- It's fascinating, each time I begin to think the horror stories about Android have come to an end and that Android is perhaps "secure enough" news like these pops up and remind me that most Android versions are a no go.
Going Android is just a bad idea, if you are a security company.
Posted via CB10
But they who's to say that if BlackBerry had 70% of the smartphone market, if "researchers" couldn't find holes in it's security? BBOS turned out not to be a secure as we all taught it was....
My biggest take away from all this, is you need a device that will get regular updates.07-28-15 10:02 AMLike 0 - They question is could that "bug" access a secured container on a device? From a company standpoint if that container remains secured, then the device might be secure enough for them?
But they who's to say that if BlackBerry had 70% of the smartphone market, if "researchers" couldn't find holes in it's security? BBOS turned out not to be a secure as we all taught it was....
My biggest take away from all this, is you need a device that will get regular updates.
Android typically get bad press all 6-8 weeks, BlackBerry maybe all 6-8 months (yes, BlackBerry products or 3rd party products within BlackBerry solutions have security holes, occasionally).
The moment they would start with Android, they will have to deal with the bad press.
You remember Justin Case, the guy who hacked the BlackPhone?
He announced to try BB 10 next just to show that every OS is vulnerable...I am still waiting how things have worked out for him since the announcement (he bought two Z10s, if I remember correctly).
Posted via CB10Dunt Dunt Dunt likes this.07-28-15 10:27 AMLike 1 - DenverRalphyRetired Network Mod
In any case, if BBRY is indeed working on an Android phone, I wouldn't sweat it as they're probably developing it with the next version of Android (Android M) since it will already have the fix in place, and because it's a Security Development Focus version (granular permissions finally being added, OS layer hardening, etc..).07-28-15 11:53 AMLike 0 - i just read it this morning, surprised no one's posted it on CB Yet:
Stagefright: SMS Text Message Can Hack Android Phones
"A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices�that�s 950 million gadgets�exposed to attack. The computer bug, nicknamed �Stagefright� after a vulnerable media library in the operating system�s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on."
they better figure this out first before BBRY can make any custom android os phone. but it's just another reason why i wouldn't touch anything by the way of android, ever.
Posted via CB1007-28-15 02:58 PMLike 0 - Supposedly there's already a fix. What isn't clear are the details of the deployment of the fix. Nexus devices are supposed to be receiving it soon if they haven't already (because Google can push OS updates directly to them). How much Google will have to rely upon carriers to push the updates hasn't been publicly addressed yet, though I imagine it may (probably) be a headache. With any luck, for older devices unlikely to ever see an update from their carriers Google may be able to add something to Google Play Services that intercepts any MMS (or anything containing a video for that matter) message notifications, checks for the exploit, and reject it if it tests positive. Supposedly the exact details of the exploit and the fix will be announced at BlackHat this weekend (at which point Google will probably pay out a bounty).
In any case, if BBRY is indeed working on an Android phone, I wouldn't sweat it as they're probably developing it with the next version of Android (Android M) since it will already have the fix in place, and because it's a Security Development Focus version (granular permissions finally being added, OS layer hardening, etc..).07-28-15 05:56 PMLike 0 -
- DenverRalphyRetired Network ModNope... not good with it. The vulnerability is a very valid concern. However, I was simply responding to a very specific question of which you had asked, with a well reasoned response. As far as "what else is there", well, that's true of any OS be it mobile, desktop, or embedded. BB10 isn't invulnerable either... every OS is vulnerable. It's simply a matter of manpower to find it. Was BB10 immune from Heartbleed? Not so much. And in this particular instance.. it took an entire research team of a well educated think-tank to find the flaw. It's not like script kiddies stumbled blindly upon it. If Google hadn't offered their bounty program, I'd be willing to bet it'd be years before anybody else found it.07-28-15 06:57 PMLike 0
- Nope... not good with it. The vulnerability is a very valid concern. However, I was simply responding to a very specific question of which you had asked, with a well reasoned response. As far as "what else is there", well, that's true of any OS be it mobile, desktop, or embedded. BB10 isn't invulnerable either... every OS is vulnerable. It's simply a matter of manpower to find it. Was BB10 immune from Heartbleed? Not so much. And in this particular instance.. it took an entire research team of a well educated think-tank to find the flaw. It's not like script kiddies stumbled blindly upon it. If Google hadn't offered their bounty program, I'd be willing to bet it'd be years before anybody else found it.
Posted via CB10Last edited by extisis; 07-28-15 at 11:13 PM.
Superdupont 2_0 likes this.07-28-15 07:30 PMLike 1 - Tre LawrenceBetween RealitiesHeartbleed affected many programs, however, this is an-OS specific vulnerability but to no surprise in an open OS. It could have taken a team to find it out, buy one hacker to do them all in. To compare appropriately, BBOS nor BB10 were vulnerable to attack via text msg.
Posted via CB10extisis likes this.07-28-15 07:46 PMLike 1 - DenverRalphyRetired Network ModHeartbleed affected many programs, however, this is an-OS specific vulnerability but to no surprise in an open OS. It could have taken a team to find it out, buy one hacker to do them all in. To compare appropriately, BBOS nor BB10 were vulnerable to attack via text msg.
First... Heartbleed was an attack on a uniform basis that pretty much every OS is built upon. It wasn't OS specific, but it was a very simple demonstration that NO operating system is safe from anybody who's determined to find a flaw. This will continue for as long as operating systems are built.
Second... open OS development has historically proven to be more secure than closed development.
