06-06-15 07:30 PM
43 12
tools
  1. mouts's Avatar
    I am aware that this has been discussed extensively here on Crackberry, but I set the question on the table: could BlackBerry adopt the Android OS and modify it in such a way that it is up to the standards that most governments/organisations require?

    Here's how I see it: the majority of people have moved on to different platforms; they have purchased applications, they are part of an ecosystem be it Apple's or Google's and migrating to a platform like BB10 wouldn't be an option in their eyes. And let's face it, installing Snap might be easy for your average Crackberry user, but others wouldn't bother going through hassle to install Snap or Google Play services. Added to that, let's not forget that Android apps running on BB10 are draining the battery in ridiculous ways and there's no guarantee that the apps you are using on your Android phone will work on BB10.

    I know, people would say, there's no need to use Android apps, I've got BBM and BeMaps, BlackBerries are tools not toys etc, but I would say take a look around and see top businessmen and women using iPhones/Androids without meaning that they are using them as toys.

    So, getting back to my question: could it be possible, that BlackBerry could in some magical way get the Android platform and strip it down to its very core and start building on that? I know it is open source and perhaps easily (?) modifiable. Could BlackBerry secure it in such a way that it is not vulnerable in the way "normal" Android is?

    This is more a question of possibility and technical ability. It sounds easy just thinking about it, but what are the pros and cons if it is possible? Would you think that BlackBerry assessed this option?

    Eager to see your opinions
    06-04-15 12:51 PM
  2. thymaster's Avatar
    No because Android is unsecured to start with and it sucks period. Even if BlackBerry add their best security feature on Android, there will always be loopholes in the Android platform. That's why having a BlackBerry hardware and software will protect your security to the core. BlackBerry can only do so much with Android.
    06-04-15 12:54 PM
  3. LazyEvul's Avatar
    It is most definitely possible to produce a secure Android phone. Just take a look at the Boeing Black - designed for levels of security far exceeding that of any BlackBerry, and guess what? It runs Android.

    Blackphone has secured Android on a level somewhat closer to what is acceptable for consumers as well - though yes, a couple exploits have been found, but they were promptly patched, since their updates don't go through carrier approval (unlike BB10). Hardly enough to dismiss it altogether as a secure device, especially seeing as the company actively encourages hackers to find more exploits so they can be fixed.

    Having said that, much of BB10's security comes from BES in the first place - which now supports Android (including the aforementioned Boeing Black). Out of the box, the only thing unique about the BB10 security model is the OS verification it does when booting - but, once again, this is something Android can be adapted to. Both the Boeing Black and Samsung Knox are capable of conducting a similar secure boot procedure, though there aren't many details publicly available about the former (for obvious reasons).

    For the record, though, this isn't to say whether or not BlackBerry should abandon BB10 - that is a different discussion altogether that has been beaten to death on these forums. But if BlackBerry were to do so, they could make a number of changes to Android to improve its security for consumers and enterprise customers alike.
    DJM626, andy n, mouts and 2 others like this.
    06-04-15 01:40 PM
  4. Ment's Avatar
    If the question is could they make Android pass various government security cert standards yes of course. Samsung has already done so with Knox. If the question is if Android has more potential vulnerabilities that have to be considered like preventing and detecting root access then yes that is also true.
    06-04-15 01:58 PM
  5. igor10000's Avatar
    By the exploits, you mean the hacking event, where Blackphone got hacked in a few minutes? Doesn't it mean that there is always going to be "a few exploits" coz of Android's nature?

    Posted via CB10
    06-04-15 07:33 PM
  6. LazyEvul's Avatar
    By the exploits, you mean the hacking event, where Blackphone got hacked in a few minutes? Doesn't it mean that there is always going to be "a few exploits" coz of Android's nature?

