Security and privacy are an integral part of BBM and always will be

By Bla1ze on 14 Mar 2014 12:50 pm EDT
10
loading...
102
loading...
80
loading...

With all the different messaging systems out there nowadays and the understandably rising concerns of security and privacy given all the breaches lately, the folks at BlackBerry have decided to highlight all the various security and privacy features built into BBM so as to better inform customers how things operate, even covering BBM on Android and iOS.

BBM has always put security at the forefront. On BlackBerry, the end to end security model is built on a foundation of secure hardware interacting with secure software. Security is reinforced at every level of the device from CPU to boot ROM, to OS and file system, and applications. The root of trust that BlackBerry builds for its customers remains unbroken throughout the chain, and is unlike other security models that rely on the interaction of components from multiple vendors.

On Android, BBM runs and stores all its data within the internal secure storage of the Android sandbox providing higher security than other IM apps that store their database in the shared storage space of the device. Similarly, on iPhone, iPad and iPod Touch, BBM runs and stores all its data within the iOS app sandbox.

If you've ever had questions or concerns regarding security and privacy within BBM on any of the supported platforms, this is the post to read. You can head on over to the Inside BlackBerry blog for the full down.

Read more in the Inside BlackBerry blog

Reader comments

Security and privacy are an integral part of BBM and always will be

125 Comments

I love BBM and BlackBerry.

I wish there was a way to convey the security issues to Joe average. I don't think the vast majority will care about security until they have had their credit card or personal information stolen. Even then they will still not likely equate these issues to cell phone security, which is a bid mistake.

Posted via the Android CrackBerry App!

Thought you might have been one of those funny fellas who load the Android app onto their Berry, just for the heck of it.

The WP / Android Central and iMore ones work well on my Z10 on 10.2.1. I cannibalized the apks from my wife's Moto G.

"No Q10?" -> "Buy from Chen... "

Hidjk,

Ya got me :)

I got caught in an upgrade cycle when I had a bold 9900 at work. BlackBerry didn't have a phone for personal use that interested me at the time. I am going back to BB as I love BB....will get a q20, or wait till the new flagship. I likely need actual buttons as typing on this touch screen drives me mad :)

Posted via the Android CrackBerry App!

In short, it means it runs in a specific spot of the OS and never touches the full OS, nor does it have access to all parts.

When i read this, I think of something else actually: what about the security "breach" that is installing Android on the BlackBerry? Never really thought of it, but looking how sluggish the Android runtime is on my phone, it brings me back to the days of the BBOS browser, which was slow because of BES.

I guess the issue/question I'm trying to raise is, whether BB10 does something similar to the Android runtime, to keep the phone secure, and this in turn causes the apps to run slower.... is BB10's sandbox full of little Android rugrats?

Yes android also runs in a sandbox (as far as I know) and if reading the statement closely it seems to suggest that BlackBerry saves all files in the app itself on ios & android.

You should check out the interview on www.infowars.com that Alex Jones did with John Macafee . Macafee is coming out with an app called cognizant. It's designed to tell you exactly what a particular app is doing and help you make decisions about whether to keep it or not. It comes out for android first in 5 days.maybe 4. You should try to coax a BlackBerry version too. Heck might be better to run the android version if a person side loads. I don't know. Would be interested though.

Posted via CB10

McAfee years ago, I remember, let the CIA lantern trojan get into your system and not include it into their malware definitions, they had an agreement apparently. It made the news on tech forums (only).

He's sold the business to Intel and Intel agreed to change the name in the future. McAfee said, he was relieved to "no longer be associated with this ***** p.iece o.f s.oftware". (pos?)

"No Q10?" -> "Buy from Chen... "

Good explanation. Even though I sort of understood the concept before, I am going to do the modern version of cutting it out to keep it for future reference!

Posted by the inimitable Z10 handheld system

I hate to contradict Bla1ze but in context they are tackling about the part of the file system that's set aside for the application and protected by access control permissions. Essentially each application is treated like a separate user so applications can't read each others' data

Quote:

On Android®, BBM runs and stores all its data within the internal secure storage of the Android sandbox providing higher security than other IM apps that store their database in the shared storage space of the device. Similarly, on iPhone, iPad and iPod Touch, BBM runs and stores all its data within the iOS app sandbox.

