Security glitch found on BES; protected business contacts can be viewed using Android apps
A security breach has been found in BES. The report, out of Germany, says that it was discovered that certain Android apps running on a BlackBerry device powered by the recently released BlackBerry 10.2.1, and plugged into BES, could access secured business contacts using Android apps like Skype. That is not supposed to happen, obviously, as Android Runtime enabled apps are not supposed to be in the work partition.
BlackBerry is not only aware of the problem, it has already fixed it. The repair is part of an update that is all set to be pushed out to BlackBerry 10 users. All that is required is approval from the carriers so that the update can be distributed. So far, BlackBerry 10.2.1, which features an improved Android Runtime, has been sent out to some users of the BlackBerry Z10 'all-touch' handset.
Certain business apps in BlackBerry 10 are protected to the point that incoming calls received while the corporate workspace is closed, will not show the caller's name on the screen. Being able to access this protected list of contacts through an Android app is an opening that needs to be shut. Security is the one feature that BlackBerry has left to sell to the the enterprise and to consumers who are increasingly worried about such things in the wake of the revelations involving the NSA.
Thanks, Anonymous Tipster!
source: Heise (translated)
Certain business apps in BlackBerry 10 are protected to the point that incoming calls received while the corporate workspace is closed, will not show the caller's name on the screen. Being able to access this protected list of contacts through an Android app is an opening that needs to be shut. Security is the one feature that BlackBerry has left to sell to the the enterprise and to consumers who are increasingly worried about such things in the wake of the revelations involving the NSA.
"We have investigated at issue in the Android app player involving specific permissions, and we have it in our addressed latest software build. We will work with our carrier partners to help ensure the update is available to customers."-BlackBerry
Thanks, Anonymous Tipster!
source: Heise (translated)
Things that are NOT allowed: