[JohnKCG]

Well at least now your next device choice has seriously opened up!

Great as the S8+ is, also give the Google Pixel XL, Sony Xperia XZ Premium, OnePlus 3T, Huawei P10 Plus, and LG G6 a look.

I'd be confused at what to get if I was in the market for a new device right now. But I'd probably land up with an Exynos Galaxy S8+.

The S7 is more than enough this year, S8 is like a S7 plus to be honest, that and the S7 Will receive Android O as a Last gift so why don't buy a S9 and keep the S7 until then

[anon(9607753)]

Well at least now your next device choice has seriously opened up!

Great as the S8+ is, also give the Google Pixel XL, Sony Xperia XZ Premium, OnePlus 3T, Huawei P10 Plus, and LG G6 a look.

I'd be confused at what to get if I was in the market for a new device right now. But I'd probably land up with an Exynos Galaxy S8+.

Honestly, all I was really looking for was a better explanation from someone here in terms what the BlackBerry Android security offering entails (under the new licensing model) and some sort of proof because quite frankly, no third party oem is even talking about it. "Trust us" and "same as always" doesn't really cut it. And at just $1 a month for their apps (not complaining) that really does open up a lot of possibilities once my PRIV needs replacing.

[Invictus0]

I suppose, if you still believe it. We will see once the KEYone is released and how long it takes to get rooted. From what I can tell they list three main security features: monthly updates, (ie Google) BlackBerry apps, and "security built in from the start"...no one knows what that last item really means. And as I stated previously, encryption, root of trust, and hardened kernel are all features Google claims are enabled for Nougat anyway. BlackBerryMobile does not make specific mention of any of those features by the way, including whether or not KEYone will be unrootable. Just an observation.

Root protection is built into BlackBerry's security offerings so if the Keyone has the DTEK app it should have them as well,

How and Why the PRIV Protects Against Rooting | Inside BlackBerry

BlackBerry Android also has other features that you won't find on stock Android, like BlackBerry Integrity Detection.

BlackBerry Integrity Detection is here! | BlackBerry Developer Blog

As far as OS updates go, they post their kernel changes on GitHub every month, the most recent update is from March so I think it's safe to assume development is still active to some extent.

https://github.com/blackberry/android-linux-kernel

[anon(9607753)]

Root protection is built into BlackBerry's security offerings so if the Keyone has the DTEK app it should have them as well,

How and Why the PRIV Protects Against Rooting | Inside BlackBerry

BlackBerry Android also has other features that you won't find on stock Android, like BlackBerry Integrity Detection.

BlackBerry Integrity Detection is here! | BlackBerry Developer Blog

As far as OS updates go, they post their kernel changes on GitHub every month, the most recent update is from March so I think it's safe to assume development is still active to some extent.

https://github.com/blackberry/android-linux-kernel

Thanks for the links. A few comments. It would be nice to know whether or not 'integrity detection' is actually going to be on the KEYone, because it is mentioned nowhere in the product literature; the blog says it is 'unique' to the PRIV.

Secondly, while I agree the 'BlackBerry Android' kernel is still being updated with patches...how do we know if these patches are unique to BlackBerry or just hand-me-downs from Google? Or for that matter, if the BlackBerry kernel is actually any different?

[Invictus0]

Thanks for the links. A few comments. It would be nice to know whether or not 'integrity detection' is actually going to be on the KEYone, because it is mentioned nowhere in the product literature; the blog says it is 'unique' to the PRIV.

The first article is from before any other BlackBerry Android devices were released. The second article states that the DTEK app is powered by BID so if the Keyone has DTEK functionality it'll probably have BID as well (I don't think BID was used as a specific selling point for any of the previous phones though).

Secondly, while I agree the 'BlackBerry Android' kernel is still being updated with patches...how do we know if these patches are unique to BlackBerry or just hand-me-downs from Google? Or for that matter, if the BlackBerry kernel is actually any different?

The monthly patches are probably from Google. There are a few threads on how the kernel differs from stock Android but there are some "real" cases where its made a difference as well (under the mitigations section).

BSRT-2016-007 Vulnerability in Qualcomm kernel driver impacts BlackBerry powered by Android smartphones

[FF22]

I like the simplicity of that answer...LOL!

