[scorpio001]

Hey all

Just wondering how secure is Priv over other Android phones from a security perspective?

And how does DTEK work in securing the Priv from malware or infected apps?

In other words "why should I feel safer in using the Priv?"

Any links out there that give detail reviews on this area?

Thanks.

[senectus]

Probably slightly better than the nexus.

Its not rootable yet (may not ever be), it gets security updates faster than any other android phone with the exception of the Nexus.

DTEK is really just doing an analysis of software config and the rights given to them.... not much more than that really, and once Marshmallow hits this will make it even better.
This is better than any other android in that none of them will really give you this feedback... and its important to remember that security is a process not a state. so give the like clockwork regular updates and the ability to analyse regularly your state of affairs... this is really the security selling point in a nutshell. (it probably helps that Blackberry have a great pedigree for security and their manufacturing facilities are fair well trusted)

[jm1219]

More secure than anything besides the Nexus devices.

[senectus]

More secure than anything besides the Nexus devices.

just out of interest, what makes you rate the nexus higher than the Priv?

[ssbtech]

The advantages of BlackBerry security are primarily centered around physical access to the phone and how easily the device can be hacked if it falls into the wrong hands.

On an app level, the moment the user grants an app access to files, photos, camera, etc... a BlackBerry is no better at safeguarding your data than any other device.

As soon as you link cloud accounts (Gmail, Outlook, etc...) to your device, your data is only as safe as it is on the Google/Microsoft servers.

If you happen to unknowingly connect to a "Stingray" surveillance device, your conversations aren't any more secure than any other phone.

[EG8196]

which one is more secure?
Blackphone or Priv

[senectus]

which one is more secure?
Blackphone or Priv

again, security is a process not a state.

but blackphone lets you do a great deal less, for the price of a slightly stronger starting point security wise.

and yes, it will help a LOT more around stingray intercepts. but it also costs a **** load more and wont let you do a lot more than make and receive calls.

[senectus]

incidentally, Secure calling and messaging is pretty good with https://play.google.com/store/apps/d...rime.securesms <==Signal on the Priv. (providing the people you're conversing with a signal users as well.

And, its free :-P

[jm1219]

just out of interest, what makes you rate the nexus higher than the Priv?

Most up to date software has the most recent security patches and security features. The software on nexus devices is all Google and they have a lot more money to throw at software engineers working on security than BlackBerry ever will. A few prominent names in the cybersecurity industry have pointed out the lack of true effect in BlackBerry's "hardening of the Linux kernel", etc. Whenever a new version of Android comes out, BlackBerry will always be months behind like they are now.

I have no doubt BB10 was more secure because it was proprietary, closed source, and only used by them. As far as Android goes though, there's nothing effective that they're doing or going to that Google couldn't or wouldn't. They will always be a bit behind Google on security features from new versions because Google makes the OS, not BlackBerry.

[senectus]

Most up to date software has the most recent security patches and security features.

The weird/interesting thing about nexus is that it was never really meant to be a consumer device, it was meant to be a developer reference device. But the clean cutting edge of Android without the Samsung/Sony/HTC/LG etc overlay has made it a very popular device.


BB is never more than a month behind Google in this.
The nexus is root able. The priv is not.

The software on nexus devices is all Google and they have a lot more money to throw at software engineers working on security than BlackBerry ever will.

And all that flows through to bb

A few prominent names in the cybersecurity industry have pointed out the lack of true effect in BlackBerry's "hardening of the Linux kernel", etc. Whenever a new version of Android comes out, BlackBerry will always be months behind like they are now.

They have more "hardening" built in than nexus does.

They are comfortably behind the current version of Android. Upto date with the 5.1 builds and from what rumors say very ready to drop the marshmallow build... (after the nexus line has figured the flaws out first.

I have no doubt BB10 was more secure because it was proprietary, closed source, and only used by them.

Pfft open source is far superior than closed in the security front. The only things that saved bbx on the security front was the underlying architecture that comes from a sound qnx design and bb's pedigree for security and the fact that is was such a tiny tiny insignificant target in the market.

As far as Android goes though, there's nothing effective that they're doing or going to that Google couldn't or wouldn't. They will always be a bit behind Google on security features from new versions because Google makes the OS, not BlackBerry.

Again.
Nexus is rootable. Bb is not so far.
How is Googles approach and ability helping them there?

99% of androids supposed "security vulnerabilities" is down to bad user activities.

