Last year, after many rumors, BlackBerry finally announced and released their first smartphone running on Android. Many had been hoping that the Canadian company would have jumped on the Android bandwagon a lot sooner, but they are finally here with the BlackBerry Priv. And have said that more Android-based smartphones are coming (first stating that they are going all in with Android, then backtracked saying that BlackBerry OS isn’t going anywhere yet). BlackBerry has been known for their security, in BlackBerry OS. It’s a major reason why many companies stick to BlackBerry smartphones over an iPhone or Android smartphone. With the company jumping on the Android bandwagon, it is definitely going to help the platform which has been plagued with different security issues in the past year, with Stagefright and Linux Zero-Day, just to name a couple.
Security issues aren’t new really, to Android. But in the past year, there have been numerous vulnerabilities found and made public. Perhaps the largest one, that really got security on Android in national news was Stagefright, which was made public last summer. Stagefright affected Android 2.2 and newer. Which is almost all of the currently active Android smartphones and tablets being used today. After Stagefright was patched, companies including Google, Samsung and HTC announced that they would be adopting monthly security updates. Google pushes out a security update each month to their Nexus devices and the source code is made available to their partners nearly a month beforehand. The code is also published in AOSP. Companies like HTC and Samsung, have struggled with security updates, seeing as their are so many variants of their devices, and with carriers being in the way for certifying them, it just can’t be done monthly, unfortunately.
BlackBerry, who is known for their security, has actually beaten Google to releasing security patches a few times, to their BlackBerry Priv. This is actually a great thing. With BlackBerry on the Android train these days, it could help Android in general, to beef up the security on the platform. Samsung has already attempted to do this with their KNOX platform. But that’s only available on their smartphones, and it’s safe to say that anything BlackBerry does would be better, simply because they have the experience in creating a secure OS. BlackBerry will also be able to put all of their resources into creating a secure version of Android for their smartphones – considering they are using stock Android, but with a few extra security features included, as seen on the Priv. However, I wouldn’t expect to see BlackBerry’s features available on all smartphones (although I could be wrong, as other manufacturers could make some licensing deals with BlackBerry to include their features and software), seeing as that is the main thing that BlackBerry would have over their competitors – along with their physical keyboard.
While Android does have a number of issues in the OS itself, there are also a big number of them in the apps available in the Play Store. In fact, just this week, there was a new malware found on Android called the Mazar Bot, which can root your device and erase all of your information without you even knowing. Mazar Bot spreads via a spam SMS or MMS message that can be sent to a user, which then sends you a link and clicking on the link can infect your device. We see malware like this popping up quite often. And the way that BlackBerry can fight back is by checking links like that in the background and determining that it is indeed spam or malware and erase it from the device as well as inform Google about it so they can put a stop to it. While it’s not an easy way to fix Android’s security issues, BlackBerry can’t do anymore harm, really.
Some may not get as up-tight about security and malware scares on Android, but you should. Your whole life is on that smartphone that you carry around each and every day. The personal data in your smartphone is worth roughly $37,000 according to McAfee. So it needs to be protected, especially with malware and vulnerabilities on the rise each and every day. In fact there was a vulnerability that popped up last month and affected roughly “66% of all Android devices”. The vulnerability is in the Linux Kernel and only affects those compiled with the CONFIG_KEYS kernel configuration set to “on”. This vulnerability essentially allowed attackers to get root access of the device. This didn’t affect Nexus devices as they don’t have the configuration set to “on”, but some other manufacturers might. It’s definitely a scary issue, and something that users can’t really protect themselves against. While it’s always a good idea to only install apps from the Play Store, and never click on odd looking links from text messages or emails, that’s about all you could do with this Linux Zero-Day vulnerability – luckily all hardware partners have to include their fix by the March 1st, 2016 security update. However, that may not hit your device until the summer, unfortunately.
These are just a couple of examples of security issues hitting Android in 2016, and we aren’t even two full months into the year and both of these issues affect a huge number of Android devices. Vulnerabilities aren’t just in the OS or in apps either. As the pie chart above shows, vulnerabilities most often take place in the browser. And that’s not unique to the desktop either (that pie chart is taking into account all computing devices – smartphones, tablets, desktops, etc).
