[Tos Abrashi]

...For online banking and shopping, owning to the fact that there are no security updates (UK version)...

[Chuck Finley69]

...For online banking and shopping, owning to the fact that there are no security updates (UK version)...

That’s a good question. I wouldn’t have been concerned before this week and the recent news of StrandHogg malware virus.

What do others here think?

[RLeeSimon]

no cellphone is safe... some are safer than others... phones not updated regularly are worse

[dxvigne]

..but banks do update their online banking app and I would presume that includes security components. Mobile banking apps or online banking websites all have potential security risks, both for the institution and the consumer.

[Suzeranne]

Also remember not to use public wifi for you online banking.

[SteinwayTransitCorp]

...For online banking and shopping, owning to the fact that there are no security updates (UK version)...

This is a multi part question.

1. even if the Key one or two does not update the OS any further. The banks will update their own apps.
2.when your phone becomes a security risk the app will no longer update.
3.Use no FREE wifi.
4.Use a VPN
5.See Ubove

[Chuck Finley69]

This is a multi part question.

1. even if the Key one or two does not update the OS any further. The banks will update their own apps.
2.when your phone becomes a security risk the app will no longer update.
3.Use no FREE wifi.
4.Use a VPN
5.See Ubove

How about the fact that BE KEYone hasn’t been updated for months? It also has the vulnerability to StrandHogg malware virus so I wouldn’t see option to use. The patch for the vulnerability isn’t provided.

[SteinwayTransitCorp]

How about the fact that BE KEYone hasn’t been updated for months? It also has the vulnerability to StrandHogg malware virus so I wouldn’t see option to use. The patch for the vulnerability isn’t provided.

Ok lets look at his question. Banking apps. they will be protected to use. Any phone can be compromised if you are an idiot. common sense use breeds a safe zone.

[Chuck Finley69]

Ok lets look at his question. Banking apps. they will be protected to use. Any phone can be compromised if you are an idiot. common sense use breeds a safe zone.

I, for instance, had CamScanner installed on my phone. I’ve used it for years. How can I tell if the device has the malware? Earlier this year, Android removed CamScanner and then claimed it was clean and safe to reinstall. The latest report says other popular apps could have been exploited as well. I only download from GPS and yet how would I know or check?

I was using my KEYones as WiFi only but now I’ve stopped until I hear more. I’m using my iOS products exclusively until more information comes out. Even if devices are clean, the vulnerability is only fixed with patch as per Android itself which I no longer get based on the age of KEYone in general.

[qphone]

Would owners of Pixel 2/3/4 be OK as (correct me if I'm wrong) Google provides patches to all their own devices.

if this is the case...then the only way for me to continue in what's left of the BlackBerry experience while being up to date in patches is to buy a Pixel and install the entire Blackberry Suite on GPS.

[XxWile_E_CoyotexX]

Would owners of Pixel 2/3/4 be OK as (correct me if I'm wrong) Google provides patches to all their own devices.

if this is the case...then the only way for me to continue in what's left of the BlackBerry experience while being up to date in patches is to buy a Pixel and install the entire Blackberry Suite on GPS.

That's what I did! The gestures in Android 10 will be very familiar to BlackBerry 10 users :-)

[SteinwayTransitCorp]

I, for instance, had CamScanner installed on my phone. I’ve used it for years. How can I tell if the device has the malware? Earlier this year, Android removed CamScanner and then claimed it was clean and safe to reinstall. The latest report says other popular apps could have been exploited as well. I only download from GPS and yet how would I know or check?