Which imho highlights my previously repeated statements of security being a process. Not a state.

[bakron1]

For myself security begins with the user, once you are connected to the grid you are vulnerable to being hacked or snooped on, period.

Strong passwords and common sense go along way when your connected online.

[sorinv]

just out of interest, what makes you rate the nexus higher than the Priv?

Because it is made by Huaweii for the US government ;-)

[conite]

http://blogs.blackberry.com/2015/10/...roid-platform/

[iorto390]

BB is never more than a month behind Google in this.

When it comes to a nasty 0-day, 1 month can be long time. BB will never be able to compete with google nexus on update speed. Google is the source, directly from the horses mouth. The relatively simple security patches seem to come quickly. Unless you're one of the many that have a carrier branded device. I believe AT&T customers still haven't received the january 1st security update....

Nexus 6p is on 6.0.1 and BB is still on 5.1 with no date for Marshmallow yet. Their lead time in making the Marshmallow update shows they're no faster than any other non-nexus android brand when it comes to major software updates.

The nexus is root able. The priv is not.

You seem to be misinformed about the dangers of rooting. There is no way for an app to maliciously drive-by-root a nexus and steal all the info. The process to root the nexus 6p is quite technically involved. It would take an experienced user 30 minutes to complete the process and a novice could take well over an hour. Also the mandatory bootloader unlock step also wipes the device. So the ability to root doesn't automatically mean it's insecure. I like that google gives the user the choice. One can root the device and accept the consequences, or one can keep it locked and secure. Android is about choice.

And all that flows through to bb

They have more "hardening" built in than nexus does.

Unless you're a security researcher with firsthand experience on android, I don't think that's a safe statement to make. I'm not either btw. But there have been articles from those that are qualified to make such statements and they have said Blackberry's security and hardening claims are mostly marketing BS.

What credible source (so not marketing or regurgitated press statements) can you point to that shows BB Android 5.1 has more "hardening" than nexus 6.0.1? Because everything I've seen points to the opposite.

They are comfortably behind the current version of Android. Upto date with the 5.1 builds and from what rumors say very ready to drop the marshmallow build... (after the nexus line has figured the flaws out first.

"comfortably behind". That's a very polite way of putting it. The lack of user selectable app permissions is sorely missing from the Priv. It's a little sad that they touted Dtek as such a major feature yet stock marshmallow blows it out of the water (as you can actually disable permissions)

I've both the nexus 6p and blackberry priv on my desk right now. (The priv is going back this week). 6.0.0 admittedly had bugs, although I've never used it. But the 6.0.1 patch knocked them all out. The nexus 6p is perfectly stable in my daily operation. I've encountered zero bugs. To be fair the blackberry priv is also stable. But 5.1 is much older and they have zero excuse to have a buggy OS.

Also if BB had a Marshmallow build almost done, I see no reason why they wouldn't yell from every hill that it's almost done and give a tentative date.

Instead we get an article saying that they'll announce a release date in q1 2016. That was both hilarious and telling as to where they are in the process. Do you have any links to these rumors that claim MM is almost ready? Why do you believe them to be true?

Pfft open source is far superior than closed in the security front. The only things that saved bbx on the security front was the underlying architecture that comes from a sound qnx design and bb's pedigree for security and the fact that is was such a tiny tiny insignificant target in the market.

No argument there.

Again.
Nexus is rootable. Bb is not so far.
How is Googles approach and ability helping them there?

See my bit about rooting above.

99% of androids supposed "security vulnerabilities" is down to bad user activities.

I agree with that too. Marshmallow is better equipped to combat leaky user apps by finer grained permissions. Whenever I open a new app on my 6p, I get prompts asking me if I want to give the app access to my phone logs, pictures, etc... The priv doesn't have any of that yet and with no ETA in sight.

Which imho highlights my previously repeated statements of security being a process. Not a state.

I really wanted to like the Priv. I like the hardware keyboard but there is absolutely no comparison that nexus 6p is the more secure device. And even when MM is eventually released on the Priv, I'll know that the nexus will have faster access to security patches and significantly faster access to the larger updates.

As I said before, my priv is going back this week. The nexus 6p is here to stay. Aside from security and update speed considerations, it's the overall better phone. My priv needed to be charged midway even if I babied my usage. The 6p easily lasts all day with zero regard to battery life. It's so refreshing.

[conite]

When it comes to a nasty 0-day, 1 month can be long time. BB will never be able to compete with google nexus on update speed. Google is the source, directly from the horses mouth.

