Google has published Android Security 2016 Year In Review. Of course BlackBerry is there.
Earlier this month Google published it’s Android Security 2016 Year In Review. The 71 page report covers various aspects of Android security. From OS security, to information about the ecosystem as well as speaking about various vulnerabilities over the last year. It is a very interesting read, and if you have some time, I’d suggest you give it a good read. You can read the entire report here.
Of course, if you’re like me, you’re going to be looking for something quite specific in a report about Android security. What I’m looking for is BlackBerry, and of course, BlackBerry is there. Even if BlackBerry was forgotten by some that chose to report on these findings. More on that later. Let’s run through the appearances of BlackBerry in the report.
First up in the report is security updates. In 2015 Google promised monthly security updates. Of course we know, not all android manufacturers pushed those updates out to their devices in a timely manner, or even at all. From the report:
“Several manufacturers, including Samsung, LG, BlackBerry, and OnePlus, regularly deliver security updates to flagship devices on the same day as Google’s updates to Nexus and Pixel devices, thereby providing their customers
with the most up-to-date security available.”
The next mention of BlackBerry is when speaking of Zero Days. This gets interesting.
“The combination of regular monthly security updates and fast responses by Android device manufacturers significantly mitigated the impact of zero day vulnerabilities against the Android platform. For example, CVE-2016-5195 (also known as Dirty Cow) was publicly disclosed on October 19, 2016. As the Android Security 2016 Year in Review / Android Platform Security 29 patch was available from upstream Linux, some device manufacturers, such
as BlackBerry, deployed a fix in time for the November 2016 security update. We created a special patch string (November 06, 2016) for devices to indicate the vulnerability had been fixed. A fix was required for the December 01, 2016 security patch level.”
Dirty Cow allowed attackers to escalate to root privileges through a race condition bug and gain write-access to read-only memory. The vulnerability had been present for nearly a decade in the android kernel and Linux. The kernel and Linux vulnerabilities were patched in October of 2016, and publicly disclosed October 19th. BlackBerry utilized this fix to push the patch to it’s android version in the November update. Google pushed the update within it’s December security update, following BlackBerry by a month.
The third mention of BlackBerry with the help of ValueWalk, shows us that “fake news” does in fact reach into the mobile tech world. The report speaks of those devices that attained an update rate of 60% or better. Now, every BlackBerry user knows that we receive each security update, unless our phone carrier is withholding the updates from us of course, but that is another matter. From the Google report:
“Here are some of the Android devices that attained an update rate of 60% to 95% by the end of 2016: 2 Google Pixel, Google Pixel XL, Motorola Moto Z, Droid, Oppo A33W, Nexus 6P, Nexus 5X, Nexus 6, OnePlus OnePlus3, Samsung Galaxy S7, Asus Zenfone 3, bq Aquarius M5, Nexus 5, Vivo V3Max, LGE V20, Sony Xperia X Compact, BlackBerry PRIV.”
Last week, ValueWalk reported on this very report in a post titled “Most-Patched Android Phones In 2016: Google’s Latest Security Report” This blog post was not about the overall report, although it did mention a few aspects of it. Just like the blogpost your reading now, the ValueWalk piece had a specific topic. This Blog post is about BlackBerry within the report. ValueWalk’s was about the most patched phones. Let’s look at the portion of their post which speaks about the direct quote I listed above.
“Google also came up with a list of Android devices with the most security patches for 2016: Nexus 6P, Nexus 5X, Nexus 6, Nexus 5, Vivo V3Max, LG V20, Google Pixel, Google Pixel XL, Samsung Galaxy S7, Asus Zenfone 3, bq Aquarius M5, Motorola Moto Z Droid, Oppo A33W, Sony Xperia X Compact and OnePlus 3. You may notice that the names of major Chinese manufacturers such as Xiaomi and Huawei are not on the list.”
They seem to have forgotten something haven’t they? It’s quite odd that they only forgot one phone, and that phone was of course the BlackBerry Priv. Regardless of what some media outlets choose to report, BlackBerry Android is still the most secure Android.
— BlackBerry (@BlackBerry) March 31, 2017