[mouts]

I am aware that this has been discussed extensively here on Crackberry, but I set the question on the table: could BlackBerry adopt the Android OS and modify it in such a way that it is up to the standards that most governments/organisations require?

Here's how I see it: the majority of people have moved on to different platforms; they have purchased applications, they are part of an ecosystem be it Apple's or Google's and migrating to a platform like BB10 wouldn't be an option in their eyes. And let's face it, installing Snap might be easy for your average Crackberry user, but others wouldn't bother going through hassle to install Snap or Google Play services. Added to that, let's not forget that Android apps running on BB10 are draining the battery in ridiculous ways and there's no guarantee that the apps you are using on your Android phone will work on BB10.

I know, people would say, there's no need to use Android apps, I've got BBM and BeMaps, BlackBerries are tools not toys etc, but I would say take a look around and see top businessmen and women using iPhones/Androids without meaning that they are using them as toys.

So, getting back to my question: could it be possible, that BlackBerry could in some magical way get the Android platform and strip it down to its very core and start building on that? I know it is open source and perhaps easily (?) modifiable. Could BlackBerry secure it in such a way that it is not vulnerable in the way "normal" Android is?

This is more a question of possibility and technical ability. It sounds easy just thinking about it, but what are the pros and cons if it is possible? Would you think that BlackBerry assessed this option?

Eager to see your opinions

[thymaster]

No because Android is unsecured to start with and it sucks period. Even if BlackBerry add their best security feature on Android, there will always be loopholes in the Android platform. That's why having a BlackBerry hardware and software will protect your security to the core. BlackBerry can only do so much with Android.

[LazyEvul]

It is most definitely possible to produce a secure Android phone. Just take a look at the Boeing Black - designed for levels of security far exceeding that of any BlackBerry, and guess what? It runs Android.

Blackphone has secured Android on a level somewhat closer to what is acceptable for consumers as well - though yes, a couple exploits have been found, but they were promptly patched, since their updates don't go through carrier approval (unlike BB10). Hardly enough to dismiss it altogether as a secure device, especially seeing as the company actively encourages hackers to find more exploits so they can be fixed.

Having said that, much of BB10's security comes from BES in the first place - which now supports Android (including the aforementioned Boeing Black). Out of the box, the only thing unique about the BB10 security model is the OS verification it does when booting - but, once again, this is something Android can be adapted to. Both the Boeing Black and Samsung Knox are capable of conducting a similar secure boot procedure, though there aren't many details publicly available about the former (for obvious reasons).

For the record, though, this isn't to say whether or not BlackBerry should abandon BB10 - that is a different discussion altogether that has been beaten to death on these forums. But if BlackBerry were to do so, they could make a number of changes to Android to improve its security for consumers and enterprise customers alike.

[Ment]

If the question is could they make Android pass various government security cert standards yes of course. Samsung has already done so with Knox. If the question is if Android has more potential vulnerabilities that have to be considered like preventing and detecting root access then yes that is also true.

[igor10000]

By the exploits, you mean the hacking event, where Blackphone got hacked in a few minutes? Doesn't it mean that there is always going to be "a few exploits" coz of Android's nature?

Posted via CB10

[LazyEvul]

By the exploits, you mean the hacking event, where Blackphone got hacked in a few minutes? Doesn't it mean that there is always going to be "a few exploits" coz of Android's nature?

Posted via CB10

I was indeed referring to that event. But that exploit required a very specific (and unlikely) set of circumstances - it ran an older version of the OS, the phone's password was entered beforehand, and device encryption was disabled (by default, it is enabled), not to mention that it requires physical access to the phone. The hacker himself admitted that it was not applicable to real-world situations.

Despite the company offering bounties for hackers who find exploits, there is only one genuinely serious exploit that I have heard of pertaining to the Blackphone. It had to do with a preloaded messaging app allowing remote access to things it shouldn't, and was patched before it was publicly revealed.

As for there always being "a few exploits," this has nothing to do with Android's nature and is simply a reality of modern technology. Security is not about eliminating risk, as history shows us that's impossible - just have a look at all the security advisories BlackBerry puts out. Security is about minimizing risk, and there is plenty of evidence to suggest that the risk is reasonably close to minimal on the Blackphone.

