A German research firm in ABS Team has discovered that the latest update to BB10 in 10.2.1 left the secured BES contact list open to certain Android apps installed on the device and running on the updated Android runtime, such as Skype, among other apps. BlackBerry is not only aware of the problem, it has already fixed it as part of an update that is all set to be pushed out to all BlackBerry 10 users with approval required from the carriers so that the update can be distributed. BlackBerry has released the following statement on the security hole:
“We have investigated at issue in the Android app player involving specific permissions, and we have it in our addressed latest software build. We will work with our carrier partners to help ensure the update is available to customers.”
However, this also raises questions as to how BlackBerry will release updates going forward, as it did not acknowledge the fix for factory unlocked devices and is still reliant on carriers to push out needed OS updates, while other manufacturers and platforms have alternatives for pushing out updates that do not rely strictly on carrier intervention.
