[bb10adopter111]

I have to say it looks like you are correct. I have tried to dig into this deeper following the links provided by others and there really does not seem to be a substantive difference between 'BlackBerry Android' and Android 7 can/does provide natively. Perhaps BlackBerry Android was something more distinct (even if we are just talking about implementation) two years ago, but as per my original post, I see very little other than perhaps the so-called unrootability distinguishing it from particularly 'more secure' versions of Android such as Google Nexus/Pixel or Samsung/Knox. In fact, what BlackBerry is doing by sandboxing it's apps seems almost identical to Samsung's Knox. I believe Chen himself said as much himself at one point, if I'm not mistaken.

So it would seem the BlackBerry experience under the new licensing strategy has basically been diluted down to the following:

BlackBerry hardware --> replaced by a logo/branding, and a pkb (where applicable)...and any other 'BlackBerry' hardware characteristics a third party oem considers marketable

BlackBerry security --> replaced by unrootable device as the main distinguishing factor (other aspects, such as root of trust, sandboxing, encryption seem to be either enabled or available to all Nougat Androids)

BlackBerry OS --> BlackBerry suite of apps

Remember, Samsung licensed patents from BlackBerry for Knox, so it makes sense that they use the same approach. There's no reason to think there is a meaningful difference in security for most corporate scenarios for the HW root of trust between BlackBerry with BES and Samsung with Knox. Samsung is Probably using Blackberry's patented approach.

As far as rootability goes, presumably if you root a Samsung Android phone, you will break the Root of Trust chain so that your phone will appear as compromised on Knox. Because Samsung manufactures phones for the general public, it's possible that they don't care if a user gets kicked off of his or her Enterprise network for rooting a phone. Blackberry's approach is that a compromised phone should simply not function which is why they implement the BID at startup.

Posted with my trusty Z10

[anon(9607753)]

Remember, Samsung licensed patents from BlackBerry for Knox, so it makes sense that they use the same approach. There's no reason to think there is a meaningful difference in security for most corporate scenarios for the HW root of trust between BlackBerry with BES and Samsung with Knox. Samsung is Probably using Blackberry's patented approach.

As far as rootability goes, presumably if you root a Samsung Android phone, you will break the Root of Trust chain so that your phone will appear as compromised on Knox. Because Samsung manufactures phones for the general public, it's possible that they don't care if a user gets kicked off of his or her Enterprise network for rooting a phone. Blackberry's approach is that a compromised phone should simply not function which is why they implement the BID at startup.

Posted with my trusty Z10

Fair enough. But I think after its all said and done we are more or less on the same page are we not? And by the way, I don't mean to detract at all from what BlackBerry has contributed to Android. It just seems that after two years, most of it (with the possible exception of rooting) has either been absorbed into Android 7 or otherwise made implementable by other oems. It also makes sense that BlackBerry made their app suite available to all Androids...no doubt a pre-emptive strategy, given that Google's security improvements to Android (which ultimately benefit all oems) have effectively cut BlackBerry off at the knees.

And who knows, perhaps in Android 8 we will see an unrootable Pixel (or whatever they end up calling it) even if just as an optional upgrade for Enterprise clients.

That would certainly be the final insult...or compliment (?)...to a former industry icon. Lol.

[conite]

BlackBerry security --> replaced by unrootable device as the main distinguishing factor (other aspects, such as root of trust, sandboxing, encryption seem to be either enabled or available to all Nougat Androids)

I would be less inclined to make bold claims based on a gut feel.

The fact is, we don't really know what BlackBerry has done to Nougat. I would expect a developer blog around the time of the KEYone release.

And just because Nougat has some addition security features, BlackBerry's specific implementation of those features can still make a lot of difference.

[anon(9607753)]

I would be less inclined to make bold claims based on a gut feel.

The fact is, we don't really know what BlackBerry has done to Nougat. I would expect a developer blog around the time of the KEYone release.

And just because Nougat has some addition security features, BlackBerry's specific implementation of those features can still make a lot of difference.

Not sure why at this point anyone should have a gut feeling believing BlackBerry is still doing anything special with Android rather than not believing it. Especially after gutting their own OS and hardware division...and possibly Android OS development as well?