[keithhackneysmullet]

If the question is could they make Android pass various government security cert standards yes of course. Samsung has already done so with Knox. If the question is if Android has more potential vulnerabilities that have to be considered like preventing and detecting root access then yes that is also true.

That is true of all software I guarantee zero days exist in bb10, qnx, and bbos.

Posted via CB10

[Ment]

That is true of all software I guarantee zero days exist in bb10, qnx, and bbos.

Posted via CB10

Yes but Android by nature is more open so more must done to lock it down which this thread has shown can be done. I'd compare it to having more windows in house. Great for sunlight and the views but make sure you lock and set the alarm at night.

[sahilp17]

No because Android is unsecured to start with and it sucks period. Even if BlackBerry add their best security feature on Android, there will always be loopholes in the Android platform. That's why having a BlackBerry hardware and software will protect your security to the core. BlackBerry can only do so much with Android.

Can you please stop with this crap??? Why in your response haven't you mentioned the TRUE fact that blackberry is no more secure than an Android or IPhone unless is has BES? Saying things like "android sucks period" sound like it's coming from, not a hardcore blackberry user, but a level above that, the worst kind. You definitely throw a fit when someone asks you "why do you have a blackberry"? Sorry to judge you based on your words, but your words were so dillusional and ignorant that I don't care at all.

Posted via CB10

[GenghisKahn2011]

It is being assumed that Android is totally open source forever and fully unconstrained regarding its future evolution.

Consider the following. webOS was "open sourced" with the implication its development could be continued for the benefit of HP TouchPad users and possibly a replacement on droid pads. Alas, the webOS open source community soon learned that several key webOS components were licensed and not available as open source modules. Thus a really great OS that clearly had potential across phones, pads, desktops, and printers is now relegated to managing TV's only.

Google Play Services is becoming more crucial to the quality of Android app development with each passing day. It is being KEPT very close to the vest by Google as BlackBerry has learned to its consternation. This alone impinges on the open source nature of Android.

This leads me to reiterate that I like and support the direction of BlackBerry 10 (10.3.2.798). I have no problem being different as a BlackBerry 10 enthusiast. My phone for me is a lean, mean, serious machine that gives me confidence to conduct business successfully through the phone, Blend, and Link utilizing BES 12 Cloud WITHOUT looking over my shoulder wondering what I may be losing.

BlackBerry being different, distinct, and unique IS GOOD!

Posted via CB10 using BlackBerry OS 10.3.2.798 on Q10

[GenghisKahn2011]

@sahilpaw7: I would like you to be more thoughtful and constructive in your reply to #thymaster. This person has contributed much to many CrackBerry threads. And, it is clear #thymaster is 1st hand disillusioned by Android.

Posted via CB10 using BlackBerry OS 10.3.2.798 on Q10

[sahilp17]

Genghiskhan - Naah I will not, thymaster hit a nerve of mine

Posted via CB10

[Zedd88]

Blackphone has secured Android on a level somewhat closer to what is acceptable for consumers as well - though yes, a couple exploits have been found, but they were promptly patched, since their updates don't go through carrier approval (unlike BB10). Hardly enough to dismiss it altogether as a secure device, especially seeing as the company actively encourages hackers to find more exploits so they can be fixed.

Having said that, much of BB10's security comes from BES in the first place - which now supports Android (including the aforementioned Boeing Black). Out of the box, the only thing unique about the BB10 security model is the OS verification it does when booting - but, once again, this is something Android can be adapted to. Both the Boeing Black and Samsung Knox are capable of conducting a similar secure boot procedure, though there aren't many details publicly available about the former (for obvious reasons).

For the record, though, this isn't to say whether or not BlackBerry should abandon BB10 - that is a different discussion altogether that has been beaten to death on these forums. But if BlackBerry were to do so, they could make a number of changes to Android to improve its security for consumers and enterprise customers alike.