Posted via CB10

Hopefully their next priority is to scrap any new ideas they had with the BBM beta.
Stickers? come on... lmao

There are soo many other features to make BBM a better experience that they can be spending their time on.

So don't use them, there's plenty of people who will. There's a reason they were added -- people asked for them.

I agree that there's better things they could spend their time on than stickers. Just because people ask for it doesn't mean you do it. BBM needs killer features to win the IM space, and stickers are not exactly a killer feature, are they? Well, I suppose if you're a 12 year old they are.

Did you say the same thing about ringtones? Which, as you may or may not know ended up being a multi-billion dollar business.

Look at the market and look at what sells. If you did that, you'd quickly realize that while stickers might not be for you, you are not the majority. Long story short, they might be late to the game but stickers sell. 

"Japan-based mobile messaging company Line raised eyebrows in May when it revealed that it made $17 million from selling stickers during the first quarter of 2013"

Ya, stupid stickers. They're the new ringtones.

Thank you Bla1ze for answering that. I admire your patience too. Very good comparison.
If I do/don't like something, no one else does/doesn't too. ;-)
Truthfully, I don't use stickers much now. But if they started expanding on a Sci-Fi section giving homage to the old shows and highlighting the new, I'd be all over it. Toon/Anime styles and especially Classic/Realistic art would be awesome!

Thanks Blaze! People seem to think that their opinions are that of the majority - smh.

Posted via CB10 running on Z10STL100-1/10.2.1.2141

Yes, I can see that. But BBM was always about functionality.

Like I said in the OP they have better thing to be working on to make BBM functional. My friends on iPhones can't stand BBM, it drains their little batteries and very buggy. No they don't have 5S' but most iPhone users don't have iPhone 5S. They can't even get it working perfectly on my BB10 compared to my BBOS phones.

I personally think video cross platform will be bigger for BBM
http://www.technobuffalo.com/videos/rettingers-riffs-blackberry-messenger/
That is in need.

Stickers might do good for LINE but would you actually compare that to BBM? "BBM is about security". Do you think the Queens, Prime Ministers and Presidents who all reportingly(yes i have to make up a word P) use BBM will be like, i'm going to send a sticker to my secretary to hurry up.

I just can't see the typical user using stickers. The only thing about Chen I don't like is he sends off so many mixed messages. I'm going to concentrate on enterprise while adding stickers to BBM then make a phone for 3rd world countries. Are they after enterprise customers who can benefit from video cross platform or to consumers who are asking for stickers to send to their grandma or girlfriend to get laid?

There is nothing you can say to really rebuttal that, it's just mixed messages that we are getting. I do get he is trying to make a wide audience happy but that's what he should be saying in his interviews that it's not just all about enterprise customers only.

Yeah, I know what you mean khel. Instead of stickers they could give us end to end encryption or something else.

Posted via BlackBerry Q10Bold

Problem is there is not enough of prime minister's and queens. So BBM is ensuring security and then expanding. They need to be economically viable and have $ coming in to invest in other features.

There are not enough people like you. If there were we would be on an apple death watch. BlackBerry was blamed, and rightly so, for not giving the masses what they want. They are now.

And quit whining in every comment about stickers. Please & thank you.

Posted via CB10

I like how you picked little pieces out of everything I said :P

Video is just as in need as stickers and will improve the functionality of the app. Which can also be used by their main audience so it's a win win there.

I know you have me there:P But Video should have been x platform from day one.
They have their own sector now in BB. probably 10+ people working 40 hours per week.

Would your friends pay to have the video feature or do they just want freebies? BlackBerry has find subtle ways to make money from BBM while retaining the new converts.

Stickers are easy to implement quickly though and it gives the average user a way to donate money for a great app + they get a nice little something for it.

I will buy some of them as a means to support BlackBerry (next phone in one year), will probably not use them that much but hay. Probably do it when a new great free feature is added

I agree with some of what both of you said. I don't care about stickers but can see where some might. If that helps make BBM take off cross platform then do it. I really have more use for cross platform BBM video. If it will work as well cross platform or close to it as it does BlackBerry to BlackBerry then no other video chat will be able to compete. I've never used facetime but none of the ones on android run worth a damn.

