1. conite's Avatar
    I am sure there is some soundness behind what they are reporting. I am sure they also have an interest in hyping it up.
    I'm not sure what you're trying to argue though.

    Cybercrime is a $6 trillion dollar per year industry, and mobile devices are unquestionably a statistically material piece of that.
    10-26-20 06:20 PM
  2. spARTacus's Avatar
    I guess I am saying there is a lot of hype behind security (and don't get me wrong it is important), but the hype is probably actually now detracting from the reality of it.
    10-26-20 06:24 PM
  3. bb10adopter111's Avatar
    I guess I am saying there is a lot of hype behind security (and don't get me wrong it is important), but the hype is probably actually now detracting from the reality of it.
    Consumers don't care much about security. Enterprises care about little else.

    Z10 = BB10 + VKB > iOS + Android
    Laura Knotek likes this.
    10-26-20 10:34 PM
  4. spARTacus's Avatar
    Consumers don't care much about security. Enterprises care about little else.

    Z10 = BB10 + VKB > iOS + Android
    Yes I have made that same observation. However, I know of major enterprise organizations still running with lots of BB10 devices. So, the golden rule of "if it's not still receiving monthly patches it's automatically out" doesn't seem to always apply.
    10-27-20 05:57 AM
  5. bh7171's Avatar
    Via apps mainly. Even from Play Store there are risks for apps installing background services to harvest data.

    The problem is that 30 days after every patch release, the exploits are made public, so hackers have the specific instructions on how to launch an attack.

    I've been an avid BlackBerry fan for over 13 years, but even I am buying a Pixel 5, and I'm currently using a KEY². I can't wait another 6 months or (likely) more for what still remains vapour-ware.
    Is the Play Protect feature not already running scans before and after on all apps downloaded from the Play Store continually and irrespective of OS version? Their verbiage eludes to that as follows:


    Help CenterCommunityExposure Notifications Info

    Help protect against harmful apps with Google Play Protect

    Google Play Protect helps you keep your device safe and secure.

    It runs a safety check on apps from the Google Play Store before you download them.

    It checks your device for potentially harmful apps from other sources. These harmful apps are sometimes called malware.

    It warns you about any detected potentially harmful apps found, and removes known harmful apps from your device.

    It warns you about detected apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.

    It sends you privacy alerts about apps that can get user permissions to access your personal information, violating our Developer Policy.
    Last edited by bh7171; 10-27-20 at 12:59 PM.
    10-27-20 12:23 PM
  6. conite's Avatar
    Is the Play Protect feature not already running scans before and after on all apps downloaded from the Play Store continually and irrespective of OS version? There verbiage eludes to that as follows:


    Help CenterCommunityExposure Notifications Info

    Help protect against harmful apps with Google Play Protect

    Google Play Protect helps you keep your device safe and secure.

    It runs a safety check on apps from the Google Play Store before you download them.

    It checks your device for potentially harmful apps from other sources. These harmful apps are sometimes called malware.

    It warns you about any detected potentially harmful apps found, and removes known harmful apps from your device.

    It warns you about detected apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.

    It sends you privacy alerts about apps that can get user permissions to access your personal information, violating our Developer Policy.
    It helps. But it hasn't prevented thousands of apps from being removed every month from Play Store. It also has to know what to look for. But it's certainly better than nothing.
    10-27-20 12:46 PM
  7. bb10adopter111's Avatar
    Yes I have made that same observation. However, I know of major enterprise organizations still running with lots of BB10 devices. So, the golden rule of "if it's not still receiving monthly patches it's automatically out" doesn't seem to always apply.
    The frequent patch cadence on Android and iOS partly results from their continued development and complexity. BB10's code has been static for years, and is far simpler, with better security design.

    There may well be serious hidden vulnerabilities, and certainly the Android Runtime And Browser are critically out of date, but I would have a hard time finding real world scenarios to worry about for a stock configuration with no sensitive information being used in the Browser.

