10-16-20 05:33 PM
52 123
tools
  1. pandemicbold's Avatar
    Wow did I miss the keyone silver. I have not used this phone in a few years but i just picked one up an hour ago and this phone is basically mint. Box was opened once and device used maybe twice before the owner used a iphone for work. Just picking this device up even in 2020 it feels like a workhorse. I always preferred the keyone to key 2 specifically for the keyboard. The specs and storage don't mean anything to me this is literally for work purposes and I am just loving it so far. This is a fantastic device that will suit my needs for the next 9 months or so until the new blackberry comes out.
    mh1983, bh7171 and whatnow00 like this.
    10-07-20 12:10 PM
  2. Byrese's Avatar
    Wow did I miss the keyone silver. I have not used this phone in a few years but i just picked one up an hour ago and this phone is basically mint. Box was opened once and device used maybe twice before the owner used a iphone for work. Just picking this device up even in 2020 it feels like a workhorse. I always preferred the keyone to key 2 specifically for the keyboard. The specs and storage don't mean anything to me this is literally for work purposes and I am just loving it so far. This is a fantastic device that will suit my needs for the next 9 months or so until the new blackberry comes out.
    Yeah. I've got the BLE. It's a beast! Congrats
    10-07-20 12:58 PM
  3. pandemicbold's Avatar
    yeah I use to own that as well. I wouldn't have minded getting that but asking price is beyond ridiculous here in Canada..
    10-07-20 01:19 PM
  4. conite's Avatar
    yeah I use to own that as well. I wouldn't have minded getting that but asking price is beyond ridiculous here in Canada..
    Just be careful. You have a device that is hopelessly behind on security patches - which are vital to keeping Android safe to use.

    Personally, I don't touch a device if more than 3 months have passed since the last patch - it's been 18 months for the KEYᵒⁿᵉ.
    10-07-20 02:59 PM
  5. the_boon's Avatar
    Personally, I don't touch a device if more than 3 months have passed since the last patch - it's been 18 months for the KEYᵒⁿᵉ.
    Sold your KEY2 yet?
    10-07-20 02:59 PM
  6. conite's Avatar
    Sold your KEY2 yet?
    No. I keep it as a Wi-Fi hobby phone.

    It's pretty stripped-down.
    10-07-20 03:07 PM
  7. the_boon's Avatar
    Personally, I don't touch a device if more than 3 months have passed since the last patch
    No. I keep it as a Wi-Fi hobby phone.

    It's pretty stripped-down.
    But you don't ever touch it right? I mean it is what you said above...
    10-07-20 03:20 PM
  8. conite's Avatar
    But you don't ever touch it right? I mean it is what you said above...
    You know what I mean. Don't be silly.

    Not a primary device. Not loaded with anything other than Tapatalk, some E2E chat apps, and some news feeds.
    10-07-20 03:23 PM
  9. pandemicbold's Avatar
    Just be careful. You have a device that is hopelessly behind on security patches - which are vital to keeping Android safe to use.

    Personally, I don't touch a device if more than 3 months have passed since the last patch - it's been 18 months for the KEYᵒⁿᵉ.
    That doesn't worry me to be honest..
    the_boon likes this.
    10-07-20 03:26 PM
  10. conite's Avatar
    That doesn't worry me to be honest..
    You can decide that it's worth the risk, but you SHOULD be worried and govern yourself accordingly.
    10-07-20 03:28 PM
  11. pandemicbold's Avatar
    You can decide that it's worth the risk, but you SHOULD be worried and govern yourself accordingly.
    Yeah I'm okay I don't lead that interesting of a life lol
    10-07-20 03:42 PM
  12. the_boon's Avatar
    You know what I mean. Don't be silly.

    Not a primary device. Not loaded with anything other than Tapatalk, some E2E chat apps, and some news feeds.
    You really don't trust it for anything beyond chat apps and news?
    10-07-20 08:41 PM
  13. conite's Avatar
    You really don't trust it for anything beyond chat apps and news?
    I really don't. But, to be fair, the same goes for any other device too.
    10-07-20 08:42 PM
  14. the_boon's Avatar
    I really don't. But, to be fair, the same goes for any other device too.
    So much for the added security of BBAndroid
    elfabio80 and whatnow00 like this.
    10-07-20 08:46 PM
  15. conite's Avatar
    So much for the added security of BBAndroid
    BlackBerry Android hardened OREO.

    But with respect to patches, we're discussing different attack vectors for the most part.
    10-07-20 09:09 PM
  16. the_boon's Avatar
    BlackBerry Android hardened OREO.

    But with respect to patches, we're discussing different attack vectors for the most part.
    Okay, and if it were a vanilla Android device on Oreo, would you treat it any differently? Would you actually not touch it?

    Because if you'd trust the above with the same chat and news apps but nothing beyond that (which is the case for your KEY2) then that effectively means that you don't value BBAndroid's hardening in the slightest.
    10-08-20 06:56 AM
  17. conite's Avatar
    Okay, and if it were a vanilla Android device on Oreo, would you treat it any differently? Would you actually not touch it?

    Because if you'd trust the above with the same chat and news apps but nothing beyond that (which is the case for your KEY2) then that effectively means that you don't value BBAndroid's hardening in the slightest.
    The security improvements that BlackBerry made to Android 5 to 8.1 dealt mostly with protecting against achieving a persistent root.

    This is meaningful for sure, but it is a different attack vector.

    Patches are still necessary either way.