I was using my KEYones as WiFi only but now I’ve stopped until I hear more. I’m using my iOS products exclusively until more information comes out. Even if devices are clean, the vulnerability is only fixed with patch as per Android itself which I no longer get based on the age of KEYone in general.

no, when a bank app is updated it brings its own patch with it. When the OS will no longer support the patch it will no longer run. So each app is protected. the phone may no longer catch updates but the Apps will protect themselves. Again it goes back to the user, do not open mail without looking at the sending address first. Then look again. Only use certified apps not free range. Very easy to do, just as if you are on a desk top. People always want the newest and best, this is how they get you to "buy in" to I need a new phone. I my self would rather keep my Passport/Priv/KeyOne/Two/I Phone 8 Plus. Than get on the upgrade train. The advantage I have is these phones we're free with my company. but worry about every threat, not a chance. How many people do you personally know that have been affected ? I bet not many, even on the commercial end all corporate users (my company) are not allowed to use the corporate phone with personal/apps/e mail/other. This stops the stupid breaks in security. As always the end user is the largest problem. You can have every update and the best IT department. But in the end the end user calls the shots with the cute photo download the group emails from friends and such.

[conite]

no, when a bank app is updated it brings its own patch with it. When the OS will no longer support the patch it will no longer run. So each app is protected. the phone may no longer catch updates but the Apps will protect themselves. Again it goes back to the user, do not open mail without looking at the sending address first. Then look again. Only use certified apps not free range. Very easy to do, just as if you are on a desk top. People always want the newest and best, this is how they get you to "buy in" to I need a new phone. I my self would rather keep my Passport/Priv/KeyOne/Two/I Phone 8 Plus. Than get on the upgrade train. The advantage I have is these phones we're free with my company. but worry about every threat, not a chance. How many people do you personally know that have been affected ? I bet not many, even on the commercial end all corporate users (my company) are not allowed to use the corporate phone with personal/apps/e mail/other. This stops the stupid breaks in security. As always the end user is the largest problem. You can have every update and the best IT department. But in the end the end user calls the shots with the cute photo download the group emails from friends and such.

Not quite.

There are a number of ways a device can be compromised and information harvested regardless of what security measures are used in any given app.

Patching is crucial.

Encryption (whether by the app, or by TLS in a browser) only protect information in transit. And even then - in the latter case - it can be compromised if you have an open browser tab that is only HTTP.

[bb10adopter111]

I would be comfortable using banking apps, but I also don't download apps from developers I don't think have a lot more to lose than I do if their app misbehaves.

My apps come from companies like Google and Microsoft. That's not guarantee they are safe, but I know they have robust testing programs and won't make dumb mistakes.

Also, your bank is liable for fraud and would likely reimburse you within 24 hours with a provisional credit, pending an investigation.

I would never connect to my bank or use a banking app on an untrusted network without a VPN.

From the screen of my trusty Z10 using the exceptional BlackBerry VKB.

[Chuck Finley69]

no, when a bank app is updated it brings its own patch with it. When the OS will no longer support the patch it will no longer run. So each app is protected. the phone may no longer catch updates but the Apps will protect themselves. Again it goes back to the user, do not open mail without looking at the sending address first. Then look again. Only use certified apps not free range. Very easy to do, just as if you are on a desk top. People always want the newest and best, this is how they get you to "buy in" to I need a new phone. I my self would rather keep my Passport/Priv/KeyOne/Two/I Phone 8 Plus. Than get on the upgrade train. The advantage I have is these phones we're free with my company. but worry about every threat, not a chance. How many people do you personally know that have been affected ? I bet not many, even on the commercial end all corporate users (my company) are not allowed to use the corporate phone with personal/apps/e mail/other. This stops the stupid breaks in security. As always the end user is the largest problem. You can have every update and the best IT department. But in the end the end user calls the shots with the cute photo download the group emails from friends and such.

I use my device professionally on websites that would give access to not just my personal data but access to client data as well.

I don’t use outside apps other than official GPS installed. My E&O coverage is only good if and when I demonstrate I’ve taken appropriate measures. Even when I’m covered, a $5k deductible isn’t worth using a piece of hardware if compromised.

My understanding is that various top GPS apps themselves were infected like CamScanner but not limited to just that specific app.

My contract vendors periodically test my various equipment security wise. The XR and iPad meet the requirements as well as Windows 10 laptop in my equipment. Just wondering the additional possible liabilities to using KEYone anymore.