That said, factory-unlocked Privs got the update prior to Nexus last month. Suffice it to say, BlackBerry is on the ball with this one.

Interesting article with reference to Priv on Lollipop versus Nexus on Marshmallow (interview with David Kleidermacher, BlackBerry’s Chief Security Officer):

http://www.tomshardware.com/news/bla...iew,31036.html

Excerpt:

What About Marshmallow, And Smartphone Security?

TH: Let’s talk about Marshmallow [Android 6] -- I know it is coming to the Priv, so we know it’s going to happen. However, some people have been saying that Marshmallow has a couple of security features that Lollipop [Android 5.1.1 that the Priv runs] doesn’t have, which means in a few areas, a Marshmallow device could be more secure than the Priv. Do you agree or disagree?

DK: I think there’s two different questions there. One is, “Do there exist improvements in M that are improving Android security?” I would say yes to that question. The second question is, “Overall, if you look at the entire platform, and as an enterprise or a consumer buying a phone, would you consider a Priv running Lollipop less secure than ‘insert random OEM device running Marshmallow,’” and I would say absolutely not. I would disagree with that.

[Gator99]

Marshmallow is better equipped to combat leaky user apps by finer grained permissions. Whenever I open a new app on my 6p, I get prompts asking me if I want to give the app access to my phone logs, pictures, etc... The priv doesn't have any of that yet and with no ETA in sight.


Not sure if you realize, but BlackBerry has allowed users to select specific app permissions for year's. You make it sound like this is a new concept for BlackBerry. As far as the Priv goes, there is not near enough credit given for it being their first kick at an android device. The critics are unfairly harsh, however I have no doubt BlackBerry will rise to the challenge and deliver the goods.

The Priv is the Droid your looking for.

[fahmed]

I doubt any are 100% foolproof. If you're connected then you're vulnerable. Whether the attack comes from failure of the user implementing what protections they can (probably the most common reason), social engineering, or brute force. You can do all sorts of things to secure a phone but how far depends on the balance of convenience to security you desire.

[joeldf]

Not sure if you realize, but BlackBerry has allowed users to select specific app permissions for year's. You make it sound like this is a new concept for BlackBerry. As far as the Priv goes, there is not near enough credit given for it being their first kick at an android device. The critics are unfairly harsh, however I have no doubt BlackBerry will rise to the challenge and deliver the goods.

The Priv is the Droid your looking for.

That's true, but totally irrelevant to this discussion since the Priv does not run BB10... or BBOS 7, 6, 5..., for that matter. So, none of that matters. There is no way to set granular permissions in Lollipop. Even the back way using the App Ops type apps in the early Android 4 versions was shut down. At least it is coming back in Marshmallow, and with direct access to the settings like we had in all the BlackBerry OSs for years prior.

But it's not there now, and that was the point of that comment.

Posted via CB10

[hoytbowhunter]

The BlackBerry Priv is better than the Nexus period! The BlackBerry is a BlackBerry so what else has a chance to be better . #BlackBerry4Life

Aaron's #BlackBerryZ10 🔟🆒

[buwee]

When it comes to a nasty 0-day, 1 month can be long time. BB will never be able to compete with google nexus on update speed. Google is the source, directly from the horses mouth. The relatively simple security patches seem to come quickly. Unless you're one of the many that have a carrier branded device. I believe AT&T customers still haven't received the january 1st security update....

Nexus 6p is on 6.0.1 and BB is still on 5.1 with no date for Marshmallow yet. Their lead time in making the Marshmallow update shows they're no faster than any other non-nexus android brand when it comes to major software updates.


You seem to be misinformed about the dangers of rooting. There is no way for an app to maliciously drive-by-root a nexus and steal all the info. The process to root the nexus 6p is quite technically involved. It would take an experienced user 30 minutes to complete the process and a novice could take well over an hour. Also the mandatory bootloader unlock step also wipes the device. So the ability to root doesn't automatically mean it's insecure. I like that google gives the user the choice. One can root the device and accept the consequences, or one can keep it locked and secure. Android is about choice.


Unless you're a security researcher with firsthand experience on android, I don't think that's a safe statement to make. I'm not either btw. But there have been articles from those that are qualified to make such statements and they have said Blackberry's security and hardening claims are mostly marketing BS.