    Posted via CB10
    I was indeed referring to that event. But that exploit required a very specific (and unlikely) set of circumstances - it ran an older version of the OS, the phone's password was entered beforehand, and device encryption was disabled (by default, it is enabled), not to mention that it requires physical access to the phone. The hacker himself admitted that it was not applicable to real-world situations.

    Despite the company offering bounties for hackers who find exploits, there is only one genuinely serious exploit that I have heard of pertaining to the Blackphone. It had to do with a preloaded messaging app allowing remote access to things it shouldn't, and was patched before it was publicly revealed.

    As for there always being "a few exploits," this has nothing to do with Android's nature and is simply a reality of modern technology. Security is not about eliminating risk, as history shows us that's impossible - just have a look at all the security advisories BlackBerry puts out. Security is about minimizing risk, and there is plenty of evidence to suggest that the risk is reasonably close to minimal on the Blackphone.
    ubizmo, mouts and mornhavon like this.
    06-04-15 08:11 PM
  7. keithhackneysmullet's Avatar
    If the question is could they make Android pass various government security cert standards yes of course. Samsung has already done so with Knox. If the question is if Android has more potential vulnerabilities that have to be considered like preventing and detecting root access then yes that is also true.
    That is true of all software I guarantee zero days exist in bb10, qnx, and bbos.

    Posted via CB10
    06-04-15 08:20 PM
  8. Ment's Avatar
    That is true of all software I guarantee zero days exist in bb10, qnx, and bbos.

    Posted via CB10
    Yes but Android by nature is more open so more must done to lock it down which this thread has shown can be done. I'd compare it to having more windows in house. Great for sunlight and the views but make sure you lock and set the alarm at night.
    06-04-15 08:27 PM
  9. sahilp17's Avatar
    No because Android is unsecured to start with and it sucks period. Even if BlackBerry add their best security feature on Android, there will always be loopholes in the Android platform. That's why having a BlackBerry hardware and software will protect your security to the core. BlackBerry can only do so much with Android.
    Can you please stop with this crap??? Why in your response haven't you mentioned the TRUE fact that blackberry is no more secure than an Android or IPhone unless is has BES? Saying things like "android sucks period" sound like it's coming from, not a hardcore blackberry user, but a level above that, the worst kind. You definitely throw a fit when someone asks you "why do you have a blackberry"? Sorry to judge you based on your words, but your words were so dillusional and ignorant that I don't care at all.

    Posted via CB10
    cbobb123, Donvald and Witmen like this.
    06-04-15 08:37 PM
  10. GenghisKahn2011's Avatar
    It is being assumed that Android is totally open source forever and fully unconstrained regarding its future evolution.

    Consider the following. webOS was "open sourced" with the implication its development could be continued for the benefit of HP TouchPad users and possibly a replacement on droid pads. Alas, the webOS open source community soon learned that several key webOS components were licensed and not available as open source modules. Thus a really great OS that clearly had potential across phones, pads, desktops, and printers is now relegated to managing TV's only.

    Google Play Services is becoming more crucial to the quality of Android app development with each passing day. It is being KEPT very close to the vest by Google as BlackBerry has learned to its consternation. This alone impinges on the open source nature of Android.

    This leads me to reiterate that I like and support the direction of BlackBerry 10 (10.3.2.798). I have no problem being different as a BlackBerry 10 enthusiast. My phone for me is a lean, mean, serious machine that gives me confidence to conduct business successfully through the phone, Blend, and Link utilizing BES 12 Cloud WITHOUT looking over my shoulder wondering what I may be losing.

    BlackBerry being different, distinct, and unique IS GOOD!

    Posted via CB10 using BlackBerry OS 10.3.2.798 on Q10
    06-04-15 08:42 PM
  11. GenghisKahn2011's Avatar
    @sahilpaw7: I would like you to be more thoughtful and constructive in your reply to #thymaster. This person has contributed much to many CrackBerry threads. And, it is clear #thymaster is 1st hand disillusioned by Android.

