[conite]

Sure, that can be one reason, but again, it wouldn't be regional...

Sure it would. Easier to support that way.

[last_attempt]

What headaches? Unless you just give your phone to anyone unlocked. That is down to you.

From what I understand most of the security risk on Android is from getting apps from sources other than the Google app store.

I don't think anyone willingly wants someone else to risk their phone, I'm just saying most of this stuff happens inadvertently in my opinion.

Posted via CB10

[TGR1]

A lot of you usual guys here miss the point. This is not about Android.

Whatever Qualcomm does, or Intel, or ARM, cannot be controlled by BlackBerry.
Isn't anyone here asking themselves why Samsung sells two versions of Galaxy S7: one for North America with Qualcomm chips and one for the rest of the world without them?

I thought there were also IP issues in North America? Sorry, may be faulty recall.

Likely a number of reasons: Qualcomm's capacity and willingness to make custom chipsets for the price, Samsung's desire to reduce reliance and build its own chip, etc.

[conite]

From what I understand most of the security risk on Android is from getting apps from sources other than the Google app store.

I don't think anyone willingly wants someone else to risk their phone, I'm just saying most of this stuff happens inadvertently in my opinion.

Posted via CB10

That's why you shouldn't actively try and circumvent the device's built in idi0t-proofing.

[last_attempt]

That's why you shouldn't actively try and circumvent the device's built in idi0t-proofing.

Correct! That's why my scenario was the one where you did willfully do it. Isn't security only as good as the weakest link, who hasn't left there phone unlocked and exposed when they got up do check something down the hall or when drinking at the local establishment?


Posted via CB10

[TGR1]

Oh........ok, what the he!! do I know. . How about Apple? Did they not have a controversy a year or two ago when they were using 2 different companies? Maybe that is another example of Conite's reasoning. I just remember reading that some iPhone users were complaining about the problem, but I really could never understand why they used two different suppliers.

That was a little different. The issue was related to fabs that physically made the same Apple-designed chip (A9, I think). They used different processes so it appeared one manufacturer's ended up a little more efficient at certain tasks. As I recall the difference was not actually noticeable in real life use.

The Galaxy example would be more like Apple using the Qualcomm Snapdragon 820 in US iPhones and the Apple A9 in international versions.

[Tsepz_GP]

Correct! That's why my scenario was the one where you did not willfully do it. Isn't security only as good as the weakest link, who hasn't left there phone unlocked and exposed when they got up do check something down the hall or when drinking at the local establishment?


Posted via CB10

Again, that is down to you. People go to bed with their front door unlocked sometimes, thats not the fault of the house, but the owner.

[last_attempt]

Again, that is down to you. People go to bed with their front door unlocked sometimes, thats not the fault of the house, but the owner.

But in this it would seem you don't have a lock to lock. I really don't see this as a big deal? Just put the requirement for a Pw to be able to load the third party apps.

Posted via CB10

[conite]

Correct! That's why my scenario was the one where you did willfully do it. Isn't security only as good as the weakest link, who hasn't left there phone unlocked and exposed when they got up do check something down the hall or when drinking at the local establishment?


Posted via CB10

Well I don't know who your buddies are but that is an incredible chain of malicious events that they have to perform on your device.

There is also the point that we really don't know what would happen on Priv or dtek50 if the OS was compromised. Perhaps Integrity detection would pick it up, or the device wouldn't boot when it fails checksum.

[bb10adopter111]

OK, just picturing the " dad can I borrow your phone for a bit, I want to try a cool game " scenario.

Posted via CB10

If one of my employees jeopardized our company's integrity and contracts by sharing their password with another person (whether co-worker, spouse, or child) it would be grounds for disciplinary action up to and including termination.

This is why we still offer to purchase phones for our employees if they so desire. (We don't really have the resources to segregate usage with an MDM solution like BES/Good.). If they want their kids to play games with their phones, they really ought to carry two devices.

Posted via CB10

[bb10adopter111]

Correct! That's why my scenario was the one where you did willfully do it. Isn't security only as good as the weakest link, who hasn't left there phone unlocked and exposed when they got up do check something down the hall or when drinking at the local establishment?


Posted via CB10

Huh? I lock my phone any time it's not physically in my hands. Pressing that button is as automatic as locking my house or car door.

Posted via CB10

[Tsepz_GP]

But in this it would seem you don't have a lock to lock. I really don't see this as a big deal? Just put the requirement for a Pw to be able to load the third party apps.

Posted via CB10

Plenty of App Lock apps you can do that with. You can set them to ask for a pin when trying to get into Settings.

[last_attempt]

OK, geez. I guess I'm not the Jason borne type guys that everyone else here is.

My scenario was not with someone who has high security on there mind 24/7 just the average consumer.

Does no one else think it would be an easy and good thing to password out ?

Posted via CB10

[conite]

OK, geez. I guess I'm not the Jason borne type guys that everyone else here is.

My scenario was not with someone who has high security on there mind 24/7 just the average consumer.

Does no one else think it would be an easy and good thing to password out ?

