[bb.pl]

Does sideloading apps make your playbook vulnerable?
Is it different from installing untrusted software on your computer?
Are there any other pitfalls like having problems with OTA playbook software updates like people have had who had installed beta and side loaded apps etc.

[dbmalloy]

A number of users have reported slower Playbooks after doing the last OS2 update.... Usually wiping the Playbook does the trio....

As to the dangers of sideloading apps... that is currently untested area... I honestly do not know how android apps could couse issues as my understanding of it is the Android is a player not a virtual machine.... Would need someone with more knowledge of the OS to answer that question....

[BuzzStarField]

Your questions are hypothetical and too generalized to answer definitively. It depends on what is being sideloaded and by whom. I sideload my own app all the time while I am testing it and there is absolutely no danger. If you self-sign some random Android app and load it onto your device, you could get yourself in difficulty (but perhaps not).

[bb.pl]

Your questions are hypothetical and to0 generalized to answer definitively. It depends on what is being sideloaded and by whom. I sideload my own app all the time while I am testing it and there is absolutely no danger. If you self-sign some random Android app and load it onto your device, you could get yourself in difficulty (but perhaps not).

Thank you...I guess that means I will not be sideloading stuff random people post.
It's not worth it to open up my playbook as I use it for a lot of banking and credit cards websites, passwords etc.

[BuzzStarField]

Thank you...I guess that means I will not be sideloading stuff random people post.
It's not worth it to open up my playbook as I use it for a lot of banking and credit cards websites, passwords etc.

Unless your device is rooted and you hand it over to hacker, it's unlikely that an app that has been sideloaded could steal passwords or compromise your contacts or email. APIs that could facilitate key-logging, or looking at your contacts and suchn like do not currently exist (although some may be available soon).

The PlayBook, like any other device, is subject to security breaches, Ultimately, the user has to decide how much risk is too much risk. If you are the paranoid type, just browsing the internet, or opening an app that has access to the internet could be perceived as "dangerous". Although if you are that worried about your security, you probably should't be using computers, telephones, ATMs, credit cards or any modern convenience. And you certainly shouldn't be doing any online banking, from your cave in the wilderness either!

[peter9477]

The only real difference between a side-loaded app and one installed from App World is that RIM hasn't "vetted" the side-loaded app in any way.

To the extent that you trust RIM's undefined "testing" (which seems focused on copyright violations and security to some degree, but not on functionality), the App World app may be more trustworthy. If you feel you can trust the developer, however, then the side-loaded app is fine.

All apps, whether side-loaded or from App World, are equally well protected from each other, prevented from accessing things they should not, and restricted by the permissions you grant or deny them.

Any app may access the network without permission (currently). They may not access the shared folders without permission, nor your camera, GPS, BBID, serial number or PIN, or a few other things. On the other hand, once you've granted an app one of those permissions, it could be sending any or all of that info out to the network without you realizing, so long as you have a network connection.

Basically, the entire system security of the PlayBook applies as much to a side-loaded app as it does to those from App World. The only real difference is that whatever peace of mind it gives you to know that RIM at least glanced at it, and has an email address for the developer and believes they know his/her/its identity.

Until they give us a more detailed description of the nature of their checking, I don't personally give it much credit for protecting us. I refrain from installing apps that look like they come from flaky vendors, and I carefully deny certain permissions for new apps that I'm not comfortable with yet. Blindly clicking "Grant" on all permissions for an app is equally unwise, whether side-loaded or from App World.

[FF22]

So, sideloading a Password app where you enter your account number, bank, userid and password and allowing it to have access to the internet could mean you are shipping your info to WHOMEVER????? But who knows that rim has appropriately vetted a similar app available in appworld!

I am stomping on my router as we speak!

[bb.pl]

The only real difference between a side-loaded app and one installed from App World is that RIM hasn't "vetted" the side-loaded app in any way.app one of those permissions, it could be sending any or all of that info out to the network without you realizing, so long as you have a network connection.

