1. Soapm's Avatar
    For other exploits I guess it would depend but the major vulnerabilities from this year (BlueBorne, KRACK, etc) required patching on BB Android and regular Android.
    Am I wrong, but these vulnerabilities we keep talking about are against the Android OS and not the Priv itself? The Priv just so happen to run the Android OS. This is like saying I won't buy a Dell because Windows may get a virus.

    So the real question from where I sit is how long Marshmallow will continue to be patched, since the Priv won't be updated to the new OS's.
    12-24-17 08:10 PM
  2. Invictus0's Avatar
    BBOS's decline in developed markets started in 2010 - that's when growth started to reverse in those markets (North America, Europe, and east Asia). Overall userbase continued to grow for a couple more years because used and entry/mid-level phones were being sold into emerging markets to individuals in large numbers (Africa, South Asia, South America) - but BB's earnings potential from these customers was going to be very limited - there wasn't going to be BES revenue or other ways to monetize beyond BIS fees (which were reduced in those countries compared to developed markets). It also meant that most of those markets wouldn't be able to move to BB10, which was going to be priced at the high end - out of reach for the emerging markets who could afford a used Pearl or Curve.

    While emerging market users certainly were helpful for BB at the time (2008-2012), they were never going to be helpful for BB10 in any significant numbers (and that's exactly how things came to pass). But had those users not existed at all, the story would have been more obviously bad for BB starting in 2010, when sales in developed markets began to drop for the first time after 10 years of constant growth.
    Right, the article I posted after that goes into this as well. The start of the global decline of BlackBerry users after the launch of BB10 is still significant in my opinion. BlackBerry unlike Apple, Google, or Microsoft at the time was probably the most well positioned to target the "next billion" smartphone users but BB10 simply didn't offer anything for these markets (price, data savings, long battery life, etc). BB10 at launch was basically rejected by BlackBerry's global audience.

    Am I wrong, but these vulnerabilities we keep talking about are against the Android OS and not the Priv itself? The Priv just so happen to run the Android OS. This is like saying I won't buy a Dell because Windows may get a virus.

    So the real question from where I sit is how long Marshmallow will continue to be patched, since the Priv won't be updated to the new OS's.
    IIRC monthly patching for Marshmallow will stop sometime in 2018 but its already stopped for the Priv. If a Android vulnerability gets patched on other BB Android devices I think we can assume the vulnerability also exists on the Priv.
    12-24-17 09:14 PM
  3. Killjoyhere's Avatar
    Fair enough. I can think of a thousand things I'd rather spend $500 on than a phone every other year. It's an essential part of my work, but not a very important part of my life.

    Posted with my trusty Z10
    I thank Microsoft for continuing to support its PC OS despise a multitude of different manufacturers and vendors.

    Posted via CB10
    HughJarsse likes this.
    12-27-17 06:48 PM
  4. chain13's Avatar
    Ya, it's all the same.

    Buy an $850 iPhone that gives you 5 years of support, or two very capable Android mid-range devices that each give 2-3 years of support - and probably equal average performance over the whole 5 year period.
    or one BB android mid range device with almost priced as flagship with 2-3 years of support and probably will get slower and bugs each time update comes..
    12-27-17 07:36 PM
  5. conite's Avatar
    or one BB android mid range device with almost priced as flagship with 2-3 years of support and probably will get slower and bugs each time update comes..
    Your passive aggressiveness aside, a $449 Motion qualifies as almost half the price of an iPhone. Anything in the $350-$500 fits the bill.

    The KEYᵒⁿᵉ is a bit more specialized with the pkb, so would obviously garner a premium. Not really comparable.

    Software has been stable and excellent. Phone continues to be snappy after 6 months of use for me.
    12-27-17 07:42 PM
  6. ChainPunch's Avatar
    To me it is not secure without updates given that android has monthly updates for a reason.
    12-28-17 07:04 AM
  7. dastillero1975's Avatar
    Your passive aggressiveness aside, a $449 Motion qualifies as almost half the price of an iPhone. Anything in the $350-$500 fits the bill.

    The KEYᵒⁿᵉ is a bit more specialized with the pkb, so would obviously garner a premium. Not really comparable.

    Software has been stable and excellent. Phone continues to be snappy after 6 months of use for me.
    It's better to compare with an S8 or Note 8. The iPhone is on another league cause they will get support while the hardware can manage new versions.
    Those Samsung are 1000 $ tough.
    12-28-17 07:17 AM
  8. bb10adopter111's Avatar
    To me it is not secure without updates given that android has monthly updates for a reason.
    The value of most patches in terms of security improvements are unproven. Many of the updates are bug fixes with no security implications. Others are security patches for relatively obscure components of Android that may not be implemented by most OEMs.

    Certainly some do include patches for critical vulnerabilities, so they are important, but a conservative Android implementation like BlackBerry's renders many vulnerabilities unexploitable because the features they try to exploit are not enabled in the first place.