    Posted via CB10 using BlackBerry OS 10.3.2.798 on Q10
    06-04-15 08:48 PM
  12. sahilp17's Avatar
    Genghiskhan - Naah I will not, thymaster hit a nerve of mine

    Posted via CB10
    06-04-15 09:40 PM
  13. Zedd88's Avatar
    Blackphone has secured Android on a level somewhat closer to what is acceptable for consumers as well - though yes, a couple exploits have been found, but they were promptly patched, since their updates don't go through carrier approval (unlike BB10). Hardly enough to dismiss it altogether as a secure device, especially seeing as the company actively encourages hackers to find more exploits so they can be fixed.

    Having said that, much of BB10's security comes from BES in the first place - which now supports Android (including the aforementioned Boeing Black). Out of the box, the only thing unique about the BB10 security model is the OS verification it does when booting - but, once again, this is something Android can be adapted to. Both the Boeing Black and Samsung Knox are capable of conducting a similar secure boot procedure, though there aren't many details publicly available about the former (for obvious reasons).

    For the record, though, this isn't to say whether or not BlackBerry should abandon BB10 - that is a different discussion altogether that has been beaten to death on these forums. But if BlackBerry were to do so, they could make a number of changes to Android to improve its security for consumers and enterprise customers alike.
    Blackphone uses a modified Android and is a basically a fork from Google's Android. They call their OS privateOS. And it doesn't have Google Playstore and Google Services. That's right it's compatibility at running Android apps is just about the same as BB10's.

    We don't know much about Boeing Black but it may also be a modified Android with no Google Play Services or Google Play store.

    Android is insecure for a lot of reasons. First and foremost is the nature of open source (although Android is arguably closed on certain modules - Google Services for example). Using the house analogy posted earlier, with Open Source you basically have a blueprint of the house given to the burglar. True, if your house is really designed well then even having a blueprint will get you nowhere. Now comes the tricky part, a design flaw/security vulnerability was found. It will become known because of the open source nature. For example a patch was made, the patch is again open source so burglars can see the design flaw and use it to attack houses that have not yet been patched. If you look at Google's version release and the time it reaches the phone (after manufacturers added their skin, carriers approved the roll out, etc), it would have already taken a long time before the patch actually reaches the end phones but the hackers are already aware (through the source code of the patches) how to attack the vulnerability.

    BlackBerry 10 OS is not open source. QNX may have started out as open source but when Blackberry bought them I believe they restricted access to the source code as well.

    True, anyone can make Android secure but it would need modifying it to the extent that you no longer have the services or the ecosystem that was the main advantage of going Google Android in the first place.


    Posted via CB10
    mouts and igor10000 like this.
    06-04-15 10:33 PM
  14. Ment's Avatar
    I hate the open vs close source argument when it comes to security. Is Window desktop OS more secure because its closed and Linux is open? Of course not so lets not make blanket statements on that.
    Donvald and Troy Tiscareno like this.
    06-04-15 10:43 PM
  15. GenghisKahn2011's Avatar
    Windows is Closed! However it's vulnerabilities largely exist in its API's which are open to the public-essentially developers.

    It would be reasonable to be concerned that BB10 API'S may be exploitable. I am unaware that this has ever happened.

    Posted via CB10 using BlackBerry OS 10.3.2.798 on Q10
    06-04-15 10:53 PM
  16. LazyEvul's Avatar
    Blackphone uses a modified Android and is a basically a fork from Google's Android. They call their OS privateOS. And it doesn't have Google Playstore and Google Services. That's right it's compatibility at running Android apps is just about the same as BB10's.

    We don't know much about Boeing Black but it may also be a modified Android with no Google Play Services or Google Play store.

