[Richard Buckley]

All this is Apples and Oranges..... In the truest sense... security is a user issue... Yes you could make a non rootable phone... simply encrypt a boot rom... have it checksum the OS loader and your away. Hacker would have to decrypt the boot rom to figure out what mods could be done to the actual loader... this is where true hack ends... after the OS is loaded it becomes more what the user does and does not do in OS configuration... if you have a weak password for your device or accounts... someone figures out your password... does not matter how secure your device is....do not turn on encryption... do not scan your apps or emails with a malware or antivirus get infected... again all bets are off... granted BB has an advantage on the Android side with the apps being sandboxed but does not mean it could not happen in the native OS... In the end it more your security hygiene that dictated how secure you device is... not so much the bells and whistles that come with it....

So what is a user supposed to do about the Samsung keyboard vulnerability?

Z10STL100-3/10.3.2.798 SR 10.3.2.516

[Richard Buckley]

Because they have been working on security projects with Android in the past. They must believe they can make it as secure.

Posted via CB10

Or they can make money taking it from the shambles that it is to something that doesn't embarrass the companies that sell the phones. Take the latest Samsung keyboard vulnerability. It downloads updates from an unencrypted website. There is no way to remove the keyboard software or disable it even if you aren't using it. You just have to grit your teeth and hope your carrier gives you the patch before someone figures out how to exploit it.

Or the latest Apple revelation.

BlackBerry has been involved in two secure Android devices. Both sell for over $2K to limited audiences and don't have access to Google Services.

Z10STL100-3/10.3.2.798 SR 10.3.2.516

[Bonsaibo]

If you want your phone to have Google services, you're vulnerable. No way around it.

[LazyEvul]

Or they can make money taking it from the shambles that it is to something that doesn't embarrass the companies that sell the phones. Take the latest Samsung keyboard vulnerability. It downloads updates from an unencrypted website. There is no way to remove the keyboard software or disable it even if you aren't using it. You just have to grit your teeth and hope your carrier gives you the patch before someone figures out how to exploit it.

People already know how to exploit it - and it requires a very specific and unlikely set of circumstances. Non-trivial exploits are rarely something to grit your teeth over.

[BeautyEh]

I thought long and hard about this. I think if Blackberry absolutely was not getting into the Android market, there would have been a blanket denial from Chen. There was not. This leads me to believe they are either A) working on it, but not sure of the outcome or B) Definitely producing it, but the timing isn't right for some reason to announce just yet.

But either way? What if the enterprise-only focus is really misguided? If the history of advertising tells us anything, it's that much is possible - with the right branding. I think Blackberry, ESPECIALLY in North America, needs to find a way to "re-brand" themselves and make it cool to own one again. This is easier said than done - but definitely not impossible. People here in the US, just look at Domino's Pizza. You might call that a "self conscious" campaign - but it was clearly effective. What would it take for BB to think outside the box and do something similar?

[abwan11]

They've got to change direction.
The android market might not do it for them either. It needs to be something special, dual os, iot connected, who knows. But just android, I don't know, maybe. BB10 is not polished enough, and has been abandoned by everyone it seems. What would you have them do?

Posted via CB10

[abwan11]

But I do believe that the hardware designs, the passport and slider, are interesting enough to separate BlackBerry from the crowded android space.
In retrospect, the plan was to try and save bb10 with some interesting hardware first, if the 10 million mark wasn't met, plan b, go to android, for consumer products. Hardwares a big money making machine, and they know it, it's eating Chen, the software guy, that he can't make it fly. I don't think they can be cured of the publics prescription unless they make hardware work.

Posted via CB10

[Richard Buckley]

As for firm categorical denials, does anyone remember Thor saying that the PlayBook would get BB10? Remember what a bunch of people said about him when he had to reverse that decision? Thor was an engineer, Chen is a business man. The shrewd business man knows you never categorically deny something unless you would rather go out of business than do it. Chen doesn't know what Google might do next year. Maybe they will decide it is time that Android lived up to the security promises they made in the beginning and call on BlackBerry to help tighten it up. No, I don't really believe it, but what Chen said is if he could secure it he would sell it. Under the current circumstances that means very expensive and no Google Services. But that could change. So why close the door now especially when they have a history of making secure Android versions. But if you are waiting for a secure Android with Google Play you could be waiting a very long time.

Z10STL100-3/10.3.2.798 SR 10.3.2.516

[Witmen]

So what is a user supposed to do about the Samsung keyboard vulnerability?

Z10STL100-3/10.3.2.798 SR 10.3.2.516

Not worry about it at all seems like the correct answer. Have you discovered what is required before a hacker could take advantage of that vulnerability? The hacker would need to be on the same unsecured wifi network as your phone and would need to catch you at the exact moment that your keyboard app is being updated. Realistically speaking, what's the odds of that actually happening? Oh and who in this day and age is ignorant enough to use a open, unsecured WiFi network any way?

We keep hearing that 600 million users are at risk, but how many will have any harm come to them at all from this?

[Richard Buckley]

Not worry about it at all seems like the correct answer. Have you discovered what is required before a hacker could take advantage of that vulnerability? The hacker would need to be on the same unsecured wifi network as your phone and would need to catch you at the exact moment that your keyboard app is being updated. Realistically speaking, what's the odds of that actually happening? Oh and who in this day and age is ignorant enough to use a open, unsecured WiFi network any way?

We keep hearing that 600 million users are at risk, but how many will have any harm come to them at all from this?

So there is nothing the user can do, which is my point.The device is vulneralble because the code was badly implemented, not due to anything the user did. While this disclosed vulnerability may not be easily expoitable, what about the ones that have been found by less ethical researchers?

