Google's annual Android Security Review names PRIV one of the most secure smartphones of last year. While rather unsurprising to most of us here, there are some areas of the report that BlackBerry's software efforts receive some substantial kudos.
BlackBerry is named among several manufacturers regularly delivering security updates to flagship devices on the same day as Google. What's more, after looking at last year Google quantified that the BlackBerry Priv devices in the market were at a 95% update rate. Consistent monthly security updates paired with all the hardening of the software stack BlackBerry implements has maintained BlackBerry's security credence in the Android marketplace.
Google gave a special callout to BlackBerry with regards to Zero Day Patching. As BlackBerry Android software utilizes customized kernel hardening and a bottom-up security implementation throughout various layers of Android, they were able to quickly patch a critical exploit and deliver it to customers in time for the November 2016 security update.
The combination of regular monthly security updates and fast responses by Android device manufacturers significantly mitigated the impact of zero-day vulnerabilities against the Android platform. For example, CVE-2016-5195 (also known as Dirty Cow) was publicly disclosed on October 19, 2016. As the patch was available from upstream Linux, some device manufacturers, such as BlackBerry, deployed a fix in time for the November 2016 security update. We created a special patch string (November 06, 2016) for devices to indicate the vulnerability had been fixed. A fix was required for the December 01, 2016 security patch level.
BlackBerry was paying attention and was swift to apply the patch to their software even though it became public toward the end of October. This attention to security detail along with the other kudos given above in the Google report reaffirm what BlackBerry is capable of doing to secure Android for users.
In the QnA portion of the March 31st earnings call that you can replay here. Chen mentioned a further hardening of Android by the codename Black Widow. You should not expect BlackBerry to pull back on their Android security efforts if anything the company will double down and continue to drive their unique value proposition on the platform.
If you're interested in learning more from Google's Android Security 2016 report, it's a 71-page read and lots of fun so set some time aside and dive in.
Verizon now rolling out software update for the BlackBerry Priv
Have a BlackBerry Priv on Verizon? Surprise! You'll want to go ahead and check for updates as many folks have now started receiving a software update.
BlackBerry Priv will no longer receive monthly updates going forward
A new post on the Inside BlackBerry Blog from Alex Thurber has laid out the status of monthly updates for the Priv as the device has now moved well beyond the two years of monthly software updates BlackBerry originally committed to.
BlackBerry begins rollout of September Android security update
Although it hasn't been noted by @BBSIRT yet, BlackBerry has now begun the rollout of the September Android security update according to a new post on the BlackBerry Knowledge Base.
Verizon BlackBerry Priv owners can now download software AAN368
Verizon has now begun sending out software AAN368 which is noted to have been tested to optimize device performance, resolve known issues and apply the latest security patches.