BlackBerry has released details on how they’ve secured Android on their upcoming Priv smartphone, giving us an idea of how they plan to deliver their promise of privacy.
The BlackBerry Priv will ship with the same hardware root of trust as current BlackBerry devices. In a nutshell, this means injecting cryptographic keys into hardware components. The Priv uses these during a verified boot and secure bootchain process to verify the integrity of hardware and software alike.
Once the device is booted up, it will run a hardened Linux kernel that BlackBerry claims has “numerous patches and configuration changes to improve security.” According to prior leaks, this is likely referring to the grsecurity kernel. The device will also use FIPS140-2 compliant full disk encryption, likely meaning 256-bit AES, by default. This is a change from current BlackBerry phones, where full disk encryption is disabled by default.
The Priv ships with the BlackBerry DTEK app as well, as seen in prior marketing material. It turns out that this app has already appeared in earlier leaks under the BlackBerry Safeguard name. It will provide a security score for the device based on password strength, encryption settings, and apps installed. It will show which apps are able to access personal data and provide recommendations to improve security.
For enterprise users, the Priv will work with the BES12 Enterprise Mobility Management platform using BlackBerry’s secure infrastructure. It will also include Android for Work to provide secure separation between work and personal data.
The BlackBerry Priv is expected to launch in November. UK customers can pre-order it now at Carphone Warehouse, but we are still waiting on availability details for the rest of the world.
Source: Inside BlackBerry