[Antoniius]

Just curious if the physical presence of the Android Runtime in BB10 poses a security risk by itself? I always try to get my apps from BlackBerry World but it's hard to live without Spotify and a few others. I just read an articial that if you own an android device the NSA can remote activate your mic and hear what your saying in your own home. This craziness is why I choose BlackBerry.

Posted by Antoniius via my sexy white Q10.

[bigglybobblyboo]

Apparently not as the Android runtime in BB10 is 'sandboxed', that is, tucked away in it's own little corner and isn't allowed to play with the rest of your phone.

It's worth remembering that you don't own an Android device, rather a BB device which has the ability to run Android apps.

I could be wrong, please correct me CB world if I am!

I think it's fair to say you are not alone in wondering this sort of stuff, me too, just search about and you should get an answer.

[mikeo007]

It doesn't make the device itself inherently less secure. All apps running on BB10 are sandboxed, just like on iOS, meaning they have no access to any system files.

What it does do is open you up to the world of Android malware. Android apps on BB10 currently have non-controllable permissions, meaning that they can have access to all shared data on your phone. A malicious Android app running on BB10 can grab all your contacts, pictures and files, just like a malicious app running on Android can. Android apps vetted through Blackberry world would likely not do this, but once you start side loading from other sources, all bets are off.

[johnnyuk]

Oh dear.

http://forums.crackberry.com/showthread.php?t=901849

Posted via CB10 on Z30 STA100-2 / 10.2.1.1925 on O2 UK - Activated on BES10.2

[Omnitech]

Oh dear.

Security Notice: 10.2.1 lets Android apps access contacts even if policy disables this - BlackBerry Forums at CrackBerry.com

Mike more or less wrote what I was going to write.

Re: the security advisory, I would think that would be fairly easy to fix.

BB10 needs a maintenance update to address various 10.2.1.1925 issues anyway, may as well do that at the same time.

Or they can do what they did last November, and just release an Android runtime update via BBW.

[Omnitech]

FWIW, I run both Avast and MalwareBytes on my device that I have non-BBW Android apps installed on.

[johnnyuk]

Mike more or less wrote what I was going to write.

Re: the security advisory, I would think that would be fairly easy to fix.

BB10 needs a maintenance update to address various 10.2.1.1925 issues anyway, may as well do that at the same time.

Or they can do what they did last November, and just release an Android runtime update via BBW.

The 10.2.1 MR does itself need an MR for those on plain ActiveSync it would seem. This BES10 and Android app vulnerability should be the push BlackBerry needs to fast track some big bug squashes and design flaw fixes through ASAP.

Like Sith Apprentice says in that thread though, I fear the vulnerability goes deeper than just the runtime and would require carrier approval for OTA pushes. Hopefully they have an emergency change control process to put in to action.

Posted via CB10 on Z30 STA100-2 / 10.2.1.1925 on O2 UK - Activated on BES10.2

[Omnitech]

Like Sith Apprentice says in that thread though, I fear the vulnerability goes deeper than just the runtime and would require carrier approval for OTA pushes. Hopefully they have an emergency change control process to put in to action.

These days I'm inclined to propose that with Blackberry's marketshare as low as it is, and with carrier support as lousy as it has become, Blackberry should consider unilaterally pushing updates themselves. What do they have to lose at this point? Their market position may be a blessing in disguise.

The only component missing that would help justify that is if they had a decent sized support organization to field support calls from end-users. Unfortunately during all the corporate downsizing that department may be even smaller than it once was...

[Jerale Hoard]

Well the Android runtime isn't fully integrated into BB10. I wouldn't think it'll be a security threat to BB10.

Posted via CB10

[Omnitech]

Well the Android runtime isn't fully integrated into BB10. I wouldn't think it'll be a security threat to BB10.

Perhaps your idea of "fully integrated" is different than most other people's.

[Andrew4life]

If you don't use Android apps, you have nothing to worry about.
If you do, there is always a little risk, but BB10 is supposed to sandbox Android apps so the risk Is minimal. As with any OS, it can never be zero risk. But I would say it is more secure than a full out android phone.


Posted via CB10