Blackphone uses a modified Android and is a basically a fork from Google's Android. They call their OS privateOS. And it doesn't have Google Playstore and Google Services. That's right it's compatibility at running Android apps is just about the same as BB10's.

We don't know much about Boeing Black but it may also be a modified Android with no Google Play Services or Google Play store.

Android is insecure for a lot of reasons. First and foremost is the nature of open source (although Android is arguably closed on certain modules - Google Services for example). Using the house analogy posted earlier, with Open Source you basically have a blueprint of the house given to the burglar. True, if your house is really designed well then even having a blueprint will get you nowhere. Now comes the tricky part, a design flaw/security vulnerability was found. It will become known because of the open source nature. For example a patch was made, the patch is again open source so burglars can see the design flaw and use it to attack houses that have not yet been patched. If you look at Google's version release and the time it reaches the phone (after manufacturers added their skin, carriers approved the roll out, etc), it would have already taken a long time before the patch actually reaches the end phones but the hackers are already aware (through the source code of the patches) how to attack the vulnerability.

BlackBerry 10 OS is not open source. QNX may have started out as open source but when Blackberry bought them I believe they restricted access to the source code as well.

True, anyone can make Android secure but it would need modifying it to the extent that you no longer have the services or the ecosystem that was the main advantage of going Google Android in the first place.


Posted via CB10

[Ment]

I hate the open vs close source argument when it comes to security. Is Window desktop OS more secure because its closed and Linux is open? Of course not so lets not make blanket statements on that.

[GenghisKahn2011]

Windows is Closed! However it's vulnerabilities largely exist in its API's which are open to the public-essentially developers.

It would be reasonable to be concerned that BB10 API'S may be exploitable. I am unaware that this has ever happened.

Posted via CB10 using BlackBerry OS 10.3.2.798 on Q10

[LazyEvul]

Blackphone uses a modified Android and is a basically a fork from Google's Android. They call their OS privateOS. And it doesn't have Google Playstore and Google Services. That's right it's compatibility at running Android apps is just about the same as BB10's.

We don't know much about Boeing Black but it may also be a modified Android with no Google Play Services or Google Play store.

Android is insecure for a lot of reasons. First and foremost is the nature of open source (although Android is arguably closed on certain modules - Google Services for example). Using the house analogy posted earlier, with Open Source you basically have a blueprint of the house given to the burglar. True, if your house is really designed well then even having a blueprint will get you nowhere. Now comes the tricky part, a design flaw/security vulnerability was found. It will become known because of the open source nature. For example a patch was made, the patch is again open source so burglars can see the design flaw and use it to attack houses that have not yet been patched. If you look at Google's version release and the time it reaches the phone (after manufacturers added their skin, carriers approved the roll out, etc), it would have already taken a long time before the patch actually reaches the end phones but the hackers are already aware (through the source code of the patches) how to attack the vulnerability.

BlackBerry 10 OS is not open source. QNX may have started out as open source but when Blackberry bought them I believe they restricted access to the source code as well.

True, anyone can make Android secure but it would need modifying it to the extent that you no longer have the services or the ecosystem that was the main advantage of going Google Android in the first place.


Posted via CB10

I'd wager the Boeing Black doesn't have Google Play Services, but the Blackphone should be able to use Google Play Services if you want it to - just find the APK and install. The reason Google Play Services doesn't install on BB10 is because BlackBerry has, for whatever reason, blacklisted the APK.

Blackphone has also said that they would like to offer a version of their OS with Google Play Services preloaded, with the understanding that Google's data-gathering will diminish some of the privacy advantages. I'm not sure if that's still in the works or if they ran into issues getting approval from Google, but they don't seem to see that as an obstacle to making a secure phone.

As for the open-source argument, there is not much real-world evidence to suggest that it is notably better nor worse than the closed-source model - the advantages (greater scrutiny) seem to balance out the disadvantages (er... greater scrutiny). Blackphone also doesn't appear to have issues rolling out updates. I know many OEMs can be slow with Android updates, but Blackphone has patched major exploits found within Android in less than 48 hours. Like I said before, they don't go through carrier approval like BB10 does, saving them a lot of time.

