Built for Business - Learn more about BlackBerry KEY2
  1. 0Mark de Vries0's Avatar
    Hello all,

    As I understand, an app called Weather Forecast - World Weather Accurate Radar, leaks user data "to China". The app is develloped and distributed by TCL, the same company that makes our beloved phones. Now, given the recent discussions around Huawei concerning the same issue, what to think about this information ? Do BlackBerry's also leak info ? Any details ?

    cheers,
    Mark
    Last edited by 0Mark de Vries0; 01-03-19 at 04:30 AM. Reason: added line
    01-03-19 04:29 AM
  2. chetmanley's Avatar
    Hello Mark,

    We've been discussing this and similar topics in the following threads.

    https://forums.crackberry.com/blackb...droid-1161588/

    https://forums.crackberry.com/blackb...phone-1161476/
    01-03-19 10:31 AM
  3. thurask's Avatar
    First, some sources.

    Upstream Systems: https://www.upstreamsystems.com/secu...ufactured-tcl/ (origin)
    Wall Street Journal: https://www.wsj.com/articles/popular...ay-11546428914 (paywall)
    BBC: https://www.bbc.com/news/technology-46747118
    Gizmodo: https://gizmodo.com/yet-another-weat...uch-1831448044

    Now that those are out of the way, the "BlackBerry" apps developed by TCL (file manager, weather, calculator, etc.) are the same ones preloaded on Alcatel/TCL devices, just with changes to the branding. However, the BlackBerry versions appear to be based on older versions of each app. Comparing the latest available TCL/"BlackBerry" weather apps from APKmirror, the BlackBerry one is 7022.0449.3.0, while the TCL one is 7.0.2.4.0514; checking the version history of TCL Weather, the BB version was presumably forked off some time in 2017. This isn't the first time TCL has been up to no good with default apps, but the question is if the BlackBerry versions have the same behavior or if TCL added them in recently.

    Here's the AndroidManifest.xml file (i.e. requested permissions) from BB Weather version 7022.0449.3.0: https://pastebin.com/AkCvL9Jj The Upstream Systems piece lists the dodgy permissions of the TCL Weather app; the BB version has a few (READ_PHONE_STATE, MOUNT_UNMOUNT_FILESYSTEMS) but not all. The URL mentioned as being pinged constantly by the TCL weather app doesn't appear to exist in a text search of a dump of the BB version. From what I can tell, TCL's shifty behavior with their weather app is a more recent development than when they spun off the BB branch of the app.
    01-03-19 10:38 AM
  4. bh7171's Avatar
    This is disturbing. Any word from BlackBerry Ltd in regards to their relationship and the devices being branded "BlackBerry" and security or lack of?
    anon(10218918) likes this.
    01-15-19 09:04 AM
  5. Amaroni's Avatar
    This is disturbing. Any word from BlackBerry Ltd in regards to their relationship and the devices being branded "BlackBerry" and security or lack of?
    When you say security or lack off , do you have any tangible evidence that suggests or has been suggested that Blackberry branded devices are not secure.

    TCL may have the rights to manufacture and distribute Blackberry branded devices but the software comes from Blackberry directly and therefore TCL cannot simply bypass the protocols set by Blackberry (Canada).
    01-15-19 09:16 AM
  6. thurask's Avatar
    This is disturbing. Any word from BlackBerry Ltd in regards to their relationship and the devices being branded "BlackBerry" and security or lack of?
    As long as TCL is hoovering up user data and shipping it to China over HTTPS with good certificates then it's "secure", whether it's "private" is the question.
    01-15-19 09:33 AM
  7. bh7171's Avatar
    I did not find this stock TCL app on my DTEK50. Are these TCL apps only on Alcatel branded or are some of the preloaded apps on BlackBerry TCL devices TCL apps? Where is the transparency from BlackBerry Ltd. They would have to be concerned. Their selling security and privacy in their Enterprise software.
    01-16-19 12:51 AM
  8. Amaroni's Avatar
    I did not find this stock TCL app on my DTEK50. Are these TCL apps only on Alcatel branded or are some of the preloaded apps on BlackBerry TCL devices TCL apps? Where is the transparency from BlackBerry Ltd. They would have to be concerned. Their selling security and privacy in their Enterprise software.
    What transparency are referring to ? You didn't find the TCL app in question on your Blackberry device. That in itself should alleviate your concerns and confirm that you are indeed using a secure device. You have access to the DTek app which allows you to control the behaviour of apps installed on your phone .

