Built for Business - Learn more about BlackBerry KEY2
09-20-19 12:12 AM
108 ... 2345
tools
  1. anon(10321802)'s Avatar
    See app_Developer's detailed explanation above - it's basically encryption within encryption.

    "For banking (at least with well funded banks) browsers are not as secure as apps. Banks can use much better authentication, crypto and active monitoring in apps. You get to run native code and you get a much richer set of platform APIs to work with."
    We’re talking about two different things, here.
    09-18-19 08:34 AM
  2. conite's Avatar
    My point is that it’s arrogance to believe ANY smartphone is private and secure. That includes BB10 and BBOS.

    But I think it could be argued that newer devices may be even less private and secure in some ways than older devices because of all the tracking and data mining functionality that has been built into their OS and apps.

    Android phones are CONSTANTLY sending tracking data to Google and potentially many dozens of other companies depending on how many apps you have.

    iOS does it, too, although to a much lesser extent than Android.

    This tracking has only increased over time, not decreased.

    I suspect one of the reasons BB10 failed is that it was NOT built with tracking in mind and did not allow developers and third parties to track users as easily as Android and iOS did at the time, so it wasn’t as profitable for them.
    Trackers are for analytics, and advertising - they don't harvest banking data from within your banking app. Nor do they harvest data from your Signal or BBMe messenger apps.

    As an app developer, you have controls over that behaviour.

    If your device is somehow hacked, and some program has achieved root or elevated privileges, that's another story - but that has nothing to do with trackers. It's also a very unlikely scenario - certainly less than your PC being hacked.
    Laura Knotek likes this.
    09-18-19 08:39 AM
  3. anon(10321802)'s Avatar
    Trackers are for analytics, and advertising - they don't harvest banking data from within your banking app.
    They may not track your account numbers, transaction amounts, or personally identifiable information (which the average person really has no way of knowing), but they do harvest metadata. Date and time of transaction, your location, OS, device info, carrier, etc.
    09-18-19 08:44 AM
  4. conite's Avatar
    They may not track your account numbers, transaction amounts, or personally identifiable information (which the average person really has no way of knowing), but they do harvest metadata. Date and time of transaction, your location, OS, device info, carrier, etc.
    Nothing outside of your banking app will track any of that.

    See the rest of my post (added after your response).
    09-18-19 08:45 AM
  5. anon(10321802)'s Avatar
    Nothing outside of your banking app will track any of that.

    See the rest of my post (added after your response).
    With all due respect, you cannot say for certain what is or is not being tracked unless you can audit the source code.
    09-18-19 08:54 AM
  6. conite's Avatar
    With all due respect, you cannot say for certain what is or is not being tracked unless you can audit the source code.
    Sure you can. Without elevated privileges, you can not extract info from inside other apps.
    09-18-19 08:56 AM
  7. anon(10321802)'s Avatar
    Sure you can. Without elevated privileges, you can not extract info from inside other apps.
    But what is the app itself tracking?
    09-18-19 09:00 AM
  8. conite's Avatar
    But what is the app itself tracking?
    Well that's another story, and that's between you and your bank. They probably perform analytics to assist their developers.

    But you can even block that by using Blokada if you are worried about your own bank's tracking - which is odd because they actually HAVE all of your pertinent information already.

    Edit:

    For example, my ScotiaBank app uses only two trackers: CrashLytics and Firebase Analytics - both are developer tools.
    Last edited by conite; 09-18-19 at 11:49 AM.
    09-18-19 09:10 AM
  9. mh1983's Avatar
    Surprised this thread is still even open!

    Posted via CB10
    Dunt Dunt Dunt likes this.
    09-18-19 10:20 AM
  10. app_Developer's Avatar
    But what is the app itself tracking?
    For banking, that’s up to your bank and differs widely by bank. The focus at the bank where I worked was to make sure no 3rd party (google or Apple or Amazon or crashlytics etc) can learn anything about our customers.

