[BBBHonest]

With the utter lack of privacy nowadays, I think it is becoming increasing important to think about communication security (obviously). Now, we all know that BlackBerry is the best for security, but are any of these advantages there for non-corporate BlackBerry devices? For the non-corporate BlackBerry owner (most people), is there any advantage to having a BlackBerry over an Android or Apple phone when it comes to security? What about BBM over WhatsApp etc.?

Posted via CB10

[trsbbs]

I think if BlackBerry brought a secure BIS or even some sort of BES it would do well. Include texting as well.

With all the issues with privacy dropping their BIS was just a bad idea.

Verizon Z10. Running 10.1.0.4651. Posted via CB10

[BBBHonest]

Well, that's what I'm wondering about. Is there any advantage at all to having a BlackBerry, security wise, if one is not using a corporate phone?

Posted via CB10

[Richard Buckley]

What kind of security are you looking for? Secure from whom? If you are more specific about what you mean by secure, it would be easier to discuss it.

Communications Security
BES provides communications security as long as the communications doesn't leave the corporate infrastructure, or if you use some other form of layered encryption such as S/Mime or PGP. Otherwise, while most of client to server email communications is now secured by SSL/TLS, server to server email is almost always sent in plain text (unless encrypted with S/Mime, PGP, GPG, etc).

BIS was never encrypted (again unless an additional layer of encryption was used eg SSL/TLS). But even if it was, since it would be managed by BlackBerry BIS traffic would be subject to legal intercept (where legal is in the eyes of the country in which the communication is flowing).

Data at rest Security
This is what a non-corporate BlackBerry really provides. If you are careful about what permissions you give software, in particular social media applications, and only install software that has been approved for inclusion in BlackBerry World you can be very confident that your data won't be stolen from the phone by malware.

As Ben Franklin said "Three people can keep a secret if two of them are dead." Once you send data to a another person the security of that data is in their hands.

[Richard Buckley]

I think if BlackBerry brought a secure BIS or even some sort of BES it would do well. Include texting as well.

With all the issues with privacy dropping their BIS was just a bad idea.

Verizon Z10. Running 10.1.0.4651. Posted via CB10

Actually with all the issues surrounding privacy dropping BIS was a very good idea for BlackBerry. Once BIS is gone they can't be compelled to hand the data over as they have famously been in the past.

[greggebhardt]

I do not think that BB10 devices are any more secure than other smart phones. Even BES is not secure from the NSA.

We always thought that big brother might be listening and reading. Now we know they have been doing it for years.

[BBBHonest]

I honestly asked this question out of ignorance. I don't think I know the exact different in security offered between a corporate issued BlackBerry, and a regular one off the high street. I have an idea, of course, but when hearing all this talk about BlackBerry being secure, I wondered whether any of that had anything at all to do with me, as a non-corporate user.

Posted via CB10

[Jerry A]

I honestly asked this question out of ignorance. I don't think I know the exact different in security offered between a corporate issued BlackBerry, and a regular one off the high street. I have an idea, of course, but when hearing all this talk about BlackBerry being secure, I wondered whether any of that had anything at all to do with me, as a non-corporate user.

Posted via CB10

BlackBerry isn't really more secure than other platforms in either scenario. Support encrypted names/passwords, on-device encryption, sandboxed execution, etc. are all standard fare in the modern smartphone age.

What BES offers is the ability to centrally manage and limit the functionality of your device. This is key for enterprises that want to limit exposure vectors.

In the scenarios you touched upon, it doesn't matter how secure the communication channel is. The authorities will go to the source and get the information they need (FISA warrant, National Security Letter, existing partnership, etc...). That can't be stopped.

[Richard Buckley]

BlackBerry isn't really more secure than other platforms in either scenario. Support encrypted names/passwords, on-device encryption, sandboxed execution, etc. are all standard fare in the modern smartphone age.

