[anon(10321802)]

See app_Developer's detailed explanation above - it's basically encryption within encryption.

"For banking (at least with well funded banks) browsers are not as secure as apps. Banks can use much better authentication, crypto and active monitoring in apps. You get to run native code and you get a much richer set of platform APIs to work with."

We’re talking about two different things, here.

[conite]

My point is that it’s arrogance to believe ANY smartphone is private and secure. That includes BB10 and BBOS.

But I think it could be argued that newer devices may be even less private and secure in some ways than older devices because of all the tracking and data mining functionality that has been built into their OS and apps.

Android phones are CONSTANTLY sending tracking data to Google and potentially many dozens of other companies depending on how many apps you have.

iOS does it, too, although to a much lesser extent than Android.

This tracking has only increased over time, not decreased.

I suspect one of the reasons BB10 failed is that it was NOT built with tracking in mind and did not allow developers and third parties to track users as easily as Android and iOS did at the time, so it wasn’t as profitable for them.

Trackers are for analytics, and advertising - they don't harvest banking data from within your banking app. Nor do they harvest data from your Signal or BBMe messenger apps.

As an app developer, you have controls over that behaviour.

If your device is somehow hacked, and some program has achieved root or elevated privileges, that's another story - but that has nothing to do with trackers. It's also a very unlikely scenario - certainly less than your PC being hacked.

[anon(10321802)]

Trackers are for analytics, and advertising - they don't harvest banking data from within your banking app.

They may not track your account numbers, transaction amounts, or personally identifiable information (which the average person really has no way of knowing), but they do harvest metadata. Date and time of transaction, your location, OS, device info, carrier, etc.

[conite]

They may not track your account numbers, transaction amounts, or personally identifiable information (which the average person really has no way of knowing), but they do harvest metadata. Date and time of transaction, your location, OS, device info, carrier, etc.

Nothing outside of your banking app will track any of that.

See the rest of my post (added after your response).

[anon(10321802)]

Nothing outside of your banking app will track any of that.

See the rest of my post (added after your response).

With all due respect, you cannot say for certain what is or is not being tracked unless you can audit the source code.

[conite]

With all due respect, you cannot say for certain what is or is not being tracked unless you can audit the source code.

Sure you can. Without elevated privileges, you can not extract info from inside other apps.

[anon(10321802)]

Sure you can. Without elevated privileges, you can not extract info from inside other apps.

But what is the app itself tracking?

[conite]

But what is the app itself tracking?

Well that's another story, and that's between you and your bank. They probably perform analytics to assist their developers.

But you can even block that by using Blokada if you are worried about your own bank's tracking - which is odd because they actually HAVE all of your pertinent information already.

Edit:

For example, my ScotiaBank app uses only two trackers: CrashLytics and Firebase Analytics - both are developer tools.

[anon(5597702)]

Surprised this thread is still even open!

Posted via CB10

[app_Developer]

But what is the app itself tracking?

For banking, that’s up to your bank and differs widely by bank. The focus at the bank where I worked was to make sure no 3rd party (google or Apple or Amazon or crashlytics etc) can learn anything about our customers.

To best of our ability and using the best techniques available to us at any given time.

[Platinum_2]

Well this was a thread started over 4 years ago. The OP only revived it to point out how the gestures, central to how BB10 worked 6 years ago (8, if you count the Playbook), is now a big thing on Android 10 and iOS 13.

Yes, I realize that. But, it was clear in 2015 that BB10 was done. The Priv pretty much confirmed that.

[Dunt Dunt Dunt]

Need a time limit that prevents the resurrection of old threads... especially when it's not really relevant

BB10 doesn't have a future
BlackBerry didn't invent gestures on mobile phones
Any are there any Banking Apps that will work on BB10 at this point?

[Elephant_Canyon]

iOS does it, too, although to a much lesser extent than Android.

This tracking has only increased over time, not decreased.

I suspect one of the reasons BB10 failed is that it was NOT built with tracking in mind and did not allow developers and third parties to track users as easily as Android and iOS did at the time, so it wasn’t as profitable for them.

Apple is now taking steps to actively prevent tracking on iOS.

[TgeekB]

This fear mongering has been present on this site for years. You would think everyone in the worlds bank accounts had been drained by now if you believe half of it.
Vulnerabilities exist, they always will. Apple and Google have become much better at keeping them at bay and protecting their customers. Be wise and you have little to worry about.

[Invictus0]

As for well-funded bad guys these folks do indeed exist and are attacking iOS and Android all the time. However, I have yet to hear described to me a vulnerability that affects an Android app which is running on the runtime and not the full Android OS. For this reason I find your security argument (assuming the bank's non-app systems are secure to begin with) unpersuasive.

Read up on Stagefright,

https://forums.crackberry.com/blackb...ntime-1031981/

@conite might have a better memory about this than I do but I'm pretty sure there were users here in the past who were able to get their BB10 devices infected with Adware via the runtime.

