1. memetic's Avatar
    Does anyone have any leads on anything in development? I would be willing to beta test something. I just feel incredibly naked without some type of real firewall on my BB. Especially after reading countless EULAs and Terms & Conditions stating they can (and will) use my info as they please.

    I don't want any of my apps contacting home base for any reason other than when and what I want. I use COMODO firewall on my laptop, kerio, zonealarm, and something else on other machines. I really want to get something on my phone ASAP.
    04-01-10 10:27 AM
  2. devGOD's Avatar
    the blackberry is pretty secure device, nothing to worry about especially if you're not a high profile person. as for app developers contacting usually they never see your email address unless they you're contacting them directly
    04-01-10 10:34 AM
  3. memetic's Avatar
    the blackberry is pretty secure device, nothing to worry about especially if you're not a high profile person. as for app developers contacting usually they never see your email address unless they you're contacting them directly
    So, any of these apps I install can't see any of the information on my phone? And there is no way for them to transfer info about what is on my phone to somewhere not on my phone?
    04-01-10 10:37 AM
  4. devGOD's Avatar
    So, any of these apps I install can't see any of the information on my phone? And there is no way for them to transfer info about what is on my phone to somewhere not on my phone?
    no they can't unless the app you're installing is designed to do that. When an app is installed you can view/set the Permissions that allows what the app will have access to on your BB. Also if the app requires connection to the net as long as you select BIS or BES you're completely safe cause all of blackberry traffic is filtered through firewalls and bb servers.
    04-01-10 10:46 AM
  5. memetic's Avatar
    When an app is installed you can view/set the Permissions that allows what the app will have access to on your BB.
    Where can I read more about this? I have a 9700.

    Also, I am not on a BES or anything else -- i am connected straight to the internet, except when I am home and I have the protection of a router w/ firewall.

    edit: Oh Yeah, Thanks A Lot.
    04-01-10 10:58 AM
  6. F0nage's Avatar
    Does anyone have any leads on anything in development? I would be willing to beta test something. I just feel incredibly naked without some type of real firewall on my BB. Especially after reading countless EULAs and Terms & Conditions stating they can (and will) use my info as they please.

    I don't want any of my apps contacting home base for any reason other than when and what I want. I use COMODO firewall on my laptop, kerio, zonealarm, and something else on other machines. I really want to get something on my phone ASAP.
    This is going to be more and more necessary, especially given the fact that normally people allow all permissions which gives them a blank check on your phone. I know this because I go over my permissions when installing any app and most popular apps fail with java.lang or other errors as soon as you don't allow ALL. The code quality is ****e and prime for exploits. For example more and more apps are using your location info. Turn off that permission the next time you install a new app and watch it (or your phone) crash the next time you reboot. I actually had one well-known app crash my phone. That should never be allowed to happen. There should not be anything any app can do to crash the OS. There is some big-time redesign necessary before anybody can take claims of device security safely.

    The BB is not that secure out of the box and they don't help with the fact they don't document exactly which APIs use which permissions. Malignant code may not necessarily be able to damage your phone, it seems pretty obvious there are plenty of exposures.

    But even if you had an application firewall how could you tell the difference between an app shipping data it was authorized for and not data it was not authorized for. You're never going to see that level of control partly because BB's application permissions are a mess and partly because nobody thought about these issues when designing the system. The BB infrastructure itself may be secure but that's as far as it goes. You have to trust the app supplier, and RIM doesn't stand behind the apps on App World. You're pretty much on your own.
    Last edited by F0nage; 04-01-10 at 12:25 PM.
    04-01-10 12:20 PM
  7. memetic's Avatar
    For example more and more apps are using your location info. Turn off that permission the next time you install a new app and watch it (or your phone) crash the next time you reboot. I actually had one well-known app crash my phone. That should never be allowed to happen. There should not be anything any app can do to crash the OS. There is some big-time redesign necessary before anybody can take claims of device security safely.
    Exactly. I posted somewhere else that I am one hair away from yanking the GPS antenna and simply using a standalone GPS that no one can use to track my location (for any reason).

    The BB is not that secure out of the box and they don't help with the fact they don't document exactly which APIs use which permissions. Malignant code may not necessarily be able to damage your phone, it seems pretty obvious there are plenty of exposures.
    I know. I spent the first week setting up my security and I was surprised (well maybe no) at how many people didn't know answers to basic security questions. I want FULL control of which APIs use which permissions, how, when, why, what... what contacts who, when, why, where and the ability to shut it all down.