    To best of our ability and using the best techniques available to us at any given time.
    pdr733 likes this.
    09-18-19 10:36 AM
  11. Platinum_2's Avatar
    Well this was a thread started over 4 years ago. The OP only revived it to point out how the gestures, central to how BB10 worked 6 years ago (8, if you count the Playbook), is now a big thing on Android 10 and iOS 13.
    Yes, I realize that. But, it was clear in 2015 that BB10 was done. The Priv pretty much confirmed that.
    09-18-19 01:08 PM
  12. Dunt Dunt Dunt's Avatar
    Need a time limit that prevents the resurrection of old threads... especially when it's not really relevant

    BB10 doesn't have a future
    BlackBerry didn't invent gestures on mobile phones
    Any are there any Banking Apps that will work on BB10 at this point?
    09-18-19 01:19 PM
  13. Elephant_Canyon's Avatar
    iOS does it, too, although to a much lesser extent than Android.

    This tracking has only increased over time, not decreased.

    I suspect one of the reasons BB10 failed is that it was NOT built with tracking in mind and did not allow developers and third parties to track users as easily as Android and iOS did at the time, so it wasn’t as profitable for them.
    Apple is now taking steps to actively prevent tracking on iOS.
    09-18-19 03:47 PM
  14. TgeekB's Avatar
    This fear mongering has been present on this site for years. You would think everyone in the worlds bank accounts had been drained by now if you believe half of it.
    Vulnerabilities exist, they always will. Apple and Google have become much better at keeping them at bay and protecting their customers. Be wise and you have little to worry about.
    09-18-19 04:05 PM
  15. Invictus0's Avatar
    As for well-funded bad guys these folks do indeed exist and are attacking iOS and Android all the time. However, I have yet to hear described to me a vulnerability that affects an Android app which is running on the runtime and not the full Android OS. For this reason I find your security argument (assuming the bank's non-app systems are secure to begin with) unpersuasive.
    Read up on Stagefright,

    https://forums.crackberry.com/blackb...ntime-1031981/

    @conite might have a better memory about this than I do but I'm pretty sure there were users here in the past who were able to get their BB10 devices infected with Adware via the runtime.

    The Android Runtime on BB10 is safer than an Android device running 4.3 but it's not bulletproof. Infact, when enterprise enables BlackBerry Balance the runtime gets completely disabled on the Work profile.

    https://developer.blackberry.com/and...b_balance.html

    What that means is no Android app can access any corporate data no matter how benign it might be and the user, IT, etc can do nothing to override or circumvent it.
    09-18-19 07:04 PM
  16. conite's Avatar
    Read up on Stagefright,

    https://forums.crackberry.com/blackb...ntime-1031981/

    @conite might have a better memory about this than I do but I'm pretty sure there were users here in the past who were able to get their BB10 devices infected with Adware via the runtime.

    The Android Runtime on BB10 is safer than an Android device running 4.3 but it's not bulletproof. Infact, when enterprise enables BlackBerry Balance the runtime gets completely disabled on the Work profile.

    https://developer.blackberry.com/and...b_balance.html

    What that means is no Android app can access any corporate data no matter how benign it might be and the user, IT, etc can do nothing to override or circumvent it.
    BlackBerry:

    "Only some of these issues affect the Android Runtime on BlackBerry 10 devices. MMS messages are not interpreted by the Android Runtime by default. Additionally, BlackBerry 10 is not vulnerable to the StageFright ASLR bypass.

    Although these vulnerabilities represent a low risk to BlackBerry 10 customers, we are planning to remediate any vulnerable code in future updates."

    Less vulnerable, but still vulnerable. It was eventually patched.

    And you are correct about the Android 4.3 Runtime using Balance/EMM. It is deemed too unsafe for corporate use.
    09-18-19 07:50 PM
  17. AliAbbas Icon's Avatar
    Need a time limit that prevents the resurrection of old threads... especially when it's not really relevant

    BB10 doesn't have a future
    BlackBerry didn't invent gestures on mobile phones
    Any are there any Banking Apps that will work on BB10 at this point?
    First: the old thread has initiated an important debate regarding banking apps on BBOS 10. It's not irrelevant as people still using OS 10 and its good to discuss the possibilities or limitations in 2019.