Either way, unless I missed it, BlackBerry isn't making a claim there is anything special about Android 7 on a BlackBerry (other than monthly updates), nor are their licensees. So why should I? Not to seem facetious...but why would they not let Google take care of the OS and security, TCL take care of hardware, and collect a royalty for their logo and apps...is that not the entire goal of licensing one's brand...to make as much profit as possible with minimal investment?

[anon(9607753)]

(Double post)

[conite]

Not sure why at this point anyone should have a gut feeling believing BlackBerry is still doing anything special with Android rather than not believing it. Especially after gutting their own OS and hardware division...and possibly Android development as well?

Either way, unless I missed it, BlackBerry isn't making a claim there is anything special about Android 7 on a BlackBerry (other than monthly updates), nor are their licensees. So why should I? Not to seem facetious...but why would they not let Google take care of the OS and security, TCL take care of hardware, and collect a royalty for their logo and apps...is that not the entire goal of licensing one's brand...to make as much profit as possible with minimal investment?

BlackBerry is very much active with BlackBerry Android development. It's the cornerstone of their licencing business, and a contractual obligation to their licencees over the long term.

[anon(9607753)]

BlackBerry is very much active with BlackBerry Android development. It's the cornerstone of their licencing business, and a contractual obligation to their licencees over the long term.

The problem being that I think for many there was a belief (or rather an expectation) what they were contributing development-wise had a security angle that was unique to BlackBerry, and had real meaning and value. Not development as in enabling pre-existing features on Google's OS...or tweaking apps and drivers and screen ratios...

[conite]

The problem being that I think for many there was a belief (or rather an expectation) what they were contributing development-wise had a security angle that was unique to BlackBerry, and had real meaning and value.

I still think they do. I'm sure we'll hear more about the Nougat variant soon.

Integrity detection on the device is real-time monitoring of changes to system files. This is still a unique feature exclusive to BlackBerry Android.

https://help.blackberry.com/en/secur...015379310.html

[Troy Tiscareno]

I have to say it looks like you are correct. I have tried to dig into this deeper following the links provided by others and there really does not seem to be a substantive difference between 'BlackBerry Android' and Android 7 can/does provide natively. Perhaps BlackBerry Android was something more distinct (even if we are just talking about implementation) two years ago, but as per my original post, I see very little other than perhaps the so-called unrootability distinguishing it from particularly 'more secure' versions of Android such as Google Nexus/Pixel or Samsung/Knox. In fact, what BlackBerry is doing by sandboxing it's apps seems almost identical to Samsung's Knox. I believe Chen himself said as much himself at one point, if I'm not mistaken.

Several years ago, some of us got into a discussion about BB10 vs. Android (around late 2013/early 2014), when Google was hiring encryption and security experts, and I had mentioned then that one of BB's problems was that companies with the resources of Apple and Google could close the security gap a lot easier than BB could ever close the ecosystem gap, and that (at the time) both Apple and Google, who had initially focused on the consumer market, were clearly making a play for enterprise, and were investing heavily in security for their respective platforms. Fast-forward to today, and you can see that they've largely closed the gap. BB's "moat" around their crown jewels (mobile security) wasn't as wide or deep as many believed, and it was really just a matter of Apple and Google deciding to focus on enterprise security that was going to undermine BB's "Unique Selling Proposition". I'm sure Chen was made aware of this pretty early on in his tenure, which helped make other decisions easier.

It's clear at this point that Apple and Google will continue to improve security at all levels in an effort to win enterprise marketshare from each other. Both companies have hired former BB workers, so some of the institutional knowledge will have come over with them. Anyway, security should increasingly be less of a concern even for BB folks, as both platforms have virtually reached BB10 security (and perhaps surpassed it in some areas), and will only continue to improve going forward.

[bb10adopter111]

I agree with you. Also, I wouldn't be surprised if Blackberry licensed some of its patents to Apple and Google as well as Samsung. Apple and Google would have no reason to publicize this, and Blackberry wouldn't likely care so long as it was receiving payments or other benefits from Apple and Google. As the first mover in the secure enterprise mobile messaging space, Blackberry's numerous patents could create road blocks for other companies, and it might be much less risky for Google/Apple/IBM/etc. to license Blackberry's IP than to attempt to engineer analogous solutions and risk the legal liability of patent litigation that could cost them $100s of millions.