The Android Runtime on BB10 is safer than an Android device running 4.3 but it's not bulletproof. Infact, when enterprise enables BlackBerry Balance the runtime gets completely disabled on the Work profile.

https://developer.blackberry.com/and...b_balance.html

What that means is no Android app can access any corporate data no matter how benign it might be and the user, IT, etc can do nothing to override or circumvent it.

[conite]

Read up on Stagefright,

https://forums.crackberry.com/blackb...ntime-1031981/

@conite might have a better memory about this than I do but I'm pretty sure there were users here in the past who were able to get their BB10 devices infected with Adware via the runtime.

The Android Runtime on BB10 is safer than an Android device running 4.3 but it's not bulletproof. Infact, when enterprise enables BlackBerry Balance the runtime gets completely disabled on the Work profile.

https://developer.blackberry.com/and...b_balance.html

What that means is no Android app can access any corporate data no matter how benign it might be and the user, IT, etc can do nothing to override or circumvent it.

BlackBerry:

"Only some of these issues affect the Android Runtime on BlackBerry 10 devices. MMS messages are not interpreted by the Android Runtime by default. Additionally, BlackBerry 10 is not vulnerable to the StageFright ASLR bypass.

Although these vulnerabilities represent a low risk to BlackBerry 10 customers, we are planning to remediate any vulnerable code in future updates."

Less vulnerable, but still vulnerable. It was eventually patched.

And you are correct about the Android 4.3 Runtime using Balance/EMM. It is deemed too unsafe for corporate use.

[AliAbbas Icon]

Need a time limit that prevents the resurrection of old threads... especially when it's not really relevant

BB10 doesn't have a future
BlackBerry didn't invent gestures on mobile phones
Any are there any Banking Apps that will work on BB10 at this point?

First: the old thread has initiated an important debate regarding banking apps on BBOS 10. It's not irrelevant as people still using OS 10 and its good to discuss the possibilities or limitations in 2019.

Secondly as far as I know BB OS 10 was the 1st OS having gesture based navigation with in the system. Please enlighten us if there was any other?

[brookie229]

Please enlighten us if there was any other?

WebOs and possibly Symbian.

[saint300]

Don't know about WebOs but as far as I remember, not possibly on Symbian. I used to have all major Nokia and SonyEricsson devices, and that feature was not there.

[joeldf]

WebOS was out 2 years before Playbook OS. The Playbook had similar gestures to WebOS (some said too similar). Then, it carried over to BB10 another 2 years later.

[Troy Tiscareno]

Don't know about WebOs but as far as I remember, not possibly on Symbian. I used to have all major Nokia and SonyEricsson devices, and that feature was not there.

It wasn't Symbian, but Symbian's replacement: Meego, that you're thinking of.

[TrumpetTiger]

Read up on Stagefright,

https://forums.crackberry.com/blackb...ntime-1031981/

@conite might have a better memory about this than I do but I'm pretty sure there were users here in the past who were able to get their BB10 devices infected with Adware via the runtime.

The Android Runtime on BB10 is safer than an Android device running 4.3 but it's not bulletproof. Infact, when enterprise enables BlackBerry Balance the runtime gets completely disabled on the Work profile.

https://developer.blackberry.com/and...b_balance.html

What that means is no Android app can access any corporate data no matter how benign it might be and the user, IT, etc can do nothing to override or circumvent it.

In what may be a unique circumstance for these types of discussions, conite actually made my argument for me by stating that the runtime is not vulnerable to Stagefright.

As for security...let me see if I understand this: Blackberry Balance completely disables Android access to corporate data when a device is only using a runtime...and yet it's somehow considered secure in general to use Android apps on a full Android OS to access sensitive banking data and the like.

Okay, got it.

[conite]

In what may be a unique circumstance for these types of discussions, conite actually made my argument for me by stating that the runtime is not vulnerable to Stagefright.

As for security...let me see if I understand this: Blackberry Balance completely disables Android access to corporate data when a device is only using a runtime...and yet it's somehow considered secure in general to use Android apps on a full Android OS to access sensitive banking data and the like.

Okay, got it.

I simply repeated what BlackBerry said at the time that "only some of these issues affect the Android Runtime on BlackBerry 10 devices". I'm not sure where you got "not vulnerable" from.

And yes, the Android 4.3 Runtime is considered unsafe for corporate use.

[app_Developer]

and yet it's somehow considered secure in general to use Android apps on a full Android OS to access sensitive banking data and the like.

Okay, got it.

i would say it is very unsafe to use an Android version that is more than 5 years old, whether it’s running on Linux or QNX.

The safety of any software diminishes over time as bad guys have more time to find holes and more time to share that information.

[TrumpetTiger]

i would say it is very unsafe to use an Android version that is more than 5 years old, whether it’s running on Linux or QNX.

The safety of any software diminishes over time as bad guys have more time to find holes and more time to share that information.

I would say it's inherently unsafe to use any OS with as many security holes as Android no matter what its iteration. It's inherently more safe to use a device with only a runtime, though as others have noted avoiding Android as a whole is the best option.