Earlier this month, Google, via their security blog, outlined the details behind the Triada family of malware that was discovered back in 2016. In the post, Google highlighted how the malware evolved over the years, going from being embedded into apps to effectively being pre-installed on Android devices at the factory before they were ever even shipped to customers.
How is that even possible? Well, not every phone manufacturer can build everything they want into the OS, and they often have to rely on third-party partners to add specific features. Google used the example of face-unlock in its breakdown post, as that is something that is not part of the Android Open Source Project. That means handing off the base Android image to someone else and letting them add what they need to and sending it back when done. Essentially, opening up an attack vector by third-parties through the production process.
Now, BlackBerry has published a blog post highlighting the issue and noting that BlackBerry devices are unaffected by the Triada malware while also shedding light on the importance of having a secure supply chain, using only trusted components, and employing a multi-phase approach to security.
Although multiple manufacturers of Android devices were affected by this variant of the Triada trojan, the attack did not bypass any of BlackBerry's quality control measures or software development protocols. No BlackBerry devices were affected, eitherβa testament to the company's aggressive approach to security assurance and our mission to build security into every product from the manufacturing level.
Those quality control measures go well beyond just merely running Google's Build Test Suite, trusting that everything is OK and loading the images onto devices. Any changes that get made to BlackBerry software are carefully vetted under the 'trust but verify' philosophy.
BlackBerry retains strict controls over what software is added to the system image, or any requests from third-party vendors to configure applications with additional privileges.
While that has always been the case, we started hearing about it more when the Priv was released. A lot has changed since then, and we now have BlackBerry devices being built different licensee's, so it's more important than ever to know those strict controls are in place.
If you're looking for more details, you can check out the full BlackBerry blog post for yourself right here. But if you're interested in the higher level details surrounding Triada, and what Google does to prevent it, be sure to dig into Google's post.
Read more
BlackBerry Hub+ apps updated with bug fixes
Although BlackBerry Hub+ updates have slowed down a bit, a new batch containing bug fixes across the board has recently arrived on the Google Play Store.
Google begins rollout of RCS to all Android users in the U.S.
Rather than waiting any longer for carriers to get things in order, Google has now announced they have begun their rollout of RCS in the U.S starting today.
BlackBerry Hub+ beta apps updated with bug fixes
For each of the apps, the only thing you'll find noted in the change log section is 'bug fixes.'
Google Play Points rewards program launches in the US
Google has now announced the expansion of its Google Play Points program to the U.S. after initially launching in Japan and South Korea.