    Blackberry is selling security and safety and thus far there has been no indication that there is any link between the TCL APP and Blackberry Mobile.

    If you are concerned contact Blackberry Mobile and ask for clarification
    bakron1 likes this.
    01-16-19 01:37 AM
  9. anon(10218918)'s Avatar
    What transparency are referring to ? You didn't find the TCL app in question on your Blackberry device. That in itself should alleviate your concerns and confirm that you are indeed using a secure device. You have access to the DTek app which allows you to control the behaviour of apps installed on your phone .

    Blackberry is selling security and safety and thus far there has been no indication that there is any link between the TCL APP and Blackberry Mobile.

    If you are concerned contact Blackberry Mobile and ask for clarification
    I also was thinking so. Using NetGuard Pro additonaly made me sceptical. In shows you which apps are sending your data to which servers. DTEK does not. Really, I did not find TCL apps sending data but a lot of others.
    Last edited by CrackPriv; 01-16-19 at 03:33 AM.
    01-16-19 03:07 AM
  10. Amaroni's Avatar
    I also was thinking so. Using NetGuard Pro additonaly made me sceptical. In shows you which apps are sending your data to which servers. DTEK does not. Really, I did not find TCL apps sending data but a lot of others.
    The main point is we have access to software that allows us, the consumer, to control what information we choose to send in most instances. There are some apps such as Google play services that do not seem to like being restricted completely. But we have a choice , switch to a non Android device.

    At least with Blackberry devices we are not completely at the mercy of third party app developers and in today's world this counts for more than fancy processors and cameras and gb's of space we won't probably use .....
    01-16-19 03:53 AM
  11. anon(10218918)'s Avatar
    The main point is we have access to software that allows us, the consumer, to control what information we choose to send in most instances. There are some apps such as Google play services that do not seem to like being restricted completely. But we have a choice , switch to a non Android device.

    At least with Blackberry devices we are not completely at the mercy of third party app developers and in today's world this counts for more than fancy processors and cameras and gb's of space we won't probably use .....
    Non android devices will give us the same experience, I am sure. Blackberry must improve its security software given to the licencies. We need imporovements for privacy.
    01-16-19 03:59 AM
  12. Amaroni's Avatar
    Non android devices will give us the same experience, I am sure. Blackberry must improve its security software given to the licencies. We need imporovements for privacy.
    Do you have any conclusive evidence to prove your statement? Blackberry don't have to prove anything to you or me . Either we accept what they say or we don't. Having used other android devices from my own experience none of them provide the same level of security or the ability to control what is sent to third party developers.

    You are of course entitled to you view however I would respectfully suggest you provide conclusive evidence before slating the BlackBerry brand for the very thing they stand for.
    01-16-19 05:05 AM
  13. anon(10218918)'s Avatar
    Do you have any conclusive evidence to prove your statement? Blackberry don't have to prove anything to you or me . Either we accept what they say or we don't. Having used other android devices from my own experience none of them provide the same level of security or the ability to control what is sent to third party developers.