[Troy Tiscareno]

Absolutely. BB undoubtedly has useful, relevant patents in that area, and I also would be surprised if Apple and Google aren't licensing some of those patents (or if they aren't covered by other co-licensing agreements). BB doesn't have a device business of their own anymore, so there is no reason at all that they wouldn't license whatever they could, as that is one of the main reasons for patents.

[anon(9607753)]

Several years ago, some of us got into a discussion about BB10 vs. Android (around late 2013/early 2014), when Google was hiring encryption and security experts, and I had mentioned then that one of BB's problems was that companies with the resources of Apple and Google could close the security gap a lot easier than BB could ever close the ecosystem gap, and that (at the time) both Apple and Google, who had initially focused on the consumer market, were clearly making a play for enterprise, and were investing heavily in security for their respective platforms. Fast-forward to today, and you can see that they've largely closed the gap. BB's "moat" around their crown jewels (mobile security) wasn't as wide or deep as many believed, and it was really just a matter of Apple and Google deciding to focus on enterprise security that was going to undermine BB's "Unique Selling Proposition". I'm sure Chen was made aware of this pretty early on in his tenure, which helped make other decisions easier.

It's clear at this point that Apple and Google will continue to improve security at all levels in an effort to win enterprise marketshare from each other. Both companies have hired former BB workers, so some of the institutional knowledge will have come over with them. Anyway, security should increasingly be less of a concern even for BB folks, as both platforms have virtually reached BB10 security (and perhaps surpassed it in some areas), and will only continue to improve going forward.

Still, aside from the seemingly ubiquitous and inescapable references to BB10 and 2013 (regardless of the thread topic)..I'm not sure what any of this has to do with what BlackBerry is actually doing with Android in 2017 as they move forward to a licensing model...and what is unique (if anything) about BlackBerry's security implementation in Android 7?

[Dunt Dunt Dunt]

Still, aside from the seemingly ubiquitous and inescapable references to BB10 and 2013 (regardless of the thread topic)..I'm not sure what any of this has to do with what BlackBerry is actually doing with Android in 2017 as they move forward to a licensing model...and what is unique (if anything) about BlackBerry's security implementation in Android 7?

It's the third page of this thread..... where else but off topic would it be?

No one here really knows what BlackBerry does vs what is possible already, but not attempted by most OEMs who focus on consumers. I would say... that if Silent Circle were in so much financial trouble, and were planning a new BlackPhone..... they might be the ones to dispute what is special about BlackBerry's claims.

What I think.... based on how little we here about Silent Circle's BlackPhone, Boeing's BlackPhone, Samsung's KNOX or the other few "enterprise security" phones that were once being planned. Is that iOS and Android are able to meet the needs of most of enterprise at this point. What size market there is for "hardware" security devices... that is what the real question is.

[anon(9607753)]

It's the third page of this thread..... where else but off topic would it be?

No one here really knows what BlackBerry does vs what is possible already, but not attempted by most OEMs who focus on consumers. I would say... that if Silent Circle were in so much financial trouble, and were planning a new BlackPhone..... they might be the ones to dispute what is special about BlackBerry's claims.

What I think.... based on how little we here about Silent Circle's BlackPhone, Boeing's BlackPhone, Samsung's KNOX or the other few "enterprise security" phones that were once being planned. Is that iOS and Android are able to meet the needs of most of enterprise at this point. What size market there is for "hardware" security devices... that is what the real question is.

Not that I mind off-topic banter even if it derails the thread but it seems either nobody knows the answer...or there is little to no difference. Not too encouraging either way. Quite frankly I don't care what the market thinks or how many BlackBerry security patents have been implemented or surpassed by either Google or Apple. If there truly is a difference between BlackBerry Android and regular Android as it relates to a licensed BlackBerry and Android 7...I am simply asking if anyone knows what that is, and if so, how that differs from installing BlackBerry apps on any Nougat device. Simple question.