While this is indeed true in theory, the devil is in the implementation details. A recent example of a failure in Android is the Bitcoin wallet problem. Now you may think that this is limited to users of Bitcoins. But all of cryptography is based on the ability to generate good random numbers. If the same random number generator is used for SSL/TLS then HTTPS connections may be similarly vulnerable.

Writing good cryptography is a lot harder than most people would think (even though most people probably think it is hard to begin with). BlackBerry has a long history of using very good cryptography from Certicom, which they eventually bought outright.

Sticking with Android, most phones with this OS are quickly rooted as soon as they are on the market. As a general principle, if someone can write a program that you can download to get root on your Android because you want it; some one malicious can use the same technique in a flashlight application to surreptitiously take over you phone and do what ever they want.

I don't thing it is coincidence that the popularity of mobile platforms is inversely proportional to their robustness against privilege escalation attacks (software that tries to take over the OS). There is always going to be tension between security and convenience. Since the OP is asking out of ignorance (OP's words) that robustness is the reason to chose BlackBerry over other smartphones. But, we all have to decide how much convenience we are willing to give up for a given amount of security. On security I personally rate the current smartphones from highest to lowest in this order: BBOS, BB10, Windows Phone 8, iOS, Android.

[Fred98TJ]

No form of cell communication is "secure".



Fred

[sklotz2000]

I believe BlackBerry is the only company that offers data encryption not only on the device, but also on removable media.

Here is some more recently published info:
Which smartphones are most at risk?
Each type of smartphone operating system has its own separate risks when it comes to hackers or malicious software. Apple’s iPhone is generally deemed to be secure due to its ‘sandbox’ configuration. This stops applications communicating with the phone and means the platform accounted for only 0.7% of mobile malware in 2012.

Android phones, like the Samsung Galaxy S4 and HTC One, are more closely related to PC operating system structures and therefore provide an easier target for hackers. In fact, 79% of malware in 2012 was related to Google’s Android operating system.

This is largely because the Google Play app store is built on an open model, with limited quality controls, making it easier for malicious apps to find their way onto your phone. BlackBerry devices are thought to be more secure than others, as they employ encryption software to protect data – one of the reasons they are so popular amongst business users.

If your smartphone is simply stolen, all the data stored on it can be potentially accessed.

Ref: Smartphone security: the essentials you need to know

[tickerguy]

Short answer: Yes.

Slightly-longer answer: BlackBerry's BB10 devices offer a few things that competing platforms DO NOT. Among them.

1. A robust and reasonably-easy to use DEVICE encryption option. Yes, Android allegedly supports it, but does so via encrypting the entire filesystem at the block level rather than the files. The problem is in key generation and weaknesses have been discovered in there within Android. In addition the risk of losing the entire device's data is MUCH higher with Android due to how their encryption functions -- it's basically a hack (and has to be due to how Android is architected, since the system has to have the key before it boots, but it has to boot before it can ask for the key and have you enter it.) Breaking today's encryption is more about breaking the keyspace than the algorithm itself, so once you discover such a weakness anything on that device that uses that "infrastructure" has to be considered compromised until proved otherwise.

2. A SOLID VPN option. Android simply doesn't have it. Many people dislike IPSEC but particularly with IKEv2 and perfect forward security enabled it is the current gold standard. This will not help you once the data is off your local network but it sure as hell does in the interim. BlackBerry also makes it easy to enable this for untrusted but known WiFi connections on an automated basis and you damn well should use that as it makes a very material difference in your overall data security.

In addition there are no known (at present) privilege escalation exploits on BB10. There ARE on many Android devices, and it only takes one and you're toast.

With that said the improvements are not a panacea. But they are real, they are tangible and they do matter. Data security is about understanding where the boundaries of what you can and can't secure are, how secure what you can lock down really is, and how you conduct your activities to remain within that boundary and when you breach it you do so knowingly such as to understand and accept your exposure.

[BBBHonest]

Can you explain this VPN/wifi option you are speaking of?