[Zedd88]

I'd wager the Boeing Black doesn't have Google Play Services, but the Blackphone should be able to use Google Play Services if you want it to - just find the APK and install. The reason Google Play Services doesn't install on BB10 is because BlackBerry has, for whatever reason, blacklisted the APK.

Blackphone has also said that they would like to offer a version of their OS with Google Play Services preloaded, with the understanding that Google's data-gathering will diminish some of the privacy advantages. I'm not sure if that's still in the works or if they ran into issues getting approval from Google, but they don't seem to see that as an obstacle to making a secure phone.

As for the open-source argument, there is not much real-world evidence to suggest that it is notably better nor worse than the closed-source model - the advantages (greater scrutiny) seem to balance out the disadvantages (er... greater scrutiny). Blackphone also doesn't appear to have issues rolling out updates. I know many OEMs can be slow with Android updates, but Blackphone has patched major exploits found within Android in less than 48 hours. Like I said before, they don't go through carrier approval like BB10 does, saving them a lot of time.

Google Play Services is licensed that's why you can't just install it in any device. PrivateOS (Blackphone's OS) is actually a fork from the Android OS. Thus they can release patches based on their own fork. PrivateOS is based on Android 4.4.2 and is modified from there. Android 5.0 was released on November 2014. But you can no longer compare apples to apples (forgive the fruit used), because PrivateOS is now on version 1.1 (which is still a fork from Android 4.4.2 and not a derivative of Android 5)

So I doubt Google will allow them to install Google's Licensed Services to Blackphone. Thus the launch of their own SilentStore (their version of Google Play store).

I agree greater scrutiny is both advantageous and disadvantageous. The difference is once an issue is found and Android is patched how long before the source is released versus when it is rolled out. If you notice a lot of the Android Phones being used is still running KitKat or even older, yet Lollipop has already been out. If Lollipop did address some vulnerability, malicious entities can look at the codes of Lollipop to see how it was patched and use that to attack the yet to be updated Kitkat's in the market. Manufacturers will always be behind. Again, don't use Blackphone as an example because they have already forked out and have their own version control of their PrivateOS. Even if they do ride Android's Versioning they will always be a step behind. Thus the choice to do their own versioning and actually branching out from mainstream Android was right. Eventually, Android and PrivateOS will be too far apart not unless PrivateOS rewrites again for a new Android OS. PrivateOS is closed source, they just basically used Android as a springboard to launch their own OS.



Posted via CB10

[thymaster]

Hey I'm entitled to my opinion and I think Android sucks. That's reality so you should learn to respect other peoples opinion or if you don't then live with it because we are creatures of opinions.

Can you please stop with this crap??? Why in your response haven't you mentioned the TRUE fact that blackberry is no more secure than an Android or IPhone unless is has BES? Saying things like "android sucks period" sound like it's coming from, not a hardcore blackberry user, but a level above that, the worst kind. You definitely throw a fit when someone asks you "why do you have a blackberry"? Sorry to judge you based on your words, but your words were so dillusional and ignorant that I don't care at all.

Posted via CB10

[Soulstream]

I think if BB did adopt Android back in 2010 instead of acquiring QNX, they would have been in a better position right now. At this point in time, switching to Android should be a "last-ditch effort" option if they ever plan to leave the hardware business.

[web99]

I think if BB did adopt Android back in 2010 instead of acquiring QNX, they would have been in a better position right now. At this point in time, switching to Android should be a "last-ditch effort" option if they ever plan to leave the hardware business.

I don't believe so. They would be in a very crowded Android market that is for most part owned by Samsung. Very few of the Android OEM's are actually doing well as most are losing money.


Posted via CB10

[Soulstream]

I don't believe so. They would be in a very crowded Android market that is for most part owned by Samsung. Very few of the Android OEM's are actually doing well as most are losing money.


Posted via CB10

True, but it wouldn't be much worse than it is today and it wouldn't have cost them billions for R&D of the OS.