    Android is insecure for a lot of reasons. First and foremost is the nature of open source (although Android is arguably closed on certain modules - Google Services for example). Using the house analogy posted earlier, with Open Source you basically have a blueprint of the house given to the burglar. True, if your house is really designed well then even having a blueprint will get you nowhere. Now comes the tricky part, a design flaw/security vulnerability was found. It will become known because of the open source nature. For example a patch was made, the patch is again open source so burglars can see the design flaw and use it to attack houses that have not yet been patched. If you look at Google's version release and the time it reaches the phone (after manufacturers added their skin, carriers approved the roll out, etc), it would have already taken a long time before the patch actually reaches the end phones but the hackers are already aware (through the source code of the patches) how to attack the vulnerability.

    BlackBerry 10 OS is not open source. QNX may have started out as open source but when Blackberry bought them I believe they restricted access to the source code as well.

    True, anyone can make Android secure but it would need modifying it to the extent that you no longer have the services or the ecosystem that was the main advantage of going Google Android in the first place.


    Posted via CB10
    I'd wager the Boeing Black doesn't have Google Play Services, but the Blackphone should be able to use Google Play Services if you want it to - just find the APK and install. The reason Google Play Services doesn't install on BB10 is because BlackBerry has, for whatever reason, blacklisted the APK.

    Blackphone has also said that they would like to offer a version of their OS with Google Play Services preloaded, with the understanding that Google's data-gathering will diminish some of the privacy advantages. I'm not sure if that's still in the works or if they ran into issues getting approval from Google, but they don't seem to see that as an obstacle to making a secure phone.

    As for the open-source argument, there is not much real-world evidence to suggest that it is notably better nor worse than the closed-source model - the advantages (greater scrutiny) seem to balance out the disadvantages (er... greater scrutiny). Blackphone also doesn't appear to have issues rolling out updates. I know many OEMs can be slow with Android updates, but Blackphone has patched major exploits found within Android in less than 48 hours. Like I said before, they don't go through carrier approval like BB10 does, saving them a lot of time.
    06-04-15 11:00 PM
  17. Zedd88's Avatar
    I'd wager the Boeing Black doesn't have Google Play Services, but the Blackphone should be able to use Google Play Services if you want it to - just find the APK and install. The reason Google Play Services doesn't install on BB10 is because BlackBerry has, for whatever reason, blacklisted the APK.

    Blackphone has also said that they would like to offer a version of their OS with Google Play Services preloaded, with the understanding that Google's data-gathering will diminish some of the privacy advantages. I'm not sure if that's still in the works or if they ran into issues getting approval from Google, but they don't seem to see that as an obstacle to making a secure phone.

    As for the open-source argument, there is not much real-world evidence to suggest that it is notably better nor worse than the closed-source model - the advantages (greater scrutiny) seem to balance out the disadvantages (er... greater scrutiny). Blackphone also doesn't appear to have issues rolling out updates. I know many OEMs can be slow with Android updates, but Blackphone has patched major exploits found within Android in less than 48 hours. Like I said before, they don't go through carrier approval like BB10 does, saving them a lot of time.
    Google Play Services is licensed that's why you can't just install it in any device. PrivateOS (Blackphone's OS) is actually a fork from the Android OS. Thus they can release patches based on their own fork. PrivateOS is based on Android 4.4.2 and is modified from there. Android 5.0 was released on November 2014. But you can no longer compare apples to apples (forgive the fruit used), because PrivateOS is now on version 1.1 (which is still a fork from Android 4.4.2 and not a derivative of Android 5)

    So I doubt Google will allow them to install Google's Licensed Services to Blackphone. Thus the launch of their own SilentStore (their version of Google Play store).

    I agree greater scrutiny is both advantageous and disadvantageous. The difference is once an issue is found and Android is patched how long before the source is released versus when it is rolled out. If you notice a lot of the Android Phones being used is still running KitKat or even older, yet Lollipop has already been out. If Lollipop did address some vulnerability, malicious entities can look at the codes of Lollipop to see how it was patched and use that to attack the yet to be updated Kitkat's in the market. Manufacturers will always be behind. Again, don't use Blackphone as an example because they have already forked out and have their own version control of their PrivateOS. Even if they do ride Android's Versioning they will always be a step behind. Thus the choice to do their own versioning and actually branching out from mainstream Android was right. Eventually, Android and PrivateOS will be too far apart not unless PrivateOS rewrites again for a new Android OS. PrivateOS is closed source, they just basically used Android as a springboard to launch their own OS.



