1. maurs's Avatar
    As reported here, most Android vendors have been lying to users about security updates and telling customers that their smartphones are running the latest updates.

    And Blackberry seems lying too...

    Android Priv STV100-4 reports
    Patch Level 5 october 2017 - Build AAQ280
    Patched: 146
    Patch Missing: 4 (CVE-2016-3917, CVE-2016-5348, CVE-2017-0382, CVE-2017-0478)
    After claimed patched level: 13
    Test inconclusive: 49
    Not affected: 0
    04-13-18 08:57 AM
  2. conite's Avatar
    As reported here, most Android vendors have been lying to users about security updates and telling customers that their smartphones are running the latest updates.

    And Blackberry seems lying too...

    Android Priv STV100-4 reports
    Patch Level 5 october 2017 - Build AAQ280
    Patched: 146
    Patch Missing: 4 (CVE-2016-3917, CVE-2016-5348, CVE-2017-0382, CVE-2017-0478)
    After claimed patched level: 13
    Test inconclusive: 49
    Not affected: 0
    4 patches out of 199 patches are at issue here. But was BlackBerry Android vulnerable to those in the first place? Were they fixed by subsequent patches anyway? Was it a false negative with the app itself?

    There are far too many questions to make any real determination here other than the fact that there appears to be no wholesale, widespread deception here.

    For the record, the KEYᵒⁿᵉ, Motion, and DTEK50 each have 2 "missing" patches, and the DTEK60 has 5. All out of over 200.
    EskeRahn likes this.
    04-13-18 09:44 AM
  3. EskeRahn's Avatar
    Assuming that the tool works 100% correctly, you could say that BB both over- and under-sell here.

    Yes the test is mentioning four missing, but also they are 13 patches ahead of what BB say they have patched. (And as conite mentions, some of the four might even be fixed by later patches)

    It does sound a bit suspicious that there are 0 under "Not affected"...

    Two of the four allegedly missing date back all the way to October 2016. This sounds a bit odd if the device is affected...

    One of these is for fingerprint, so this should DEFINITELY have been under "Not affected"

    ---

    Anyway, just ran it on an unlocked debloated AT&T branded STV100-1 with the 'mystery' AAW068 update, and it gives the exact same numbers. I would have expected at the least one extra under "After claimed patched level"
    Last edited by EskeRahn; 04-13-18 at 06:00 PM.
    04-13-18 05:41 PM
  4. EskeRahn's Avatar
    To moderator:
    This thread ought to be merged with this
    https://forums.crackberry.com/blackb...snitch-1140649
    04-13-18 07:38 PM

Similar Threads

  1. Verifying patch level with SnoopSnitch
    By jd smithers in forum BlackBerry Android OS
    Replies: 42
    Last Post: 03-09-19, 06:17 PM
  2. WTS: Unlocked Blackberry Priv STV 100-1
    By sgollapalle in forum Buy, Sell, Trade - Sold / Archived
    Replies: 35
    Last Post: 08-20-18, 01:02 PM
  3. GPRS and sound notifcations gone
    By Callum Dickie in forum BlackBerry Priv
    Replies: 8
    Last Post: 05-03-18, 05:40 PM
  4. Remove Dater for Tinder and HG10 from HUB
    By venugopal singri in forum BlackBerry Passport
    Replies: 4
    Last Post: 04-13-18, 04:00 AM
  5. Replies: 2
    Last Post: 04-12-18, 02:27 PM
LINK TO POST COPIED TO CLIPBOARD