for years to come.

Let's keep using them and enjoy the physical keyboard until it breaks.

If it ever does...

Hehe.

The reasons for high prices of BlackBerry devices were PKB (which is actually a trade-off since it also means some drawbacks like smaller display ratio, somehow mixed UX due to capacitive Android buttons and not existing water-resistance) and supposedly better secured Android.

And now it is just reduced to better-built PKB only. With higher prices due to status as collector's items. For someone who is currently having and using KeyONE or Key2, fine. If a not PKB-hardcore-user would ask me today, I would rather recommend iOS or other Android devices from Samsung or Google.

[endiadi77]

Conite, but in your opinion, are a Premium Antivirus, further Play Protect, further a Vpn, not enough to protect our security if a phone is not monthly patched?

[jtrx7]

Depends heavily on user behavior.

Has anyone here experienced any attacks due to not having the latest patches and updates?

Patches and updates are extremely important, but we rely on a team in a lab (or people/customers) finding vulnerabilities or "bugs" to be fixed...

However, we expect patches and updates to be a step forward so the device becomes more "secure" and have increased performance, up to a certain level.

Remember the iOS update with the battery drain issue?

Until what point does an update make the device "better" or more "secure"?

We just have to trust whoever is in charge of these patches and updates?

Attacks are also heavily dependent on user behavior, installed apps, network access, password management and a good understanding of how app permissions work.

We must not only rely on software updates and patches for device security.

[Chuck Finley69]

Perhaps, but a new Android version doesn't always mean is more secure than a previous version.

Vulnerabilities will never end.

Also, even with the latest patches and updates, online browsing behavior and day to day use habits will also determine the level of exposure the device may have to any breach or attack.

We all just need to be careful how we use any device, regardless of any patch or update versions installed.

Some people suggest or imply that our devices are done with and to "move on" to a Samsung or Apple device.

Are those devices even secure at all?

BlackBerry KEYone and KEY2 devices will be more than ok to use for years to come.

Let's keep using them and enjoy the physical keyboard until it breaks.

If it ever does...

Hehe.

BlackBerry Limited and BlackBerry Mobile hardware won’t be okay for years to come.

BBOS has a longevity arch over BB10 which has a longevity arch over BBAndroid since the larger and more diverse the ecosystem, the more it relies on the active development.

That’s why all three OS will eventually die all in roughly the same time frame even for basic secure functionality of their existing tasks.

I had run my AT&T PRIV and my AT&T KEYone side by side almost three years ago. The difference of Marshmallow to Nougat didn’t seem like much but generationally, the difference in device functionality and performance was huge when improving the hardware internals.

I just purchased factory unlocked PRIV to run against my BE KEYone to see how Marshmallow, 3/32 with the 8XX performs all these years later against Oreo, 4/64 with the 6XX and I will throw both against LG V30 running Android 9.0 Pie, 4/64 with the 8XX which is my backup to my XR daily use.

The V30 does suffer from similar horrible battery life as the PRIV is known for but without the overheating aspect.

Let’s be real though. Android ecosystem, not just the OS but the apps too, have a significant, consistent size and resource consumption increase each year.

In that respect, older Android devices will run the newer version Android demanded apps. However, like BB10 running the latest ART 4.3 compatible apps, the hardware is heavily resource taxed.

Android, by inherent design, forces a three year upgrade cycle, unless the sluggishness of the older hardware is acceptable. I’m noticing some of that on V30 now since Pie uses resource levels not required of Nougat and Oreo when current OS back then.

One reason I don’t think Key2 not getting Pie a big issue was that it was BB optimized for Oreo at release. Even the PRIV which really could have been Marshmallow at introduction, used Lollipop and while the Marshmallow upgrade had to be done, it brought it’s own set of problems.

[conite]

Conite, but in your opinion, are a Premium Antivirus, further Play Protect, further a Vpn, not enough to protect our security if a phone is not monthly patched?

Antivirus does very little on a mobile device, and a VPN only protects data in transit from snooping.

But they too can form part of your overall defence strategy.

There is simply no substitute for patching.

[conite]

Depends heavily on user behavior.

Has anyone here experienced any attacks due to not having the latest patches and updates?

Patches and updates are extremely important, but we rely on a team in a lab (or people/customers) finding vulnerabilities or "bugs" to be fixed...

However, we expect patches and updates to be a step forward so the device becomes more "secure" and have increased performance, up to a certain level.

