[lawguyman]

BlackBerry is focusing on security but is security the right issue? In what ways are other devices not secure? What are the realistic risks that insecure devices face?

Think about your house. You probably keep your doors locked but are comfortable with leaving windows open on a hot day even if you aren't home. You do this even though you know that it would be very easy for someone to break in and steal your most valuable possessions. We generally don't put walls around our homes or bars on our windows. Thus, we are all comfortable with a certain amount of insecurity.

Isn't the same thing true with a phone?

What should we be concerned about?

What are the risks of having an "insecure" Android device?

What are some real world examples of bad things happening because of an insecure phone?

Posted via CB10

[crackbb10]

Secure for me is: no one able to come into my device and snatch something I didn't give permission for. I like the walls around my phone. Probably that's why I have BlackBerry 10 and hardly any apps, zero Androids. If Android is the way to go, then I want it's security features to at least almost match BlackBerry 10's. If BlackBerry were to exit the hardware business completely, I'd probably use my BlackBerry 10 devices until they stop working. But that's me, not your average consumer.

[Dunt Dunt Dunt]

It's always been part of the BlackBerry DNA.

Really was nothing wrong with building a secure device... they just made too many other mistakes.

At this point with the move to Android... they have to do something to separate them from all the other Android OEMs out there. And Keyboard and Security are really all they have got. They don't have the manufacturing capabilities or buying power to compete on features and specs.

Just too bad the CEO thinks their security is only as good a KNOX and not as good a BlackPhone....

[lawguyman]

Secure for me is: no one able to come into my device and snatch something I didn't give permission for. I like the walls around my phone. Probably that's why I have BlackBerry 10 and hardly any apps, zero Androids. If Android is the way to go, then I want it's security features to at least almost match BlackBerry 10's. If BlackBerry were to exit the hardware business completely, I'd probably use my BlackBerry 10 devices until they stop working. But that's me, not your average consumer.

How is Android insecure in these ways?

Posted via CB10

[willtothewong]

In my head, BlackBerry's push towards security is two fold:

1. With all the recent breaches in high profile companies, it's nice to know BlackBerry has upheld their name in security.

2. Marketing, no one is marketing security. Iphone has apps, android has size, etc. BlackBerry has security.

Posted via CB10

[lawguyman]

In my head, BlackBerry's push towards security is two fold:

1. With all the recent breaches in high profile companies, it's nice to know BlackBerry has upheld their name in security.

2. Marketing, no one is marketing security. Iphone has apps, android has size, etc. BlackBerry has security.

Posted via CB10

Why does security matter? How does BlackBerry address security?


Posted via CB10

[crackbb10]

How is Android insecure in these ways?

Posted via CB10

The use of 3rd party apps and full access to whatever they wish, to me FEELS insecure. I'd need some 3rd party apps to do what I do out of the box on BlackBerry 10. I FEEL secure on a BlackBerry, knowing I only use (made by) BlackBerry apps and no unwanted data boggling on the background. Android (or Google) is all about that. It's really hard to not have anything run in the background doing whatever you didn't tell it to do, just gave permission to do so.

I'm not bashing Android, but the only way I'd go that route is through BlackBerry. And even then, the question would be how many apps do I download? Probably slim to none. I'd use the browser for most stuff and no NSFW on that device

Would you say, in these ways, that Android IS secure? Or secure enough?

[kbz1960]

It's probably easier to get to your browser than a lot of apps.

[Dunt Dunt Dunt]

In my head, BlackBerry's push towards security is two fold:

1. With all the recent breaches in high profile companies, it's nice to know BlackBerry has upheld their name in security.

2. Marketing, no one is marketing security. Iphone has apps, android has size, etc. BlackBerry has security.

Posted via CB10

Most all of those high profile breaches... .had nothing to do with Mobile, and BlackBerry has nothing in their line up to address those types of breaches. People in charge of making these network decision... they know what BlackBerry can and can not do.

KNOX is marketing security to enterprise. BlackPhone is marketing security for enterprise The companies and governments that need that level of security know what their options are. And now they know where the PRIV ranks....

Now is anyone marketing security to consumers.... not that I know of. Would it be worth marketing security over marketing the abilities of Siri or Force Touch/Peak? Until some of these possible Android vulnerabilities turn into an actual real world problems that affect a large number of users. No marketing security is not going to sell many smartphones... especially if it's not the best security.

[Taigatrommel]

The question rather is:
In what other ways BlackBerry wants to separate itself from the heavy Android competition? With all their devices they had until now, they at least could say "It is not running Android." Be it good or bad, it was a standalone point for BlackBerry.

