BlackBerry Privacy Notification Service boosts smartphone users privacy
BlackBerry has begun issuing notices to application developers — and consumers — anytime it finds an app approved in BlackBerry World that does more than consumers may think.
BlackBerry unveiled its new system for vetting smartphone apps at the Kaspersky Security Summit.
Adrian Stone, security director at BlackBerry stated:
“We believe this is the way forward for the entire mobile ecosystem,”
BlackBerry last week served its initial privacy notice in connection with a caller identification app called NumberBook, created by DEV Engineer. In addition to identifying callers, NumberBook also collects the user’s contact list and GPS location, discloses personal phone numbers without asking permission and can send text and e-mail from the user’s handset.
The app is not malicious, per se, says Stone. However, BlackBerry determined that it did not provide sufficient information to users about its added features, nor ask permission to distribute phone numbers.
NumberBook has been removed from BlackBerry’s online store, and the phone maker has issued an alert to BlackBerry owners who previously downloaded the app.
Two, new customer notifications to help address privacy and malware concerns
BlackBerry releases security notices to inform customers about software vulnerabilities that were identified, which we’re either working to address or don’t believe the potential risk warrants a security update. These notices typically provide mitigations, workarounds and authoritative guidance to reduce any potential risk for BlackBerry customers.
Given the possible privacy implications and security risks associated with mobile applications, the BlackBerry Security Incident Response Team is establishing two, new types of notices to help protect and inform customers: the privacy notice and the malware security notice.
Privacy notices are for applications that do not appear to have malicious objectives or aim to mislead customers, but rather don’t clearly or adequately inform users about how the app is accessing and possibly managing customers’ data. These notices provide information about an application’s behavior in order for customers to make an informed decision about whether to continue using the app. In addition, privacy notices will provide information on how to remove the application, if a customer determines that’s the best course of action for them.
Unlike privacy notices, malware security notices are released to inform customers about software that is developed with malicious intent, and it provides details about the malware’s activities, potential mitigations and guidance on how to remove it from their device.
Vulnerability Disclosure Policy
All reports of vulnerabilities in BlackBerry products or services are investigated by the BlackBerry SIRT. For currently supported and non-beta products, the BlackBerry SIRT will follow BlackBerry triage and remediation processes and take appropriate action to help protect customers. For confirmed vulnerabilities in publicly released, in-support products, this will normally result in the publication of a security advisory, along with a corresponding software update to address the issue.
When vulnerabilities are reported to BlackBerry, industry standard best practices around coordinated vulnerability disclosure are followed and individuals and/or companies who worked with the company on security advisories are acknowledged. BlackBerry also acknowledges individuals and/or companies who report non-advisory class issues for their work to help protect BlackBerry customers.
You can find out more, report security issues and more here.