Posted via CB10

My guess is that is why eBBM was developed. The two extreme ends of the market; high security, functionality, productivity 1st corporate,/govt end) and the fickle consumer market latest games, disappearing messages, stickers, emoticons, blah, blah blah are extremely hard to marry. Splitting BBM into a corporate compliant secure mobile messaging solution and the consumer regular BBM allows each market to be optimized for.....hopefully.

This post Powered by BlackBerry

never thought of it like that, completely forgot about eBBM actually. Isn't that going to launch with BES12 at the end of the year though?

I thought the 1st iteration of eBBM is available now with BES 10.2 or whatever the latest version is. I'm sure it will be added to feature -wise for BES12. I could very well be wrong though. Please correct me if I am.

This post Powered by BlackBerry

Sorry, my bad. eBBM Protect will be the first element of the eBBM suite. It will be out this summer, as will the beta program for BES12. So it sounds like you are correct on the timing.

This post Powered by BlackBerry

Enterprise is one of his strategies, bbm is another.

The stickers are part of the bbm strategy... there is no mixed msg, the stickers don't have anything to do with enterprise.

Get it?

Powered by BB

I thought about it and I guess it's a good idea to bring stickers into play. I'm just kinda angry that BBM still feels half baked with the features it currently holds and now they are adding something new.

But just with Express /Story Maker/Music and etc. I guess I gotta get use to the half bakedness of BB10 until they start touching up with what they have and bringing their old BBOS features back fully.

The consumer user base is craving stuff like that, makes their lives interesting, and gives them something to do.

Why do you think they were screaming for time wasters like Candy Crush on BB10? Which now runs nicely on the Android runtime.

If you wanna do things in the Asian markets you gotta have this stuff. Our Japanese friends here in Australia are crazy for emoticon stuff (other nations not excluded, of course). For some, that would be THE reason to get a certain phone. Crazy. I know! Gotta love'em. :-)

"No Q10?" -> "Buy from Chen... "

@York....Imagine if Stickers could be animated and BBM manages to get video going on all platforms.could be a money maker,especially the adult section,While in Glympse you could add an animated sticker,Fun!!

Did you go to the "Business School of Radio Shack"?
Stickers : Do as I'm going to do, Don't use them...really easy if you think about it.
Let the millions of others who care about stickers enjoy them.

Doesn't matter if BlackBerry does or does not listen to customers.....someone is always going to complain.

It's called BBM for all for a reason.

Powered by BlackBerry

Blackberry doesn't do things when people ask for them that's the problem (hopefully Chen proves me wrong in the future:P).
Look on beta zone and there is nothing about stickers. Until that update.
On the other hand look how many people asked for panorama in the camera. Isn't that the highest rated feature that people wanted?

Blackberry doesn't care what you ask:P But i guess stickers is a good money grab which is good.

I must admit, even though I didn't ask for them, I would use them. And this is from a middle-aged guy in business, with family responsibilities! Guess I must be juvenile at heart...

Posted by the inimitable Z10 handheld system

Laugh away but be aware...WeChat from China, LINE from Japan, Kakao Talk from South Korea and Hike from India and....most of the Asian messaging apps have focused on quite a few ways of revenue generation. Of all sources, revenue generation from Stickers is being chased by all.

Don't be fooled by the US press trash talking Blackberry's products and services.

They love them, they just don't want you to love them.

Never, Stupidly, Accept.

Posted via CB10

Yeah fight da power!

Whilst you're at it, gimme a break. Get a better world view than a crass conspiratorial one. There's no 'they'. Welcome to the mechanics of capital.

Posted by the inimitable Z10 handheld system

I guess this puts an end to the debate whether or not bbm on android and ios is secure.

Many claimed that only bbm BlackBerry to BlackBerry is secure this crushes this line of thought.

Posted via CB10

Sorry to say but BBM messages sent from BlackBerry to iPhone or Android are not encrypted like they are from BlackBerry to BlackBerry, and even the encryption for BlackBerry is not very good. I'm talking consumer not BES.