Posted via CB10

[jh07]

Curious about when some mention that BlackBerry is no more secure as other platforms. I see that when my wife buys and download apps on her S3, she still has to give up all sorts of permissions, people who have BlackBerrys, more or less have a choice with most apps. Doesn't that make BlackBerrys somewhat more secure?

Posted via CB10

[deltact]

Well, there was no big announcement re BlackBerry at the recent Black Hat or Defcon. That speaks volumes considering that other platforms get regularly featured. I'd say the only known weakness was that the PlayBook got rooted, but that hole might have gotten closed with BB10.

Posted via CB10 on Z10

[ralfyguy]

There is a bunch of apps out there for BlackBerry that ask for permissions upon install, and yes you DO get the option to deny them, but sometimes you only deny one and the whole app doesn't work, or only parts of it. The only way to prevent this is not to install the app if you decide that it asks for too many permissions that shouldn't be relevant to the function.
So sometimes it doesn't really matter if you have the choice to turn them off or if you just get an info about what just has been permitted.

Posted via CB10

[tickerguy]

Can you explain this VPN/wifi option you are speaking of?

Posted via CB10

Yes.

Go into any saved WiFi profile and you will see a "VPN profile" tag. If you have VPNs defined they will be available.

If you select one whenever you connect to that WiFi SSID the phone will automatically bring up the VPN. This is of particular value if you're on a "public" and thus unencrypted "Hotspot"; normally, without this, all ordinary and unencrypted traffic can be picked off by anyone within range of said hotspot.

You can also do this for your cellular connection if you wish but beware that doing so will default the VPN on all the time when on cell data. The downside to doing so (beyond the overhead and need for a fast link to your VPN and back to the Internet as a whole) is that MMS will not work because virtually all carriers deny MMS transmissions that do not come from their network IP addresses, and ALL your data traffic is routed via the VPN when this option is selected.

[katesbb]

I believe BlackBerry is the only company that offers data encryption not only on the device, but also on removable media.

Android allows it too

[Jerry A]

While this is indeed true in theory, the devil is in the implementation details. A recent example of a failure in Android is the Bitcoin wallet problem. Now you may think that this is limited to users of Bitcoins. But all of cryptography is based on the ability to generate good random numbers. If the same random number generator is used for SSL/TLS then HTTPS connections may be similarly vulnerable.

Writing good cryptography is a lot harder than most people would think (even though most people probably think it is hard to begin with). BlackBerry has a long history of using very good cryptography from Certicom, which they eventually bought outright.

Sticking with Android, most phones with this OS are quickly rooted as soon as they are on the market. As a general principle, if someone can write a program that you can download to get root on your Android because you want it; some one malicious can use the same technique in a flashlight application to surreptitiously take over you phone and do what ever they want.

I don't thing it is coincidence that the popularity of mobile platforms is inversely proportional to their robustness against privilege escalation attacks (software that tries to take over the OS). There is always going to be tension between security and convenience. Since the OP is asking out of ignorance (OP's words) that robustness is the reason to chose BlackBerry over other smartphones. But, we all have to decide how much convenience we are willing to give up for a given amount of security. On security I personally rate the current smartphones from highest to lowest in this order: BBOS, BB10, Windows Phone 8, iOS, Android.

Now we're getting into some meaty goodness. And I agree with most of your points and those raised by many others.

However, the original question was if a corporate (eg BES) BlackBerry offered more security/privacy than a personal one.

Not trying to deflect - just want to ensure we answer the OP's question.

[Richard Buckley]

Not trying to deflect - just want to ensure we answer the OP's question.

Good, point. But the OP did ask for a comparison with Android and Apple.

And yes lots of tasty thought going on here. I especially like the fact that tickerguy brought up VPN on onen Wi-Fi hotspots. Excellent advice there. I use Witopia for that exact purpose and tickerguy is again correct, once the VPN is configured you can tell your BB10 to bring it up automatically.