[karswarnava]

We don't know about the release date of slider but we are expecting a straight forward answer from him regarding this issue... 😀 😀 😀

I have listened about super man, spiderman, batman (my favourite ) Chen is a mystery man

Posted via CB10

[MmmHmm]

So there is nothing the user can do, which is my point.The device is vulneralble because the code was badly implemented, not due to anything the user did. While this disclosed vulnerability may not be easily expoitable, what about the ones that have been found by less ethical researchers?

BlackBerry, in contrast, has so much more money, resources, and employees than Samsung that BlackBerry would never be responsible for badly implemented code. BlackBerry simply has too many top developers - who would never look for another job at a more stable company. Those perfect developers started and will always stay with BlackBerry to ensure perfect code.

Or is it that not as many researchers are testing the vulnerabilities of BB10 and so every laboratory condition exploit is not paraded about and used as click bait?

[ZF_23]

I hope BBRY remove Android Runtime for BB10 device on generation 1! ONLY NATIVE APPS!!!

[thurask]

I hope BBRY remove Android Runtime for BB10 device on generation 1! ONLY NATIVE APPS!!!

Bless your heart.

[buwee]

Lol. If anything, he reinforced that it's on the table and working on it so if anything, further backup the rumors!!! He's being coy though as to how far they are and if they have cracked it and how the intend to release it to the public.

If and when BB stops making BB10 phones I'll go to Windows Phones in a heartbeat - NO ANDROID BY BLACKBERRY for this cowboy.
I just bought a Microsoft Lumia 640XL which is a low to mid end phone and I must say, it is fairly impressive for the price and now I can't wait until the high end Cityman and Talkman comes out with Windows 10

[Prem WatsApp]

Also, it would be hard for Vertu not to be profitable with ~$1,000 USD phones with specs and hardware from two years ago.

Posh, posh, porsche... ;-)

�   Pastaporto aglio e olio... Mmmhhh!   �

[katiepea]

I viewed that comment as the complete opposite of OP's perspective, sounded much more like confirmation that it's been / being worked on than not.

[katiepea]

I hope BBRY remove Android Runtime for BB10 device on generation 1! ONLY NATIVE APPS!!!

I would consider the platform utterly unusable from a professional perspective if that happened.

[Richard Buckley]

BlackBerry, in contrast, has so much more money, resources, and employees than Samsung that BlackBerry would never be responsible for badly implemented code. BlackBerry simply has too many top developers - who would never look for another job at a more stable company. Those perfect developers started and will always stay with BlackBerry to ensure perfect code.

Or is it that not as many researchers are testing the vulnerabilities of BB10 and so every laboratory condition exploit is not paraded about and used as click bait?

Or is it that BlackBerry focuses on security first and gives their developers and engineers the tools and time to write code properly. It doesn't take huge amounts of money or only the best programmers to write good code. Look at Truecrypt. Did they didn't have tons of money, but the code review didn't find any really important issues. It did show some areas where the people writing the original code lacked experience and knowledge. But the product was and still is secure and effective.

To not have the current problems with the keyboard all Samsung had to do was use HTTPS to fetch the updates instead of HTTP. How many programmer days and millions of dollars do you think that would cost to have done?

Z10STL100-3/10.3.2.798 SR 10.3.2.516

[Soulstream]

If you want your phone to have Google services, you're vulnerable. No way around it.

You do realize that Google play services also allows Google to push security updates for Android without updating the OS. What security vulnerabilities does Google play services introduce to Android devices? They actually increase security for devices.

I think yesterday our neighbors at AC had an interesting article about it: The genius of Google Play Services: Tackling Android fragmentation, malware and forking in one fell swoop | Android Central

[Superfly_FR]

He was implying that when it does come out, it will be secure. You don't say that if you aren't working on an Android handset. And by secure, he means it's connected to their enterprise software and is able to run their Android apps.

Not what I understood/heard.
He clearly stated that they found "nothing conclusive yet".
And, what he means, is that the "end to end" security was not an option with Android, only BB10 devices can offer that. => Containerized Android apps are secure under BES12. But not the OS/device.

I don't deny they may have tried nor they may still try atm.
But they didn't succeed.
End of story for now and the foreseeable future.
JMHO

[Superfly_FR]

Or is it that not as many researchers are testing the vulnerabilities of BB10 and so every laboratory condition exploit is not paraded about and used as click bait?

You must be kidding, or never met any security/hack group.
Hacker with proven BB10+BES exploit would be instant millionaire and star.
They try, but they know they really have a dismal chance to find - if any - the breach.
Where you're right is that it's so easy on other platforms that we're flooded every weeks with exploits.

Funny, this reminds me the apple "no virus" story ... but I believe you're lost in the translation.

[Superdupont 2_0]

You do realize that Google play services also allows Google to push security updates for Android without updating the OS. What security vulnerabilities does Google play services introduce to Android devices? They actually increase security for devices.

I think yesterday our neighbors at AC had an interesting article about it: The genius of Google Play Services: Tackling Android fragmentation, malware and forking in one fell swoop | Android Central

I haven't looked into this for very long time, but I remember that the permissions of an app can be silently "extended" without any further notification to the user. And there were numerous cases of spying apps (like for example certain Torch apps)

For me this is some sort of "legal" hacking of app users and one of the main reasons to stay away from Google Play Service and its apps.

[Roger Porter]

Great

[leglace1]

Bottom line is that BlackBerry needs to confirm it's plans sooner rather than later because if there is any doubt that BB10 will continue, they will lose what they have left of app development.

Posted via CB10