As much as we want to believe that malware isn’t a big issue on Android, it actually is. Unfortunately, antivirus apps like Lookout, Avast, and others, can’t do a while lot to get rid of it. A report out of G Data showed that in 2015 over 5,000 new malware files were discovered every day. Over 440,267 malware files in the first quarter of the year, and it only grew throughout the year. Looking at the chart above, you can see that the number of malware files found in Android each year grows and grows, as does the Android platform. Why are people targeting Android for malware? Simple. The size of Android. It’s similar to why Windows PC’s got viruses and Mac’s did not (up until a few years ago), once the Mac user-base started to get pretty large, we began seeing more viruses, malware and trojans affecting OS X.
We’ve stated this before – and we’re probably not the first to state this – but there is no easy solution to security when it comes to a smartphone platform, especially one as large as Android. With 1.4 billion monthly active users (as of September 2015), the platform is huge and BlackBerry can’t help improve the security issues on the platform by itself. However the first step would be to get updates out quicker. There is really no way to do that either though. With carriers wanting updates certified before they push them out to their devices, and manufacturers having so many different variants out there. BlackBerry is able to do updates quickly because they have one Priv model and no other Android smartphone right now. Google has been trying to figure out updates for years, at Google I/O in 2011, Google announced an Android Update Alliance with carriers and hardware partners in an attempt to push out updates faster. Well that never really worked. They’ll get it eventually, but for now, it’s a pretty big reason as to why security is such an issue with Android.
The BlackBerry Priv gives users granular control over the permissions each app uses and can quickly change the permissions that they are allowed. Similar to what we have in Android 6.0 Marshmallow, but a bit more control than that. This allows users to keep an eye on apps and find a rogue one that might be doing something it shouldn’t be. BlackBerry also made the Priv nice and secure, starting at the lock screen. With their “picture-login”. As BlackBerry thinks that fingerprint readers aren’t that secure (which they are right). These are things that other manufacturers could take note of and then use in their own smartphones. Some of these features – like the picture-login – are patented by BlackBerry, I’m sure the company wouldn’t be opposed to licensing the technology to other companies for them to use it. After all, that would help drive money back to BlackBerry, through their software.
BlackBerry is known for three things, basically. That is their secure OS, their Enterprise support and their physical QWERTY keyboard. Right now, what Android needs the most is a secure operating system. When comparing Android and iOS, Android sees a whole lot more malware than the iPhone. In fact, the iPhone hardly sees any at all. Part of that is due to the closed ecosystem that is iOS, when Android is completely open sourced and users can install apps from anywhere, other than the Google Play Store. Now Google does scan apps that are downloaded and sideloaded onto a smartphone. But that, obviously, isn’t enough. If the numbers mentioned above is anything to go by. BlackBerry’s secure features on the Priv do help to make their smartphone more secure, but it’s not bullet-proof as some might think. It’s a step in the right direction.
Now BlackBerry won’t become the most important Android manufacturer just because of their hardware – although the Priv is a nice piece of hardware with that dual-curved display – it’ll be more for what they can do under-the-hood of Android smartphones, and for the security of our smartphones. The data on our phones is worth quite a bit of cash, and we need to do everything we can to protect it.
Security issues on Android isn’t something that’s new, and it isn’t going to be solved overnight. Similar to the issue about updates in general (let’s face it, we’re 4 months into Marshmallow and most flagships are either just getting their update now, or haven’t gotten it yet). Having BlackBerry on board making Android-based devices won’t completely solve the issue either. But it should help. We’ve seen Sony working with Google and making contributions to the Android Open Source Project, and I wouldn’t be surprised to see BlackBerry doing the same. Now this doesn’t mean we won’t see exploits being discovered in Android anymore – there will always be exploits – but it should help mitigate them as much as possible. With the features that BlackBerry announced in the Priv late last year, it definitely helps them (not to mention how quickly they are pushing out security updates), and it also wouldn’t be surprising to see some of those features licensed to other manufacturers. Android has been plagued with security issues for quite a while now, having BlackBerry as a hardware partner will help the platform as a whole.