I am not a fan of RIM by any means (and really unsatisfied of buying a playbook when it was 500-700 and waiting a year to see close to zero useful android apps in appworld) but atleast so far I haven't seen or heard of any issues with any of RIMs 'vetted' apps compromising or having any security breach. Therefore I will keep on trusting. Rims browser rather than using .Bar for a browser and what knows and who knows what they will do.
Better safe than sorry. I would rather spent a couple hundred bucks than compromise security by using random sideloaded apps since I really don't have more than a username for the developer or a random link for the bar files.

[omniusovermind]

I'm more concerned about the two links in my sig right now. Those don't just apply to side loading but this android player we now have in general.

[peter9477]

... at least so far I haven't seen or heard of any issues with any of RIMs 'vetted' apps compromising or having any security breach. Therefore I will keep on trusting. Rims browser rather than using .Bar for a browser and what knows and who knows what they will do.

Note that the reason to trust RIM's "vetted" apps is the same reason you can trust random sideloaded apps about as much: the security is integral to the PlayBook, not to RIM's vetting/testing process.

Here's probably the only reason I think I'd trust the App World app more than the sideloaded one: the random sideloaded one doesn't have an identifiable vendor behind it who has in the back of his mind the possibility of legal action from RIM if he damages their brand by trying to violate their users' privacy or steal their data.

[BuzzStarField]

@Peter9477
Just curious - Do you know if RIM can trace the digital signature used to sign a "random" destructive bar back to an identifiable culprit (assuming that the credit card submitted when the signature was downloaded is verified and traceable)?

And if not, what exactly is the purpose of the digital signature? It certainly doesn't protect intellectual property rights.

[z1nsane]

More specific question about the security issue: is it as safe as a native app to login with ebay or PayPal credentials using an Android sideloaded app as a native app from Appworld. TIA.

[SifJar]

More specific question about the security issue: is it as safe as a native app to login with ebay or PayPal credentials using an Android sideloaded app as a native app from Appworld. TIA.

In both cases, it depends completely on the app in question. So yes, it is "as safe", but that does not mean that either is necessarily safe.

Simply being a sideloaded Android app does not automatically make it more or less safe.

[rotorwrench]

I've already mentioned this in another post, but security and vulnerability aside, over the last several months reading posts and researching this forum as well as other BB forums, there appears to be a disproportionate number of PBs that have been sideloaded, wiped, and had problem updates that end up with more issues and problems than PBs that are free of sideloads, betas, no wipes and had trouble free updates.

I know it's a general observation, yet it's there and very telling. Therefore I have stayed away from those actions and always performed my updates under ideal conditions. Correspondingly, I have had a troublefree PB so far. No software, battery, wifi, network, email, camera, video, etc.....problems.

I have no evidence of my theory, but I do know that so far the majority of problems I see here appear to be on PBs that have had a problematic update, been wiped, loaded betas and been sideloaded. This all based on comments from the posters with problems.
I haven't gone so far as to try and isolate which of the afore mentioned actions are the most likely culprits, but they individually have been present with a reported problem. Possibly pure coincidence, but I don't think so.

Just my observations and opinion. Not trying to start a debate, just food for thought.

[SifJar]

I've had no problems with my PB doing updates and I have a fair few sideloaded Android app and am currently on the 2.1 beta. What you have noticed is people who don't know what they're doing sideloading or installing betas etc. and having problems with updating. With a very little bit of research and understanding, you can avoid any problems.

[FF22]

My Battery PLUNGE issue with using Manual Sync on NATIVE email had nothing to do with sideloaded apps and at that point I did not use Android apps. It was and is a bug in the rim OS or native app.

The fact that DM could not backup my pb had nothing to do with sideloaded apps. It was an issue with DM.

I now do have sideloaded apps and android sideloaded apps. They do tend to freeze after I've run them but they do not appear to affect any other aspect of my pb.

But the original subject remains somewhat ambiguous - the main thrust was security which I interpret to be vulnerability to hacking or stealing passwords or email account ifno. But there is the stability concept of vulnerability, too. ANY app could jeopardize either. I wish we had more specific permission control like we do on the bb phones over what an app can access.