1. whodathunkit's Avatar
    After readying many posts on this board along with what people have told me I think most would agree that BB security is far superior than any other platform on the market. IT gurus have said in many forums that iPhone is the next best platform from a security standpoint (that is why large companies allowed people to make the switch years ago from BB) and the Droids lag behind.

    It seems like a lot of people are making the switch to an iPhone or Droid. What about security, or lack thereof, people continue to harp about? Is it really hype or is there a significant difference in security between BB and Droids as an example?

    IT guys say Droid is an "open" type of program (us laymen and non-computer geeks only grasp the very basics of that concept) and when you download an app it makes you accept "permissions" which usually give the app maker complete control/access over your device. In essence, the app maker could access your device and contact information and use it for unauthorized purposes.

    To the teckies on the board - is it likely if an app for a droid is downloaded, assuming all permissions are given (the app won't work unless they are) the app maker or someone at the app company can access your device and obtain information on say your Outlook system (contacts, appointments, etc) or is that a lot of nonsense?
    07-04-12 09:30 AM
  2. qbnkelt's Avatar
    It doesn't "make" you grant access, you opt into it.
    Yes those platforms have more vulnerabilities.
    No it is not nonsense.

    Hang on....

    Let me grab some more coffee....it's too early for popcorn and beer but I will grab some granola bars and watch this unfold.....
    john_v likes this.
    07-04-12 09:36 AM
  3. whodathunkit's Avatar
    It doesn't "make" you grant access, you opt into it.
    ...
    True - but you "opt into" any program including activation of your device itself. As I understand it, many programs don't require total access to your device though - that is the scary part if it gives app makers full access to your information.
    07-04-12 09:42 AM
  4. mikeo007's Avatar
    True - but you "opt into" any program including activation of your device itself. As I understand it, many programs don't require total access to your device though - that is the scary part if it gives app makers full access to your information.
    An app that asks for more than it needs is a poorly designe app and should be avoided.
    The permission in android are broken into categories. It's not just a "yes let the app access everything" or "no the app can't access anything".
    07-04-12 09:50 AM
  5. Pete6's Avatar
    whodathunkit asks a valid question. When you install an app with no permissions at all then the app asks nothing and can do very little inside your phone.

    The phone (all smartphones) is set up initially to protect itself from unauthorised access to cetain functions and files. The phone's Operating System (OS) desighners set it up that way specifically to stop any old program accessing any and all parts of your phone.

    When you install an app that asks you for permission to use one or more specific functions or files (Network, Contacts, Email, whatever) you are overriding the systems default settings. Of course, many programs cannot run without these permissions being granted. Reputable programs do not abuse the access rights they have to harm your phone or to compromise your information.

    Unfortunately there are a few programs that ask for permission to use phone functions and files and once they have got it, they abuse it. A simple example would be a program that asked for access to your Personal Information and once it has this simple emails all your contacts with a bogus email. Adise from doing this such programs are often quite useful programs. Such may be good games or worthwhile utilities. All of them rely on YOU to give them access.

    This happens with iPhones, Android and BlackBerry phones. It is like leaving your front door open to all comers.

    On top of this, the BlackBerry has a reputation for good security and this is based around the above NOT being compromised by the user.

    Ithe fix for all this is obvious but not common. Do not install programs that you do not trust. Apple does a very good job of vetting their iShop stuff and Google is getting better at it too. IMO BlackBerry still has a ways to go before the App Store is free of rogue and malware programs.
    07-04-12 09:57 AM
  6. qbnkelt's Avatar
    I have minimal apps on my Skyrocket, since I know that the vetting process is not as solid as it should be.

    If a permission on an app disturbs me, I simply don't install it. Example...one particular app that I was about to get for my Atrix asked for my credit card information. Um.....why? It didn't need it. It was a free app therefore no need for my credit card information. I contacted the developer and he stated the "didn't do anything untoward with the information" but neglected to answer my straightforward question as to why he needed it. So.....I didn't download that app.