    For a metaphor, think about the difference between securing a penthouse in NYC with two high end steel doors and a private elevator vs. a large sprawling ranch with 5 exterior doors and 60 windows that open fully to let in fresh air. The ranch is inherently more difficult to secure, and many of its vulnerabilities are not a concern for the penthouse, even if use the same materials internally.

    Obviously, that's an extreme metaphor. I'm just trying to explain that the whole point of "hardening" the Android kernel is to eliminate some of the vulnerabilities completely, like removing a window or sealing it permanently.

    Posted with my trusty Z10
    12-28-17 07:28 AM
  9. conite's Avatar
    It's better to compare with an S8 or Note 8. The iPhone is on another league cause they will get support while the hardware can manage new versions.
    Those Samsung are 1000 $ tough.
    You weren't following.

    We're comparing 5 years of support from an $850 iPhone to buying two mid-range Android devices each with 2-3 years of support.
    12-28-17 07:36 AM
  10. dastillero1975's Avatar
    You weren't following.

    We're comparing 5 years of support from an $850 iPhone to buying two mid-range Android devices each with 2-3 years of support.
    Doh!
    12-28-17 07:38 AM
  11. Invictus0's Avatar
    The value of most patches in terms of security improvements are unproven. Many of the updates are bug fixes with no security implications. Others are security patches for relatively obscure components of Android that may not be implemented by most OEMs.

    Certainly some do include patches for critical vulnerabilities, so they are important, but a conservative Android implementation like BlackBerry's renders many vulnerabilities unexploitable because the features they try to exploit are not enabled in the first place.
    Looking at their changelogs BlackBerry patches almost every vulnerability in BB Android that Google patches in regular Android. The only confirmed vulnerabilities that BB Android provides some level of protection against are root based exploits but recent Android vulnerabilities seem to focus on other attack vectors,

    https://www.cvedetails.com/vulnerabi...e-Android.html

    Your point probably applies more to BBOS and BB10 than BB Android, simply because BlackBerry can't rewrite entire libraries without risking compatibility issues which I assume would disqualify them from Google Play services.
    Dunt Dunt Dunt likes this.
    12-28-17 10:19 AM
  12. bb10adopter111's Avatar
    Looking at their changelogs BlackBerry patches almost every vulnerability in BB Android that Google patches in regular Android. The only confirmed vulnerabilities that BB Android provides some level of protection against are root based exploits but recent Android vulnerabilities seem to focus on other attack vectors,

    https://www.cvedetails.com/vulnerabi...e-Android.html

    Your point probably applies more to BBOS and BB10 than BB Android, simply because BlackBerry can't rewrite entire libraries without breaking compatibility which I assume would disqualify them from Google Play services.
    Yes, whether or not BlackBerry's version of Android is vulnerable to a specific exploit, there is no way they would want to selectively apply parts of a security patch, given the risks to overall compatibility.

    I am not suggesting that patches lack value for BlackBerry's Android. I'm just explaining that it's not known HOW MUCH additional security any given patch would offer Priv, DTEK, and BlackBerry Mobile users. In the case of the Priv, it's a open question whether a fully patched generic Android on Marshmallow will be more or less secure than a Priv with its last 2017 patch at the end of 2018.

    Most likely the Priv will be more secure against certain threats, while the generic Android will be more secure against others. Which one of is "better" depends on the needs of the user.

    For bug fixes and features, having the most recent patch is certainly better.
    12-28-17 10:34 AM
  13. Invictus0's Avatar
    Yes, whether or not BlackBerry's version of Android is vulnerable to a specific exploit, there is no way they would want to selectively apply parts of a security patch, given the risks to overall compatibility.

    I am not suggesting that patches lack value for BlackBerry's Android. I'm just explaining that it's not known HOW MUCH additional security any given patch would offer Priv, DTEK, and BlackBerry Mobile users. In the case of the Priv, it's a open question whether a fully patched generic Android on Marshmallow will be more or less secure than a Priv with its last 2017 patch at the end of 2018.

    Most likely the Priv will be more secure against certain threats, while the generic Android will be more secure against others. Which one of is "better" depends on the needs of the user.

    For bug fixes and features, having the most recent patch is certainly better.
    Sure but we can gauge from previous statements by BlackBerry on BB Android's vulnerability to specific threats (BlueBorne, KRACK, QuadRooter, etc) that it is equally vulnerable to "stock" Android exploits (unlike the BB10 runtime for example which is less vulnerable). You will get some protection against root based exploits but how much or how little will probably depend on the exploit.

    Just going by past examples, if security is important to you then it's probably not recommended that you use unpatched BB Android devices (or any unpatched Android device for that matter).
    12-28-17 02:51 PM
  14. bb10adopter111's Avatar
    Sure but we can gauge from previous statements by BlackBerry on BB Android's vulnerability to specific threats (BlueBorne, KRACK, QuadRooter, etc) that it is equally vulnerable to "stock" Android exploits (unlike the BB10 runtime for example which is less vulnerable). You will get some protection against root based exploits but how much or how little will probably depend on the exploit.