[mouts]

True, it is crowded but if they managed to produce a heavily BlackBerry inspired and secure Android-based OS, they wouldn't lose market share and perhaps they could be a pioneer in ensuring that Android is patched in such ways to prevent vulnerabilities. Also, let's not forget that BlackBerry devices are in some ways hardware-secured not just software. I believe this was/is (along with BES) a major selling point for governments and other organisations.

People in general are becoming more cautious; not all but I would say a large number of consumers are now worried about their data. If BlackBerry could capitalise on that by heavily marketing their products, it could perhaps help in reviving the company (that is if BlackBerry / John Chen + co wish to remain in hardware business ).

Nobody really knows what's happening behind closed doors, or what the board of directors have in mind. But it would surely be of great interest if we could get an insight.

[Prem WatsApp]

Can you please stop with this crap??? Why in your response haven't you mentioned the TRUE fact that blackberry is no more secure than an Android or IPhone unless is has BES? Saying things like "android sucks period" sound like it's coming from, not a hardcore blackberry user, but a level above that, the worst kind. You definitely throw a fit when someone asks you "why do you have a blackberry"? Sorry to judge you based on your words, but your words were so dillusional and ignorant that I don't care at all.

Posted via CB10

What about coding quality...?
There are noobie coders working on Linux, too, and Linus sometimes got enraged...

99% of mobile malware are written for ...

http://www.infosecurity-magazine.com...rgets-android/

Whatever he really said....

http://techcrunch.com/2014/02/27/no-...less-insecure/

Still, there seems to be a bit of a problem...

http://www.zdnet.com/article/google-...urity-problem/

Apple users are less, but they buy more apps and generally have a higher personal net worth, making them juicier targets. So why comparatively so much more Android malware?
The fragmentation issue will never allow Android to be as secure as BlackBerry with its own hardware, or iOS, with only very few models to cater for and tight controls on it.

:-)



�   Wife currently leaping around for joy with her new toy....   �

[LazyEvul]

Google Play Services is licensed that's why you can't just install it in any device. PrivateOS (Blackphone's OS) is actually a fork from the Android OS. Thus they can release patches based on their own fork. PrivateOS is based on Android 4.4.2 and is modified from there. Android 5.0 was released on November 2014. But you can no longer compare apples to apples (forgive the fruit used), because PrivateOS is now on version 1.1 (which is still a fork from Android 4.4.2 and not a derivative of Android 5)

So I doubt Google will allow them to install Google's Licensed Services to Blackphone. Thus the launch of their own SilentStore (their version of Google Play store).

I agree greater scrutiny is both advantageous and disadvantageous. The difference is once an issue is found and Android is patched how long before the source is released versus when it is rolled out. If you notice a lot of the Android Phones being used is still running KitKat or even older, yet Lollipop has already been out. If Lollipop did address some vulnerability, malicious entities can look at the codes of Lollipop to see how it was patched and use that to attack the yet to be updated Kitkat's in the market. Manufacturers will always be behind. Again, don't use Blackphone as an example because they have already forked out and have their own version control of their PrivateOS. Even if they do ride Android's Versioning they will always be a step behind. Thus the choice to do their own versioning and actually branching out from mainstream Android was right. Eventually, Android and PrivateOS will be too far apart not unless PrivateOS rewrites again for a new Android OS. PrivateOS is closed source, they just basically used Android as a springboard to launch their own OS.



Posted via CB10

Users can still install the Google Apps APKs on unapproved devices, however - it's preloading by manufacturers that requires Google's blessing. It does seem unlikely that Google would approve preloading on PrivatOS, but I do know Blackphone was trying to get such approval.

Source for Android updates is often released before the update is pushed actually, at least for the kind of smaller, feature-barren updates that are released when bugs (like major exploits) are found (i.e. 5.0.1, 5.0.2, 5.1.1). Withholding source is only necessary when major features need to be hidden for competitive reasons.

Why should I not use Blackphone as an example? This discussion is about whether or not it is possible to produce a secured Android device, and Blackphone proves that is the case. Other OEMs are irrelevant to the point I'm making - I never said it wasn't possible to screw up an Android implementation as well, because it certainly is.

Posted via CB10

[itzJustMeh]

Technically probably would, but I doubt financially