Third... The "stagefright" flaw took over 6 years to be discovered (in the tech world, that's an eon) dating back to Android OS version 2.2. And the biggest reason it was discovered was because of the bounty system Google recently placed to encourage hackers to find any OS flaws. Given enough encouragement (substantial money), any and every OS will be revealed to have flaws that can be exploited.
I'm not discounting the severity of the recently discovered flaw by any means. It's ugly, it's been fixed, and the world will continue to revolve around the sun. Especially when it concerns an exploit that has yet to demonstrate so much as one active practical usage or attack.MO3iusONE likes this.07-28-15 07:48 PMLike 1 - A few things...
First... Heartbleed was an attack on a uniform basis that pretty much every OS is built upon. It wasn't OS specific, but it was a very simple demonstration that NO operating system is safe from anybody who's determined to find a flaw. This will continue for as long as operating systems are built.
Second... open OS development has historically proven to be more secure than closed development.
Third... The "stagefright" flaw took over 6 years to be discovered (in the tech world, that's an eon) dating back to Android OS version 2.2. And the biggest reason it was discovered was because of the bounty system Google recently placed to encourage hackers to find any OS flaws. Given enough encouragement (substantial money), any and every OS will be revealed to have flaws that can be exploited.
I'm not discounting the severity of the recently discovered flaw by any means. It's ugly, it's been fixed, and the world will continue to revolve around the sun. Especially when it concerns an exploit that has yet to demonstrate so much as one active practical usage or attack.07-28-15 10:50 PMLike 0 -
Strip out everything from the Android OS container that the Hypervisor needs to work effectively, and you get BB10.07-29-15 12:27 AMLike 0 - A few things...
First... Heartbleed was an attack on a uniform basis that pretty much every OS is built upon. It wasn't OS specific, but it was a very simple demonstration that NO operating system is safe from anybody who's determined to find a flaw.
Second... open OS development has historically proven to be more secure than closed development.
You are making it sound like every OS has the same number of severe vulnerabilities and is equally vulnerable, but that is not the case.
I have chosen BB 10, because I expect that the number of vulnerabilities is significantly smaller and statistical chances to get hacked are simply low.
With regards to point 2: Well, history is changing dynamically.
Apple's 'goto fail' tells us nothing good about Cupertino's software delivery process | ZDNet
Quote: "Also, this code is open source. Apparently, no one outside Cupertino using it spotted the issue either. So maybe we shouldn't give the Apple developers a hard time for that."
Sounds like a d�j� vu?07-29-15 03:07 AMLike 0 -
Think about how much higher the level of talent is at Microsoft, Apple, and Google in comparison to BlackBerry. Now think about how many exploits have been found in Windows, ios, osx, and android. It's pretty scary thinking of the mistakes BlackBerry software engineers make that aren't known publicly and will never be fixed.
Posted via CB1007-29-15 09:38 AMLike 0 - I remember that as well. I was thinking of tweeting him and asking why he has not provided any updates on that endeavor07-29-15 11:21 AMLike 0
-
- The bounty system is great as it allows exploits to brought out into the open and fixed. How many unknown exploits exist in bb10? Who knows but since BlackBerry doesn't have a bounty in place they won't ever be fixed until the hack is made public, but by then the damage is already done.
Think about how much higher the level of talent is at Microsoft, Apple, and Google in comparison to BlackBerry. Now think about how many exploits have been found in Windows, ios, osx, and android. It's pretty scary thinking of the mistakes BlackBerry software engineers make that aren't known publicly and will never be fixed.
Posted via CB10
Not every entity is on the same playing field.
Posted via CB1007-29-15 03:59 PMLike 0 - You're right. Some have a global market presence and some don't.
Sent from my Nexus 7 using Tapatalkextisis and Fidel Mercado like this.07-29-15 04:57 PMLike 2 - Yes, you need to meet OHA guidelines to have Google Play Services.
To meet OHA rules (among other things) a non-forked version of Android must be the base OS, it must say "powered by Android" on the boot screen, it must have many of the Google Apps pre-installed, it must have the Google Play Store as the default and primary app store, and it must pass a series of compatibility checks.
The differentiation would be a dedicated bb10 launcher (skin) with a bb10 app suite. This could still be quite significant if done well. The HUB would be a huge distinction.
Z30STA100-5/10.3.2.2339
Posted via CB1007-29-15 09:09 PMLike 0 -
Z30STA100-5/10.3.2.233907-29-15 09:33 PMLike 0 -
- Forum
- Android BlackBerry Phones & OS
- BlackBerry Priv
Evidence of a secure Android
Similar Threads
-
Where is BlackBerry response to iOS9, Windows 10, Android M?
By gilbertgk in forum BlackBerry 10 OSReplies: 67Last Post: 08-14-15, 05:46 AM -
(PENDING) End of July blowout - Q10 bundle!!
By bunky1971 in forum Buy, Sell, Trade - Sold / ArchivedReplies: 10Last Post: 08-13-15, 06:56 PM -
Pics of BlackBerry slider, and it's NOT running BB10! (Humour)
By higherdestiny in forum Rehab & Off-Topic LoungeReplies: 20Last Post: 07-31-15, 10:20 PM -
Weird Android App experience
By duckshooter in forum General BlackBerry News, Discussion & RumorsReplies: 5Last Post: 07-31-15, 12:40 AM -
I changed devices and some of my apps will no longer work.
By Henry Traylor in forum Ask a QuestionReplies: 2Last Post: 07-30-15, 08:48 PM
LINK TO POST COPIED TO CLIPBOARD