Posted via CB10

Well I don't know about you, but I would not give carte blanche unfettered access to my unlocked phone to anyone.

And certainly not anyone who would go into my settings, go to the security setup, turn off a security feature that has a warning, then install a malicious app on purpose.

[Tsepz_GP]

OK, geez. I guess I'm not the Jason borne type guys that everyone else here is.

My scenario was not with someone who has high security on there mind 24/7 just the average consumer.

Does no one else think it would be an easy and good thing to password out ?

Posted via CB10

Like I said, then rather use an App Lock app, that will allow locking the Settings app.

[last_attempt]

Like I said, then rather use an App Lock app, that will allow locking the Settings app.

So if using a third party app lock is good then wouldn't a built in default app lock be better. A lot of people wouldn't know to use a third party app till it was to late.

I'm not saying this will happen everyday but I don't think I'm totally blue skying it either.

Posted via CB10

[Zeddepher]

Can I troll about the Blackphone being affected? Both versions!

��� вℓα�квєяяу ραѕѕρσят ѕιℓνєя є∂ιтιση ���

[Tsepz_GP]

So if using a third party app lock is good then wouldn't a built in default app lock be better. A lot of people wouldn't know to use a third party app till it was to late.

I'm not saying this will happen everyday but I don't think I'm totally blue saying it either.

Posted via CB10

This is for your particular situation mate. Most of us don't leave our phones unlocked in public, heck, mine stays in my pocket and only comes out when it has to.

The same question could be asked about every single app from Contacts, Emails, documents in File Manager etc... If you are that worried chances are you will look for a solution.

[Jose Casiano]

Looking at this hardware issue, it's really a code issue not necessarily hardware. For example BlackBerry looks at the manufacturing process to make sure that foreign chips and software isn't loaded to their devices. For example, one could slip a firmware into the manufacturing process that could allow it to steal code just like mentioned above or add another chip or part that doesn't belong there that could also do the same. It appears that this was a bug though, with the potential of gaining access to code and other information running on the device, compared to its already doing that (and being considered a hack). They reverse engineered Qualcomm's code in order to find this vulnerability. Another thing is that Qualcomm has already patched this and has been submitted to device manufacturers and keeping with BlackBerry's promise of patching every month, they have been really good at keeping this promise. But what's most important here is that this isn't a problem of controlling manufacturing process, it wasn't that a chipset came from another third party company, it was from Qualcomm directly a large company that a lot of manufacturers trust.

If you look at the report directly you can see that the biggest concern that they have is the updating process and the detection process, so there's are two things that BlackBerry is promising to give, maybe those OS integrity things we are seeing in the forumns maybe related to this. I dunno just my quick thoughts

Posted via CB10

[Sairos]

Android bug fear in 900 million phones - BBC News

I have been posing that question here for over two years.
Again this proves that without controlling hardware, including designing your own integrated circuits and not buying them from others, a company like BlackBerry cannot claim security.
It's interesting that Samsung (and Apple) are not on the list because they do not use the Qualcomm chip. They have their own.

This also goes back to the security (lack thereof) of a phone designed and assembled in China.

Nothing is impenetrable.. People must understand that.. Very good security or the world's most secure phone doesn't mean it will never face security vulnerabilities.. Most as of the best phone in security out there.. Plus the Problem seems to be in the Qualcomm Chips, so Qualcomm takes the fall.. Everyone uses Qualcomm, we can't demand that BB have to manufacture their own Chips.

Samsung uses Qualcomm chips alongside their own Chips, regions thing.. S7 is affected.

I suggest you edit the post to correct that info.

[anon(9607753)]

Android bug fear in 900 million phones - BBC News

I have been posing that question here for over two years.
Again this proves that without controlling hardware, including designing your own integrated circuits and not buying them from others, a company like BlackBerry cannot claim security.
It's interesting that Samsung (and Apple) are not on the list because they do not use the Qualcomm chip. They have their own.

This also goes back to the security (lack thereof) of a phone designed and assembled in China.

Not sure it proves anything actually, other than Priv, Nexus, and Blackphone are likely the only devices on that list that will receive a timely update to rectify the issue.

Posted via BlackBerry Priv STV100-1

[Sairos]

Oh by the way, how is it that Software can't secure hardware bugs when the vulnerability is being fixed through Software Updates?

The vulnerability is found in the Qualcomm software drivers, thus your whole thread is invalid xD.

[zephyr613]

Not sure it proves anything actually, other than Priv, Nexus, and Blackphone are likely the only devices on that list that will receive a timely update to rectify the issue.

Posted via BlackBerry Priv STV100-1

Umm, not if your on VZW using the PRIV, still waiting for the July update..

[conite]

Umm, not if your on VZW using the PRIV, still waiting for the July update..

Having to put up with Verizon's idiocy is on you. Lol.

[Rico4you]

Last security update August 5 in summary
does mention fixes for Qualcomm

http://blck.by/2auvVCL

BlackBerry fast reaction...

Posted via PRIV and or Passport SE