So I suppose that gives anyone interested in 'BlackBerry' much more options in terms of their next device. We can basically pick up any Android device running Nougat, purchase (or use for free, with ads) the BlackBerry App suite...and we basically get the same BlackBerry experience others will pay hundreds of dollars more for, with the same (or better) hardware? Wow. Thanks Chen! That's going to be a lot cheaper than my PRIV and as an added bonus, I won't have to wear the badge of a sell-out company that lies to its customers on my device. Sweet!

Okay, while some of what you and other says is quite true, they are selling a KEYBOARD DEVICE. That is really the only that that differentiates the KEYone. Maybe their hardened OS is more secure but most don't gave a damn and, Google and their developers do, in my opinion, jeopardize my privacy (sorry but do I really trust developers from China or Russia or Americans in the employ of the NSA).

So pay extra for that KEYBOARD or don't. Simple decision.

[FF22]

Honestly, all I was really looking for was a better explanation from someone here in terms what the BlackBerry Android security offering entails (under the new licensing model) and some sort of proof because quite frankly, no third party oem is even talking about it. "Trust us" and "same as always" doesn't really cut it. And at just $1 a month for their apps (not complaining) that really does open up a lot of possibilities once my PRIV needs replacing.

Okay, I agree - choices really do open up. I noted that when BB first moved to Android. Once folks were exposed to Android on a BB device (and purchased app), there was not much gluing them to BB in the future. Any brands were fair game. So, yes, the next device without keyboard may offer nothing special.

But, at the moment, the KEYone once really released (!!!!) has a KEYBOARD. That is it main selling point, I believe. Enterprise and Government might light the underlying root-less security.

We shall definitely see........

[FF22]

Thanks for the links. A few comments. It would be nice to know whether or not 'integrity detection' is actually going to be on the KEYone, because it is mentioned nowhere in the product literature; the blog says it is 'unique' to the PRIV.

Secondly, while I agree the 'BlackBerry Android' kernel is still being updated with patches...how do we know if these patches are unique to BlackBerry or just hand-me-downs from Google? Or for that matter, if the BlackBerry kernel is actually any different?

What is needed is a good tech investigative reporter and some forensic skills. Someone needs to be curious enough to actually dive into the device and dissect its integrity. Otherwise, yes, we are left with BB's claims. Their Android devices have not been rooted (unless I've missed something) if that is really important.

[donnation]

In my opinion the whole "secure Android" thing that BB has been pushing has all been a big marketing ploy, not that there is anything wrong with that. Google is mining your data on these phones, just like they do on all Android phones. That's why the DTEK app doesn't cover any of the Google apps on the phone, which I assume was an agreement by Google and BlackBerry that they not include their apps to be scanned by DTEK.

I've always maintained that if you stick to the play store, don't root your phone, and don't click on shady links than you are going to be fine. I've never had a single security issue with the many Android phones I know. BlackBerry is known for security, so they are going to promote that with their phones. If it makes someone feel better about owning an Android phone because it says BlackBerry on it, then I don't see a problem with that. But the notion that because it says BlackBerry on it makes it more secure than any other modern Android phone is a little silly in my opinion. If you aren't paying for BES (which in itself pretty much says that without that your phone isn't secure as it could be) then you are using an Android phone that has some top level security in it, but no more than most of the other Android phone that have been released in the past year or so.

[anon(9607753)]

Seeing as very few seem too keen on wading into this topic...particularly the many knowledgeable people on these boards who ought to be able to set the record straight on this...just to sum up:

1. BlackBerry Android monthly security patches are not materially different than any other Android phone that receives the same monthly patches as Google.

2. BlackBerry hardened kernel and patching is not materially different than any other Android phone that receives the same monthly kernel patches as Google.

3. BlackBerry encryption, root of trust, integrity detection, etc. is not any different than what is implemented on any stock Android 7 device.

4. The only clear differentiators appear to be the inability to root a BlackBerry Android, which may or may no be technology specific to BlackBerry, pre-installed BlackBerry apps including DTEK....and in some cases, a physical keyboard.

Does that just about sum it up?

