BlackBerry

BlackBerry Android Device Kernel Source Code will be publicly available

BlackBerry Priv, BlackBerry’s first ever android-powered smartphone is due to start deliveries from Friday and it looks like the company are going to be 100% compliant with the GPL and release the device kernel source code.

One of the fundamental requirements of the GPL is that when you distribute object code to users, you must also provide them with a way to get the source.

When it comes to using the Linux kernel and distributing it, like the BlackBerry Priv does, then source code must be made available.

BlackBerry will be making the BlackBerry Android Device Kernel Source Code freely available on their Github repository.

“BlackBerry Android Device Kernel Source Code

This repository contains the kernel source code found in released BlackBerry Android device software images.

To find the relevant source code for your device and software image, go to Settings -> About Phone and locate the following information:

  • Processor Info: value; e.g. msm8992
  • Build Number: value; e.g. AAC724

The branch naming format for a specific kernel release is

/

e.g. msm8992/AAC724″

At the time of publishing the source has not been publicly made available, which makes sense as the BlackBerry Priv itself is not generally available to the public.

All that currently exists is a readme file which validates the upcoming availability of the source code and where it can be found.

If you are a developer interested in the BlackBerry Android Device Kernel Source Code, keep an eye on BlackBerry’s github repository here.

BlackBerry has also taken to their blog to provide an explanation of how they’ll be managing the Android Security patches on the BlackBerry Priv.

This is what they had to say:

“In our first blog on PRIV privacy and security, we talked about how protecting the privacy of users goes far beyond the engineering we’ve done to harden the device across all layers of hardware, firmware, and software. Android is a complex, rapidly changing, massively popular, open source product, which makes it an attractive and fertile target for attackers. BlackBerry’s security research team is constantly examining the firmware and software content in new releases to locate and address even more Android problems before they can cause harm.

Android also demands world-class security incident response, and BlackBerry has a long history delivering that to customers with the highest value resources under their (and hence our) protection. A critical part of our response strategy is the Android vulnerability patch program – second to none in the industry. In this blog, we’ll provide more detail on this program, which is comprised of three new initiatives:

  1. Android monthly security update process
  2. “hotfix”  patching
  3. Enterprise-managed updates

Android Monthly Security Updates
Each month Google releases to BlackBerry and other Android OEMs a security bulletin containing a list of recently discovered Android vulnerabilities. Approximately one month later, Google exposes these in the public domain, so it is critical that BlackBerry release software in advance of public disclosure. BlackBerry will release these monthly updates to users that have purchased PRIV through shopblackberry.com and to PRIV resellers (carriers and other authorized dealers) that have agreed to participate in our regular monthly update program and facilitate rapid approval of our monthly updates for over-the-air (OTA) to subscribers.

Hotfix
Some critical Android vulnerabilities  for example, one that can be easily and remotely exploited with a publicly disclosed method to execute “root”  privileged malware simply can’t wait for a monthly update cycle. Depending on the severity of the problem, complexity of the fix, and timing relative to the monthly update cycle, BlackBerry will opt to perform a hotfix, where the code to address only the specific critical problem is pushed to customers. Because a hotfix is typically limited in scope, the balance between a longer testing and approval process and the risk from the critical flaw makes this approach an important addition to helping keep users safe and secure. While BlackBerry will work with its go-to-market partners on approval and delivery of hotfixes, BlackBerry has the ability to directly patch all PRIV variants and will do so when necessary to protect users and enterprises.

Enterprise-Managed Updates
Historically, IT has managed the delivery of OS updates to business PCs. By controlling when and to which devices and users that patches are delivered, IT can avoid expensive software incompatibilities and ensure that the security issues most important to the business are mitigated. In the mobile world, enterprises have lost this control. BlackBerry aims to bring back this control through BlackBerry Enterprise Server (BES) and OTA management systems.

PRIV by BlackBerry is leading the Android smartphone world in privacy and security. This leadership requires tremendous resources and hard-earned expertise in protecting users that go far beyond the engineering of the device itself. Setting the bar in incident response and patch management is a critical part of the BlackBerry end-to-end Android privacy strategy.”