back to article BlackBerry makes Android security patch promises

BlackBerry is touting security and privacy as the new Priv's key differentiators. But wait, isn't it an Android? And isn't that like putting an arsonist in charge of the Fire Brigade? The firm's first Android phone, which begins shipping tomorrow, is a genuine rarity: a phone targeted at enterprises and more technically …

  1. Fraggle850

    Speaking as an android user (aka feeder of the chocolate factory)

    Security and updates are probably my biggest concern (no point being concerned about giving all of my data to Google, natch, I've made my pact with the devil and will take the consequences). This could actually be a rather good USP for crackberry and may tempt me to buy one.

    C'mon Wiley Fox! You're my other contender, make the same commitment.

    1. Lysenko

      Re: Speaking as an android user (aka feeder of the chocolate factory)

      Agreed. In fact I personally don't care if they have to ditch/block all canned video and audio to do it. I want Skype to work but I don't need youtube, music, games and so on with a work phone (I can use a shenzhen generic for that).

      1. Anonymous Coward
        Anonymous Coward

        Re: Speaking as an android user (aka feeder of the chocolate factory)

        I want Skype to work

        LOL. And why, pray, do you then desire a secure device? Skype is provably intercepted.

        That's a bit like buying expensive locks on your house and then leaving the windows wide open when you go out.

        1. Lysenko

          I want Skype to work

          I'm interested in keeping criminal malware (<cough>Flash</cough>) off my phone. I don't give a rats ass about spooks listening in on my work calls. They would find out more intercepting my plaintext emails anyway.

    2. Anonymous Coward
      Anonymous Coward

      Re: Speaking as an android user (aka feeder of the chocolate factory)

      "And isn't that like putting an arsonist in charge of the Fire Brigade?"

      More like sending the engines out full of petrol instead of water...

    3. Anonymous Coward
      Anonymous Coward

      Re: Speaking as an android user (aka feeder of the chocolate factory)

      As a Wileyfox Storm owner I hope that they will. Since they're using vanilla CyanogenOS (just with a custom theme added), which is updated frequently, I'd have thought they should be able to.

      1. Anonymous Coward
        Anonymous Coward

        Re: Speaking as an android user (aka feeder of the chocolate factory)

        Off topic a bit but how are you finding the battery life on the Storm? That's the only thing putting me off at the mo.

      2. Anonymous Coward
        Anonymous Coward

        Re: Speaking as an android user (aka feeder of the chocolate factory)

        Just to add to my previous comment, my Storm received its first CyanogenOS update OTA today, just a week after it was shipped - so Wileyfox is looking promising so far.

        On the battery life, it's probably the weakest part of the phone IMO. It lasts a full day with moderate use, but isn't as good as I'd like. But then I'm one of those strange people who'd prefer the phone to be 1mm thicker and have twice the battery capacity.

    4. John Mangan

      Re: Speaking as an android user (aka feeder of the chocolate factory)

      "C'mon Wiley Fox! You're my other contender, make the same commitment."

      Since WileyFox use CyanogenOs I believe that commitment is already there, i.e. not dependent on WileyFox for updates at all. I could be wrong, of course . . . . .

      1. Fraggle850

        Re: Speaking as an android user (aka feeder of the chocolate factory)

        Yes, I'd have thought Cyanogen would be updateable without any involvement from WF, be interested in any of my esteemed commentards POVs. It's crackberry's promise of extra security over the top that I find interesting but perhaps this isn't such a concern on Cyanogen due to greater levels of user control (and again any intel from experienced commentards much appreciated)?

  2. Anonymous Coward
    Anonymous Coward

    Epic fail

    Crazy high pricing. Straight to landfill, I'm afraid.

    1. John Sanders
      Facepalm

      Re: Epic fail

      Sadly the truth.

    2. Anonymous Coward
      Anonymous Coward

      Re: Epic fail

      Some people will be willing to pay extra for security - especially when we start seeing large scale exploits on phones and people realize the landfill is the only option for their "inexpensive" phone that will never see a patch.

      Given that this is targeted at enterprises, they are certainly going to prefer this to support Android for their employees versus the alternatives. Blackberry still has a good reputation there, even if consumers forgot about them several years ago.

  3. xj650t

    Holy Sh1t

    An interesting Blackberry, slam Marshmallow on there and it's bye bye Samsung.

    1. N13L5

      Re: bye bye Samsung

      Its been bye bye Samsung for me for the whole year already, with their favoring of fashion over function, Knox being of benefit mainly to Samsung and Touchwiz getting ever more intolerable after using Sony's Z phones.

  4. jason 7

    Maybe...

    ...there is hope!

  5. Captain Scarlet
    FAIL

    As a previous BB10 User

    I can't honestly say I purchased my now replaced Q10 for its security, for me it was different and had a keyboard. Replacing BB10 with Android and pricing it over £400 meant it was easy for me to go I can't justify this so to a cheaper phone I went (My Q10 was 2 and a half years old but was broken :'().

  6. jeffdyer

    I would NEVER buy a device with any moving parts again.

    Too many problems with breaking ribbon cables for me. A fixed touchscreen device if looked after can last 3 or 4 years no problem but a slider? Wouldn't give it two years if opened continuously throughout the day.

