1. Daniel Niasoff's Avatar
    Hi,

    I have some simple requirements

    1. Approve all apps on the device
    2. Control network settings
    3. Allow Blackberry World apps to run (even those built using BlackBerry Runtime for Android)


    Happy to pay for the Gold License but there appears to be no way I can achieve the above requirements using BES 12/ Blackerry OS 10.3.1

    This is why

    • You can only control apps in the work space section
    • The work space section won't allow any apps built using ART


    I cannot realistically exclude BlackBerry Runtime for Android apps as I guess 90% of apps are built using ART (including skype).

    So either we deploy a secure but useless device or allow an uncontrolled device which is not an option (Balance doesn't help me as I am not happy to accept an uncontrolled personal space)

    Seems like a serious oversight.

    Honestly why can't the administrator be given the choice? If they want to allow "less-secure" ART apps and accept the risk than let them!

    On non BB devices this is easily achievable.

    I was holding my breath for BES 12 as I assumed this issue would obviously be resolved but I guess not.

    Anything I am missing here?

    Thanks

    Daniel
    12-05-14 06:19 AM
  2. Bluenoser63's Avatar
    The ART is not secure enough and is not installed on the work side. If you have a personal side, that is personal and shouldn't be regulated anyway.
    12-05-14 09:58 AM
  3. Daniel Niasoff's Avatar
    OK, but the net result is that there is no way to regulate apps on a Blackberry unless you want to disable ART which most users will find unacceptable.

    Android/iOS provides a number of ways of blocking apps. There are even apps in Google play that provide this capability but Blackberry has made this impossible.

    Granted ART is insecure but shouldn't the decision whether to allow it be a choice that I can make, or maybe if it's not asking too much, try and make an ART that is secure!

    This muddle of work space, personal space, ART, regulated etc means that there is no single option that works well and really isn't doing it for me.
    Last edited by Daniel Niasoff; 12-07-14 at 11:00 AM.
    12-07-14 10:07 AM
  4. deiop's Avatar
    Hm, you can go with gold license and 'work and Personal regulated'. You can set a blacklist of apps you do not want to be installed..

    Posted via CB10
    12-12-14 11:16 PM
  5. Daniel Niasoff's Avatar
    Hm, you can go with gold license and 'work and Personal regulated'. You can set a blacklist of apps you do not want to be installed..
    The blacklist of apps is achieved via a compliance policy. Compliance policies only restrict apps on iOS, Android and Windows but not BB. It's also a very messy way of achieving my objectives.

    Also besides controlling apps, I need control over the global proxy. This again only works on workspace but not on personal.

    Finally once you regulate a device, parental controls disappear so a regulated device will leave personal space completely ungoverned with absolutely no way of locking it down.
    12-28-14 01:18 PM
  6. deiop's Avatar
    If you go the regulated way (completely) there is no personal space and the device is completely tied to your policys...

    Posted via CB10
    12-28-14 10:40 PM
  7. Daniel Niasoff's Avatar
    Yes, but how many ART apps do you use regularly?

    The regulated workspace prevents installation of any app converted from Android which excludes the vast majority of apps.

    So it's either a really secure but useless device or I have got to leave the device completely open.

    I don't need balance, it will just confuse my users.

    iOS has a single operating mode with full MDM. Android has many MDM controls built into the OS that can be controlled by an app. BB 10 has no MDM controls and you can only rely on BES but BB have made the decision to lock it down so much that it's just not practical.

    How about introducing a work space only activation mode with ART enabled, or personal space only mode that allows BES to control it.

    I don't need military grade security and all I am asking for is a BB with apps and some control over it?
    12-29-14 02:35 AM
  8. deiop's Avatar
    Yes, I understand what you mean. At this moment, the only way is the balance mode. We have deployed most devices in balance mode and I can tell you that in most cases it is no problem for the users.

    But I hope that ART apps are allowed in the future as well...

