1. Maestrodog's Avatar
    We need to keep track of this topic.

    Just posted a number of resources in the Socialscope thread, but here's a good summary from here HTML5 Security in a Nutshell:

    Q: Isn’t this whole thing overblown, since BlackBerry users can set permissions for each app they install?

    The BlackBerry OS does provide granular controls for application permissions that are configurable by the user. Access to connections, interactions, and user data are split into about 20 categories, each of which can be set to Allow, Deny, or Prompt. The problem is that most users don’t take advantage of these features. According to a Trend Micro survey of 1,016 U.S. smartphone users in June 2009, only 23% of smartphone owners use the security software installed on the devices. During a webinar we held earlier today, we posed this question to attendees: “Do you enable application level security for each application on your BlackBerry device?” Only 15% of attendees answered yes, and that’s for a technical audience. I’d assume the number would be well below 15% across a representative sampling of BlackBerry users.

    The other misconception around application permissions is that you’ll always be prompted before the application can access any user data. In reality, the DEFAULT application permissions in both the 4.x and 5.0 BlackBerry OS allow third-party applications to access emails, organizer data (contacts, etc.), files, device settings, media, and many other categories without prompting. Tyler’s slide deck provides a complete listing of default permissions for third-party apps.

    Now, the defaults are already pretty loose, but the OS is even more permissive for applications that have been granted “trusted” status. At installation time, the user is asked “Is this a trusted application?” and if they answer “Yes”, the application is given even greater freedom to access phone connections, location data, the Internet, and more, without further prompting. Users don’t think twice about granting trusted access because they hate being inconvenienced by prompts every time the app wants to do something. How does a user know whether or not it’s safe to give an application trusted status?

    Here's more of the best background I've found:

    Is Your BlackBerry Your Best Friend And Your Spy?

    Is Your BlackBerry Your Best Friend And Your Spy? Security Study And Your BlackBerry | BlackBerrySync.com - BlackBerry News and Reviews

    Pay particular attention to the links such as this one:

    Exclusive: SMobile Systems Concerns About The iPad, Mobile, Security And You | BlackBerrySync.com - BlackBerry News and Reviews

    This is also essential

    Is Your Blackberry App Spying On You?

    Is Your BlackBerry App Spying on You?

    Be sure to access the full slides presentation and pay attention to the 3rd party apps permissions grid on slides 25-27.
    05-26-10 02:33 PM