Web Security Analysis of 12 BlackBerry 10 Applications

Security

For many BlackBerry 10 users, security is a very important concern.  While there are a lot of us who value the availability of applications for BB10, we still want to ensure that they are indeed safe and free from malware and vulnerabilities.

BlackBerryGuardian

BlackBerry has stepped up to the plate by introducing BlackBerry Guardian.  BlackBerry Guardian also incorporates technology from software security leader Trend Micro. BlackBerry Guardian is constantly evolving to help identify the most advanced forms of malicious software and privacy concerns.

In the “File Archive Haven” blog, author Lloyd Summers in an article titled, “Web Security Analysis of 12 BlackBerry 10 Applications” does an analysis of some BlackBerry 10 apps and ranks their vulnerabilities based on data collection and other factors.

Now while he notes that there may be some legitimate reasons for some data collection he does highlight the importance of developers being as transparent as possible on why they need to collect the data that they do and also sharing their data collection policies.

Source: File Archive Haven

There are plenty of valid reasons why a developer may be collecting data.  They may want to know how many keyboard phones are having a particular crash issue, or they need to prove their users really exist to advertisement companies. 

What defines legitimate data use is a much more complicated topic and changes from country to country.  I’ve done my best to break apart the legitimate collection (and proper handling) of data from the suspicious as I moved through the applications.

At the end of the day its up to the developer to share their privacy policy with you and to ensure they disclose what they use the information for.  If they collect or give away data that identifies you as an individual, you must be aware of it and you must agree to it. 

Users should never be afraid to ask a developer what they are collecting and what they are using the information for, but at the same time, its always best to assume they are collecting data for a legitimate reason when reaching out to them for the first time.

Below are the rankings and the author does go into great detail to explain why the following apps were ranked as they were.  This information is available at the following link:

WebSecurityAssessment

Download Links Ranked by Risk:

Safety

As a BlackBerry 10 user, I do think that we are fortunate to have several third party developers who have stepped in and created native BB10 client apps for some of the more popular big-named applications that are not yet available in BlackBerry world.  And for that, we are all thankful.

But we also need to keep in mind the security aspect and vulnerabilities of some of these apps, so that our privacy and security is not compromised.  While there are some who may or may not agree with the assessment, there are some valid points that the author has made which we all should take into account when downloading apps.

When looking for secure applications keep these tips in mind:

  • Be cautious of applications that don’t connect directly to a the service you expect.  If it goes through a third-party website, that website can be hijacked to get access to you!  And if the application is sending data to 12 different websites, that’s 12 different opportunities for someone to get access to your information that the developer has reduced control over.
  • Don’t be afraid to ask tough questions.  Your data is yours, you should not have to hand it over without someone telling you what they are collecting, why they are collecting it and who they are sending it to.
  • Call out people who break policies and terms of service.  Someone who creates a pretend social media application without authorization isn’t really from from that company.  They don’t build the API’s or Servers and they don’t decide the rules.  They are charging you for a service they don’t own, aren’t actually supporting and in many cases, don’t even understand.  And if things go sideways – they won’t be standing next to you fighting to get your accounts or passwords back.
  • Don’t trust applications from developers where support is incomplete or contradicts BlackBerry support sites.  Be very cautious of people who use emotional, unprofessional or slang terminology with their clients.

While we all want to have access to the popular apps, I do think that we should be careful and mindful of the apps that we download.  We also would like to hear your perspective regarding this issue, so please let us know your thoughts in the comments below.

Update: Nemory Studios has posted an official response.  It can be viewed here

web99

Web99 enjoys tech and has tried smartphones on all the major platforms. Out of all devices he has tried, BlackBerry10 best fulfills his needs.

Top