By default, Google’s Android operating system prevents applications from accessing the deeper parts of the operating system. There are a few reasons for this, mostly for security and stability reasons: should a user be able to modify core parts of the operating system, he or she could very easily damage the software and cause the device to malfunction or perhaps even brick the handset (in other words, it will be unable to reboot). From a security aspect, Android has built-in protection designed to prevent applications from accessing sensitive parts of the operating system, designed to help prevent information from being stolen and to stop one application from corrupting others. The means of opening up the operating system is known as ‘rooting’, as it allows access to the whole operating system and allows users to modify the device software over and above what the manufacturer originally designed. However, because a rooted device is less safe than a non-rooted device, many sensitive applications will not run on a rooted handset: this means many banking, payment and other financial applications such as Android Pay.
BlackBerry is a business in the midst of reinventing itself as a specialist security software company that also happens to make handsets. As such, the company’s first official Android-powered handset, the Priv, comes with a technology called “BlackBerry Integrity Detection.” This software is designed to allow the device to check itself and report that it has been compromised should it have been rooted. BlackBerry have recently released a blog post detailing why they have deliberately designed the handset to warn when it has been rooted and why they are against rooting the Priv device. In short, BlackBerry do not allow the bootloader to be unlocked or the device to be rooted as this represents a significant security risk.
The blog details the very real risks of rooting. Some malicious applications are capable of rooting a device, which allows them to modify the device enough to make it extremely difficult to remove, as they survive a factory reboot and are able to propagate themselves and steal personal and sensitive information from the handset. In 2015, we’ve seen a significant rise in the number of malware applications capable of rooting a device. BlackBerry’s blog details how the arms race between hackers and security software engineers is akin to a game of cat and mouse, and how well designed malware can disguise itself from many root detection applications. This is why the BlackBerry Priv uses a the holistic Integrity Detection system.
Some of the ways that the BlackBerry Integrity Detection system works is to check for the kernel integrity on system boot, looking for unauthorized changes to the SELinux policy, checking file system mounting permissions and checking that unauthorized applications are not granted escalated privileges. The Integrity Detection system also looks out for security applications being disabled. The security software uses a trust anchor to create integrity reports, digitally signed with EEC-256 and backed up by a certificate chained to the BlackBerry Certificate Authority. These reports are designed to integrate with mobile device management suites such as Good Secure EMM and BES12, which helps system administrators look out for rooted and potentially insecure devices.
BlackBerry’s blog on the subject of the Priv’s security system does rather read like a challenge for hackers: there are many layers to be peeled, and perhaps BlackBerry are encouraging hackers to give the Priv a go, in the hope that they will learn from any security breaches to make the platform even more secure. Until this happens, the Priv benefits from both BlackBerry’s security know-how combined with the flexibility of the Android ecosystem.