[SteinwayTransitCorp]

Not quite.

There are a number of ways a device can be compromised and information harvested regardless of what security measures are used in any given app.

Patching is crucial.

Encryption (whether by the app, or by TLS in a browser) only protect information in transit. And even then - in the latter case - it can be compromised if you have an open browser tab that is only HTTP.

It all comes down to the user. A cautious user is a safe user.

[conite]

I would be comfortable using banking apps, but I also don't download apps from developers I don't think have a lot more to lose than I do if their app misbehaves.

My apps come from companies like Google and Microsoft. That's not guarantee they are safe, but I know they have robust testing programs and won't make dumb mistakes.

Also, your bank is liable for fraud and would likely reimburse you within 24 hours with a provisional credit, pending an investigation.

I would never connect to my bank or use a banking app on an untrusted network without a VPN.

From the screen of my trusty Z10 using the exceptional BlackBerry VKB.

The issue is data at rest and keylogging on the device itself. An exploit that acheives elevated privileges can pretty much do anything it wants.

[conite]

It all comes down to the user. A cautious user is a safe user.

There are many things you simply can't control. Many.

[SteinwayTransitCorp]

I use my device professionally on websites that would give access to not just my personal data but access to client data as well.

I don’t use outside apps other than official GPS installed. My E&O coverage is only good if and when I demonstrate I’ve taken appropriate measures. Even when I’m covered, a $5k deductible isn’t worth using a piece of hardware if compromised.

My understanding is that various top GPS apps themselves were infected like CamScanner but not limited to just that specific app.

My contract vendors periodically test my various equipment security wise. The XR and iPad meet the requirements as well as Windows 10 laptop in my equipment. Just wondering the additional possible liabilities to using KEYone anymore.

Yes I believe the apps (GPS) we're add-ons, but I could be wrong. I will call my sons to ask the IT guys.

[SteinwayTransitCorp]

There are many things you simply can't control. Many.

Sure getting hit by lighting, eaten by a T Rex. Dangerous stuff, in the end most users with some caution will never see any issues.

[conite]

Sure getting hit by lighting, eaten by a T Rex. Dangerous stuff, in the end most users with some caution will never see any issues.

I know you're joking around, but we're talking about significant threats embedded in well-known apps from legitimate sources.

BlackBerry Android provides some additional protections, but I wouldn't run with a device that is not receiving patches for long (zero months with vanilla Android, and a few months at most with BlackBerry Android).

[SteinwayTransitCorp]

There are many things you simply can't control. Many.

At the end of the day, you are rite the world is a dangerous place. If you look before you click on "free" and check your emails will be ok. People have to remember free is never free.

[SteinwayTransitCorp]

...For online banking and shopping, owning to the fact that there are no security updates (UK version)...

As you can see the Key one is nowhere near the least updated:

Android Name Android Version Usage Share
Pie 9 10.4%
Nougat 7.0, 7.1 19.2%↓
Marshmallow 6.0 16.9%↓
Lollipop 5.0, 5.1 14.5%↓
Oreo 8.0, 8.1 28.3%↑
KitKat 4.4 6.9%↓
Jelly Bean 4.1.x, 4.2.x, 4.3.x 3.2%↑
Ice Cream Sandwich 4.0.3, 4.0.4 0.3%
Gingerbread 2.3.3 to 2.3.7 0.3%↑

[conite]

At the end of the day, you are rite the world is a dangerous place. If you look before you click on "free" and check your emails will be ok. People have to remember free is never free.

One of the common sense (cautious) solutions, apart from the other things you mention, is to only use a patched device.

The day patches stop on my KEY² is the day I move to another device.

[SteinwayTransitCorp]

One of the common sense (cautious) solutions, apart from the other things you mention, is to only use a patched device.

The day patches stop on my KEY² is the day I move to another device.

Hence the Update train. Also many people cannot just move on, if you look at the use list by OS, it is amazing what is running what.