    There are permissions on, example, Latitude that I accept because of the nature of the app. Since I've given those permissions, tracking, I keep my gmail empty of any contacts except the one contact who's my Latitude friend. Except for that, I keep no contacts on that phone because of Google's *alleged* data mining practices. I say alleged just so that the usual suspects don't jump me....

    It's not that the platform is open source. In itself, that is not a problem. It's the apps that you put into the phone.

    And by the way there is one developer in BB whose apps I will not buy. Absolutely never.
    07-04-12 10:41 AM
  7. Laura Knotek's Avatar
    Since the BlackBerry developer hasn't been mentioned yet, I'll name the name. Just do a search of Crackberry for "Jared Co". They love to send spam if you use their apps.

    Sent from my Lumia 900 using Board Express
    howarmat, OniBerry, Pete6 and 1 others like this.
    07-04-12 10:47 AM
  8. kbz1960's Avatar
    From what I've read most enterprises do not allow android and when they do it will be a special version of android and not what everyone else uses.
    07-04-12 10:49 AM
  9. Canuck671's Avatar
    I am looking at you right now. MUHAHAHAHAHAHA

    07-04-12 10:56 AM
  10. qbnkelt's Avatar
    I am looking at you right now. MUHAHAHAHAHAHA

    *hides behind shower curtain and reaches for B I G towel*
    07-04-12 11:06 AM
  11. Pete6's Avatar
    Since the BlackBerry developer hasn't been mentioned yet, I'll name the name. Just do a search of Crackberry for "Jared Co". They love to send spam if you use their apps.

    Sent from my Lumia 900 using Board Express
    Ooooh. Ouch. Naming names. Yes, yes, yes, The Jared Co. was the company whose name was in my tiny brane when I wrote my post. I do not understand why Jared Co,. is still sellign product on App World. Jared Co. are known across CrackBerry and I expect beyond even our shores too as puveyors of spyware/malware/crapware, call it what you will that steals your Contact list and emails them.

    Why this company has not been removed from RIM's site speaks volumes for RIM's poor product vetting. There have been others too that when instaled have resulted in marketing emails sent to the phone. This has to stop and stop quickly if RIM is to keep its name as being a secure platform.

    BlackBerrys are secure from the outside but this is boring away at us from inside our phones.

    I do my best to avoid App Wolrd and try to buy my apps from Mobihand/CrackBerry.
    07-04-12 11:09 AM
  12. tmelon's Avatar
    The idea that BlackBerrys are 100% safe is a myth. There's no platform that doesn't have any vulnerabilities.

    The moral of this thread is to look at the permissions the apps are requesting before installing them. If a clock app wants access to your contacts then you probably should avoid it.
    07-04-12 12:12 PM
  13. Tre Lawrence's Avatar
    From what I've read most enterprises do not allow android and when they do it will be a special version of android and not what everyone else uses.
    That customization is what makes it an option for enterprise. It can be locked down.

    Mobile post via Tapatalk
    07-04-12 12:28 PM
  14. Chrisy's Avatar
    Whenever I downloaded Android app many of them asked for ridiculously invasion permissions.

    I didn't trust any 3rd party app for my passwords either. I used mobile banking reluctantly.
    07-04-12 12:35 PM
  15. Superfly_FR's Avatar
    I'd separate two main issues :

    1. Device attack
    These can occur when surfing the web (or any connected service). Hackers use browser/system vulnerabilities to inject some malware. This is a serious danger, as a simple keylogger (records everything you type) can easily ruin any protection.

    2. Apps permissions
    The above statements gave already a good vision. In brief: all is on the user hands and the confidence he has for a particular app.

    My thoughts :
    - A non updated OS is a time bomb, whatever connected device you consider.
    - Non screened apps (open markets) are more likely to be dangerous. Besides the fact that they are not tested at all (this is not a 100% guarantee anyway), publishers can easily hide behind smoke.