Yes the data may be stored on the phone in secure areas, but it's the data in transmission that's at risk from what I understand

We were discussing this in the forums just the other day.

http://forums.crackberry.com/general-blackberry-discussion-f2/does-bbm-u...

Zed30

Highlighting security is good.

But, I really do not like what Blackberry is doing with BBM Channels. They are trying to turn BBM into something that it is not. BBM is a communications app, not a social network for brands. Channels is basically trying to be a less social Twitter with less features and less brand support.

Channels just takes away from the core chat experience which is what BBM is about, Channels is hidden inside a menu and then when you get to it you basically get something that look like mobile blog posts with comments. Most posts are links to other news websites and most comments are people sharing their Pins. I prefer what they are doing with stickers, although I don't love the idea of paying for stickers, I understand that they need ways to make money and I would argue that at least the stickers are part of the core experience. Even the paid PINS is a better idea

And its not even that popular. If you look at some of the popular channels on BBM you'll see that Disney and WSJ only hav 12,000/15,000 users while they have 3M/4M on Twitter. It is just not popular enough and its even worse that they are already trying to put advertising in there.

Play Starcraft? Join our Channel: C001242DE

Do I spy a plug for a Channel in that anti Channel post?? ;-).....most of my time in BBM is spent on the numerous Channels I've joined. There is some cool stuff being done, and it's a nice all-in-one place to get a wide variety of information from a wide very of subject matter.

Posted via CB10

Which means my post should be even more legit since I've been using BBM channels.

Play Starcraft? Join our Channel: C001242DE

Well Channels is still in its infant stage and they just released it on Android and iPhone so pump your breaks a little bit, I use Channels more so than BBM messaging, Channels has really become a community, I seem to remember everyone knocking Twitter when it first came out, now everybody and their mother has A Twitter

Posted via CB10

I don't like how I lost the contacts shortcut at the bottom because of channels which I never use but I frequently need to quickly open contacts. Quit jamming it down our throats and give the option of putting contacts at the bottom.

It's for these reasons I'm pushing to have BBM deployed to all our corporate devices as a standard offering.

Posted via CB10 and Z30

what's sad that those were 2 russian devs that were making that part time when BB has their own BBM sector of probably 10+ people working 40+hour weeks for BBM..

Blackberry marketing needs to communicate WHY security is important. Just having security as a feature isn't enough. The vast majority of people - read iphone users - just figure security isn't of the slightest bit of importance to them.

IMHO security is a massive USP for Blackberry, but they've completely failed to communicate the benefits to consumers. If there's no benefit for better security then who cares?

If they made a campaign highlighting the security features most tech blogs would compare them to other new IMs like influential tech sites in Germany did over the last weeks and that wouldn't look that good for BlackBerry.
Without E2EE means it just can't compete with others with that feature regarding security.

It'd be nice if they could offer end-to-end encryption to all BBM users, not just those business users on BBM Protected.
They could make it a IAP option to everyone.
Without it, BBM simply can not be regarded as being as secure as IMs with it, even though it offers a lot more other features.

Mentioning big security news that made customers concerned, giving a few examples and not even mentioning the NSA bombshells that were all over the news for months is at least a bit odd if not telling.

I don't know if you are talking about within the app or through Notification Center, but all the usual settings are available for BBM in Notification Center on iOS to stop messages appearing when you don't want them to.

They need to bring peer-to-peer encryption in BBM for everyone, not just for "BBM Protected" customers, or they won't be able to compete with IM services that are already secure, like Threema and TextSecure. And they need to bring peer-to-peer encryption for email (PGP and S/MIME) to everyone, not just corporate users with BES. Assuming that only corporate users care about security is a big mistake these days, especially since after the NSA leaks P2P-encrypted IMs pop up everywhere and are quite popular.

yes, also don't understand why there is a need to launch 'BBM protected'; if as they say everything is secured...Why not launching 'BBM protected' for masses. Bad approach by BB marketing again!

Posted via CB10

They are making BBM for Business users which has a lot of features that the Consumer BBM does not have and vice versa

Posted via CB10

The end to end encryption, I thought that was what PIN messaging was all about.