    Z10 = BB10 + VKB > iOS + Android
    10-27-20 01:05 PM
  8. spARTacus's Avatar
    The frequent patch cadence on Android and iOS partly results from their continued development and complexity. BB10's code has been static for years, and is far simpler, with better security design....

    Z10 = BB10 + VKB > iOS + Android
    So crappy security design and rapid development (or maybe just the hard push to just keep releasing) leads to the need for frequent patches, in order for Android and iOS to be secure enough? I realize that's not what you said (more like me interpreting). Almost seems self-fullfilling however, just to keep the industry going. Oh well, I guess that's the world we now live in.
    10-27-20 04:52 PM
  9. spARTacus's Avatar
    ...There may well be serious hidden vulnerabilities, and certainly the Android Runtime And Browser are critically out of date, but I would have a hard time finding real world scenarios to worry about for a stock configuration with no sensitive information being used in the Browser.

    Z10 = BB10 + VKB > iOS + Android
    So don't install any apps that use the Android runtime and don't use the browser, and then the risk seems low to keep using BB10?
    10-27-20 04:55 PM
  10. conite's Avatar
    So don't install any apps that use the Android runtime and don't use the browser, and then the risk seems low to keep using BB10?
    BB10 native apps can harvest just as well as an Android app. But there were so few of them, they were easier to vet properly.
    10-27-20 05:28 PM
  11. conite's Avatar
    So crappy security design and rapid development (or maybe just the hard push to just keep releasing) leads to the need for frequent patches, in order for Android and iOS to be secure enough? I realize that's not what you said (more like me interpreting). Almost seems self-fullfilling however, just to keep the industry going. Oh well, I guess that's the world we now live in.
    Structurally, Android OS is becoming more secure with each letter upgrade. But with over 2.5 billion Android devices in use, it remains a high-value target. Thousands of hackers are tearing through it looking for exploits, and almost as many security experts are doing the same thing. All of this work translates to about 30 vulnerabilities per month that need to be patched, of which between 0 and 2 had made it into the wild.

    BUT after those 30 patches have been published, ALL 30 are now in the wild. It takes almost no time before hackers have a list of 100s of exploits at their fingertips.
    10-27-20 05:35 PM
  12. bb10adopter111's Avatar
    BB10 native apps can harvest just as well as an Android app. But there were so few of them, they were easier to vet properly.
    I mostly agree with Conite above. Realistically, it's pretty hard for me to trust any orphaned apps (and they are mostly all orphaned at this point). It's just impossible to know who currently controls the servers on the other end.

    Having said that, I am perfectly comfortable using something like a guitar-tuning app that accesses the microphone but which doesn't run headless. But I wouldn't use a third party app that for any sensitive data.

    I do trust the apps that BlackBerry developed and provided stock, like Hub and Contacts.

    Z10 = BB10 + VKB > iOS + Android
    10-27-20 06:13 PM
  13. spARTacus's Avatar
    Seems like we're all doomed to be slaved to the self feeding machine, doomed to have to use obscure devices and have limited capability in order to limit exposure, or doomed to face elevated risk.

    Seems bleak.

    Wow.
    10-27-20 06:16 PM
  14. Chuck Finley69's Avatar
    Seems like we're all doomed to be slaved to the self feeding machine, doomed to have to use obscure devices and have limited capability in order to limit exposure, or doomed to face elevated risk.

    Seems bleak.

    Wow.
    BB10 attempted to be part of that machine so we've all been doomed regardless of OS choice
    10-27-20 06:43 PM
  15. conite's Avatar
    Seems like we're all doomed to be slaved to the self feeding machine, doomed to have to use obscure devices and have limited capability in order to limit exposure, or doomed to face elevated risk.

    Seems bleak.

    Wow.
    The alternative is stagnation.
    10-27-20 06:46 PM
  16. bb10adopter111's Avatar
    BB10 attempted to be part of that machine so we've all been doomed regardless of OS choice
    If I'm being honest. What happened to BB10 has turned out to be almost the best possible outcome for me, personally.