On the device side alone, they got the sliding hardware keyboard, which is an extremely rare sight nowadays. But security is, like that physical keyboards, a critical part of the BlackBerry portfolio.
I think people also get more aware of it, I am not even talking about hacked celebrity accounts, but rather the latest Stagefright problems virtually every Android user is facing. The phone can be even more important or crucial than your wallet, all information stored into a small device, always connected to the world. If you can sell people on getting a more secured phone, it might make them listen or at least consider if the Priv with increased security might be the better choice than going for a Samsung Galaxy S6 or Motorola X for example.


Marketing itself will be more important. In the past BlackBerry was pretty lame at it. We don't even know if Chen wants to go with all bells and whistles with full media campaigns or if they keep it to a small, webbased social media level. After all the latest statement was BlackBerry is focused on enterprise customers, not consumers like Joe Average. If that is still the case, I fear they'll leave out any big marketing campaigns. Yet they do need consumers IMHO to succeed in this space.

Posted via CB10

[crackbb10]

It's probably easier to get to your browser than a lot of apps.

I think it depends on the sort of websites one visits?

[lawguyman]

Only one person has even attempted to answer the "security from what" question. He identified app permissions. I would think this same issue is present with BB10 apps too. Plus Marshmallow is giving users more control over permissions.

To me, permissions are a user problem, not an OS problem. Apps legitimately will need permissions. The issue is what if they request permissions that they really don't need?

Posted via CB10

[kbz1960]

I think it depends on the sort of websites one visits?

Or who is listening or trying to.

[6stringriffs]

Another phone maker is getting in on the Mobile Security market: LG V10 Gate

LG GATE brings enterprise security to the LG V10 | Android Central

Already on paper this looks to be a badarse device. It has a drop proof spec that's already been tested by the "Android nation" sites. It has a 2nd screen with real practical use. And now their security app already meets US Federal Government Standard with FIPS 140-2 Certification, and meets AES-256 standards. These are the same certs that is on the BB10.

[crackbb10]

Or who is listening or trying to.

Yeah ok, that's true. But one would not necessarily have to hack your phone for that.

[Tre Lawrence]

OP, great discussion.

I think BlackBerry has a better understanding of the mobile security landscape.

Mobile devices are far from the biggest risks, and that's why selling it is hard.

[deadcowboy]

YES.

The fact that apple is trying to position itself as the secure platform of choice is proof enough that security is a major selling point in the modern age of selling customer information.

Posted via CB10

[early2bed]

The fact that apple is trying to position itself as the secure platform of choice is proof enough that security is a major selling point in the modern age of selling customer information.

The term "necessary but not sufficient" comes to mind. Just because Apple and Google find it necessary to promote security and privacy does not mean that it is sufficient in order to successfully market a smartphone.

[SunshineStateFlyer]

Behind their products, BlackBerry is basically selling know how. As a niche player they need to focus on something they can, like keyboards and security. That's their asset and they should try to make money off that.

It's definitely a good time for security. The average consumer doesn't want a security centered device, but with rising awareness, people don't say no if security comes for free, embedded in a device that offers all the rest they want as well.

BlackBerry is not new to the smartphone business and their name is not forgotten. Within all their bad reputation, they have always been known for security and keyboards.

Entering a very saturated market now, they have to stand out in a way. Making a secure Android slider with the best of BlackBerry in one device is probably the best they could do.

Posted via CB10

[Tre Lawrence]

I'd counter the perception common here that folks don't want a secure device. Just about everyone does.

A pertinent question is just what OP asks: what are your protecting a mobile device from?

[lawguyman]

A pertinent question is just what OP asks: what are your protecting a mobile device from?

Right and no one seems to know the answer!

Posted via CB10

[anon(7915689)]

Only one person has even attempted to answer the "security from what" question. He identified app permissions. I would think this same issue is present with BB10 apps too. Plus Marshmallow is giving users more control over permissions.

To me, permissions are a user problem, not an OS problem. Apps legitimately will need permissions. The issue is what if they request permissions that they really don't need?

Posted via CB10

I have to agree with most of this comment. Permissions given by the user in either the browser or apps are the real problem.

Most users have no idea what (data or otherwise) is being collected on any device they use. ( I NEED INSTAGRAM! ALL MY FRIENDS HAVE IT! ) Some of us are cautious about application/APP permissions and make an informed decision about the data we "choose" to allow for collection.

I do have some android apps I use on my Passport ( thanks Cobalt! ) and I use them purely for convenience. I am aware of what is collected, but I am not happy about it. Google's Android business model is based on that data collection. I'd prefer more choices in what data I allow to be collected (BB10 model), but you really don't get that choice with most android or even iOS apps.

Posted via CB10

[Tre Lawrence]

I have to agree with most of this comment. Permissions given by the user in either the browser or apps are the real problem.