Posted by Phobe's Owner on the BlackBerry Q10

Glad to see BlackBerry actually making an attempt to educate the public on the features that differentiate their products from competitors.

Hopefully some of the popular (non-blackberry-focused) tech blogs pick this up and do an article on it.

@kool...Disney only came on board a few months ago,I checked just last week and I was surprised,The charts on subscribers is most certainly rising.They are generating sub's, so ? They better clean it up and fast before it get's out off control.Maybe they don't care ,they might want the #'$..

And that's why I'm sticking with BlackBerry! And cuz I love my phone of course...

Posted using the best phone ever, the Z30!

How is security integral to BBM when every message is encrypted with the same key, and decrypted/encrypted as it passes through BBM servers?

My understanding is that iMessage messages are more secure.

Time to beef up BBM in all things - never be satisfied.

The biggest room on the planet is ...the room for improvement

Posted via CB10

As other people have mentioned not much real security if the messages are just scrambled. They should sort this as quickly as possible otherwise the new players will start to take the consumers who are concerned about security but are not on BES, which will be most bbm users.

Posted via CB10

correct...BBM for masses is not better (even worse) than WhatsApp and other suspects. They failed and unfortunately won't understand to hear masses shouting for secure IM services. -Like in the old BB days. Heins, Chen etc. No matter!

Posted via CB10

I used whats app but since bbm went cross platform there is no use of it so i deleted it. Absolutely no comparison with bbm in terms of security and privacy! Spread the word guys, we need to help blackberry get out of the crisis because it's worth to be saved, an amazing platform with the best os!

Posted via CB10

I'm simply impressed with the way BlackBerry is now blowing its own horns. Kudos. GO TELL IT AT THE MOUNTAIN TOP!!!!

So all it takes is for the other IM apps to also use the sandbox for storing data instead of th shared space. Would anything stop them from doing that in a future update?

Nice try... while BBM is doing a better job than Whatsapp by avoiding shared storage space, people have to remember that there is no privacy on BBM for consumers, until they implement something like OTR. Use secure Android apps if you want real encrypted voice and text encryption.
BlackBerry can see all our conversations and will gladly hand them over if asked by a judge.

Channels is already collecting "anonymous" data and the next step will be the embedded browser in BBM, which will track our habits ;)

"Snap" is the best stop-gap solution for Android apps while we wait for BlackBerry to get its act together...

BBM should have a PC client so we could communicate between computers and phones. Think about it, BBM could be the next skype.

Posted via CB10

Great !! Where are localized BBM servers??
I hope for Canada... Now if they're in USA, people should think to redefine "Security and Privacy" words...

The very VERY most important thing for BBM is that it must be independent from the carriers. It's not possible to use BBM over 3G on every carrier here in Austria. Only on the big, expensive ones but most people are using the cheaper ones. It must be possible to use BBM with simple data plan on any carrier.

Posted via CB10

I think we need a good article on BBM. I have 6 chats going daily on my Z10, always had the beta version going, run 2 channels with it, but I cannot figure out Stickers or Glympse or what's coming or going. I do know what I want though.

Sent while driving from my Crackberry.

Awesome blog post. A big fat finger poked in the eye of a certain German testing institution (Stiftung Warentest) that thinks testing toasters and vacuum cleaners qualify them to test encryption on code.

I hate to rain on your parade. But from my experience, Bbm is not secure. It maybe more secure then other im platforms but i wouldnt say its locked from prying eyes. BlackBerry has a log of all bbm messages and photos sent through their relay. I know this because ive read them through court documents before.

The only thing thats totally secure on a blackberry is Pgp. Even on BES the admins can read all your messages. Which is understandable because everything with the company should be transparent to its owners.

Try searching up "uncrackable blackberries". Those are the ones run under a private server offshore and have pgp installed and the keys to the messages arent universal like BBM.

Posted via CB10

I don't get it... Ok they answered the article that appeared earlier this week on Hacker News, but I read crackberry every day and I am not wiser on how exactly BBM is safer than other IM apps other than not having gigantic holes...

If it is a secret that if unveiled could mine the system's security, but they always tell us BlackBerry is the safest while never really explaining how it is safer.

They constantly ask us to blindly trust their word on the matter.

