was successfully added to your cart.

BlackBerrySafeguardX

Foreword: This is a think piece, with background material, personal opinion and analysis.
I’ll be discussing BlackBerry security assets and implementation that could be leveraged to add security layers around the Android OS.

Consider this a thought piece if anything on ways BlackBerry could tackle the larger security problem that is Android…With Lollipop and further with Android M, Google is working to increase the user controlled permissions for apps and overall security on their devices. Looking to shake the insecure stigma, Android for Work has been established to create an OS level secured container to allow EMM connectivity and further the usability of the Android offering within enterprise.

BlackBerry has many assets that could be ported or replicated on Android to build up the layers of security on the top level to protect Android from itself. This includes the applications, the data at rest and the movement of data between other devices and the internet at large. Google is placing a focus on security improvements, giving users greater control over app permissions – a tenant of the OS that BlackBerry 10 users have been spoiled with from day one. As Google, from a security prospective, replicates a lot of what BlackBerry 10 has done on the top end, there’s still plenty of security vulnerabilities inherent within the open nature of the Android OS. We’ll work top down on the measures BlackBerry can take to create a secure Android.

OS LEVEL SECURITY


 Enter BlackBerry Safeguard:

“BlackBerry Safeguard effectively allows users to protect and secure all information on any app, including the device’s Web browser. This safeguard feature leverages app permissions by allowing users to set up private or public usage restrictions through the Privacy and Security menu available on most apps, allowing users to protect their data…even browser cookie information.”

This Safeguard application lives within BlackBerry 10 by design, but signs that BlackBerry aims to port this application and feature set to Android are apparent through leaked images and video we’ve seen of Android running on BlackBerry hardware (presumably on internal testing units). If implemented correctly, this would offer a shield of protection to lock down Android apps.

BBsafe

BlackBerry Guardian:

“BlackBerry Guardian evaluates all apps and games in BlackBerry World before they’re made available for downloading. BlackBerry Guardian is designed to protect you from downloading apps and games that might include malicious software or privacy concerns. The BlackBerry Guardian icon in the BlackBerry World storefront indicates that the app or game has been evaluated for malicious software or privacy concerns. BlackBerry Guardian also incorporates technology from software security leader Trend Micro. BlackBerry Guardian is constantly evolving to help identify the most advanced forms of malicious software and privacy concerns. If malicious software is discovered in an app or game after it’s available, the app or game is removed from BlackBerry World.”

BlackBerry has been working with Trend Micro to implement a more robust approach for addressing privacy and security concerns related to third-party applications. By incorporating Trend Micro’s advanced mobile scanning and detection capabilities with their own internal proprietary application analyzing system, they can provide another layer of protection and assurance for BlackBerry customers. To be fair, Google already has something similar called Google Bouncer for Google Play.

BB_TrendMicro_Guardian

BlackBerry Protect:

“This built in app that comes as a part of the BB10 operating system is capable of working together with the cloud and protects your device data. The best feature is that in case your phone is lost or stolen, you can remotely access it with the help of cloud and delete all the sensitive information as well as transfer it to your next handset effortlessly. The BlackBerry Protect feature works with the Blackberry ID, therefore, no one will be able to disable the BB Protect unless they have the ID and password to access the app.”

This goes without saying that BlackBerry Protect is a great way to effortlessly manage a device that has been lost or stolen, and to protect data on the device. Something like this for Android based BlackBerry would be a no-brainer. BlackBerry sees security even outside the hands of the user and has built cloud-based software to allow customers to address these concerns and recover, wipe or lock down data when the device becomes inaccessible.

 

KERNEL LEVEL SECURITY


 LINUX vs QNX:

Android OS is an OS developed on a modified, monolithic Linux kernel, whereas QNX is a Real Time OS (RTOS) developed atop a microkernel. The main difference of each comes down to the architecture of the underlying system. How assets, libraries, drivers and the OS are executed on the kernel level directly correlates into how easy or complex it will be to secure the platform. Android is a more traditional architecture (read: less refined) with different top level aspects of the OS able to directly execute down to the root kernel. What this means is that hackers can exploit OS level vulnerabilities to manipulate the underlying kernel and ultimately overtake how data is accessed, stored or executed on said OS. Android applications run in a sandbox, an isolated area of the system that does not have access to the rest of the system’s resources unless access permissions are explicitly granted by the user when the application is installed. This puts real security on Android in the hands of the USER, not Google. As discussed in the opening, Android is continuously being developed to address some of these end user concerns with permissions, but due to the open nature of Linux, and thus Android, some of the exploits researchers have discovered have been accessible for years.

