BlackBerry phones were once the default choice for enterprise, the combination of physical keyboard and secure messaging facility the two key selling-points. Those days are long gone.
The company dismissed the iPhone when it was launched in 2007, claiming that touchscreen phones could never compete with physical keyboards – before doing a U-turn by launching its own touchscreen phone less than a year later. A series of major service outages and a failure to deliver the promised BlackBerry 10 in 2011 sealed the company’s fate as a major player, and it today appears set to completely cede the secure messaging space to Apple.
BlackBerry CEO John Chen effectively admitted in December that the company had a ‘backdoor’ into its supposedly secure messaging system, and the company has now stated that it will this year make only Android phones – a platform not noted for its security credentials. This shortly after Microsoft’s Windows Phone looked even more irrelevant, the company reporting that revenues had halved year-on-year …
While BB10-powered phones remain on sale for the moment, there seems little prospect that BlackBerry would make only Android phones this year before resuming production of BB10 phones later. The BB10 ‘secure’ platform is now living on borrowed time.
While BlackBerry is reportedly working hard to persuade government customers that its Android-powered phones can also be secure, there seems little realistic prospect of the company selling this message to corporate customers. Android’s history is littered with major security flaws.
We’re not talking flaws that affect a small number of apps, or issues that permit only limited access to attackers, but multiple examples of malware that impacts almost every app and allows an attacker to take complete control of a phone. Against this type of background, and a deliberate policy to build in a backdoor, it seems hard to see how BlackBerry could realistically present Android-powered phones as a secure platform.
Apple has a massive advantage over Android manufacturers, controlling both hardware and software and – jailbroken devices aside – deciding what apps are and aren’t allowed to run on iPhones. That level of hardware and software integration provides a unique level of security, for example banking apps which can use Touch ID but have no access to fingerprint data, merely asking the Secure Enclave for a yes/no answer on whether a valid fingerprint has been used.
That doesn’t mean that iOS devices are immune to malware – they aren’t. But significant issues are extremely rare, and on those occasions they do occur, Apple is able to act swiftly to solve the problem.
Apple has also adopted an absolutely unwavering commitment to the principle that user security and privacy overrides the desire governments have for backdoor access. Apple’s attitude is, quite rightly, that if you deliberately build a weakness into a platform for use by the good guys, it’s only a matter of time before it is discovered and exploited by the bad guys.
That commitment is built into Apple’s systems. iOS 8 introduced strong encryption into iPhones and iPads, meaning that even if a law enforcement official comes knocking on Apple’s door with a locked iPhone and a court order demanding that Apple break into it, the company will be unable to do so.
The same is true of iMessages and FaceTime calls. Both use end-to-end encryption, meaning that not even Apple could intercept and decrypt the messages because – as Tim Cook told Charlie Rose back in 2014 – “we don’t have the key.”
Apple has been criticized for this approach by numerous government and law enforcement agencies – among them the United States Attorney General, the FBI, the DOJ, the Homeland Security Committee and CIA and more. Apple has been accused of everything from protecting child abusers to facilitating terrorists. To its credit, Apple has resisted all such pressure, Tim Cook saying last year that we should not “give in to scare-mongering.”
9to5Mac readers strongly support Apple’s position, some 93% of you stating that the company is right to stand firm on encryption, with only 3.5% opposed.
If enterprises aren’t satisfied with that, they also have the option of an even more secure platform built on top of iOS by some noted former jailbreakers.
With Windows Phone sliding into irrelevance; the BB10 platform on the way out; BlackBerry admitting to building in a backdoor vulnerability; and its switch to a platform which has a very poor track-record for security, it seems to me that iOS is now the only sensible choice for anyone – enterprise and individual alike – looking for a secure communications platform.