So far the difference seems to boil down to just two items: rooting and integrity detection. I don't include monthly updates in that list because regular security updates are provided by some oems

[Troy Tiscareno]

So far the difference seems to boil down to just two items: rooting and integrity detection. I don't include monthly updates in that list because regular security updates are provided by some oems

That's pretty much it as far as publicly-available information, yes. And my point was: Apple and Google have been steadily closing the security gap, reducing BB's distinctions to a very small list, as you've just pointed out.

There could always be something else that BB won't talk about publicly - but why would they not talk about a USP that some might find value in?

[anon(9607753)]

That's pretty much it as far as publicly-available information, yes. And my point was: Apple and Google have been steadily closing the security gap, reducing BB's distinctions to a very small list, as you've just pointed out.

There could always be something else that BB won't talk about publicly - but why would they not talk about a USP that some might find value in?

With so little to distinguish as it is (let's face it...its already Google's OS, and what BlackBerry is doing with it is 99% native Android anyway) perhaps they thought it was better from a marketing perspective to not call that out (the irony!) and focus on other features such as keyboard and battery life. Not so sure that is a good approach when security is supposed to be your distinguishing factor. Perhaps the only real marketing on that front is going to occur in direct conversation with IT administrators etc and in the context of BlackBerry's other mobile security offerings.

And speaking of ever-narrowing security gaps...apparently with Android 7.1.1 system updates will be pushed automatically to the device by Google. So even 'zero day' patching will cease to be a selling feature on Android (unless it's running an outdated OS).

[conite]

With so little to distinguish as it is (let's face it...its already Google's OS, and what BlackBerry is doing with it is 99% native Android anyway) perhaps they thought it was better from a marketing perspective to not call that out (the irony!) and focus on other features such as keyboard and battery life. Not so sure that is a good approach when security is supposed to be your distinguishing factor. Perhaps the only real marketing on that front is going to occur in direct conversation with IT administrators etc and in the context of BlackBerry's other mobile security offerings.

And speaking of ever-narrowing security gaps...apparently with Android 7.1.1 system updates will be pushed automatically to the device by Google. So even 'zero day' patching will cease to be a selling feature on Android (unless it's running an outdated OS).

You're still equating lack of information to lack of differentiation. Let's wait and see once we all get our hands on it.

And no, Google will not be bypassing carriers.

[anon(9607753)]

You're still equating lack of information to lack of differentiation. Let's wait and see once we all get our hands on it.

And no, Google will not be bypassing carriers.

To that point I would say how realistic is such an expectation? The Android 7 Aurora is already released, and the product page for KEYone has been up for months and the device was even launched at MWC 2017. If there was anything to be said, don't you think it ought to have been out there by now? The marketing materials for PRIV went to great lengths making this distinction and both DTEKs were hailed by BlackBerry as the most secure Androids. We don't see anything remotely similar coming from the BlackBerry licensees and I'm not sure why we should believe there will be?

As far as implementation of system updates on 7.1.1....whether or not there will be a carrier pass-thru is a separate issue and that also applies to BlackBerry. The fact remains that any unlocked device running 7.1.1 will receive (or at least have access to) system updates directly from Google without any need for this to be implemented as an 'add-on' service by oems.

[conite]

To that point I would say how realistic is such an expectation? The Android 7 Aurora is already released, and the product page for KEYone has been up for months and the device was even launched at MWC 2017. If there was anything to be said, don't you think it ought to have been out there by now? The marketing materials for PRIV went to great lengths making this distinction and both DTEKs were hailed by BlackBerry as the most secure Androids. We don't see anything remotely similar coming from the BlackBerry licensees and I'm not sure why we should believe there will be?

As far as implementation of system updates on 7.1.1....whether or not there will be a carrier pass-thru is a separate issue and that also applies to BlackBerry. The fact remains that any unlocked device running 7.1.1 will receive (or at least have access to) system updates directly from Google without any need for this to be implemented as an 'add-on' service by oems.