    Posted via CB10
    06-05-15 12:46 AM
  18. thymaster's Avatar
    Hey I'm entitled to my opinion and I think Android sucks. That's reality so you should learn to respect other peoples opinion or if you don't then live with it because we are creatures of opinions.

    Can you please stop with this crap??? Why in your response haven't you mentioned the TRUE fact that blackberry is no more secure than an Android or IPhone unless is has BES? Saying things like "android sucks period" sound like it's coming from, not a hardcore blackberry user, but a level above that, the worst kind. You definitely throw a fit when someone asks you "why do you have a blackberry"? Sorry to judge you based on your words, but your words were so dillusional and ignorant that I don't care at all.

    Posted via CB10
    06-05-15 02:04 AM
  19. Soulstream's Avatar
    I think if BB did adopt Android back in 2010 instead of acquiring QNX, they would have been in a better position right now. At this point in time, switching to Android should be a "last-ditch effort" option if they ever plan to leave the hardware business.
    LazyEvul likes this.
    06-05-15 02:34 AM
  20. web99's Avatar
    I think if BB did adopt Android back in 2010 instead of acquiring QNX, they would have been in a better position right now. At this point in time, switching to Android should be a "last-ditch effort" option if they ever plan to leave the hardware business.
    I don't believe so. They would be in a very crowded Android market that is for most part owned by Samsung. Very few of the Android OEM's are actually doing well as most are losing money.


    Posted via CB10
    igor10000 likes this.
    06-05-15 05:22 AM
  21. Soulstream's Avatar
    I don't believe so. They would be in a very crowded Android market that is for most part owned by Samsung. Very few of the Android OEM's are actually doing well as most are losing money.


    Posted via CB10
    True, but it wouldn't be much worse than it is today and it wouldn't have cost them billions for R&D of the OS.
    06-05-15 06:16 AM
  22. mouts's Avatar
    True, it is crowded but if they managed to produce a heavily BlackBerry inspired and secure Android-based OS, they wouldn't lose market share and perhaps they could be a pioneer in ensuring that Android is patched in such ways to prevent vulnerabilities. Also, let's not forget that BlackBerry devices are in some ways hardware-secured not just software. I believe this was/is (along with BES) a major selling point for governments and other organisations.

    People in general are becoming more cautious; not all but I would say a large number of consumers are now worried about their data. If BlackBerry could capitalise on that by heavily marketing their products, it could perhaps help in reviving the company (that is if BlackBerry / John Chen + co wish to remain in hardware business ).

    Nobody really knows what's happening behind closed doors, or what the board of directors have in mind. But it would surely be of great interest if we could get an insight.
    06-05-15 06:51 AM
  23. Prem WatsApp's Avatar
    Can you please stop with this crap??? Why in your response haven't you mentioned the TRUE fact that blackberry is no more secure than an Android or IPhone unless is has BES? Saying things like "android sucks period" sound like it's coming from, not a hardcore blackberry user, but a level above that, the worst kind. You definitely throw a fit when someone asks you "why do you have a blackberry"? Sorry to judge you based on your words, but your words were so dillusional and ignorant that I don't care at all.

    Posted via CB10
    What about coding quality...?
    There are noobie coders working on Linux, too, and Linus sometimes got enraged...