    But even if you had an application firewall how could you tell the difference between an app shipping data it was authorized for and not data it was not authorized for. You're never going to see that level of control partly because BB's application permissions are a mess and partly because nobody thought about these issues when designing the system. The BB infrastructure itself may be secure but that's as far as it goes. You have to trust the app supplier, and RIM doesn't stand behind the apps on App World. You're pretty much on your own.
    That is exactly why I posted this question. If someone tried using the same security argument about my computer as they do a BB I would ****e myself laughing. I knew I wasn't alone.

    But, I don't see any reason why an intelligent person(s) couldn't write a safe and secure firewall that can run on the BB -- they did it for Windows. Sure, you would have to trust them, but I trust my COMODO firewall and ZoneAlarm and Kerio.

    So, when can we get a decent firewall? I am willing to work for free to help.

    Thanks
    04-01-10 01:34 PM
  8. F0nage's Avatar
    I don't think it's likely to happen for a few reasons. People are basically apathetic about security. Look at the low adoption of email encryption even when a company as bad as Microshag made it pathetically easy to use. Any copy of Outlook or even Outlook Express supports it. How many people do you know using it?

    The application firewalls for Windows make BIG money because there are zillions and zillions of people who don't know the difference between A/V (not necessary) and firewalls and don't even know Windows has a built in firewall. Ok it doesn't offer the functions an application firewall does but how many people even get that far?

    People have been brainwashed into believing that BB is secure by default. That hasn't been my experience. The OS and infrastructure do offer many important features that help security but they also have many significant exposures and design issues. It may be that a good BES admin can lock down his network but people on BIS don't have the tools to make a secure platform.

    Without educated consumers there isn't any hope that people will even understand the issues much less demand they be addressed.

    Your best hope is to find somebody who can code this who always has an interest in using it for himself. I wish you good luck, I think it would be an important app and I would be willing to pay for it. Maybe try emailing some devs who write products you like.

    An application firewall is important but it is not a silver bullet. An app that needs permissions can still abuse them without you knowing it, and some apps may crash or crash your phone if they don't get the permissions they need.
    04-03-10 02:51 PM
  9. kjjb0204's Avatar
    Companies won't spend millions of dollars designing an app for which, as of yet, has not proven necessary.

    Posted from my CrackBerry at wapforums.crackberry.com
    04-03-10 03:10 PM
  10. F0nage's Avatar
    Companies won't spend millions of dollars designing an app for which, as of yet, has not proven necessary.

    Posted from my CrackBerry at wapforums.crackberry.com
    Sounds like a reasonable assumption but it doesn't cost millions of dollars to design phone apps and individuals can write them in their spare time. You don't need companies to do it.
    04-05-10 02:18 PM
  11. kjjb0204's Avatar
    Sounds like a reasonable assumption but it doesn't cost millions of dollars to design phone apps and individuals can write them in their spare time. You don't need companies to do it.
    The thing about AV and firewalls is that they constantly need updated to protect against the newest threats. And the developer needs to be in tune with current malware and stay on top of latest definitions. It's complexity and constant demand for updating will keep out most developers.
    04-05-10 05:02 PM
  12. i7guy's Avatar
    Don't install apps. Disable your GPS. Don't keep sensitive information on the phone. It's not google, verizon or other large vendors I'm worried about. But you have to decide who you can trust. Like a real Windows PC.

    Posted from my CrackBerry at wapforums.crackberry.com
    04-05-10 09:30 PM
  13. F0nage's Avatar
    The thing about AV and firewalls is that they constantly need updated to protect against the newest threats. And the developer needs to be in tune with current malware and stay on top of latest definitions. It's complexity and constant demand for updating will keep out most developers.
    A software firewall is not AV and doesn't need to be constantly updated. All it has to do is deny everything and allow you to create rules where you can selectively open it up.
    04-06-10 08:04 AM
  14. FF22's Avatar
    I raised some of these issues a while ago and as noted, most are pretty complacent about this issue. I have no idea if the (trying to stay generic and not name any particular app as guilty of anything wrong) my weather app is sending other data from my phone when it is contacting its HOME. I have no idea if one of the 3rd party gps programs is shipping data as well as my location. As indicated, I have attempted to try limiting some permissions for programs where it does not seem that they need access to data, phone, internet, whatever, and then they will not run.

    In other words, if you want to run 3rd party apps, you are inviting "strangers" into your phone and your world. Or you just use the basic programs and lose the fun of a smart or too smart phone.
    04-06-10 08:42 AM
LINK TO POST COPIED TO CLIPBOARD