[jbraumberger]

I am looking information for our university on virus/malware apps for the Blackberry and here are some of my questions.

Is virus/malware protection necessary on a Blackberry? Why or why not?
If so what available apps are good to use?
Does Blackberry Protect offer any virus/malware protection?

Thanks, that's for now.

[Reed McLay]

Traditional virus are not a issue, but third party application can be an troublesome.

Reciently we learned that Apple was saving plain text location data on the handset. In the investigation that followed, we leaned that many 3rd party apps are doing exaclty the same thing... and you authorized it.

The wall of text licence you "Agree" too, may include access to some personal information. Used in a responsible manor, your gain location specific information and advertising. It is the irresponsible one we have to be concerned about.

[jeffh]

Antivirus software is a pointless waste of money and memory. As Reed noted, you have more to fear from what your legitimate apps may be doing with your ill-informed consent.

[cherimoya]

could someone explain so that my consent will be better informed -- or point me to an explanation of what each possible permission i grant an app allows it to do. i am one of the many consumers with BIS who has no corporation locking my info down, and i have no real understanding of what i'm alllowing if i 'trust' an app. one example: Poynt keeps asking for access to my calendar. what will access to my calendar allow it to do? I understand it will enable it to easily interact with the calendar from within the app, so if poynt finds me an event, it can seemlessly add it my calendar. but does poynt then also get to view everything else on my calendar / in the addy book? it is location enabled, does this mean they know exactly where i am all the time? is there a quick and easy toggle to turn on and off the permissions for an app without rebooting?

[jbraumberger]

So basically you are saying that any anti-virus/malware etc. is useless at the point? Also I mainly have RIM apps with a few exceptions, could you give some tips on what permissions should a user grant third party apps as a best practice. For example why would ESPN need access to personal information. Hopefully your tips will help others as well.

Also any apps that you think if any may need access to user data.

Thanks.

[Italianemperor]

Is there a "Blackberry 101" lecture on user permisions? That would be extremely helpful!

[Jaguarr40]

I have to side with Jeff and Reed as their points are well taken.

I have had my Tour for 2 years trouble free with no concerns at all about Malware or anything else.

[cherimoya]

+1 requesting a Bb 101 session on permissions. Would also be useful going forward to develop some kind of comparative records ie dancing bear app A wants access to address book + this access allows it to do x. Dancing Bear app B wants same permissions, but doesn't offer functionality to match.

[jeffh]

I don't know any reference on permissions. Basically the user has one choice: either enable all the permissions the application requests, or don't use the app. The issue really lies with the developer. He has to decide what permissions his app has to have. And the more permissions he requires, the more likely he is to run afoul of an IT policy or a skeptical user. So he has some incentive not to default to asking for all permissions. To further complicate the issue, a developer may want to use a code module that provides certain standard functions and requires a specific set of permissions. In that case, he may be forced to ask for permissions he doesn't need but his toolkit requires. I experienced that firsthand when an app developed by one of the CrackBerry mods was updated and began requiring a permission that my IT policy would not allow.

Posted from my CrackBerry at wapforums.crackberry.com

[jytvyj]

When talking about user permission and rogue apps, 2 words:

JaredCo Apps

'Nuff said.

Posted from my CrackBerry at wapforums.crackberry.com

[belfastdispatcher]

When talking about user permission and rogue apps, 2 words:

JaredCo Apps

'Nuff said.

Posted from my CrackBerry at wapforums.crackberry.com

I agree, stay away from their apps!

Posted from my CrackBerry at wapforums.crackberry.com

[jeffh]

It's well to warn new users about known problem developers, but that misses the larger point that you are mostly at the mercy of the developer when you agree to install their software on your device. If a permission doesn't seem to make sense, you can refuse to allow it and see if the app still works, but that's about it.

It's never a mistake to let a few hundred early adopters of any new product or OS version find the bugs (or worse) for you.

[cherimoya]

it's very hard to know whether a particular permission "makes sense" without understanding what that permission does and does not enable an app to do / how the app accomplishes what it does.

right now I am evaluating several weather apps on our 2 blackberries. it seems to me that one of them copies its source-weather-websites' radar map with animation and saves it as a gif which it then writes to my files and shows me when i request radar. (why? cause it loads so fast right in the app. and the competing app goes to the web page, where loading/ updating the radar takes a whiiiiii....iiile. AND if i disable file access the app won't open at all. but this doesn't mean i know what i am talking about. nor does it mean that i should then allow all the competing apps that may not accomplish the task in the same way, to also have that permission.

i'd love to know whether file access enables app to copy my private info? edit my documents???? does recording together with file access enable this? what does allowing an app to control my device settings allow it to do?

and if 100 or 500 of us use an app for several months, and are happy with how well it does what we got it for (without noticing nefarious stuff which it may well be accomplishing for the menace who wrote the code), this doesn't prove it's safe to download and use.

how can we determine what's reasonable for the apps to need? 101? please....

re shady developers "everyone knows about" -- I don't know about them. how should I? I dl'd Jared Co weather app this weekend, disliked it relative to others, so uninstalled after a few minutes, but nothing told me it's unsafe/bad news. just didn't make the grade. months ago looked into the ice app, but didn't feel comfortable with all that personal info available on the phone to whoever picks it up -- and if it's password protected, whats the point? plus takes so long to fill out. and then how to back it up? so decided against bothering with it and uninstalled.

so which are the shady companies to avoid?