    Posted via CB10
    12-31-14 10:35 PM
  9. Daniel Niasoff's Avatar
    But I hope that ART apps are allowed in the future as well...
    Any serious chance of this happening?
    01-05-15 11:03 AM
  10. deiop's Avatar
    Hm, in my opinion? No. Not in the near future. It is BlackBerry

    Posted via CB10
    01-05-15 10:46 PM
  11. DaedalusIcarusHelios's Avatar
    It seems like they could incorporate what they are doing to lock down Android devices using BES into BB10's ART (also using BES). As it is, I have to run some work apps that are Android in my personal space, which sort of defeats the whole point of the two modes.
    01-15-15 03:43 PM
  12. highos's Avatar
    What gives you the impression that they are locking down Android devices per se? They are running-for lack of a better term-a virtual machine on top of Android devices-This is no different then all other major MDM vendors that have third party software to manage, secure, and maintain work information on an Android handset. (outside of going the KNOX route which is coming in the near future!?)

    Realistically I think the most practical and easiest route for them to support the Android Runtime on an BB10 device would be to allow the Android Runtime to function on an Work Only device (GOLD CAL) where it's not possible to sideload apps, there's no third party Android store and they have to be directly pushed and managed by the BES console/administrator-all in the name of security and ... honestly justifiability so, IMO.

    Letting the Android Runtime access to the Work Perimeter on BlackBerry Balance is suicide. The only way to do it safely would be to run _2_ Android Runtimes, one for work and one for personal... but that would eat a metric crap done of resources so I cannot see them going down this route.

    They are aware of the request for such as been discussed above-every BESAdmin I've spoken to has discussed it with their respective reps-but you also have to remember that they (most likely) don't want to implement some half-assed system that could exposed data. That would completely ruin their reputation considering how hard they have been tooting the "security" line in recent years.

    Just my personal views. In the short run-I don't expect the status quo to change-so just backing up deiop here.
    01-15-15 05:44 PM
  13. Daniel Niasoff's Avatar
    Letting the Android Runtime access to the Work Perimeter on BlackBerry Balance is suicide. The only way to do it safely would be to run _2_ Android Runtimes, one for work and one for personal... but that would eat a metric crap done of resources so I cannot see them going down this route.
    I have devices configured in a work-only mode as balance to messy for me. So that would only mean 1 Android runtime. All I am asking for is the ability to make the decision whether or not to run the android run time. I need functionality more than security at this stage and workspace with ART will give me everything I need without any compromises or complex configurations.

    Glad to see that I am not the only one though.

    For me it's the last thing required to make BB10 the ultimate device. I have used Android and iPhone and really hate them. Just loaded 10.3.1 and it's just amazing (and it's not just the keyboard, the whole look and feel is incredible, they have real done something amazing so kudos to them)
    Last edited by Daniel Niasoff; 01-15-15 at 06:34 PM.
    01-15-15 05:53 PM
  14. DaedalusIcarusHelios's Avatar
    The "locked down Android" I meant within a container. It is segregated. My point was that if the secure Android container (and the apps explicitly approved for it) work for Android devices, why couldn't they allow this secure Android container to exist in BB10? It'd be a bit more overhead, but I don't think it'd be akin to two ARTs.

    Posted via CB10
    01-22-15 12:08 AM
  15. Daniel Niasoff's Avatar
    Any features in 12.1 that might be relevant to this issue?
    05-17-15 06:38 AM

Similar Threads

  1. Chance for Blackberry to get a big BBM customer
    By khuti in forum General BBM Chat
    Replies: 4
    Last Post: 12-16-14, 03:06 PM
  2. [POWER VOTING] for BlackBerry in Gizmodos Best Smartphone of the Year
    By Fistmaster in forum General BlackBerry News, Discussion & Rumors
    Replies: 6
    Last Post: 12-05-14, 07:25 PM
  3. Airdriod3 vs BlackBerry Blend
    By avnishsp in forum Desktop Software
    Replies: 5
    Last Post: 12-05-14, 10:21 AM
  4. Earphones for Passport
    By fletch305 in forum Ask a Question
    Replies: 1
    Last Post: 12-05-14, 06:40 AM
LINK TO POST COPIED TO CLIPBOARD