    Just going by past examples, if security is important to you then it's probably not recommended that you use unpatched BB Android devices (or any unpatched Android device for that matter).
    I understand what you're saying, but it really depends on the threat you're trying to protect against. For example, if your most likely threat is from Insiders (disgruntled employee, industrial espionage, foreign agent, etc.) then most of the patched exploits won't protect you as much as the protections against unauthorized changes to the bootloader/OS and other internal controls that are better supported by BlackBerry (or Samsung) than by any of the generic Androids.

    So, if I had a team of employees with Privs and I was running UEM, but not Knox, I might not want them to upgrade until I had new controls in place, and I certainly would not allow them to upgrade to a generic Android device at any point.

    Posted with my trusty Z10
    12-28-17 03:04 PM
  15. Invictus0's Avatar
    I understand what you're saying, but it really depends on the threat you're trying to protect against. For example, if your most likely threat is from Insiders (disgruntled employee, industrial espionage, foreign agent, etc.) then most of the patched exploits won't protect you as much as the protections against unauthorized changes to the bootloader/OS and other internal controls that are better supported by BlackBerry (or Samsung) than by any of the generic Androids.

    So, if I had a team of employees with Privs and I was running UEM, but not Knox, I might not want them to upgrade until I had new controls in place, and I certainly would not allow them to upgrade to a generic Android device at any point.

    Posted with my trusty Z10
    That isn't really comparable though, the best defense against employees leaking things is EMM or a solution like WatchDox which is device agnostic. The moment someone attempts to compromise a device through vulnerabilities you're dealing with hacking, they're essentially two different threat/security models.

    To the best of my knowledge BB Android isn't really attempting to deal with the former (and I don't think BlackBerry has ever promoted that either).
    12-28-17 04:15 PM
  16. bb10adopter111's Avatar
    I don't disagree with you, except to say that EMM is more effective with phones that have protection against intentional rooting, which for Android is Samsung and BlackBerry. So, if compromised endpoints are a major threat, an Priv with its last patch might be preferable to a generic Android in my EMM environment.
    12-29-17 01:06 PM
  17. Invictus0's Avatar
    01-03-18 06:33 PM
  18. gebco's Avatar
    Pretty sure Priv is abandoned, despite what BlackBerry says. I'll happily take back these words if I'm proven wrong.
    Wezard likes this.
    01-04-18 12:20 AM
  19. Helpmeouttt's Avatar
    been hacked by Obama's private CIa for 6 years. they can hack into any phone and manipulate the people around you. need a phone they can't hack😑😫😭
    05-06-18 10:09 AM
  20. chain13's Avatar
    Software has been stable and excellent. Phone continues to be snappy after 6 months of use for me.
    Which is a lie
    07-30-18 11:14 PM
  21. conite's Avatar
    Which is a lie
    True. It's now been stable and snappy for 14 months. And I only have the 3GB silver.

    With Oreo, I haven't even had to clear the cache in 2 weeks - which was a weekly event in Nougat to keep things quick.
    07-30-18 11:16 PM
  22. gebco's Avatar
    Pretty sure Priv is abandoned, despite what BlackBerry says. I'll happily take back these words if I'm proven wrong.
    Looks like I'm taking back some of my words. The last security update included a patch for Spectre I believe.
    08-04-18 12:15 PM
  23. Nathan Conley's Avatar
    Blackberry has still pledged “major vulnerabilities " updates. I'm not sure what that entails, but so far no major android vulnerability has appeared since they stopped the monthly update schedule.

    They patched BlueBorne and since then there hasn't been a major exploit.
    08-10-18 04:34 AM
  24. gebco's Avatar
    I've moved on now anyway.
    I'm happy that the two KeyOnes in our household will continue to receive the updates though.

    Blackberry has still pledged “major vulnerabilities " updates. I'm not sure what that entails, but so far no major android vulnerability has appeared since they stopped the monthly update schedule.

    They patched BlueBorne and since then there hasn't been a major exploit.
    08-10-18 01:20 PM
  25. dastillero1975's Avatar
    More secure than most android phones, but not completely secure.
    08-10-18 02:16 PM
150 ... 456

Similar Threads

  1. Why is my PRIV not compatible with Reliance Jio services?
    By Pankaj Jaju in forum BlackBerry Priv
    Replies: 8
    Last Post: 05-03-18, 05:16 PM
  2. BB Link does not recognize BB10 after latest Windows update
    By mturner53 in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 01-08-18, 07:26 PM
  3. Replies: 5
    Last Post: 12-21-17, 05:23 PM
  4. Urgent help : Update download on priv - error
    By ranojee1966 in forum BlackBerry Priv
    Replies: 2
    Last Post: 12-20-17, 06:05 PM
  5. Brand new DTEK60 won't update
    By Mukade in forum BlackBerry DTEK60
    Replies: 3
    Last Post: 12-20-17, 04:49 AM
LINK TO POST COPIED TO CLIPBOARD