[Laura Knotek]

See these threads re: Jared Co.

http://forums.crackberry.com/f35/jar...ng-app-552418/

http://forums.crackberry.com/f19/why...r-apps-569582/

[jeffh]

Unfortunately a list of shady companies isn't something you will find published on CrackBerry.com. However, the editorial content on the site is reasonably free of bias, and advertisers are not allowed to pose as regular members to tout their products. Mods typically don't recommend vendors (to avoid the appearance of favoritism, not to mention free advertising), but if you see a mod say a class of products isn't worth your money and memory, you can be sure no one paid us to say it!

You can also look to posts by respected long-time members such as the one above. You can't go by post counts or thanks, since there are users who seriously abuse both.

If I find a "Permissions 101," I'll be sure to post it.

[cherimoya]

1Found & deleted 1 file with the @Jared address under device memory, for ICE.
my spam folder count has been up there. luckily, nothing got through. now i know why. so thanks for the the tip!
2. i recently deleted sscope. it just made me nervous; seemed to open on its own and run in background and kept re-opening when closed it. was no reason to keep it always on, so deleted it instead. anyone know if its malware?
3. Jeffh, thankyou for your advice. wish i could figure out which poster is the respected one, since several posted. i guess omit newbie and go from there.
4. maybe to rephrase the concerns: is it safe to say that in device/memory i should never find *@address.x and if i search for it and find it, delete? what would be a generic search term on bb - will it take *? can i use search function or do i have to manually look as did now? are there other quick and dirty searches I can do to eyeball that all is ok?
5. if i allow an app to access "phone" does that mean it can monitor/record when i press in my credit card info, bank info security etc when i pay over the phone?
6. Y on eart would an app want usb connection?
7. what's the possibility of encouraging developers to state: my app requires permissions x,y, z for basic functioning. if want additional functionality of features a &b, it also requires allowing t, u, v. so that consumer can say "no" to trust the app question, and know what to do when edit app permissions opens next.

[Azensun]

I recall a 'Blackberry 101' type of article here on CB regarding permissions for apps. It taught me a lot about permission 'do's and don'ts' and thankfully,neither I or my constant-companion Torch have ever suffered because of a download. Try searching the site for it, and good luck!

[ekafara]

The only app I am worried about on my phone is Google Maps. I have yet to get rid of it. I have a friend who told me it's not to be trusted. Anyone have some info on this?

Posted from my CrackBerry at wapforums.crackberry.com

[jeffh]

... Jeffh, thank you for your advice. wish i could figure out which poster is the respected one, since several posted. i guess omit newbie and go from there. ...

I was specifically referring to lak611 in this thread. You shouldn't necessarily discount newbies. If the Senior Architect at RIM joined CrackBerry, he/she would start with 0 posts. And there are members who have posted "Welcome to the Forums" 1500 times. One's a newbie; one's a genius.

There may be some help coming on this topic in the near future.

[SCrid2000]

This: http://crackberry.com/blackberry-101...on-permissions

[jeffh]

Just what was needed. Thanks!

[Italianemperor]

This: BlackBerry 101 - Application permissions | CrackBerry.com

A big thank you, this is great info.

[pete101]

i just read this below:

http://www.symantec.com/avcenter/ref...ry.devices.pdf

and i wish i did before i downloaded the facebook for blackberry app from a 3rd party person who loaded it OTA as I needed the older version.

how safe is it to do that?

annoyingly you can only get the latest version of facebook for blackberry app and I wanted the 1 i had before and was unable to get it via desktop manager install (it insists on updating my device software OS which I really don't want)

and if you do suspect you have a malware/worm described above in the link what can you actually do?? is it possible for questionable users to add malicious modules to a legitimate application i.e. facebook?

it's fair enough it saying to mitigate this or that PRIOR to getting a problem but no solution for what to do afterwards.

[Katmandoitall]

When I bought an app through CB using my computer I got the malware from funmoods.com. Second day I've had my bb bold 9900 and I regret every minute of it so far. Thinking of not activating it and sending it back to t-mobile over the experience thus far.

[312Lorden]

The only app I am worried about on my phone is Google Maps. I have yet to get rid of it. I have a friend who told me it's not to be trusted. Anyone have some info on this?

Posted from my CrackBerry at wapforums.crackberry.com

_________

I'd like to find out about this too. How good or reliable is the pre-loaded Bing Map?