    I was never excited about side-loading Android apps, so I'm glad that the Android Runtime has stagnated. And the only apps I regret losing are the cloud storage apps OneDrive for BB10, Box and DropBox.

    In return, I'm thrilled at the near complete lack of feature and total code bloat (except for the worse than useless Amazon App store). My Z10 will be just as snappy in 2021 as it was in 2013, which is unprecedented in mobile phones!

    Similarly, BlackBerry's extensive use of its own first-party core apps and it's clear focus on secure architecture (which was extensively audited and received top-notch certifications back in 2014-15) have given me a lot of confidence that it's not very vulnerable to compromise when used conservatively.

    The HUGE exception to the above is the BlackBerry Browser, which is simply obsolete and should be used VERY conservatively if at all. I really like the feature set on the browser, especially its reader mode, which I prefer to all other mobile browsers I've used, and I miss using it.

    But, all in all, if I'm being selfish, I'm really glad that BlackBerry almost destroyed itself making this little phone that I have been able to use for what will be close to a decade! :-P

    Z10 = BB10 + VKB > iOS + Android
    10-27-20 07:58 PM
  17. Chuck Finley69's Avatar
    If I'm being honest. What happened to BB10 has turned out to be almost the best possible outcome for me, personally.

    I was never excited about side-loading Android apps, so I'm glad that the Android Runtime has stagnated. And the only apps I regret losing are the cloud storage apps OneDrive for BB10, Box and DropBox.

    In return, I'm thrilled at the near complete lack of feature and total code bloat (except for the worse than useless Amazon App store). My Z10 will be just as snappy in 2021 as it was in 2013, which is unprecedented in mobile phones!

    Similarly, BlackBerry's extensive use of its own first-party core apps and it's clear focus on secure architecture (which was extensively audited and received top-notch certifications back in 2014-15) have given me a lot of confidence that it's not very vulnerable to compromise when used conservatively.

    The HUGE exception to the above is the BlackBerry Browser, which is simply obsolete and should be used VERY conservatively if at all. I really like the feature set on the browser, especially its reader mode, which I prefer to all other mobile browsers I've used, and I miss using it.

    But, all in all, if I'm being selfish, I'm really glad that BlackBerry almost destroyed itself making this little phone that I have been able to use for what will be close to a decade! :-P

    Z10 = BB10 + VKB > iOS + Android
    That’s irony of the situation. BB10, if successful becoming mainstream, parallel Android/iOS, commercially successful, it would have the same revenue type sources harvesting data like Android/iOS ecosystems.
    10-27-20 08:20 PM
  18. spARTacus's Avatar
    The alternative is stagnation.
    We've had this discussion before. The opposite of your definition of stagnation is a sucky world in my opinion.Then again, maybe I'm just becoming a grumpy old man.
    10-27-20 09:00 PM
  19. spARTacus's Avatar
    That’s irony of the situation. BB10, if successful becoming mainstream, parallel Android/iOS, commercially successful, it would have the same revenue type sources harvesting data like Android/iOS ecosystems.
    Actually, the irony is probably that BlackBerry couldn't realize they didn't even have a chance to try to pull off the level of required suckyness.
    10-27-20 09:06 PM
  20. spARTacus's Avatar
    ...this little phone that I have been able to use for what will be close to a decade! :-P