It still seems to be promoted:

[anon(9607753)]

It still seems to be promoted:
https://uploads.tapatalk-cdn.com/201...59680f7444.jpg

Still promoted as such by TCL (and nothing similar for Aurora apparently) but with little to no explanation or justification other than the three bullet points, which by the way I have already conceded in my previous posts: rooting, integrity detection / DTEK, and updates (which does not qualify as a unique offering). Your contention is there is something 'else' and that is the part I am questioning.

[conite]

Still promoted as such by TCL (and nothing similar for Aurora apparently) but with little to no explanation or justification other than the three bullet points, which by the way I have already conceded in my previous posts: rooting, integrity detection / DTEK, and updates (which does not qualify as a unique offering). Your contention is there is something 'else' and that is the part I am questioning.

You keep moving the posts. You just said there is nothing from the licencees claiming most secure Android. I just showed it to you.

My contention is that just because I don't know does not defacto imply there is nothing else.

[anon(9607753)]

You keep moving the posts. You just said there is nothing from the licencees claiming most secure Android. I just showed it to you.

My contention is that just because I don't know does not defacto imply there is nothing else.

Perhaps just misunderstanding. What I was referring to was the degree to which security and privacy was emphasized in the BlackBerry devices versus the licensed ones, not just the 'most secure' claim (which I believe is still missing with Aurora btw).

At any rate, we are basically in agreement on all points...the only difference is really the nuance of a glass half empty perception, versus a glass half full one. You think we should give BlackBerry the benefit of the doubt, and there really is (potentially) more there than they are letting on...whereas I'm not seeing any reason why we should.

And I should also mention neither 'integrity detection' nor 'unrootability', the last two clear differentiators any of us seem to agree likely remain, are specifically called out by either of the licensees.

[krazyatom]

Interesting. I always thought blackberry android offers more security over other android os.

[bb10adopter111]

Interesting discussion. I am not a security expert, but, from an enterprise perspective, the integrity detection and hardware root of trust seem to be pretty much mandatory features if I want to protect against someone cloning/spoofing a device.

Here's my understanding of the state of things through the DTEK BlackBerry devices and presumably on the KEYone as well:

Without a hardware root of trust, security cannot be guaranteed because any software-based security program can be copied. So Android alone simply cannot be secured on any phone without the implementation of some kind of hardware-based integrity check. Samsung Knox and BlackBerry both offer that.

In Samsung's case, a failure of the integrity check prevents the phone from ever again being able to connect to enterprise resources. The phone will still work, but it can't be trusted. This "security fuse" cannot be reset.

In Blackberry's case, the phone will fail to boot.

Samsung's approach is probably intended to accommodate consumers who want to root thir phones. As we all know, BlackBerry simply does not support that.

As a result, BlackBerry phones can be secured against cloning and root-based attacks for both enterprise resources and for data on the phone itself, while Samsung phones can only be secured at the point where they try to access the Knox-protected network.

Posted with my trusty Z10

[Jake2826]

It's really hilarious reading some of the posts that speculate that BlackBerry security is only a marketing phrase now.

Here's a suggestion for you. BlackBerry security webinars are announced all the time, and the BlackBerry devs are usually there talking all about this stuff. If you're so interested like you claim to be, then take the time to watch some in order to have your questions answered. Seek and thou shalt find. You can't be lazy though.

Here's Just a tidbit on one piece of the security built into the BlackBerry android platform.

BlackBerry Chief Security Officer David Kleidmacher on BlackBerry Integrity Detection Engine

(On Google's Android) "But one of the things it does not do is runtime integrity protection, so [what it does now] is kind of a boot time check. Which is great, really useful, but if malware gets into the system, and it’s able to get a hook into the system at runtime, you’ve not modified the flash firmware, but you’ve changed the runtime image. That’s also bad -- arguably worse -- because you can’t detect that.
We have something we call the BlackBerry Integrity Detection Engine -- we call it internally “BIDE.” And it is a runtime validation of the system, so we’re essentially underneath Android, something Google really can’t do, because it’s done in the firmware of the device. We’re looking up at Android; while it’s running, we’re watching it and measuring it, and observing it, and saying, “Does everything look okay?” That’s a really good example of something we do that your standard platform doesn’t do."