BlackBerry Reveals How Priv Improves Security And Privacy

The Priv will be BlackBerry's first Android-based smartphone, but unlike most other Android smartphones, the company promised to take a strong stance on protecting the privacy and security of the user.

The company claimed that it's going to employ a number of features to achieve the higher standard of privacy and security.

State-Of-The-Art Technical Security

The company has made significant improvements to the Priv's core to increase its security and privacy. One of the earlier rumors said that it would use the Grsecurity suite of kernel security enhancements, which should make the Priv nearly invulnerable against kernel exploits.

Although the Grsecurity patch will use its many protections to enhance the security of the Priv's kernel, Android's Linux kernel is still somewhere around 15 million lines of code, which is about 150 times larger than the much smaller BlackBerry 10 QNX-kernel. In other words, it's still a large target, and exploiting it shouldn't be impossible. However, it should be significantly more secure against zero-day attacks than most, if not all, Android devices out there.

Another security feature that BlackBerry unveiled recently is the picture-login mechanism, which was introduced in BlackBerry OS 10.2.1 and is now present on the Android-based Priv. The way it works is that it lets the user match numbers with part of a picture, which should make it both easy to use and hard for an automated bruteforce tool to crack the login password.

Private Communications

BlackBerry enumerated a number of private communication tools that the Priv supports, including the company's own BBM Meetings, which is a private conference tool; WatchDox for private file sharing; and SecuSUITE for private calls. In addition, the Priv will also have access to the Play Store and other apps such as TextSecure/Signal, Silent Phone, Whatsapp, Line, and so on.

Privacy Monitoring And Configuration

Although it doesn't mention exactly how it's doing it, BlackBerry said that it will give Priv owners the ability to control "security-critical" device resources. This will likely be implemented through some kind of permission control system that may work for some, but not all permissions. It's unlikely to work as well as the new permission control system from Android Marshmallow, but the Priv will arrive with only Android 5.1.1 on board at launch.

The company also said the phone will come with the DTEK warning system app, which sounds like some kind of anti-malware tool. Users will be able to see their privacy settings presented simply, making it easier to understand what's going on.

Fast Vulnerability Patches

BlackBerry noted that what sets it apart from other smartphone OEMs is that it has a "world-class" security team that can quickly respond to major vulnerabilities in its operating systems, before they affect the users. Considering that vulnerability patches are one of the top ways to keep devices safe against malware and hackers, it's good to know that BlackBerry intends to take updating its Android-based devices seriously.

The company plans to publish more blog posts about the Priv's security features in the coming weeks. The phone still doesn't have an official release date yet, but there's a pre-registration page where people can sign up and expect to receive notice of the phone's launch in the near future.


Lucian Armasu joined Tom's Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.

You can follow him at @lucian_armasu. Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Liam Bulkley
    That 12million line figure is quite misleading. That includes ALL of the code in Linus' tree...the majority of which is drivers...that vast majority of which aren't installed on any particular system.
    Likewise, that 100kloc figure for qnx is ONLY for the ukernel itself.
    An apples to apples comparison would be to count the lines of code that get included for a PARTICULAR android device (so, after config but before make).
    Also, with judicious use of seccomp, you can minimize the surface area that any particular app sees, and, as you point out, what's left can be dealt with via grsecurity.
    Obviously, exploits will still be possible, but qnx itself isn't proven to be free of implementation flaws (sel4 is, I believe, still the only fully verified kernel).