Managing Android Security Patching for PRIV

PRIV by BlackBerry

PRIV by BlackBerry privacy on ad imageIn our first blog on PRIV privacy and security, we talked about how protecting the privacy of users goes far beyond the engineering we’ve done to harden the device across all layers of hardware, firmware, and software. Android is a complex, rapidly changing, massively popular, open source product, which makes it an attractive and fertile target for attackers. BlackBerry’s security research team is constantly examining the firmware and software content in new releases to locate and address even more Android problems before they can cause harm.

(Also read “PRIV is for Private” and this deep dive into privacy monitoring app, DTEK, both by my colleague, Alex Manea.)

Android also demands world-class security incident response, and BlackBerry has a long history delivering that to customers with the highest value resources under their (and hence our) protection. A critical part of our response strategy is the Android vulnerability patch program – second to none in the industry. In this blog, we’ll provide more detail on this program, which is comprised of three new initiatives:

  1. Android monthly security update process
  2. “hotfix” patching
  3. Enterprise-managed updates

iStock_000001742181_Large

Android Monthly Security Updates

Each month Google releases to BlackBerry and other Android OEMs a security bulletin containing a list of recently discovered Android vulnerabilities. Approximately one month later, Google exposes these in the public domain, so it is critical that BlackBerry release software in advance of public disclosure.  BlackBerry will release these monthly updates to users that have purchased PRIV through shopblackberry.com and to PRIV resellers (carriers and other authorized dealers) that have agreed to participate in our regular monthly update program and facilitate rapid approval of our monthly updates for over-the-air (OTA) to subscribers.

Hotfix

Some critical Android vulnerabilities – for example, one that can be easily and remotely exploited with a publicly disclosed method to execute “root” privileged malware – simply can’t wait for a monthly update cycle.  Depending on the severity of the problem, complexity of the fix, and timing relative to the monthly update cycle, BlackBerry will opt to perform a hotfix, where the code to address only the specific critical problem is pushed to customers. Because a hotfix is typically limited in scope, the balance between a longer testing and approval process and the risk from the critical flaw makes this approach an important addition to helping keep users safe and secure. While BlackBerry will work with its go-to-market partners on approval and delivery of hotfixes, BlackBerry has the ability to directly patch all PRIV variants and will do so when necessary to protect users and enterprises.

Enterprise-Managed Updates

Historically, IT has managed the delivery of OS updates to business PCs. By controlling when and to which devices and users that patches are delivered, IT can avoid expensive software incompatibilities and ensure that the security issues most important to the business are mitigated. In the mobile world, enterprises have lost this control. BlackBerry aims to bring back this control through BlackBerry Enterprise Server (BES) and OTA management systems.

PRIV by BlackBerry is leading the Android smartphone world in privacy and security.  This leadership requires tremendous resources and hard-earned expertise in protecting users that go far beyond the engineering of the device itself.  Setting the bar in incident response and patch management is a critical part of the BlackBerry end-to-end Android privacy strategy.

About David Kleidermacher

I am dedicated to the vision of a trustworthy, scalable Internet of Things, including mobile devices, connected embedded systems, and cloud infrastructure. As Chief Security Officer at BlackBerry I am responsible for product security and security research. I am a leading authority in systems software and security, including secure operating systems, virtualization technology, and the application of high robustness security engineering principles to solve computing infrastructure problems. I earned my bachelor of science in computer science from Cornell University and am a frequent speaker and writer in the area of computer security, including delivering the 2014 Embedded World Conference Keynote, "Securing the Internet of Things" and author of the book "Embedded Systems Security", Elsevier 2012.

Join the conversation

Show comments Hide comments
+ -
  • http://www.androidpolice.com/2015/11/04/blackberry-commits-to-monthly-android-security-patches-for-the-priv/ BlackBerry Commits To Monthly Android Security Patches For The Priv

    […] BlackBerry […]

  • http://androiduse.com/blackberry-details-its-plans-for-handling-android-security-updates/ BlackBerry details its plans for handling Android security updates - AndroidUse

    […] Source: BlackBerry […]

  • http://techcrunch.com/2015/11/04/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work | TechCrunch

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.inpakistan.net/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work | Pakistan Biggest Portal to Provide Latest News & Entertainment!

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.spidersweb.pl/2015/11/blackberry-android-aktualizacje.html Oto jak BlackBerry chce przekonać do siebie klientów. I to może się udać

    […] BlackBerry ujawniło, na jakiej zasadzie i z jaką częstotliwością przygotowywane i udostępniane będą takie […]

  • http://thedeadline.biz/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work - The Deadline

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://mobilenetworkooggle.com/blog/?p=5409 Google Says Over 19K Organizations Are Now Testing Or Using Android For Work | Mobile Network Google

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://kedaikopi.org/2015/11/05/blackberry-akan-menawarkan-kemaskini-sekuriti-android-bulanan-untuk-pengguna-priv/ Blackberry akan menawarkan kemaskini sekuriti android bulanan untuk pengguna priv | Kedai KoPi

    […] Sumber Rujukan: BlackBerry […]

  • http://www.knownaija.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work - KnowNaija

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.kaxtone.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work | KaXtone

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://h2ostandard.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work | The H2O Standard

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.entirenewslink.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work | Entire News Link

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://topiik.com/2015/11/04/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work - Topiik

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.androidauthority.com/blackberry-priv-monthly-security-updates-653542/ BlackBerry Priv to receive monthly Android security patches

    […] has just released some detailed information as to how it plans to keep its upcoming Android-powered handset, the […]

  • http://mermify.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work - Mermify

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.geektechtalk.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work - GeekTechTalk

    […] total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://techgiantnews.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For WorkTech Giant News

    […] with over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.talkandroid.com/272387-blackberry-priv-timely-security-updates-promise/ BlackBerry’s Priv should have timely updates | TalkAndroid.com

    […] Source: BlackBerry […]

  • http://www.visibleteam.com/2015/11/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work - VisibleTeam

    […] a total of over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.spjmobile.com/2015/11/blackberrys-priv-should-have-timely-updates/ BlackBerry’s Priv should have timely updates | SPJ Mobile Network

    […] Source: BlackBerry […]

  • http://pjtec.info/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work | PJ Tec - Latest Tech News

    […] working with over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.geektechtalk.com/google-says-over-19k-organizations-are-now-testing-or-using-android-for-work-2/ Google Says Over 19K Organizations Are Now Testing Or Using Android For Work - GeekTechTalk

    […] with over 80 partners. One of these is BlackBerry, which will support Android for Work and match Google’s Android patch schedule for its PRIV device through monthly scheduled updates. Other partners include the likes of Citrix, […]

  • http://www.somedroid.com/2015/11/04/blackberry-priv-to-receive-monthly-android-security-patches/ BlackBerry Priv to receive monthly Android security patchesSomedroid | Somedroid

    […] has just released some detailed information as to how it plans to keep its upcoming Android-powered handset, the […]

  • http://ragilcell.com/blackberry-promises-monthly-android-patches-can-override-carriers-for.html BlackBerry promises monthly Android patches; can override carriers for … | Ultimate Ragil Celullar

    […] an Android phone builder following a entrance of its initial phone using a software, pronounced in a blog post that it was “critical” to repair Android flaws in a timely […]

  • http://andropet.com/?p=20197 BlackBerry Priv to receive monthly Android security patches | andropet

    […] has just released some detailed information as to how it plans to keep its upcoming Android-powered handset, the […]

blog comments powered by Disqus