“We only build secure phones,” BlackBerry CEO John Chen told CNBC last year when asked about rumors that the company was working on an Android device. A few months later we released the PRIV, bringing the quintessential BlackBerry experience – productivity, privacy and security – to Android. Our industry-leading platform hardening helped to protect PRIV from rooting and other vulnerabilities, the exclusive DTEK app gave individuals control over their privacy, and then there was the most important ingredient – a commitment to consistently deploy security patches as soon as they become available.
We’ve delivered on the patching promise, releasing fixes every month in sync with Google’s own Nexus devices and many weeks and months ahead of other Android device makers. Why aren’t these types of patches available for all devices and platforms? “Manufacturers are to blame, because most do not provide regular security updates,” said University of Cambridge researchers late last year. As a direct result, their study found that 87% of Android devices were “vulnerable to attack by malicious apps and messages”.
In May of this year, another researcher found “a chain of exploits that would allow an attacker to take total control of an Android phone”. Solution provider Duo Security revealed that the vulnerability was present on 60% of Android phones, despite the fact that Google had released a fix back in January, or 4 months earlier. And just a few weeks ago, Duo Security demonstrated yet another serious attack “resulting in a bypass of the phone’s full disk encryption”. Once again Google patched the vulnerability months ago, and once again Duo Security found that over half of Android phones were still vulnerable. Neither of these vulnerabilities affected the PRIV. But more importantly, in situations where BlackBerry Powered by Android devices are affected, BlackBerry and Nexus users get first access to security patches, ensuring that they’re always protected with the most up-to-date security fixes.
These types of vulnerabilities are not specific to Android and Google is clearly not to blame – they’ve demonstrated a commitment to releasing timely security patches on both mobile and desktop platforms. And if you think that iOS has fewer vulnerabilities, think again – a study earlier this year by security firm GFI found 375 publicly disclosed vulnerabilities in iOS, nearly 3 times as many as in Android.
Rapid patching is just one of the many reasons why BlackBerry users get to enjoy more privacy and security. A secure Android device is what our CEO promised and that’s exactly what we’ve delivered. I hope you’ll join me at the annual BlackBerry Security Summit this coming Tuesday, July 19th in New York City, where we’ll reveal and discuss more details on our vision and roadmap and bring in some of the top security professionals from around the industry to share their insights. Until then, please share your thoughts in the comments below or on Twitter with #BBSecurity.