    In terms of security, I would take a patched BlackBerry Android Oreo device over a patched vanilla Android device. But I would take neither if they aren't receiving patches.
    10-08-20 07:01 AM
  18. the_boon's Avatar
    The security improvements that BlackBerry made to Android 5 to 8.1 dealt mostly with protecting against achieving a persistent root.

    This is meaningful for sure, but it is a different attack vector.

    Patches are still necessary either way.

    In terms of security, I would take a patched BlackBerry Android Oreo device over a patched vanilla Android device. But I would take neither if they aren't receiving patches.
    Okay but that wasn't my question. If for example you were given some Android phone which stopped at Android 8 Oreo. Would you only load the same apps as you did to your retired KEY2? If yes, that kind of means BBAndroid doesn't really have any additional value to you.

    Is BBAndroid really only good for root attacks? Because their hardening sure seems to be resource demanding for something that's only good for stopping root attacks after patches end.
    10-08-20 07:07 AM
  19. conite's Avatar
    Okay but that wasn't my question. If for example you were given some Android phone which stopped at Android 8 Oreo. Would you only load the same apps as you did to your retired KEY2? If yes, that kind of means BBAndroid doesn't really have any additional value to you.

    Is BBAndroid really only good for root attacks? Because their hardening sure seems to be resource demanding for something that's only good for stopping root attacks after patches end.
    If unpatched, I would treat them both the same.

    From BlackBerry:

    "Each month Google releases to BlackBerry and other Android OEMs a security bulletin containing a list of recently discovered Android vulnerabilities. Approximately one month later, Google exposes these in the public domain, so it is critical that BlackBerry release software in advance of public disclosure."

    BlackBerry used the word "critical".
    10-08-20 07:10 AM
  20. the_boon's Avatar
    If unpatched, I would treat them both the same.

    From BlackBerry:

    "Each month Google releases to BlackBerry and other Android OEMs a security bulletin containing a list of recently discovered Android vulnerabilities. Approximately one month later, Google exposes these in the public domain, so it is critical that BlackBerry release software in advance of public disclosure."

    BlackBerry used the word "critical".
    In other words, BlackBerry has done us a disservice by locking down the bootloader which prevents enthusiasts from loading custom ROMs or even just fonts (such as BB10's slate pro), while not giving true security benefits in the process. Great.
    whatnow00 likes this.
    10-08-20 07:12 AM
  21. conite's Avatar
    In other words, BlackBerry has done us a disservice by locking down the bootloader which prevents enthusiasts from loading custom ROMs or even just fonts (such as BB10's slate pro), while not giving true security benefits in the process. Great.
    Well, even loading a custom OS won't get you additional security updates.

    BlackBerry Android DID provide added security benefits, but it's part of a package. Security patches are still a critical component to that package.

    On the separate topic of being able to unlock the bootloader, I would say the Knox efuse solution is better as it allows users to load their own OS if they wish without compromising the company's EMM solution.
    10-08-20 07:20 AM
  22. Chuck Finley69's Avatar
    In other words, BlackBerry has done us a disservice by locking down the bootloader which prevents enthusiasts from loading custom ROMs or even just fonts (such as BB10's slate pro), while not giving true security benefits in the process. Great.
    When the Android or BBAndroid devices were currently under support, I'd favor a BBAndroid device for the locked bootloader. Once security patches stopped for a BBAndroid or Android device, from the security patch vector, both devices were basically equal. At that point, since the Android would be aging, from a Enterprise vendor standpoint, current version or previous version (X-1) then it's time for a new phone if that's requirement from employer or contract.
    10-08-20 07:29 AM
  23. Chuck Finley69's Avatar
    That doesn't worry me to be honest..
    But will it worry your employer if you expose any of their information or client information? Is this a real type career job where you're held responsible for best practices type behavior from privacy and security perspective?
    10-08-20 07:34 AM
  24. bb10adopter111's Avatar
    You really don't trust it for anything beyond chat apps and news?
    I trust my KEYone for several personal things beyond what Conite does, but I definitely consider it to be less secure and don't use it for client data anymore. I've removed my work email accounts and only use it for personal organization, writing, etc.

    Risk = likelihood/frequency of an incident x the impact

    The likelihood of an unpatched Android device being compromised is low, but it's greater than the likelihood of a patched device being compromised.

    But it's easy to reduce the risk by reducing the impact, which is what I've done.

    Z10 = BB10 + VKB > iOS + Android
    10-08-20 09:34 AM
  25. mh1983's Avatar
    Well, even loading a custom OS won't get you additional security updates.
    Sure it would, provided the custom rom dev(s) included them.


    Posted via CB10
    10-08-20 10:25 AM
52 123

Similar Threads

  1. Battery Wow!
    By wobus in forum BlackBerry KEY2
    Replies: 17
    Last Post: 12-26-19, 05:04 PM
  2. Wow! Passport seems problem free device LOL!!
    By Hrishikesh Jadhav in forum BlackBerry Passport
    Replies: 20
    Last Post: 11-13-19, 12:36 PM
  3. Wow - Anyone read this?
    By sowhoong in forum BlackBerry KEY2
    Replies: 8
    Last Post: 09-25-19, 10:36 AM
  4. Blackberry Support Hotline - Wow!
    By BobH2 in forum General BlackBerry News, Discussion & Rumors
    Replies: 1
    Last Post: 02-12-19, 08:40 AM
  5. wow am I glad I bought a case!
    By Bravestar79 in forum BlackBerry KEY2
    Replies: 1
    Last Post: 01-29-19, 12:49 PM
LINK TO POST COPIED TO CLIPBOARD