    As a conclusion, I believe the most critical security flaw for Android is not its conception, but the hard times users (I mean regular users, not you AndroGeek !) have to maintain their devices OS up-to-date. BB have no "push-updates" (except for BES), but you can check it in (oh, let me try this ... ah, yes 5 clicks (unlock+password included) ... or simply connecting to the Desktop Manager.
    07-04-12 12:55 PM
  16. Davec1234's Avatar
    It doesn't "make" you grant access, you opt into it.
    Yes those platforms have more vulnerabilities.
    No it is not nonsense.

    Hang on....

    Let me grab some more coffee....it's too early for popcorn and beer but I will grab some granola bars and watch this unfold.....
    LBE privacy guard is a good answer to the permission issue.
    07-04-12 01:03 PM
  17. Speedygi's Avatar
    I thought I read something about the Iphone and BlackBerry using encryption to scramble their data and information within their memory so as to prevent any hacking from any network that it connects to. Isn't that as secure as a phone can get nowadays?

    I have no idea about Android though. That is questionable, but I believe you could download a third party app to enable security within an Android phone?
    07-05-12 08:13 AM
  18. Pete6's Avatar
    The idea that BlackBerrys are 100% safe is a myth. There's no platform that doesn't have any vulnerabilities.

    The moral of this thread is to look at the permissions the apps are requesting before installing them. If a clock app wants access to your contacts then you probably should avoid it.
    BlackBerrys are not 100% secure. However they are so far ahead of anythng else on the market that viewed from any other phone platform they may as well be 100% safe.

    The apps are, as you say, the weak link. Your example was perfect. Apple does a very good job of vetting their apps prior to their release on iTunes and quite frankly, RIM does a very poor job on BlackBerry apps before they are released on App World.
    Chrisy likes this.
    07-05-12 08:47 AM
  19. xandermac's Avatar
    Why

    Link got shortened a lot! "Why good enough security really is good enough for most companies"
    07-05-12 09:32 AM
  20. kbz1960's Avatar
    Well you have cancer but we couldn't get it all but that's OK its good enough.
    07-05-12 09:48 AM
  21. xandermac's Avatar
    Well you have cancer but we couldn't get it all but that's OK its good enough.

    That's actually very common.
    07-05-12 09:51 AM
  22. kbz1960's Avatar
    That's actually very common.
    Not very comforting don't you think?
    07-05-12 09:53 AM
  23. xandermac's Avatar
    Not very comforting don't you think?

    No, not very comforting at all but it is what it is.

    Security is only as good as the info RIM is willing to give away. In the past that was supposedly very little. Lately though they have agreements with governments in place to share data on request. Who knows what "unfriendly" governments may request that data.

    It is what it is and none of us have control over that.

    I'm comfortably having a US company have access to my data (Apple), I'm also comfortable having RIM access my data but I'm not sure if that will last if they are purchased.
    07-05-12 10:00 AM
  24. Pete6's Avatar
    100% absolute, never, ever break, undecryptable security at every point in an interconnected web based system is just not achieveable.

    It,

    a). cannot be completely done so that you can lock your data up and go on vacation and find it unviewed and/or unchanged when you gat back.

    b). costs far too much to implement and maintain with all the watchers watching the watchers to make it usable by normal people.

    A very, very few companies and research organization as well as a small number of government departments do this to keep out foreign govenements from making off with all the good stuff. For the rest of us, we can put in place systems that cannot be gotten at by any normal means. A simple example is your CrackBerry password. Your account cannot be access by anybody else by ACCIDENT. It would have to be a deliberate attempt to find your password. Of course this could be a tickling match on the bed but the point is valid.

    Likewise most people have not got a hope of bypassing RIM's security. If they do, then it certainly is not accidental.

    The other element to this is economic. The computers and programming resources required to crack such systems are prodigious. They are only really sustainable by governments in the long term - guess which ones. Right, All of 'em.
    07-05-12 10:02 AM
  25. Speedygi's Avatar
    All our emails get encrypted and all our BBM get scrambled, right? I believe no other major phone manufacturer has that going for it? In that regard, it certainly does provide the best security so far. I can't complain.
    pantlesspenguin likes this.
    07-05-12 10:05 AM
30 12
LINK TO POST COPIED TO CLIPBOARD