[TCB on Z10]

as an added bonus, I won't have to wear the badge of a sell-out company

I have an Atari tee shirt that I wear as I love the icon of this company that gave me so much fun as a teen with their pioneer video games and computers that used windows years before others. They failed because of poor business practices although they were tech innovators just like BlackBerry. BlackBerry had to change but it is a legendary company that has given me years of smartphone enjoyment so many of us would be happy to "wear the badge" even if it costs more.

BB, Still the One

[bb10adopter111]

Seeing as very few seem too keen on wading into this topic...particularly the many knowledgeable people on these boards who ought to be able to set the record straight on this...just to sum up:

1. BlackBerry Android monthly security patches are not materially different than any other Android phone that receives the same monthly patches as Google.

2. BlackBerry hardened kernel and patching is not materially different than any other Android phone that receives the same monthly kernel patches as Google.

3. BlackBerry encryption, root of trust, integrity detection, etc. is not any different than what is implemented on any stock Android 7 device.

4. The only clear differentiators appear to be the inability to root a BlackBerry Android, which may or may no be technology specific to BlackBerry, pre-installed BlackBerry apps including DTEK....and in some cases, a physical keyboard.

Does that just about sum it up?

Not really. 3 and 4 are the same thing. The reason no one appears to have been able to root a BlackBerry is due to the Root of Trust.

The degree to which security matters to your enterprise/customers and what those specific requirements are will dictate your options. BlackBerry is arguably as good or better than any other Android phone n an Enterprise context

For a consumer, any properly patched phone is unlikely to cause as much trouble as other stupid user decisions, such as downloading insecure apps and weak passwords.

Security is a big, difficult problem, with many layers for the people who take it seriously. Dumbing down the comparisons don't serve a useful purpose.

Posted with my trusty Z10

[anon(9607753)]

Not really. 3 and 4 are the same thing. The reason no one appears to have been able to root a BlackBerry is due to the Root of Trust.

The degree to which security matters to your enterprise/customers and what those specific requirements are will dictate your options. BlackBerry is arguably as good or better than any other Android phone n an Enterprise context

For a consumer, any properly patched phone is unlikely to cause as much trouble as other stupid user decisions, such as downloading insecure apps and weak passwords.

Security is a big, difficult problem, with many layers for the people who take it seriously. Dumbing down the comparisons don't serve a useful purpose.

Posted with my trusty Z10

Really? In an earlier post it is alleged that BlackBerry had implemented root protection that is hardware specific (which I am giving the benefit of the doubt is correct). This in fact would be different than 'root of trust' which actually is a stock Android feature and according to Google, has been since version 4.4.

[bb10adopter111]

Really? In an earlier is alleged that BlackBerry had implemented root protection that is hardware specific (which I am giving the benefit of the doubt is correct). This in fact would be different than 'root of trust' which actually is a stock Android feature and according to Google, has been since version 4.4.

Blackberry has a hardware root of trust. That may be the confusion.

http://csrc.nist.gov/projects/root-trust/

http://bizblog.blackberry.com/2015/0...-at-endpoints/

Posted with my trusty Z10

[anon(9607753)]

I have an Atari tee shirt that I wear as I love the icon of this company that gave me so much fun as a teen with their pioneer video games and computers that used windows years before others. They failed because of poor business practices although they were tech innovators just like BlackBerry. BlackBerry had to change but it is a legendary company that has given me years of smartphone enjoyment so many of us would be happy to "wear the badge" even if it costs more.

BB, Still the One

Wearing the badge is all well and good, as long as you are giving your customer the straight goods and everyone knows what they are buying. I like BlackBerry and I have always supported them, but I do expect a fair and truthful portrayal of what I am paying for. And based on what I see advertised with both licensees...it looks like we are buying stock Android with regular updates and BlackBerry apps, branded as a BlackBerry device (with the possible exception of a hardware based root of trust and/or unrootable device...which no one is actually advertising)

This is not the same as what BlackBerry Android consisted of either on the PRIV or indeed anything on the DTEKs prior to Nougat. BlackBerry Android was being sold as an enhanced version of Android with additional security features. That no longer appears to be the case. And again, I am not saying that is necessarily a bad thing...if you are fine with it great...but it does represent a difference between a licensed BlackBerry device and the previous BlackBerry Androids.