    Z10 = BB10 + VKB > iOS + Android
    Indeed quite remarkable. Almost like the escalator.
    10-27-20 09:09 PM
  21. Chuck Finley69's Avatar
    Actually, the irony is probably that BlackBerry couldn't realize they didn't even have a chance to try to pull off the level of required suckyness.
    Well, this new OM device, if ever happens, needs to find something unique but it’s running Android so not sure the secret of success.
    10-27-20 09:32 PM
  22. Troy Tiscareno's Avatar
    It has been exactly 18 months since the last security patch, and AFAIK, nothing bad has happened. Nobody has made an unauthorized purchase, accessed any of my bank or credit card accounts, or posted anything on social media on my behalf. My files on OneDrive, accessible from my phone, have not been encrypted and held for ransom.
    I know of at least 2 people who have had someone "hack" their primary email account - the account that all of their other stuff was tied to - and take it over. Once they had access to the account, they changed the phone number and account recovery information, and now the original owner had no way to get it back. They could then start going to every likely service - Amazon, Walmart, AT&T, Verizon, Netflix, Paypal, etc. etc. etc. and do a password reset and in most cases could take over those accounts as well. Imagine not only finding that you'd lost your email account, but that someone had ordered thousands of dollars worth of stuff from Amazon with your account (and on your credit/debit card), or PayPal, or ordered themselves new phones from Verizon, or whatever else.

    A lot of "regular" people don't seem to realize how important their email accounts are - and haven't put together that their email account serves as a "key" to most of their other online accounts - and so they use simple passwords - and use the same passwords everywhere - and risk losing a big chunk of their lives and money because they don't take security seriously.

    In the same way that your car isn't safe from being stolen just because no one has stolen it yet, your phone isn't secure just because no one has hacked it yet. You've got to treat it like it's important, or chances are, eventually, someone WILL get it, and it will probably be some random day when you're already busy with other important things that you'll realize that stuff isn't working right, and then you'll get that sinking feeling in your stomach...
    spARTacus likes this.
    10-27-20 11:37 PM
  23. bb10adopter111's Avatar
    All critical accounts, and especially email accounts used as a log in, should be protected with multi-factor authentication.

    I take things a step further and use email forwarding and aliases so that every one of my 600+ online accounts uses a different email address and password, together with multi-factor identification for all sensitive accounts.

    Obviously, I'm heavily reliant on my password manager, which is secured by a very complex pass phrase and multi-factor authentication, and which is encrypted and backed up.

    I'm far from invulnerable, but I don't have to worry that one compromised account can be used to compromise another.

    And, generally SIM number SMS should not be used for multi-factor authentication if you have other options. It's relatively easy to execute a SIM swap attack and steal a phone number for a few hours.

    If you must use SIM numbers, a VOIP number like Google Voice is better, but some services, like Facebook, won't accept anything but a SIM number or land line.

    Z10 = BB10 + VKB > iOS + Android
    10-28-20 03:18 AM
  24. spARTacus's Avatar
    Well, this new OM device, if ever happens, needs to find something unique but it’s running Android so not sure the secret of success.
    Seems to me it will be like all other devices nowadays. That is, core to its design will be an underlying fundamental that it will flagged as obsolete and a security risk in 2 years or less.
    10-28-20 06:16 AM
  25. spARTacus's Avatar
    All critical accounts, and especially email...anything but a SIM number or land line.

    Z10 = BB10 + VKB > iOS + Android
    All makes sense to me. Problem is, even you say with all of such you are not invulnerable, and I would guess that maybe only 1 in 1M people (or maybe way less) have an ability to do even some of what you are doing. Things need to change.
    10-28-20 06:20 AM
108 ... 2345

Similar Threads

  1. Battery Wow!
    By wobus in forum BlackBerry KEY2
    Replies: 17
    Last Post: 12-26-19, 05:04 PM
  2. Wow! Passport seems problem free device LOL!!
    By Hrishikesh Jadhav in forum BlackBerry Passport
    Replies: 20
    Last Post: 11-13-19, 12:36 PM
  3. Wow - Anyone read this?
    By sowhoong in forum BlackBerry KEY2
    Replies: 8
    Last Post: 09-25-19, 10:36 AM
  4. Blackberry Support Hotline - Wow!
    By BobH2 in forum General BlackBerry News, Discussion & Rumors
    Replies: 1
    Last Post: 02-12-19, 08:40 AM
  5. wow am I glad I bought a case!
    By Bravestar79 in forum BlackBerry KEY2
    Replies: 1
    Last Post: 01-29-19, 12:49 PM
LINK TO POST COPIED TO CLIPBOARD