I would definitely like some features like encryption or built in opengpg for emails. That would be a market changing feature!!

I'm completely with you. I haven't checked if and why BBM is more secure than Threema i.e. There is no end to end encryption in BBM. I always thought that it's simple PKI concept. I mean, if I send an invitation to someone, in truth I send my public key. But obviously it isn't so.

Posted via CB10

I have AT&T and some of my friends have and Iphone and Android w/BBM installed.

However, lately there BBM messages have not been as reliable. They are either getting to me late or to them late. Some pictures also get file transfers errors, yet If I send it again it may or may not go through.
For instance texting them was more reliable. I did a quick test on this. However, when BBM is working it works great. But I am unsure of the reliability being that its cross platform now. or if this is because they are cross platform using other devices whilst I am using a Z10.

Anyone else experiencing this?

Little fun didn't kill anybody.. BBM may stand for security and functionality.. but stickers add a little sex appeal to BBM.. let them come.. My young brothers and sisters are all over stickers on Facebook when them IM me there..

I love bbm. Most using chat app last afew monts. I am using android and ios. I will move back again Blackberry soonest new device arrive.
I want option on bbm to put passward for each chat for privacy concern.

Posted via the Android CrackBerry App!

I have a question on BlackBerry security: we always hear about how secure BlackBerry devices are, but here is my question: is BlackBerry security only good if one uses BlackBerry enterprise servers? I don't understand security, but I'm using microsoft activesync to connect to my work email. Does this mean I'm not really getting the blackberry security!? Maybe security is something I need to learn more about considering it's BlackBerry's number 1 focus.....

Posted via CB10

I wish BBM marketed the fact the bbm is so freakin instant!! My friends always give me shyt when I bbm them...when I'm typing a message they'll quickly type back "what the hell do you want now. lol" or "I see you typing..". And all of this is done before I hit send!

BBM definitely has some advantages but the word has to get out...

Posted via CB10

after reading a few things in the last few days it has become very clear to me that blackberry should and could be using security as their trump card against the other platforms. I just read about another secuity flaw with iphone ios7.1 as well as whats app saying they will not give up security because they sold to facebook. Whatsapp by the very nature of their product and using phone numbers already gives out your personal information. not sure if anyone read an article about a bet with one guy getting a few pieces of information and within one hour using nothing more then facebook he knew the guys house address, where he worked how many kids he had and could access his bank account as well as breaking into his email. The guy wasnt a professional hacker either. So why dont they slaughter all these guys with the security of the blackberry system. its the one reason they will never ever go over to android OS it wouldnt work for security and it would not be anything they would want to tackle. EG knox from samsung is not secure. its the reason that android is a bit sluggish with blackberry its because its virtual android so conversions have to take place and just because of this fact its the reason you dont have leakage for security from android to blackberry systems. Yes there are ways you can on your own breach the security of your own information but to get through bb10 security is another matter and android is just the sandbox which can be contained. For corporate these items of news come ata great time for blackberry can anyone in their right mind think that carrying an iphone for business purposes especially sensitive and secure business matters would be a great idea. Example i heard they wanted to use iphone for medical records access. Are they out of their minds? Thats the last OS i would want my medical information on. YOu might as well just hold your information out for the whole world to see. This is an area where blackberry could reallly capitalize. i figure the banking sector, government and the health care sector where privacy and security are critical. Then once you get a foot hold there you can go to other key areas as well. Perhaps the retail sector you might want to give target a call after there debacle. Then you can go after the hotel and airline sector. IF anyone doesnt think they need security help just ask the people that look after airport security. They need help as much as anyone. So many areas of security that need blackberry they can help them and then begin to gain the respectability back they deserve. Instead of trying to go after the consumer sector who for all intensive purposes couldnt care less about security just ask the people on snapchat whose owner basically said he didnt care when everyones information got served up. What was the response from most. I will still use it i dont care. Just dumb. Come on blackberry starting using the information that is available. Security does matter lets keep plugging away to get people on board.

What I'd like to see one of the BlackBerry developers do is get the open source Tor browser and add it into the BB OS.
Then, for good measure include options for PGP or other encrypted email.

Posted via CB10