In this scenario, we have to assume BlackBerry has something that Google even wants. And that’s a hard pill to swallow considering Google’s reach and wealth. If you read up on the histories of Android and Linux, it seems to be a tale more of tedium than care. Google must make modifications and refinements to the kernel to meet their growing needs: increasing performance, memory management, etc. In this way, Google is stifled by the open source and has to invest money into the continued support for this backbone of the Android OS. BlackBerry’s QNX predates Linux by about a decade. Much of the QNX development tree has been focused on refining the microkernel to be exceptionally proficient. By design, it has stability laid in brick by brick, whereas the Linux kernel by design is not really built to load added kernel modules. This is less a Linux problem and more a problem with Monolithic kernels in general.

Linux and QNX could be considered opposites in terms of foundation. Android demands more access to the base kernel level to execute against the hardware. QNX on the other hand hosts all base and application system processes in user space protecting the kernel, and so it can maintain mission critical performance. The scope of the difference can be animated by numbers. Linux is about 15 million lines of code, whereas QNX is only 100K. Now if BlackBerry were to adapt Android, pay up for new drivers and aim to truly secure it – they could move components from the kernel mode on Android to the user mode atop QNX. In so doing, they would be able to replicate the same down-to-the-hardware security they have with BlackBerry 10 devices.

Let’s daydream on what BlackBerry has been working on… since they offered the 10.3.1 GOLD SDK back in November of 2014… IF they’ve been working on a secure Android solution, that would give them a one year timeline and credence to the relative slow down in BlackBerry 10 OS development. A secure Android would allow BlackBerry to fight much more flexibly in the enterprise space, where so many users are forced to carry two phones. Be it a BlackBerry for work and an Android or iPhone for personal use, being able to offer a BlackBerry that can be a user’s one device but still maintain a work and personal benefit would open up the enterprise sales teams to really drive up hardware sales. Now, BES12 already has connectivity as an EMM solution for Samsung KNOX devices and Android for Work; using QNX as a secure foundation to protect Android would establish BlackBerry hardware as THE most secure hardware in the market, allowing Google to capitalize in security through BlackBerry. An agreement such as this would fundamentally change Android. But if you really know anything about Android, you’ll know over time, as Ron Amaedo said:

“Android is open—except for all the good parts”

More and more of what originally made Android ‘open’ has been plugged into Google Services so Google can have more control over 3rd party applications/services and how deeply they can run within Android. It’s plausible that if BlackBerry innovates around the Android OS to offer better device security parameters, they can harness Android and Google Services into areas of the market they aren’t yet well established. This would get Android further into enterprise while allowing BlackBerry to connect services and applications to expand their hardware/software ecosystem. Which, uh, is happening anyway… For all we know, BlackBerry will simply join the OHA, slap some apps on Android and call it a day. Maybe they’ll utilize QNX and virtualize the Android OS with a hypervisor. Dual-boot, no perhaps it’ll be an user defined option at boot, maybe a Linux for QNX kernel swap. It really doesn’t matter. Regardless of what’s being tested, Android + BlackBerry is an interesting pairing.

Think about it. PlayBook OS/BlackBerry 10 contain the Android runtime, BlackBerry has actually been looking at Android on-top of QNX since they acquired the company back in 2010.

It’s my personal and by no means infallible opinion that the end game is to secure the world’s most popular mobile OS.
Can you picture the bootscreen?

Secured by BlackBerry. Powered by Android. 

Supplemental Content:

James Nieves

Author James Nieves

Manning the helm here @BBRYFLOW. Feel free to shoot me an email.