[bb10adopter111]

Wearing the badge is all well and good, as long as you are giving your customer the straight goods and everyone knows what they are buying. I like BlackBerry and I have always supported them, but I do expect a fair and truthful portrayal of what I am paying for. And based on what I see advertised with both licensees...it looks like we are buying stock Android with regular updates and BlackBerry apps, branded as a BlackBerry device (with the possible exception of a hardware based root of trust and/or unrootable device...which no one is actually advertising)

This is not the same as what BlackBerry Android consisted of either on the PRIV or indeed anything on the DTEKs prior to Nougat. BlackBerry Android was being sold as an enhanced version of Android with additional security features. That no longer appears to be the case. And again, I am not saying that is necessarily a bad thing...if you are fine with it great...but it does represent a difference between a licensed BlackBerry device and the previous BlackBerry Androids.

The DTEK app is also exclusive on BlackBerrusty Android, and is very helpful in protecting privacy and security.

Blackberry is not simply offering a stock Android implementation, but it's changes to Android amount to tailoring the security settings to match its root of trust implementation., not a radical departure.

Posted with my trusty Z10

[anon(9607753)]

The DTEK app is also exclusive on BlackBerrusty Android, and is very helpful in protecting privacy and security.

Blackberry is not simply offering a stock Android implementation, but it's changes to Android amount to tailoring the security settings to match its root of trust implementation., not a radical departure.

Posted with my trusty Z10

Thanks. I do know and appreciate what DTEK does...I do own a PRIV...but it is no more than an App at the end of day.

As far as the BlackBerry root of trust and how unique that is - again, that seems to be debatable. I agree it is a matter of implementation. But it seems, especially with Nougat...the same can be said for any Android Oem. And certainly if it was truly that unique, perhaps BlackBerry and particularly its licensees might want to consider mentioning it in their product literature...unless they are fearful of getting dinged by Google for false advertising, Lol.

[Dunt Dunt Dunt]

Blackberry has a hardware root of trust. That may be the confusion.

Hardware Roots of Trust

How BlackBerry Security Begins At The Endpoints | Inside BlackBerry for Business Blog

Posted with my trusty Z10

"How BlackBerry Security Begins At The Endpoints" was a smoke and mirrors article... have to read it carefully. And pay attention to what they have said since that article.... there is nothing special in the hardware.

Now I do fully believe they have "locked" things down to make BlackBerry Android un-rootable. But just how much that protects a consumer, is hard to really define in the real world. As always, BlackBerry's security is still very much dependant upon how it is setup and managed within a corporate network.

Which is why TCL has clearly stated that ENTERPRISE is their focus for the BlackBerry brand.

BlackBerry's only "feature" that might matter to consumers is the KEYBOARD... Which is something I expect BB Merah Putih is starting to wish they had focused on.

[Bbnivende]

I would certainly like to know how a TCL BlackBerry Enterprise phone might differ over the latest iPhone or Samsung. What is an Enterprise grade phone?

[Invictus0]

2. BlackBerry hardened kernel and patching is not materially different than any other Android phone that receives the same monthly kernel patches as Google.

The BlackBerry Android kernel is different from the stock Android kernel. Some of their additions are discussed here,

https://www.theregister.co.uk/2015/1...rry_to_fix_it/

https://help.blackberry.com/en/secur...226529665.html

How useful the changes are will depend on the user and their needs.

3. BlackBerry encryption, root of trust, integrity detection, etc. is not any different than what is implemented on any stock Android 7 device.

I don't believe stock Android offers anything like BID, do you have a link?

[bb10adopter111]

"How BlackBerry Security Begins At The Endpoints" was a smoke and mirrors article... have to read it carefully. And pay attention to what they have said since that article.... there is nothing special in the hardware.

Now I do fully believe they have "locked" things down to make BlackBerry Android un-rootable. But just how much that protects a consumer, is hard to really define in the real world. As always, BlackBerry's security is still very much dependant upon how it is setup and managed within a corporate network.

Which is why TCL has clearly stated that ENTERPRISE is their focus for the BlackBerry brand.

BlackBerry's only "feature" that might matter to consumers is the KEYBOARD... Which is something I expect BB Merah Putih is starting to wish they had focused on.

I agree with you that most consumers shouldn't worry about phone security. Their behavior is the weakest link. Security really is an Enterprise issue.