    Secondly as far as I know BB OS 10 was the 1st OS having gesture based navigation with in the system. Please enlighten us if there was any other?
    09-19-19 12:26 PM
  18. brookie229's Avatar
    Please enlighten us if there was any other?
    WebOs and possibly Symbian.
    09-19-19 12:28 PM
  19. saint300's Avatar
    Don't know about WebOs but as far as I remember, not possibly on Symbian. I used to have all major Nokia and SonyEricsson devices, and that feature was not there.
    brookie229 likes this.
    09-19-19 12:44 PM
  20. joeldf's Avatar
    WebOS was out 2 years before Playbook OS. The Playbook had similar gestures to WebOS (some said too similar). Then, it carried over to BB10 another 2 years later.
    Troy Tiscareno likes this.
    09-19-19 01:01 PM
  21. Troy Tiscareno's Avatar
    Don't know about WebOs but as far as I remember, not possibly on Symbian. I used to have all major Nokia and SonyEricsson devices, and that feature was not there.
    It wasn't Symbian, but Symbian's replacement: Meego, that you're thinking of.
    brookie229 likes this.
    09-19-19 03:46 PM
  22. TrumpetTiger's Avatar
    Read up on Stagefright,

    https://forums.crackberry.com/blackb...ntime-1031981/

    @conite might have a better memory about this than I do but I'm pretty sure there were users here in the past who were able to get their BB10 devices infected with Adware via the runtime.

    The Android Runtime on BB10 is safer than an Android device running 4.3 but it's not bulletproof. Infact, when enterprise enables BlackBerry Balance the runtime gets completely disabled on the Work profile.

    https://developer.blackberry.com/and...b_balance.html

    What that means is no Android app can access any corporate data no matter how benign it might be and the user, IT, etc can do nothing to override or circumvent it.
    In what may be a unique circumstance for these types of discussions, conite actually made my argument for me by stating that the runtime is not vulnerable to Stagefright.

    As for security...let me see if I understand this: Blackberry Balance completely disables Android access to corporate data when a device is only using a runtime...and yet it's somehow considered secure in general to use Android apps on a full Android OS to access sensitive banking data and the like.

    Okay, got it.
    Dunt Dunt Dunt likes this.
    09-19-19 04:27 PM
  23. conite's Avatar
    In what may be a unique circumstance for these types of discussions, conite actually made my argument for me by stating that the runtime is not vulnerable to Stagefright.

    As for security...let me see if I understand this: Blackberry Balance completely disables Android access to corporate data when a device is only using a runtime...and yet it's somehow considered secure in general to use Android apps on a full Android OS to access sensitive banking data and the like.

    Okay, got it.
    I simply repeated what BlackBerry said at the time that "only some of these issues affect the Android Runtime on BlackBerry 10 devices". I'm not sure where you got "not vulnerable" from.

    And yes, the Android 4.3 Runtime is considered unsafe for corporate use.
    09-19-19 04:40 PM
  24. app_Developer's Avatar
    and yet it's somehow considered secure in general to use Android apps on a full Android OS to access sensitive banking data and the like.

    Okay, got it.
    i would say it is very unsafe to use an Android version that is more than 5 years old, whether it’s running on Linux or QNX.

    The safety of any software diminishes over time as bad guys have more time to find holes and more time to share that information.
    09-19-19 04:48 PM
  25. TrumpetTiger's Avatar
    i would say it is very unsafe to use an Android version that is more than 5 years old, whether it’s running on Linux or QNX.

    The safety of any software diminishes over time as bad guys have more time to find holes and more time to share that information.
    I would say it's inherently unsafe to use any OS with as many security holes as Android no matter what its iteration. It's inherently more safe to use a device with only a runtime, though as others have noted avoiding Android as a whole is the best option.
    09-19-19 04:49 PM
108 ... 2345

Similar Threads

  1. Replies: 7
    Last Post: 03-28-15, 01:08 PM
  2. BB Quarterly Earning Report results -- good or bad?
    By Blackberry-Prince in forum General BlackBerry Discussion
    Replies: 29
    Last Post: 03-28-15, 08:33 AM
  3. I'm so HAPPY with the best of 2 worlds ... U2 ?
    By Percy Marsan in forum BlackBerry Classic
    Replies: 4
    Last Post: 03-28-15, 04:05 AM
  4. Replies: 0
    Last Post: 03-27-15, 12:16 PM
LINK TO POST COPIED TO CLIPBOARD