[raino]

Ok, you root it. But that deletes all of the data on the phone, including the google account and can't be reconfigured without the password.

Just so I understand this clearly--you are saying that rooting an Android phone will essentially factory wipe your phone? Which Android OS versions is this true for?

[raino]

On Android I believe you have to accept all the permissions and you can't pick and choose.

Correct. With Android apps on most Android ROMs, you either accept all permissions when you are installing an app, or you don't install it.

There was a way to get around this up until Android 4.4: App Ops. This was quite similar to Application Manager actions for BBOS. Google removed it from Android 4.4 onwards, calling it an experiment that should not have got out, and claimed that it was more wreaking havoc than doing good for users. The same users who root their devices, put custom ROMs on them...couldn't figure out how to reverse App Ops actions. Yep.

[asherN]

Just so I understand this clearly--you are saying that rooting an Android phone will essentially factory wipe your phone? Which Android OS versions is this true for?

AFAIK, all of them. It's not the rooting that does it, it's the unlocking of the bootloader. If you install a new version from the ROM image instead of the OTA image, it will do the same.

[RyanGermann]

Who'd like to see app reviews include user ratings on the value of allowing the permissions the app is asking for? An ad-supported app sensibly needs to access the 'net... but if you've paid for the 'no ads' version, what does it need to access the 'net for?

If I see an app with lots of users questioning why the app needs certain permissions, I might have second thoughts about downloading it.

"Based on usage experience, rate how wary you are of this apps request for permission to (access your contacts list, access your camera, examine your call list, etc.) "

[raino]

AFAIK, all of them. It's not the rooting that does it, it's the unlocking of the bootloader. If you install a new version from the ROM image instead of the OTA image, it will do the same.

OK so it's not the act of rooting alone that wipes the phone then, as is being claimed in those first page posts.

[RyanGermann]

OK so it's not the act of rooting alone that wipes the phone then, as is being claimed in those first page posts.

...and isn't 'root / install malware / give malware root access / unroot' a possibility?

Posted via CB10

[teostar]

Ok, you root it. But that deletes all of the data on the phone, including the google account and can't be reconfigured without the password. So when the phone is back to the owner, it is clear that it was tampered with. I think these are pretty good measures against attackers.

I'm of the impression, when they said android can be rooted makes it less secure, it was in reference for the owner rooting his phone. In this case any malicious app or unscrupulous person can go through your data. Not possible with BlackBerry.

Posted via CB10

[raino]

...and isn't 'root / install malware / give malware root access / unroot' a possibility?

The first two can be done (obviously,) although if the malware is a third party install, you'd have to uncheck the security setting box for it. I forget if the setting carries over once you root, but you can have it unchecked on a pre-rooted device as well (i.e. you don't need to be rooted to do direct APK installs.)

What happens upon an unroot, I don't know because I have never done that. Rooting can give apps special privileges that they don't have on a non-rooted device; but if these privileges are grandfathered upon unrooting, I don't know.

[Thunderbuck]

I'd say there isn't a cut-and-dried answer on this, but I'd give a qualified "theoretically, yes".

No, BB10 has not been successfully rooted, so that's definitely an advantage. But there are SOOOOO many exploits that involve phishing/malicious apps that the user still needs to be picky about what he or she installs.

Some apps are just poorly coded and open up vulnerabilities on their own.

Also, yes, there's something to be said for "security through obscurity" when it comes to BB10; it's a small enough userbase at the moment that it's not worth targeting. That doesn't mean the right Android or mobile web exploit isn't still a possibility, but I think the threat surface is a little smaller.

[bap3221]

iOS, android, and windows phone already have fips 140-2 certification same as blackberry.
I don't know why bbry users still think their OS is more secure than others. Blackberry's security ads is no longer unique.

Is BlackBerry's BB10 really 'Best in Class'

Well then why did the icloud get hacked?

Posted via CB10

[anon(9169048)]

iOS, android, and windows phone already have fips 140-2 certification same as blackberry.
I don't know why bbry users still think their OS is more secure than others. Blackberry's security ads is no longer unique.

Is BlackBerry's BB10 really 'Best in Class'

This is true, but BlackBerry 10 (and its devices) is the only OS that is certified FOC (Full Operational Capability) meaning it's the only OS that is permitted to operate in secure environments and departments. This means Windows, iOS and Android are off limits to about 80% of governmental use in the US.

(I just noticed that this article you're citing is two years old and yet Windows is still not FOC approved).

[RyanGermann]

Well then why did the icloud get hacked?

A combination of default OS settings being optimized for convenience / ease-of-use rather than tight security, and weak passwords, and high-profile celebrities stupidly doing things that non-celebs take for granted. It wasn't really Apple's fault, although web-based services could do more re: two-factor identification and educating customers about the risks. Some sites FORCE strong (but oft forgotten) passwords... but lots of people hate having to remember strong passwords, so the services don't want to force customers to use strong passwords even if it is for the customer's (and the services' in some cases) best interests.