Privacy is the most important consumer issue, and I think the DTEK-Nougat combo is the best for monitoring and managing privacy on Android.

I much prefer BB10 for Privacy over iOS or Android. I can manage cookies and use the private browser for most of my needs.

Posted with my trusty Z10

[Tsepz_GP]

Seeing as very few seem too keen on wading into this topic...particularly the many knowledgeable people on these boards who ought to be able to set the record straight on this...just to sum up:

1. BlackBerry Android monthly security patches are not materially different than any other Android phone that receives the same monthly patches as Google.

2. BlackBerry hardened kernel and patching is not materially different than any other Android phone that receives the same monthly kernel patches as Google.

3. BlackBerry encryption, root of trust, integrity detection, etc. is not any different than what is implemented on any stock Android 7 device.

4. The only clear differentiators appear to be the inability to root a BlackBerry Android, which may or may no be technology specific to BlackBerry, pre-installed BlackBerry apps including DTEK....and in some cases, a physical keyboard.

Does that just about sum it up?

It sounds like in Android took a similar route to Samsung, the difference being that BB phones run in the further secured environment from the moment they boot, while Samsung's depend on Google for normal security but have Knox built-in if you want to go the extra mile:

https://www.samsungknox.com/en/knox-technology

Blackberry has a hardware root of trust. That may be the confusion.

http://csrc.nist.gov/projects/root-trust/

http://bizblog.blackberry.com/2015/0...-at-endpoints/

Posted with my trusty Z10

Going by the above image, it seems they aren't the only ones.

One may have to dig deep into each Android OEM to find out how each implemented security. I'd be interested in how Huawei does it to as they seem adamant on using their own Kirin chips.

[sorinv]

It sounds like in Android took a similar route to Samsung, the difference being that BB phones run in the further secured environment from the moment they boot, while Samsung's depend on Google for normal security but have Knox built-in if you want to go the extra mile:

https://www.samsungknox.com/en/knox-technology

https://uploads.tapatalk-cdn.com/201...b740887529.jpg




Going by the above image, it seems they aren't the only ones.

One may have to dig deep into each Android OEM to find out how each implemented security. I'd be interested in how Huawei does it to as they seem adamant on using their own Kirin chips.

Because you need to control (design and manufacture) the IC's in order to secure the hardware. Software alone cannot do it, as that link to the NIST website explained.
BlackBerry uses the hardware root of trust built into the Qualcomm chips by Qualcomm. The Chinese (Huawei) would obviously not rely on that.
This is also the reason why Huawei gear is not used by western governments, or at least by those governments that are responsible and understand the implications.

Posted via CB10

[anon(9607753)]

It sounds like in Android took a similar route to Samsung, the difference being that BB phones run in the further secured environment from the moment they boot, while Samsung's depend on Google for normal security but have Knox built-in if you want to go the extra mile:

https://www.samsungknox.com/en/knox-technology

https://uploads.tapatalk-cdn.com/201...b740887529.jpg




Going by the above image, it seems they aren't the only ones.

One may have to dig deep into each Android OEM to find out how each implemented security. I'd be interested in how Huawei does it to as they seem adamant on using their own Kirin chips.

I have to say it looks like you are correct. I have tried to dig into this deeper following the links provided by others and there really does not seem to be a substantive difference between 'BlackBerry Android' and Android 7 can/does provide natively. Perhaps BlackBerry Android was something more distinct (even if we are just talking about implementation) two years ago, but as per my original post, I see very little other than perhaps the so-called unrootability distinguishing it from particularly 'more secure' versions of Android such as Google Nexus/Pixel or Samsung/Knox. In fact, what BlackBerry is doing by sandboxing it's apps seems almost identical to Samsung's Knox. I believe Chen himself said as much himself at one point, if I'm not mistaken.

So it would seem the BlackBerry experience under the new licensing strategy has basically been diluted down to the following:

BlackBerry hardware --> replaced by a logo/branding, and a pkb (where applicable)...and any other 'BlackBerry' hardware characteristics a third party oem considers marketable

BlackBerry security --> replaced by unrootable device as the main distinguishing factor (other aspects, such as root of trust, sandboxing, encryption seem to be either enabled or available to all Nougat Androids)

BlackBerry OS --> BlackBerry suite of apps

[anon(9607753)]

(Double post)