Most users have no idea what (data or otherwise) is being collected on any device they use. ( I NEED INSTAGRAM! ALL MY FRIENDS HAVE IT! ) Some of us are cautious about application/APP permissions and make an informed decision about the data we "choose" to allow for collection.

I do have some android apps I use on my Passport ( thanks Cobalt! ) and I use them purely for convenience. I am aware of what is collected, but I am not happy about it. Google's Android business model is based on that data collection. I'd prefer more choices in what data I allow to be collected (BB10 model), but you really don't get that choice with most android or even iOS apps.

Posted via CB10

You have the choice to not install the app (or, on Android, find a way to control permissions).

And if you're basing purchasing decisions on data collection, don't bother.

[ToniCipriani]

I have been thinking about this after the Re/code talks. Yes, they should focus in security and privacy, but not in the way they are marketing it right now. Or more so, what they are doing in actions is correct (i.e. "phasing out" BB10 in favour of Android, increased focus on software and MDM), but the way they are spinning it is wrong and they need to clarify it.

BlackBerry's biggest profit comes from the MDM business, hence the "security focus". Even more so with the recent acquisition of Good, this would bring in a good market share for that. The model should be that the centrepiece is, and should be, BES. Android, iOS, BB10 phones are all clients connecting to this, and this includes the Priv. This is what John Chen meant by "they can secure any smartphone", and that is with BES.

Here is one fact: BB10 is "not doing well" in the traditional "smartphone market share" sense, and the way investors are seeing it. It's not gaining market share, because it does not have the smartphone ecosystem most people are expecting. No matter how you spin it, it has BlackBerry World, Amazon Marketplace, Android runtime, whatever. It simply doesn't. Not to say BB10 is completely useless, it certainly isn't and it's still technologically advanced with the Neutrino core and efficient UI design. These are BB10's core competencies. It is better to reduce investment in a sense to keep trying to push BB10 head to head with the mass market smartphone systems. Keep it in lights on mode with maintenance fixes and incremental feature updates, and sell it to people who will buy it and does not care about apps (i.e. government departments or enterprises that needs absolute security) at a higher profit margin. Mass market simply does not care about this type of security and want apps, and will not pay for it. This is where BB10 "failed".

Hence Android in this particular market makes much more sense, because this is what the average market wants. However I do not agree with BlackBerry's current pitch by selling the Priv as a privacy and secure phone front and centre. Inherently using any smartphone (this includes BB10) with any public cloud ecosystem, you already lose some security and privacy, so the grsecurity and BlackBerry Safeguard are only enhancements really in my mind. True security is end to end, not just the phone you are using or whatever enhancements it has. They should focus more on the productivity aspect. Focus more on the keyboard, which is unique in the overall market, maintain the look and feel of BB10's productivity aspect of the BlackBerry Experience Suite to create another unique selling point. The big if is, if you want true security and privacy, you need BES for the Priv to run on top of. THAT is were the security aspect of the Priv, for it to be a supporting "secure" product.

In a nutshell, break this security focused business by market, or "levels of security" you can say:

BEST: If you want top end security, BB10 plus BES is what you want. End to end encryption, QNX Neutrino core, and maintenance only focusing on security over features. This is for absolute secrecy, for running your own mail servers and your own cloud. Tinfoil hat privacy nuts are also welcome to set up their own mail server, BES and use a BB10 phone in their own cloud. Just don't expect app support and be prepared to pay a hefty hardware price without those "cool stuff" you see from the mass market phones.

BETTER: For the average BYOD enterprise that needs security for corporate or regulatory reasons, you can choose the Priv or any smartphone of your choice, plus BES. But by choosing the Priv you also get enhanced (not top end) security with grsecurity kernel and faster security updates to Android, as well as the BlackBerry Experience Suite for its productivity over other phones. Market this as a whole package.

GOOD: Mass market individuals and small business owners can buy the Priv and use it as a productivity phone, that would be sugar on the top for the handset business. Security features should not be the main focus for this. grsecurity, BlackBerry Safeguard, and faster Android security patches provides some basic security as a minor selling point, but it's more of a productivity phone for this market. They don't care about setting their own mail servers for starters.

In other words, reposition BlackBerry's core competencies to maximize the potential for profit. And finally, on top of that you have QNX for the automotive and IoT side. BB10 would also be supported through ongoing development of Neutrino, but it is "dead" as a mass market smartphone system.

This way BlackBerry as a whole can support a healthy balance sheet, and the only way I can see how BlackBerry can support the hardware business.

[Soulstream]

I think security is important, but for a consumer device it should not be a main focus. Google/Apple focused on security features for their OS only AFTER they secured their ecosystem.