Posted via CB10

[jmr1015]

Thanks for that info about Android, but I'm confused about what you say about iOS: When I look at Snapchat on iPhone, "Background App Refresh" is the only option for me to disable: I suppose that's because to disable other OS-interactions would effectively disable the entire app... like it wouldn't make sense to disable "Allow app to use camera"... but on BlackBerry, the permissions are very granular even after installing. Am I missing something on iOS where I would be allowed to disable things "Access the internet" or "Access my contact list"?

I think I'm missing something very fundamental about how iOS works / what installed Apps can do.... and I'm embarrassed and appalled by that! Have I been blithely, blissfully unaware that iOS apps can just do whatever they please and I have only very limited means to control them i.e say "no" to "Access your location" etc? I mean, I guess I'm really happy that I DON'T keep lots of personal data on my iPhone if every stupid app I've ever download had complete access to everything and I wouldn't have even known!

iOS lets you control pretty much everything any app wants to access. Contacts, cellular data/Internet, location... Most of which are found under "Privacy" in the settings, cellular data/Internet is found under "Cellular" in the settings. Most apps won't immediately show up in those various settings until after the app has been used and asked you for access for the first time, after which, depending on your initial answer, the app will then appear in the corresponding Privacy settings with the toggle either enabled or disabled, by your choosing.

[Claidheamhmor]

iOS, android, and windows phone already have fips 140-2 certification same as blackberry.

Correct me if I'm wrong, but last time I checked, that only applied if they were connected to a certified mobile device management system, and AFAIK, the only certified MDM at the moment is BES.

[GLTruesdale]

Nope and anyway who says different is lying. From an architectural standpoint they say qnx is more secure. But what does that really mean ?

[ubizmo]

What happens upon an unroot, I don't know because I have never done that. Rooting can give apps special privileges that they don't have on a non-rooted device; but if these privileges are grandfathered upon unrooting, I don't know.

They're not. When you lose root, those apps don't work anymore, and generate error messages. So if someone steals your phone, roots it, installs malware that requires root access, then unroots it, the malware won't work. I know because I've had it happen that I lost root, and root apps would choke as a result.

[Bluenoser63]

Nope and anyway who says different is lying. From an architectural standpoint they say qnx is more secure. But what does that really mean ?

So according to you, BB10 is no more secure than Android and iOS? OK. Show me a rooted BB10 device.

[Dave Bourque]

Nope and anyway who says different is lying. From an architectural standpoint they say qnx is more secure. But what does that really mean ?

Means you can't root it... or good luck trying.

Posted via CB10

[xxbinzz]

Maybe it's time to create a website where user clicks and it downloads a bb10 malware instead of Android malware.

Sent from my D5503 using Tapatalk

[asherN]

OK so it's not the act of rooting alone that wipes the phone then, as is being claimed in those first page posts.

Technically, no. But to root the phone, you have to unlock the bootloader, which will wipe the phone. So while rooting itself does not wipe, you can't get there without wiping. Same result.

[raino]

Technically, no. But to root the phone, you have to unlock the bootloader, which will wipe the phone. So while rooting itself does not wipe, you can't get there without wiping. Same result.

I rooted my GS3 without wiping my phone. Method 2 on this website. Root verified by Root Checker app from the Play Store.

[-Puck-]

Technically, no. But to root the phone, you have to unlock the bootloader, which will wipe the phone. So while rooting itself does not wipe, you can't get there without wiping. Same result.

There are multiple root methods that do not wipe phone or modify bootloader such as clicktoroot. Even websites can root some phones connected to your computer.

Rooting and locked boot loaders are two different things. Bootloader determines what software is ran at bootup, root just starts the OS as root/SU/Administrator to allow full access.

Think of a standard android as logging into a windows PC as Guest with UAC(user account control) enabled - you may not be able to change certain settings, access certain folders, or install certain programs, but you can still log in and use the machine. Rooting would then be compared to logging in as Administrator with UAC disabled, allowing full access to all system files, programs, and settings.

 Posted in CB10 from my amazing SQUARE OG Passport 

[Bluenoser63]

Maybe it's time to create a website where user clicks and it downloads a bb10 malware instead of Android malware.

Sent from my D5503 using Tapatalk

You still don't get it. Nothing can be installed without the user knowing.

[-Puck-]

Another funny thing I've noticed is that when sending files back and forth over NFC to other devices, BB10 will prompt to verify acceptance while android phones will automatically retrieve files without prompting.

 Posted in CB10 from my amazing SQUARE OG Passport 

[Dave Bourque]

Another funny thing I've noticed is that when sending files back and forth over NFC to other devices, BB10 will prompt to verify acceptance while android phones will automatically retrieve files without prompting.

 Posted in CB10 from my amazing SQUARE OG Passport 

Exactly. There are security measures regarding almost everything with BlackBerry 10. While android treats security like it doesn't matter.

Posted via CB10