    You are of course entitled to you view however I would respectfully suggest you provide conclusive evidence before slating the BlackBerry brand for the very thing they stand for.
    I never said other brands are more secure. BlackBerry Androids are the most secure ones (beside BlackBerry 10). That's the reason I use them. But it must get improved for more privacy. -I will never post a screenshot of my personal NetGuard protocols here, but I can tell you, that for example Amazon is a very aggressive app on my BlackBerry KeyOne and there are some other apps sending data to servers in Los Angeles and other places. (I am living in Germany). With NetGuard I can forbid this. -My wish is that BlackBerry will integrate it in DTEK or elsewhere in its security software.

    Posted via CB10
    01-16-19 05:27 AM
  14. Amaroni's Avatar
    I believe the words you used were non Android brands thereby implying that other brands will provide the same experience . It is my understanding that this is not the case but then again I am no expert and am happy to be corrected if I am wrong . I also believe that with DTek you can limit access to your device . for instance Google has no "visible". access to my microphone.... whereas previously my microphone was accessed over 13000 in a three hour time period. so we have a degree of control . I have not installed the Amazon app on my device but still access Amazon via the browser , whether this makes a difference I have no idea . we are all susceptible to our data being mined by third parties, at least with Blackberry devices we have some hope that we can control what's going out ....
    01-16-19 06:00 AM
  15. anon(10218918)'s Avatar
    I believe the words you used were non Android brands thereby implying that other brands will provide the same experience . It is my understanding that this is not the case but then again I am no expert and am happy to be corrected if I am wrong . I also believe that with DTek you can limit access to your device . for instance Google has no "visible". access to my microphone.... whereas previously my microphone was accessed over 13000 in a three hour time period. so we have a degree of control . I have not installed the Amazon app on my device but still access Amazon via the browser , whether this makes a difference I have no idea . we are all susceptible to our data being mined by third parties, at least with Blackberry devices we have some hope that we can control what's going out ....
    Sorry for the misunderstanding: I ment non BlackBerry devices give the same experience in hidden sending data. -Try it out: DTEK gives you information and management of the permissions of apps but not abaout the connections in the background. You can see these with NetGuard.

    Posted via CB10
    01-16-19 06:38 AM
  16. Amaroni's Avatar
    Here is a screenshot of Crackberry app on my device which i accessed via DTEK. As you can see background data has been turned off.

    It is possible to access all apps in the same way.TCL and user data-screenshot_20190116-124148.jpg

    Hope this helps
    Last edited by Amaroni; 01-16-19 at 10:57 AM.
    01-16-19 07:31 AM
  17. anon(10218918)'s Avatar
    Here is a scrrenshot of Crackberry app on my device which i accessed via DTEK. As you can see background data has been turned off.

    It is possible to access all apps in the same way.Click image for larger version. 

Name:	Screenshot_20190116-124148.jpg 
Views:	32 
Size:	32.9 KB 
ID:	442428

    Hope this helps
    Thank you. This function is very hidden in DTEK -Try Netguard additionly. if you don't like it, deinstall it. It shows you much more. You can find it in Google Play Store.
    Last edited by CrackPriv; 01-16-19 at 08:35 AM.
    01-16-19 08:00 AM
  18. Amaroni's Avatar
    Thank you. This function is very hidden in DTEK -Try Netguard additionly. if you don't like it, deinstall it. It shows you much more. You can find it in Google Play Store.
    Thank you for the information
    01-16-19 10:58 AM

Similar Threads

  1. Replies: 5
    Last Post: 02-03-19, 02:47 AM
  2. Square App icons and ugly outlined text font - BlackBerry Key2
    By Jafar Anvary in forum BlackBerry KEY2
    Replies: 11
    Last Post: 01-04-19, 01:33 PM
  3. Replies: 2
    Last Post: 01-03-19, 04:17 PM
  4. Replies: 3
    Last Post: 01-02-19, 04:43 PM
  5. Mac user with SyncMate Experiencing Calendar Issues
    By KitJackson67 in forum BlackBerry KEY2
    Replies: 3
    Last Post: 01-02-19, 02:51 PM
LINK TO POST COPIED TO CLIPBOARD