Android has faced its share of security challenges over the years, from issues like the Stagefright exploit to the reckless abandon that OEMs and carriers have taken towards keeping their devices up-to-date. After promising full disk encryption would become standard in Lollipop, Google is just starting to make it mandatory two versions later, on new Marshmallow devices. There has never really been an Android phone that caters to enterprises or privacy-conscious individuals, until now. The storied “enterprise mobility” company, Blackberry, has made a pair of secure Android phones the focus of its hardware lineup: the Blackberry Priv and Blackberry DTEK50.
Do privacy & security features really differentiate the Priv and DTEK50 in a world of commoditized Android devices? Is the bundled DTEK security app worth the hype? Find out below:
The Blackberry Priv was released in Nov 2015 as a flagship Android device for the security minded. It was also the company’s first Android device after years of sticking by its BB10 OS. Originally released at a flagship price of $699, the Priv now sells for just over $500 unlocked on Amazon.
Inside the Priv is a Qualcomm Snapdragon 808 processor, 3 GB of RAM and 32 GB of storage on the base model, standard fare for a 2015 flagship. The Priv features a slideout keyboard for die-hard Blackberry fans, and a 5.4-inch curved edge AMOLED touchscreen. It initially shipped with Android 5.1.1 (Lollipop) but has since been upgraded to Android 6.0 Marshmallow.
The Blackberry DTEK50 came out more recently in Aug 2016, as a midrange device priced at $299 unlocked. This comes in at the high end of the $200-$300 price bracket, where phones like Moto G4 Plus are stiff competition.
Inside the DTEK50 is a Qualcomm Snapdragon 517 processor, 3 GB of RAM and 16 GB of storage on the base model. Like most Android phones, the DTEK50 does away with the keyboard, leaving a 5.2-inch IPS LCD touchscreen. It comes out-of-the-box with Android Marshmallow 6.0.
DTEK by Blackberry
DTEK by Blackberry is a security app exclusive to their Android handsets. It comes preloaded on both the Priv and DTEK50 devices. What does it entail?
- Managing individual app permissions such as camera, contacts and location access
- Alerting you whenever an unknown app tries to access sensitive information, giving you the choice of allowing or denying the request
- Making security recommendations such as enabling screen lock, disabling unknown sources and enabling app scanning in the Google Play Store
- Factory Reset Protection – if your device is lost or stolen, this feature prevents thieves from resetting it without your Google Account login
The best way to describe DTEK is an app that highlights the security features available on any Android device. Most Android users already have features like app scanning enabled by default, so the security recommendations are rudimentary, at best. Users running Marshmallow or later, even those with non-Blackberry devices, can navigate to Settings > Apps and grant permissions individually for each app using toggles much like in the DTEK app.
What DTEK does is make these features more visible to the user, with a security rating “excellent”, “fair” or “poor” that makes it obvious if there are simple steps you can take to protect your device. At a glance, you can see how many times any app on your phone has accessed your camera, contacts, location, microphone or SMS. If you want, DTEK can also alert you by push notification whenever an app takes these actions, which Marshmallow doesn’t do natively once you grant permissions to an app for the first time. For all but the most paranoid users however, most will find these notifications overzealous.
Hardware Security Features
The hardware security features of the Priv and DTEK50 are less talked about, but what really sets these devices apart as the most secure Android phones on the market. IT professionals who already ask for these features on laptops and desktops will be no stranger to them, but the benefits are easily overlooked by the average user.
Hardened Linux Kernel – The regular Linux kernel on other Android devices have built-in security modules like SELinux, but Blackberry has gone one step further and hardened the configuration with their own patches to prevent low-level malware exploits.
Hardware Root of Trust – All Blackberry Android devices have a hardware module that checks whether the components of the device are genuine, and signed with the company’s digital signature. In theory, if a Blackberry Priv was counterfeited or tampered with, the software would immediately flag this to the user and device administrator.
FIPS 140-2 Compliant Full Disk Encryption – Every modern Android device has a full disk encryption option, but it’s turned on by default on the Priv and DTEK50. Also, Blackberry had their implementation FIPS 140-2 certified, a standard recognized by the U.S. government.
Blackberry also claims to patch its Android devices more quickly than any other competitor with Google’s monthly security updates. Since the Blackberry Priv and DTEK50 are still new, it remains to be seen if Blackberry delivers on its promise to provide updates over time for their devices. If they do, Blackberry could easily become the go-to choice for IT departments rolling out Android devices to their users.
Should you choose the Blackberry Priv or DTEK50?
If you’re an Android enthusiast who roots every device that comes your way, the Blackberry Android devices might not be for you. The company is openly against rooting because it permits privilege escalation that compromises the security enhancements they have done to the Blackberry Android OS.
The bootloader is locked, which means you can’t boot any third-party ROMs on the Priv or DTEK50. Don’t count on them releasing a bootloader unlock anytime soon. Blackberry’s main business is in Mobile Device Management (MDM), providing a suite of software for corporate IT to monitor if any devices on their network have been rooted. Blackberry Integrity Detection, a part of the DTEK app, will raise all sorts of red flags if you ever managed to tamper with the OS.
Luckily, Blackberry had the sense to keep their flavor of Android close to stock, without saddling it with too many apps that slow down the OS. After all, that’s a major reason why everyday users are forced to root their devices. If you’re coming over to Android from iOS, Blackberry’s approach with their secure Android phones shouldn’t be too much of a shock to you. This is the reason why most enterprises deploy iPhones, and Blackberry has a real prospect of changing that with the Priv and DTEK50.
In a world where invasion of privacy is seen as a constant threat, choosing a secure Android device can help alleviate those concerns. If you know people who cover their laptop webcams with a piece of black tape, that’s exactly the type of user the Blackberry Android devices are aimed at. Nobody wants to be constantly surveilled, and leaking private data when using “free” apps is a real concern. App makers, more often out of sloppiness than malicious intent, are notorious for requesting too many permissions that are unnecessary for the functioning of the app. The DTEK app offers a user-friendly way to put you back in control of the information you share with each app.
Android itself has come a long way in granularizing its permissions and beefing up security overall, but a device from a security-minded manufacturer like Blackberry can provide an additional layer of protection.