    99% of mobile malware are written for ...

    http://www.infosecurity-magazine.com...rgets-android/

    Whatever he really said....

    http://techcrunch.com/2014/02/27/no-...less-insecure/

    Still, there seems to be a bit of a problem...

    http://www.zdnet.com/article/google-...urity-problem/

    Apple users are less, but they buy more apps and generally have a higher personal net worth, making them juicier targets. So why comparatively so much more Android malware?
    The fragmentation issue will never allow Android to be as secure as BlackBerry with its own hardware, or iOS, with only very few models to cater for and tight controls on it.

    :-)



      Wife currently leaping around for joy with her new toy....  
    06-05-15 09:32 AM
  24. LazyEvul's Avatar
    Google Play Services is licensed that's why you can't just install it in any device. PrivateOS (Blackphone's OS) is actually a fork from the Android OS. Thus they can release patches based on their own fork. PrivateOS is based on Android 4.4.2 and is modified from there. Android 5.0 was released on November 2014. But you can no longer compare apples to apples (forgive the fruit used), because PrivateOS is now on version 1.1 (which is still a fork from Android 4.4.2 and not a derivative of Android 5)

    So I doubt Google will allow them to install Google's Licensed Services to Blackphone. Thus the launch of their own SilentStore (their version of Google Play store).

    I agree greater scrutiny is both advantageous and disadvantageous. The difference is once an issue is found and Android is patched how long before the source is released versus when it is rolled out. If you notice a lot of the Android Phones being used is still running KitKat or even older, yet Lollipop has already been out. If Lollipop did address some vulnerability, malicious entities can look at the codes of Lollipop to see how it was patched and use that to attack the yet to be updated Kitkat's in the market. Manufacturers will always be behind. Again, don't use Blackphone as an example because they have already forked out and have their own version control of their PrivateOS. Even if they do ride Android's Versioning they will always be a step behind. Thus the choice to do their own versioning and actually branching out from mainstream Android was right. Eventually, Android and PrivateOS will be too far apart not unless PrivateOS rewrites again for a new Android OS. PrivateOS is closed source, they just basically used Android as a springboard to launch their own OS.



    Posted via CB10
    Users can still install the Google Apps APKs on unapproved devices, however - it's preloading by manufacturers that requires Google's blessing. It does seem unlikely that Google would approve preloading on PrivatOS, but I do know Blackphone was trying to get such approval.

    Source for Android updates is often released before the update is pushed actually, at least for the kind of smaller, feature-barren updates that are released when bugs (like major exploits) are found (i.e. 5.0.1, 5.0.2, 5.1.1). Withholding source is only necessary when major features need to be hidden for competitive reasons.

    Why should I not use Blackphone as an example? This discussion is about whether or not it is possible to produce a secured Android device, and Blackphone proves that is the case. Other OEMs are irrelevant to the point I'm making - I never said it wasn't possible to screw up an Android implementation as well, because it certainly is.

    Posted via CB10
    Last edited by LazyEvul; 06-05-15 at 01:27 PM.
    mouts likes this.
    06-05-15 11:33 AM
  25. itzJustMeh's Avatar
    Technically probably would, but I doubt financially
    06-05-15 01:00 PM
43 12

Similar Threads

  1. Multitasking with android apps
    By salim0 in forum BlackBerry 10 OS
    Replies: 5
    Last Post: 07-08-15, 07:09 PM
  2. Want to trade black BlackBerry LEAP for white BlackBerry LEAP (UK only)
    By amjass12 in forum Buy, Sell, Trade - Sold / Archived
    Replies: 2
    Last Post: 06-05-15, 02:45 PM
  3. How do I download and save music to BlackBerry Classic?
    By CrackBerry Question in forum BlackBerry Classic
    Replies: 3
    Last Post: 06-04-15, 05:05 PM
  4. Red and green solid light. Dead phone
    By dcapper in forum BlackBerry Q5
    Replies: 1
    Last Post: 06-04-15, 12:03 PM
  5. Subway Surfers updates and heads to Venice - Download from the Snap store
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 06-04-15, 10:40 AM
LINK TO POST COPIED TO CLIPBOARD