Remember the iOS update with the battery drain issue?

Until what point does an update make the device "better" or more "secure"?

We just have to trust whoever is in charge of these patches and updates?

Attacks are also heavily dependent on user behavior, installed apps, network access, password management and a good understanding of how app permissions work.

We must not only rely on software updates and patches for device security.

Sigh. You keep ignoring the fact that vulnerabilities are PUBLISHED for all to see within 30 days of being patched. If you are a hacker, look no further than the last 6 monthly Android security bulletins - it's a served-up menu of exploits.

This is not about trying to achieve a perfectly secure OS - it's an ongoing battle.

Smartphone users lose 100s of $millions every year from data harvesting. Extraction can occur without your knowledge, and it may be something non-monetary - like your contact list.

Try as hard as you want, but there is NO way to rationalize using an unpatched device for very long.

[Dunt Dunt Dunt]

Try as had as you want, but there is NO way to rationalize using an unpatched device for very long.

Human nature... many need to experience something to believe it's dangerous.

It's why people stick around a Volcano that is showing signs of becoming active....
It's why people swim in water where man eater are know to swim....
It's why people refuse to wear a face mask during a pandemic....
It's why police reports are full of "they were walking alone at night...."

And it's why even when most every tech site and expert says "And if your smartphone no longer gets OS updates or security patches, then it's time to move on."... people will hold onto a outdated device. If they haven't experienced it, it might not be real.

Many here bought a BlackBerry for the Keyboard.... and they don't have any safer options for a keyboard. Between moving to a Slab and using an potentially unsafe PKB. Many are going to stick with BlackBerry and hope that nothing happens.

[conite]

Many here bought a BlackBerry for the Keyboard.... and they don't have any safer options for a keyboard. Between moving to a Slab and using an potentially unsafe PKB. Many are going to stick with BlackBerry and hope that nothing happens.

And this I get.

I just can't let comments like this go by:

"BlackBerry KEYone and KEY2 devices will be more than ok to use for years to come."

People need to be honest about the security threats they face when using an unpatched device. If they subsequently choose to swim in shark-infested waters, then so be it.

[Dunt Dunt Dunt]

And this I get.

I just can't let comments like this go by:

"BlackBerry KEYone and KEY2 devices will be more than ok to use for years to come."

People need to be honest about the security threats they face when using an unpatched device. If they subsequently choose to swim in shark-infested waters, then so be it.

They just don't want to swim alone....

[jtrx7]

Patching and updating a device, then practicing unsafe behavior leaves the device vulnerable to attacks.

Point is, no need to throw a KEYone or KEY2 away just because the patches and updates will stop being delivered.

Safe device use practices are a huge part of security.

3-5 years should be ok for these devices to be used. As long as the user knows what not to do.

Again, patches and updates are important, but some of you guys are ignoring the fact that even new versions of Android are not 100% secure or far more secure than Android 8.1 itself.

Seriously, who in here has experienced any attacks on their device just because they have not updated their phone with the latest patch release?

Safe device use practice and behavior is probably the biggest defense we have against threats and attacks.

It's like saying, "your vehicle has been equipped with the biggest carbon ceramic brakes for maximum stopping power" but then the driver does not know how to use the brakes properly, resulting in a crash during a race.

Stay safe out there!

[Chuck Finley69]

Patching and updating a device, then practicing unsafe behavior leaves the device vulnerable to attacks.

Point is, no need to throw a KEYone or KEY2 away just because the patches and updates will stop being delivered.

Safe device use practices are a huge part of security.

3-5 years should be ok for these devices to be used. As long as the user knows what not to do.

Again, patches and updates are important, but some of you guys are ignoring the fact that even new versions of Android are not 100% secure or far more secure than Android 8.1 itself.

Seriously, who in here has experienced any attacks on their device just because they have not updated their phone with the latest patch release?

Safe device use practice and behavior is probably the biggest defense we have against threats and attacks.

It's like saying, "your vehicle has been equipped with the biggest carbon ceramic brakes for maximum stopping power" but then the driver does not know how to use the brakes properly, resulting in a crash during a race.

Stay safe out there!

The problem is that 3-5 years might be a reasonable statement if BlackBerry Limited were at least still actively developing BBAndroid software or hardware but they’re not. Even regular Oreo will be losing support levels from Google soon. Many users don’t understand the risks or nuances. Besides, what’s the problem with informing consumers?

