We may earn a commission for purchases using our links. Learn more.
Since the release of the BlackBerry Priv, there have been some articles appearing across the internet debating just how hardened BlackBerry's Android offerings really are when it comes to security and privacy. Most notable of the debates, an interview with Daniel Micay from Toronto-based security firm Copperhead, who claimed that 'Nexus phones are more secure than the BlackBerry Priv because Android 6.0 offers some security improvements over 5.1.1'.
Now, as part of their Priv security and privacy blog series, Chief Security Officer at BlackBerry, David Kleidermacher has taken to the Inside BlackBerry Blog to further explain why BlackBerry's Android is best for security and privacy and seemingly address those debates without actually pointing any fingers but instead, sticking to the technical details of BlackBerry's solutions.
PRIV initially shipped with Android Lollipop (L) 5.1.1. Google has released Android 6 Marshmallow (M) to device makers, and BlackBerry is in the process of integrating the new release. Marshmallow adds a number of security enhancements. However, when it comes to "hardening" Android, BlackBerry's special sauce includes numerous additional improvements independent of the Android version number, such as:
- Supply chain security for hardware root of trust. That means we "sign" all of our hardware with digital keys at the manufacturing level to ensure device integrity.
- Improvements to the Address Space Layout Randomization (ASLR) security technique that are not in Android L or M and make it far more difficult for malware – even something like Stagefright – to exploit Android software bugs.
- Improvements to the SELinux mandatory access control policy system not in L or M.
- The Pathtrust utility, which goes above L or M in ensuring that untrusted code cannot be introduced into the system dynamically via malware.
- Hundreds of hardening improvements to the Linux kernel and Android service framework to enable features like DTEK, our new app that helps you protect your own security and privacy.
- Tamper-proofing of critical security parameters.
- Cryptographic improvements, including the use of BlackBerry Certicom certified-FIPS 140-2 security compliant cryptographic library and other techniques that improve upon the Android password's protection against brute-force attacks.
- Support for smart card authentication and other enterprise-specific features that benefit business users.
As Kleidermacher notes, there are lots of small companies offering hardened Android implementations including the already mentioned Copperhead through their CopperheadOS but it really does come down to whom users trust and BlackBerry has been in this game for well over fifteen years with their security and privacy focus being a key part of the company and one that hasn't stopped with Priv. Be sure to check out the full blog post for the complete rundown.
Read Why BlackBerry's Android is Best for Security and Privacy
Read more
Verizon now rolling out software update for the BlackBerry Priv
Have a BlackBerry Priv on Verizon? Surprise! You'll want to go ahead and check for updates as many folks have now started receiving a software update.
BlackBerry Priv will no longer receive monthly updates going forward
A new post on the Inside BlackBerry Blog from Alex Thurber has laid out the status of monthly updates for the Priv as the device has now moved well beyond the two years of monthly software updates BlackBerry originally committed to.
BlackBerry begins rollout of September Android security update
Although it hasn't been noted by @BBSIRT yet, BlackBerry has now begun the rollout of the September Android security update according to a new post on the BlackBerry Knowledge Base.
Verizon BlackBerry Priv owners can now download software AAN368
Verizon has now begun sending out software AAN368 which is noted to have been tested to optimize device performance, resolve known issues and apply the latest security patches.