More posts by James Nieves
  • Nabil

    I am loving the idea, because I always wanted this. Flexibility, without costing security. Jobs once said that ‘if its a good thing it should be for everyone’.

    In my eyes and in my experience BlackBerry is a ‘good thing’ and it should be for everyone and if current technology demands exceptional secure end-to-end services carrying your communication and data, then blackberry has to create eco-system( either on proprietary hardware or generic hardware).

    Now its time to reinvent ‘services’ with security (which is there) flexibility, utility and controlling it in world of cloud computing and internet of things. Every byte and every data packet should have it, and that’s where the future lies.

    Next big technological shift is Just corner away, in form quantum computing, AI or Idk what? Specially businesses, which relies on big data but then general consumer Demands will also increase, what about those. Apple waited and waited and took a leap, but before that they envisioned technology keeping masses in mind.

    80 % in my family owns Apple Hardware / software, 18% android based gadgets and less than 1% BlackBerry.

    1% is me, thinking of offering BlackBerry to masses but creating it for businesses? Who wants to own two phones? In knowledge economies, People want to work smart even if its a tea boy.

    Now re-imagine boot screenS around you :)

  • Christian

    James, another great read. This year with all the  Android rumors, your articles have been the real Gems. First about the enhanced QNX Hypervisor, next this! QNX helping Android protect itself from Android. Legendary.

    The market niche I see BlackBerry really dominate is security. No phone manufacturer is really tackling security like BlackBerry. Apple expects it done 3rd party by the likes of VMware, Airwatch and GOOD (now ). Google and Samsung worked toward KNOX, but had serious hurdles inherent in system architecture. In steps BlackBerry, the hungry and innovative veteran with the developed solution.

    While security is important to me, the bigger challenge I see as a BlackBerry 10 addict is replicating the BlackBerry experience and professional “feel” on Android. I pick up a stock Samsung and I’m immediately turned off by the bubble noises, tweet-tweet texts, and overall childish animations coupled with haphazard icons. BlackBerry 10 sold me the first day because it was clean, professional and focused. If BlackBerry can truly and securely replicate that “feel” on Android, I will no doubt be a customer for life. I only upgrade when I see innovation, and right now the only manufacturer offering that in my opinion is BlackBerry.

    Glad you’re there keeping us 1% informed. I’ll take your articles over leaked photos any day.

  • Jon raymonds

    That’s cool

  • Lloyd Naylor

    Another hit. IF BlackBerry can pull off this secure Android then the Brinks truck will be dumping money on the front lawn in Waterloo.

  • QNXbbx

    Great!
    Finally an article that makes sense!
    Well done!

    In Synthesis:
    Goooooogle, the vaporware company, was LATE!!

    Hence:

    1. QNX powered by Analdroid

    A technological NONSENSE: QNX is the Present and FUTURE of the Internet.
    A technological (LEGAL) BLASPHEMY! … specially considering that QNX is the only reason why BlackBerry still exists today.
    A MORTAL sign of the marketing bullshit “culture” deeply infecting BlackBerry.
    A MORTAL sign of the blessed Data-mining interjection on top of QNX by Design!
    A MORTAL sign for the AGNOSTIC platform we were Entitled to dream and fight for.
    A TOTAL ABSENCE of ETHICAL sense!
    A total ABSENCE of RESPECT for all the BRILLIANT QNX Engineers that got this MASTERPIECE of software engineering architecture and design, implemented and deployed in all sort of 24/7 mission critical systems in each technological domain for the past 35 years.
    Without failures!
    How can a MASTERPIECE like this be compared with a PERENNIAL PATCHWORK?
    QNX is not an “almost good enough” 60/40 marketing driven crap “made as we go” os like analdroid (15 years of trial and errors, failures and violence screwing their users at each new release, their locked in manufacturers that could never maintain it as they should).

    2. Secured by BlackBerry. Powered by Android.

    makes slightly more sense… although Powered in this perspective is again just marketing bullshit.

    I can understand it’s hard for Analdroiders to accept the brutal truth… they are big numbers, we should keep them warm.

