One of the complaints about Android has been fragmentation, which applies to security as well as user experience. Today, there are lots of small companies offering “hardened” Android implementations that purport to offer enhanced security and privacy. Unfortunately for buyers, there does not exist today an independent means to evaluate vendor security claims in any scientific way. It comes down to: whom do you trust?
(Originally posted on the Inside BlackBerry Blog)
At BlackBerry, we avoid denigrating other people’s products or making misleading comparisons. We would rather explain the technical details of our solution and allow buyers to judge based on those details as well as past performance of delivering on our claims.
In our PRIV security and privacy blog series, we have outlined the major prongs of BlackBerry’s Android security strategy, of which OS hardening is just one piece. BlackBerry’s security incident response strategy (including rapid patching) is one example of how buyers must consider not only the device but also the company behind the device and that company’s past success and commitment to putting your security and privacy first.
Indeed, with daily breaches of personal information and a widespread media focus on the debate between encryption and lawful access, it has become fashionable for consumer tech companies to claim unwavering support for your privacy. Your trust is not something that can be cajoled with an essay or bought with advertising dollars; it must be earned over time, by a steadfast dedication to and successful track record in protecting your information while it is under the supervision of our devices, applications, and cloud.
BlackBerry has delivered for over a decade while others promise. Fifteen years of mobile devices protecting the privacy of your messages, contacts, phone calls, e-mail; trillions of instant messages securely and privately delivered; protecting your valuable information across all walks of life, nations, and industries – privacy is deeply interwoven into BlackBerry’s DNA and is top of mind for all of us who work every day to bring you a productive, fun, and secure mobility experience.
Now let us talk about a few more of those technical details, including a discussion around Android versions.
PRIV initially shipped with Android Lollipop (L) 5.1.1. Google has released Android 6 Marshmallow (M) to device makers, and BlackBerry is in the process of integrating the new release. Marshmallow adds a number of security enhancements. However, when it comes to “hardening” Android, BlackBerry’s special sauce includes numerous additional improvements independent of the Android version number, such as:
- Supply chain security for hardware root of trust. That means we “sign” all of our hardware with digital keys at the manufacturing level to ensure device integrity.
- Improvements to the Address Space Layout Randomization (ASLR) security technique that are not in Android L or M and make it far more difficult for malware – even something like Stagefright – to exploit Android software bugs.
- Improvements to the SELinux mandatory access control policy system not in L or M.
- The Pathtrust utility, which goes above L or M in ensuring that untrusted code cannot be introduced into the system dynamically via malware.
- Hundreds of hardening improvements to the Linux kernel and Android service framework to enable features like DTEK, our new app that helps you protect your own security and privacy.
- Tamper-proofing of critical security parameters.
- Cryptographic improvements, including the use of BlackBerry Certicom certified-FIPS 140-2 security compliant cryptographic library and other techniques that improve upon the Android password’s protection against brute-force attacks.
- Support for smart card authentication and other enterprise-specific features that benefit business users.
Of course, there is a lot more to be said about business users. BlackBerry is the only company to provide not only a top-of-the-line secure Android device but also a top-of-the-line Enterprise Mobility Management suite. Enterprises around the world use BES12 to manage all endpoints, not only BlackBerry devices, but also phones and tablets running iOS, other Android implementations such as Android for Work and Samsung KNOX, and Windows Phone.
BlackBerry’s goal is to provide solutions that make users – both device users and IT professionals – more productive, efficient, and secure, and this means a cross-platform suite of management, communication, and collaboration software that is mobile OS and device agnostic.
Whether it’s Android Lollipop or Marshmallow (or future flavors), PRIV represents the state-of-the-art for Android security and privacy, incorporating BlackBerry’s technology, experience, and proven commitment to security and user privacy that is simply unmatched in the mobile world.