What credible source (so not marketing or regurgitated press statements) can you point to that shows BB Android 5.1 has more "hardening" than nexus 6.0.1? Because everything I've seen points to the opposite.



"comfortably behind". That's a very polite way of putting it. The lack of user selectable app permissions is sorely missing from the Priv. It's a little sad that they touted Dtek as such a major feature yet stock marshmallow blows it out of the water (as you can actually disable permissions)

I've both the nexus 6p and blackberry priv on my desk right now. (The priv is going back this week). 6.0.0 admittedly had bugs, although I've never used it. But the 6.0.1 patch knocked them all out. The nexus 6p is perfectly stable in my daily operation. I've encountered zero bugs. To be fair the blackberry priv is also stable. But 5.1 is much older and they have zero excuse to have a buggy OS.

Also if BB had a Marshmallow build almost done, I see no reason why they wouldn't yell from every hill that it's almost done and give a tentative date.

Instead we get an article saying that they'll announce a release date in q1 2016. That was both hilarious and telling as to where they are in the process. Do you have any links to these rumors that claim MM is almost ready? Why do you believe them to be true?

No argument there.

See my bit about rooting above.

I agree with that too. Marshmallow is better equipped to combat leaky user apps by finer grained permissions. Whenever I open a new app on my 6p, I get prompts asking me if I want to give the app access to my phone logs, pictures, etc... The priv doesn't have any of that yet and with no ETA in sight.


I really wanted to like the Priv. I like the hardware keyboard but there is absolutely no comparison that nexus 6p is the more secure device. And even when MM is eventually released on the Priv, I'll know that the nexus will have faster access to security patches and significantly faster access to the larger updates.

As I said before, my priv is going back this week. The nexus 6p is here to stay. Aside from security and update speed considerations, it's the overall better phone. My priv needed to be charged midway even if I babied my usage. The 6p easily lasts all day with zero regard to battery life. It's so refreshing.

I haven't done enough research to agree or disagree with most of this however in my mind, Huawei & security are NOT or ever will be synonymous with security. At least to me, Blackberry has had a long standing history of being secure, and just their name on the bezel whether they are actually more secure or not is good enough for me.

[buwee]

When it comes to a nasty 0-day, 1 month can be long time

Blackberry has already said if there is a critical security issue, they would push updates directly without waiting for the monthly updates or carrier approval

[jm1219]

That said, factory-unlocked Privs got the update prior to Nexus last month. Suffice it to say, BlackBerry is on the ball with this one.

Interesting article with reference to Priv on Lollipop versus Nexus on Marshmallow (interview with David Kleidermacher, BlackBerry�s Chief Security Officer):

http://www.tomshardware.com/news/bla...iew,31036.html

Excerpt:

What About Marshmallow, And Smartphone Security?

TH: Let�s talk about Marshmallow [Android 6] -- I know it is coming to the Priv, so we know it�s going to happen. However, some people have been saying that Marshmallow has a couple of security features that Lollipop [Android 5.1.1 that the Priv runs] doesn�t have, which means in a few areas, a Marshmallow device could be more secure than the Priv. Do you agree or disagree?

DK: I think there�s two different questions there. One is, �Do there exist improvements in M that are improving Android security?� I would say yes to that question. The second question is, �Overall, if you look at the entire platform, and as an enterprise or a consumer buying a phone, would you consider a Priv running Lollipop less secure than �insert random OEM device running Marshmallow,�� and I would say absolutely not. I would disagree with that.

Oh wow can't I believe the Chief Security Officer of BlackBerry would disagree about saying another phone is more secure than his phone!

[conite]

Oh wow can't I believe the Chief Security Officer of BlackBerry would disagree about saying another phone is more secure than his phone!

As per my post #13, there are some concrete reasons to believe him.

[BigBadWulf]

[WARN]This is not the forum to get into discussions about countries, and your opinion about their security. Find yourself a political forum if you like to engage in that conversation.

Thank you![/WARN]

[jm1219]

As per my post #13, there are some concrete reasons to believe him.

Yes I've read the article before, but you're not going to get anywhere telling me about the true effectiveness of their additional security enhancements from obviously bias blogs written by the company's marketing department. I would be more inclined to trust a third party analysis of BlackBerry's work.

Ford can tell me all they want that their new F-150 is the safest pickup ever created, but obviously they're in the business of selling vehicles just like BlackBerry is in the business of selling devices. I'll go to Edmund's if I want a legitimate analysis of the F-150's safety, not Ford's company blog.