Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

BlackBerry Yanks Four Apps Over Privacy Concerns

Mobile device maker BlackBerry on Thursday notified customers about four mobile applications that were removed from BlackBerry World (the company’s App store) due to privacy implications.

Mobile device maker BlackBerry on Thursday notified customers about four mobile applications that were removed from BlackBerry World (the company’s App store) due to privacy implications.

According to BlackBerry’s privacy notice, the Apps in question upload the user’s contact list, network identifiers, device identifiers, and the smartphone location to an external server. The Apps also have the ability to send SMS, premium SMS, and PIN messages from the user’s BlackBerry device.

The applications (all from the same developer) removed from BlackBerry World include:

• WhozCalling – Caller ID

• WhozCalling – Caller ID and name revealer

• 5Index

• SuperSMS

While the applications in question were not outright malicious or considered malware, the BlackBerry Security Incident Response Team concluded that the Apps did not provide sufficient notification to BlackBerry users about what information is collected from their device, or how that information may be used or shared with other parties.

Advertisement. Scroll to continue reading.

BlackBerry, which requires developers to adhere to its App World Vendor Guidelines, warned that the Apps do not seek consent from the user’s contacts (whose information is uploaded to external servers) before disclosing their personal phone numbers to other users of the respective App and possibly users of the other listed Vendor Apps. 

“While mobile malware is a significant concern, we believe apps that unintentionally infringe on customers’ privacy represent one of the greatest challenges for our industry,” Adrian Stone, Director of Security Response, BlackBerry told SecurityWeek at the CanSecWest Security Conference in Vancouver on Thursday. “Although these apps are developed without malicious intent, customers deserve greater transparency about how their data is being used and shared. We are working to better educate third-party developers as well as using privacy notices to ensure customers can make informed decisions about the apps on their devices.”

BlackBerry didn’t outright say that users should remove the apps from their smartphone, but instead suggested that users make a decision based on the information included in the privacy notice to determine whether or not to remove the App(s). That being said, any user that cares about their privacy and doesn’t love the idea of apps uploading their contact list to a third-party server without need should remove the apps.

For BlackBerry Enterprise Server administrators who want to run a check, BlackBerry says that running the following SQL statement on the BlackBerry Configuration Database can identify BlackBerry devices in their environment that are affected by a particular Vendor App.

SELECT u.DisplayName, u.PIN, s.Data, s.ServerTime

FROM UserConfig u INNER JOIN SyncDeviceMgmt s ON u.Id=s.UserConfigId

WHERE s.TableId=1 AND s.Data like ‘%[Name of application]%’

Replace [Name of application] with the specific app name (WhozCalling, 5Index, SuperSMS) you wish to identify.

BlackBerry also reminded users that the application permission settings should be used to control what information and functions an application can access, and that it allows users control whether information can be transferred from a smartphone.

The removed apps were previously available for BlackBerry OS 5.0, 6.0, 7.0, and 7.1, but were not offered for its new BlackBerry 10 devices, BlackBerry said.

A BlackBerry spokesperson did not have exact download stats available for the affected apps, but did say that they do not believe a significant portion of BlackBerry customers were using the apps.

BlackBerry is providing the developer with an opportunity to address the privacy concerns and resubmit the apps, the spokesperson told SecurityWeek.

Updated to clarify BlackBerry’s suggestion on removal of the apps.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...