BlackBerry's software is known for its security sophistication. But the company's latest smartphone doesn't run BlackBerry OS. It runs Android, whose security, taking past months reports into consideration, can be best described as sketchy. So how secure is the new handset? The Canadian conglomerate assures that the BlackBerry Priv maintains the same level of security the company puts on all of its handsets. If you're still having a hard time taking the company's word for it, the company has offered a lengthy, more convincing explanation.
In a blog post, the company says that the BlackBerry Priv uses a unique homegrown manufacturing process dubbed Hardware Root of Trust that injects cryptographic keys into the device hardware, which the company claims, improves the security for the entire system.
The company has documented several other features that it baked into the Priv. A feature called Verified Boot and Secure Bootchain, the company says, uses embedded keys to verify every layer of the device from hardware to the operating system at startup, along with apps, to ensure that nothing has been compromised.
The BlackBerry Priv also comes with "hardened" Linux kernel with numerous patches and a special configuration to bolster the security. The device also encrypts the full disk by default complying with FIPS 140-2 standard.
The handset also comes with tools such as BES12, a dashboard to simplify the management of users, services, and policies, and BlackBerry Infrastructure, which works with security and privacy of the user in mind.
In a separate blog post, David Kleidermacher, Chief Security Officer at BlackBerry noted a couple of other aspects that makes the handset more secure. Kleidermacher pointed out that the Priv comes with company's patented picture-login, which represents "the best combination of security strength and ease of use for any smartphone authentication scheme available on any mobile device today." He also wrote that BlackBerry comes with built-in privacy monitoring that offers users more information over how applications make use of security-critical device resources.
"Android is a complex, rapidly changing, massively popular, open-source product, which makes it an attractive and fertile target for attackers. Such an environment demands world-class security incident response, and BlackBerry has a long history delivering that to customers with the highest value resources under their (and hence our) protection. BlackBerry's vulnerability patch program is second to none in the industry," he wrote.