[jtrx7]

Safe device use practices, and i'm sure we will be ok for at least 3 more years on a KEYone or KEY2.

[Chuck Finley69]

Safe device use practices, and i'm sure we will be ok for at least 3 more years on a KEYone or KEY2.

Isn’t the first rule of safe device practices to keep your device security up to date within generally accepted industry guidelines and recommendations?

[jtrx7]

Of course, but do you know how many people update and patch their devices, and after they see "Update complete" or "You are running the latest version" they go crazy and start downloading third party apps (without even looking at permissions or reviews) and also go online and click on pretty much every ad being delivered to them?

Which brings up the following concern:

Updates and patches alone are NOT the only way of protecting devices.

We need a more reliable way of locking down permissions, safe app usage and online browsing by implementing the following:

Improved user guidance and education.

If this is done, we will greatly reduce device/data breach and exposure.

[Chuck Finley69]

Of course, but do you know how many people update and patch their devices, and after they see "Update complete" or "You are running the latest version" they go crazy and start downloading third party apps (without even looking at permissions or reviews) and also go online and click on pretty much every ad being delivered to them?

Which brings up the following concern:

Updates and patches alone are NOT the only way of protecting devices.

We need a more reliable way of locking down permissions, safe app usage and online browsing by implementing the following:

Improved user guidance and education.

If this is done, we will greatly reduce device/data breach and exposure.

That will help on newer supported devices.

[jtrx7]

It will help on any device.

[conite]

Of course, but do you know how many people update and patch their devices, and after they see "Update complete" or "You are running the latest version" they go crazy and start downloading third party apps (without even looking at permissions or reviews) and also go online and click on pretty much every ad being delivered to them?

Which brings up the following concern:

Updates and patches alone are NOT the only way of protecting devices.

We need a more reliable way of locking down permissions, safe app usage and online browsing by implementing the following:

Improved user guidance and education.

If this is done, we will greatly reduce device/data breach and exposure.

No one is arguing that patches are the only thing that matter. It's just one of the biggest.

Roll the dice if you wish , but it's like making a canoe out of a screen door.

[jtrx7]

I don't see anyone talking about user behavior, only patches and updates.

We can all agree user behavior plays a huge role in device security and exposure.

[conite]

I don't see anyone talking about user behavior, only patches and updates.

We can all agree user behavior plays a huge role in device security and exposure.

Of course it does. Although you can be as careful as you like, but if the foundation is made out of playing cards, there is only so much you can do.

[jtrx7]

We still have the following question:

Are phones becoming more secure as new devices roll out?

Updates and patches will never stop as we know...

Is user behavior and practice improving as well?

We must also consider the fact that carriers also play a role here when unlocked devices are supported on any given network.

Hopefully a new BlackBerry physical keyboard device gets released in 3-5 years to support 5G on Band 71.

Who knows.

For now, we can enjoy the KEYone and KEY2.

[conite]

We still have the following question:

Are phones becoming more secure as new devices roll out?

Updates and patches will never stop as we know...

Is

For the 10th time, each and every monthly security bulletin serves up a detailed menu of exploits to all potential hackers.

Are you getting this?

[jtrx7]

I get it, do you?

Let's keep it professional here.

[conite]

I get it, do you?

Let's keep it professional here.

But you keep ignoring it. You've never addressed it. Without patches, those PUBLICISED vulnerabilities are just out there blowing in the wind, and there is nothing your device can do to prevent them.

They are no longer theoretical. They are out there for everyone to see and abuse.

Are devices becoming more secure? Absolutely! Every iteration of Android is far more secure than the last.

[jtrx7]

...

[conite]

I have addressed it with all comments i've added so far.

Why is a detailed menu of exploits being served every month to potential hackers?

Can a different approach be taken for this particular practice?

What does everyone think about this?

Sigh.

Dozens of exploits are discovered every month. They are forwarded to Google, who subsequently issues a patch and informs OEMs of said vulnerabilities to address those specific to their own devices.

The agreement is that the various security companies (who discovered the exploits) will refrain from publicizing the vulnerabilities until 30 days after Google informs the OEMs.

Therefore, any OEM that does not provide a patch has left their devices wide open to a huge list of publicly-disclosed exploits.

Here is the list from July alone:

https://source.android.com/security/bulletin/2020-07-01