In our first blog on PRIV privacy and security, we talked about how protecting the privacy of users goes far beyond the engineering we’ve done to harden the device across all layers of hardware, firmware, and software. Android is a complex, rapidly changing, massively popular, open source product, which makes it an attractive and fertile target for attackers. BlackBerry’s security research team is constantly examining the firmware and software content in new releases to locate and address even more Android problems before they can cause harm.
Android also demands world-class security incident response, and BlackBerry has a long history delivering that to customers with the highest value resources under their (and hence our) protection. A critical part of our response strategy is the Android vulnerability patch program – second to none in the industry. In this blog, we’ll provide more detail on this program, which is comprised of three new initiatives:
- Android monthly security update process
- “hotfix” patching
- Enterprise-managed updates
Android Monthly Security Updates
Each month Google releases to BlackBerry and other Android OEMs a security bulletin containing a list of recently discovered Android vulnerabilities. Approximately one month later, Google exposes these in the public domain, so it is critical that BlackBerry release software in advance of public disclosure. BlackBerry will release these monthly updates to users that have purchased PRIV through shopblackberry.com and to PRIV resellers (carriers and other authorized dealers) that have agreed to participate in our regular monthly update program and facilitate rapid approval of our monthly updates for over-the-air (OTA) to subscribers.