    They may have been OK on 90s mobiles when people only used it a couple of times a day, but for a modern smart device? No way.

    1. Anonymous Coward
      Anonymous Coward

      I understand the worry but I've never seen a faulty Blackberry Torch and they had a similar mechanism.

      The price is a total non-starter here.

  7. Phil W

    Shut up and take my money!

    I'm desperately awaiting my contact being up so I can get this as my next upgrade.

    I have had a great many phones with QWERTY keyboards over the years and hate to be without one, but after my HTC Desire Z there weren't any Android QWERTY devices available and have been through a couple of generations of Samsung Notes now, and since it looks like the Note 5 won't be coming to the UK the Priv is looking extremely likely to be my next phone.

    The only thing the priv is missing for me is a tab key on the keyboard, this is would make it perfect for me (command completion in terminal sessions is even more useful when working from a phone).

  8. Anonymous Coward
    Anonymous Coward

    Forgot to mention Google?

    No other Android vendor has made a comparable commitment.

    I seem to recall reading, on this very site, that Google have made the same commitment for their Nexus devices? Actually I would be surprised if BlackBerry were committing to work on and issue updates to core Android independently of Google and the AOSP.

  9. Anonymous Coward
    Anonymous Coward

    No issues here... Honest!

    Ever see a CVE security issue for Android? There is a reason you haven't and it has nothing to do with the platform being more secure.

    BlackBerry is betting the farm on the wrong direction.

    1. Thecowking

      Re: No issues here... Honest!

      Yes, yes I have

      http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html

      Here's a list for you.

  10. captain veg Silver badge

    what's it got to do with OEMs?

    "Tardy patching by OEMs is the biggest reason Android devices are open to attack"

    Don't get this. At all.

    When Windows updates itself (for better or worse), the OEM has precisely nothing to do with it. Same for the various Linux distributions I have installed on PCs and Pis, so Google can hardly claim that giving the system away for free somehow absolves them.

    So, what's it got to do with OEMs?

    -A.

    1. David Dawson

      Re: what's it got to do with OEMs?

      Android is distributed as generic source to run on a few pieces of reference hardware.

      OEMs take that source and apply patches to it, then build their own binary distribution that is installed onto their hardware.

      Google don't distribute binaries apart for the nexus line.

      The patches come in various types, device drivers for sure, plus a bunch of mods on the UI and apps, some of which are extremely invasive in the code.

      It's not really comparable to a PC, which has highly standardised hardware.

      It probably could be, but you'd need to standardise the entire mobile hardware space with stable interfaces, have some defined standard boot mechanism and install process. I personally don't see that happening soon.

      1. Paul Shirley

        Re: PC, which has highly standardised hardware

        Not really. PC's have extremely diverse hardware, rampant competition for component use and from day1 had user accessible expansion support. Of necessity PC's evolved to have decoupled subsystems in both hardware and software that make fine grained patching a required feature and long term interface stability expected. Windows got most of it's early start by supporting more of those variants than other OSs.

        Mobile started as black boxes and largely remain that way today, with precious little cooperation beyond the SIM interface and comms standards and proprietary driver support locked behind NDAs. Enough of the driver support is locked away in opaque blobs that we're utterly dependent on OEMs to support them, made worse by Google persistently breaking kernel API compatibility.

        There's simply not enough evolutionary pressure on suppliers to support their black box devices. Even non stop security scares haven't managed it.

        1. silent_count

          Re: PC, which has highly standardised hardware

          I agree with your assessment, Paul Shirley.

          The only way I can see it changing is as a result of a class action. Something like: customers, whose phones are still under contract, sueing Verizon (for example) after the customers get hit with malware which Google issued an update for but which wasn't passed on in a timely manner by either the manufacturer or carrier.

          Such a lawsuit would lose but if the plaintiffs make enough noise, the mere possibly of losing money, combined with the bad PR might, just might, make those responsible get off their collective backsides long enough to change the status quo.

      2. captain veg Silver badge

        Re: what's it got to do with OEMs?

        Thanks for the explanation. So OEMs really are the distributors. Got it.

        Still, Google could make it a contract requirement that security patches are applied and disseminated in a timely fashion. After all, they are the ones taking the reputational hit.

        -A.

    2. Innocent-Bystander*

      Re: what's it got to do with OEMs?

      Assuming you are not trolling:

      OEM's put their own skins / launchers on top of Android so they release updates after making sure it doesn't bork their customization.

      There is delay #1.

      #2 is the carriers, which also have their own turn at compatibility testing their supported devices before pushing them to their respective customer bases.

      All quite legitimate concerns but it adds a lot of delays between google releasing the patch and said patch getting applied to your device.

      PC's are a different animal all together. MS and Linux vendors update their own codebases without having to test to make sure patches don't kill entire networks.

      If you work on a domain you'll notice that it's actually your IT guys who control patch releases, not Microsoft. The reasoning behind this is the same. They don't want rogue patches killing their networks.

      1. Anonymous Coward
        Anonymous Coward

        Re: what's it got to do with OEMs?

        And this testing and customisation costs money and they would rather you bought a new phone so low incentive for suppliers to offer updates

  11. Alan Denman

    Spend high get the big security...........

    ....of an empty wallet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like