    Powered by QNX. Secured by BlackBerry. Hosting Analdroid
    Powered by QNX. Secured by BlackBerry. Hosting WP10
    Powered by QNX. Secured by BlackBerry. Hosting Jolla
    Powered by QNX. Secured by BlackBerry. Hosting Sailfish

    That’d rather reflect the technological truth.

    Anyway, the partnership with Gooooogle is:
    A worrying sign for our electronic FREEDOM in the future.
    A worrying sign that data driven electronic dictatorship is about to start…

    Take care and thanks for your great article.

  • Ionic Blue

    Wow, well done James. Very comprehensive and compelling piece. If what you envision comes to reality BlackBerry will be poised for a great comeback. My shares really need it.

    • Our shares need service revenue right now…And a software focus that hits the largest mobile demographic out there is-bound to do well first with enterprise users and have the trickle down, one phone effect to others in the market. We need to start making money.

  • Héctor González

    Wow really good article, and yes this would be very interesting to see BlackBerry and Android working together. Both companies have a lot to win from each other.

    -BlackBerry Leap –

  • Mmp300

    Great article… and would be awesome if actually implemented in this way. If the Passport version “2” ran something like this, I would be all over it.

  • Jason

    “Secured by Blackberry. Powered by Android.”

    Give me this on the upcoming Venice and I will be in heaven. So much win.

    • That’s the only way I’ll take it over a BlackBerry 10 device, personally.

  • Marc

    Very interesting article. I would buy and continue to use BlackBerry if this is actually implemented. I just don’t want to be data mined. That’s my biggest concern. I want a secure device that allows me to do what I want it to do. I also need the apps. Secure apps. Let’s see how this works. If BlackBerry can pull this off then they will succeed. So long as the Android arm can work well in the enterprise realm. The biggest problem with Android there it’s that the OS doesn’t play well with Microsoft. We shall see however…

    • They already ‘secure’ Android devices through Samsung KNOX and Android for work but that requires a BES to lock down the work partition. Hopefully they can expand their security outside of enterprise and be successful!

    • QNXbbx

      Dear Marc,
      about your privacy concerns:
      guess why I bought a BB10 z10 device immediately after it went out on the shelves?
      Guess why, unlike BlackBerry and their Fart users, I couldn’t care less about GOOOGLE, their Chrome browsers, Chromecast, ChromeBooks, ChromeFART apps, their honeypot Gooogle services … and their ARROGANCE?!

      Because, my dear friend desperately willing to protect your privacy, WE BB10 users HAD IT (PRIVACY PROTECTION) RIGHT OUT OF THE BOX until BB10.1 (military grade secure… except for the browser which is anyway the backdoor on each platform [using chrome? ;o) ])!

      On BB10.2 I started complaining after finding a suspicious analdroid folder having symbolic links to all my bb10 private folders.
      WHAT? I went on ranting about this TOTALLY ABSURD ARBITRARY, VOLUNTARY segregation breach introduced on BB10.
      But of course, having 90% of people using the highly customizeable crap os, largely justifies this breach from the SECURITY MASTERS at BlackBerry… isn’t it?

      I started feeling disappointed, just like if at BlackBerry script kiddies and Goooogle crack smokers were cooking up some betrayal behind loyal BB10 users shoulders…
      So, the datamining hook was inserted at that time and the messing up started… a good while before the definitive betrayal that happened with the analdroid drone interjection (installed by default?!) on the most droidish unusable material-crap screwed up version 10.3.1 (which I’m still running with sufferance just to remind me of this BB betrayal).

      And some of you may be even surprised that people like myself, who bought BlackBerry phones because of their unreachable technological superiority and because of the merits of the original FLOWING AGNOSTIC BB10 platform, the so called hardcore users, are SERIOUSLY WORRIED about the future of QNX, and fed up with what BlackBerry has been doing to BB10?!

      Yeah, we’ll see, but for BB, dropping BB10 alltogether is a major MISTAKE… and your question is the one every google detamined user will ask himself in a while…

      A SHAME for BB not to be prepared… specially because they were ready in 2013!!

      Software Engineering is not about marketing … is about VISION and Synthesis (an electronic engineer should get it)!

      Gooogle services, bells and whistles to the new generation of BB users…