BlackBerry's DTEK50 fails to raise the security bar

  • Editors' rating
    5.9 OK
  • $299.99

Pros

  • A well-built, sturdy, good-feeling smartphone
  • Low price might appeal to smaller businesses
  • Its baked-in security features are welcome, even if not bar-raising

Cons

  • No iterative software differences from the Priv
  • Its "most secure" tagline is irresponsible and arguably inaccurate.

Four years ago, I was one of the few die-hard BlackBerry owners left, as the company began to derail.

Today, the company thinks Android can get it back on the tracks. Its debut Android smartphone was a flop, but it hopes that it can redeem itself with its reinvented BlackBerry DTEK50, which it bills as "the world's most secure Android smartphone" today.

That largely unchecked and untested claim was enough to grab our attention, given that many still don't believe that "Android" and "security" in the same sentence can be anything more than a contradiction.

After two weeks of scrutinizing those claims, here's what we learned.

BlackBerry's DTEK50 is a passable smartphone that was in most cases able to match the security features of other similarly secure devices, like Apple's iPhone and Google's Nexus. But the DTEK50 was not able to outperform or raise the security bar in any meaningful way. In part because of that, we dispute the company's claim that this is "the world's most secure Android smartphone."

Rapid security patching is good -- when it works

Ask anyone in security, and keeping to a regular patching schedule is by far the most effective way of nixing most known security issues. That's why, in the wake of the "Stagefright" vulnerability last year, Google began to offer monthly security patches.

Top ZDNET Reviews

Google's own-branded Nexus devices would be given the patches first, and other companies would follow in the coming days and weeks -- though, some wouldn't keep to a schedule at all.

BlackBerry promised that it will similarly provide same-day patches for security issues (which was described as "zero day" patching to some, a confusing echo of a common malware descriptor), once they are released by Google or its partners.

SECURITY

Need a secure smartphone? Answer is simple

This is what the foremost security experts and privacy-minded people say.

Read More

BlackBerry said if it can fix issues that are disclosed outside of that schedule, it will.

There's no real way to test this, but we struck lucky -- for want of a better term -- when we found that the DTEK50 was already vulnerable, straight off the manufacturing line, to one of four new security flaws, dubbed "Quadrooter" -- despite being up-to-date with Google's monthly patching schedule.

Three of the flaws were already fixed and were rolled out as part of July's monthly batch of security patches. Qualcomm, which was charged with making a fix for the fourth, has released an emergency patch, but it won't be widely released until September.

At the time of writing this review, BlackBerry hadn't patched the Quadrooter flaw, and a BlackBerry spokesperson didn't respond to repeated emails requesting to comment. (Update: After this security analysis was posted, BlackBerry confirmed it released a patch for unlocked phones, but those tied to a carrier will not receive the patch until carriers' give their approval.)

By delivering patches faster and on a regular basis, Android's patch schedule is arguably better than Apple's, which is erratic and usually only released when bundled with other software improvements.

But good patch management only works when it's put into practice.

Hardware root-of-trust and secure boot: Welcome, but not new

You might not know about the phone's hardware root of trust or the secure boot process, but it's a vital part of ensuring that your phone maintains its security integrity.

Every process of the phone's switch-on procedure is cryptographically signed. In other words, if a hacker has tampered with anything in the boot process, the codes will not match up, and the process stops dead. For instance, if malware's found, the phone just won't boot, which prevents your data from being decrypted. Think of it as a dead man's switch (and BlackBerry documents this in detail in a deep-dive blog post).

blackberry-dtek-50

(Image: ZDNet/CBS Interactive)

It's why Apple has included these features in its iPhone for many years, as do modern Samsung phones that come equipped with its Knox technology.

Android comes with this feature baked in, but it'll become a strictly enforced feature when Android Nougat, the latest iteration of the operating system, is rolled out.

When the DTEK50 gets the new software in the months after its launch, executives said, that'll make verifying the phone's boot process far stronger. In the meantime, it's a good start, but it doesn't nudge the security needle forward.

Encryption as standard, but questions over Android "hardening"

Encryption has become a controversial topic in the past year. Apple got it out of the gate first, largely because the company controls the hardware and software package. Android stumbled because of performance and fragmentation issues.

Just as all modern iPhone and Android Marshmallow devices and later, the DTEK50 comes with full-disk encryption -- an increasingly commonplace smartphone feature.

BlackBerry also touts its Android "hardening" effort, which it argues makes it tougher for attackers to extract data or take control of a device. One of those features includes "improved random number" generation, which we wrote about in more detail here.

The short version is that, according to cryptographers who spoke to us about this, BlackBerry's hardening efforts "doesn't meaningfully change the security of the phone," because the company is trying to fix something that isn't broken. And because BlackBerry used a largely secret and proprietary method to try to improve the cryptography -- which can't be inspected or verified by security experts -- the phone may be secure, but until we know how and why, we can't (and shouldn't) fully trust the phone.

DTEK's app will pacify and inform, but not block

My biggest gripe with the phone's flagship app, which first debuted with the Priv, was that it didn't do anything -- and it still doesn't.

In case you missed it, the phone is named after its flagship app, DTEK, a play on "detect." The app sits on your home screen, acting as a gateway health dashboard for your phone. It tells you how secure your device is, such as if a strong passcode has been set, and even when apps use your phone's features. If a malicious app triggers your camera or your microphone, it'll tell you -- but it won't block it.

blackberry-dtek-50

(Image: ZDNet/CBS Interactive)

BlackBerry said that the app hasn't changed since it was first rolled out to the Priv, despite a promise from David Kleidermacher, chief security officer, who said the app would be "constantly" improved.

We had some harsh words for the app the first time around -- all of which still stands today.

"DTEK isn't much more than an information app in that it tells you when things are happening, unlike a privacy app which actively mitigates against data-slurping incursions [...] It doesn't prevent your data from being slurped up by the various apps you use, nor does it give you an option to do much about it -- except uninstall the apps."

Now both the Priv and the DTEK50 are running Android Marshmallow, and both phones now come with iPhone-style app permissions by default, so you have greater granular control over your apps and what they can access.

I'd put that down as a win for Android, over any worthwhile improvement on BlackBerry's part -- though it nevertheless puts the DTEK50 on a par with other devices that run Android Marshmallow, as well as the iPhone.

Bottom line: Security, take two, but no lessons learned

Android already has a bad rap when it comes to security and privacy. Anything to boost that impression could be a boon to business -- if done right.

But BlackBerry hasn't learned any lessons from its first Android incarnation, and by its own admission hasn't improved the phone's security in any consequential way.

Case in point: Alex Thurber, the company's global device sales chief, told us at a meeting that the Priv and the DTEK50 are "the two most secure smartphones," because the Priv is "as secure" as the DTEK50.

The reality is that when you cut through the marketing fluff, you're still faced with an unremarkable phone, which, like any other product or service, takes one hole in the security facade to bring the entire thing down.

Granted, the company didn't know about Quadrooter ahead of time. Its so-called privacy app doesn't block or mitigate, and only passively advises. We can welcome its hardware improvements, but it's not enough to nudge it past that already-high security bar to achieve status as "the world's most secure Android smartphone."

Marketing and selling this phone as more secure than other phones that are equal or better in the security space is going to give people false hope, and that's dangerous for those who think this phone will defeat hackers and attackers at every hurdle.

Security researchers will tell you that the most secure smartphones will be the least useful to most people. But in absence of perfection, many will choose an iPhone over anything else. Tried and tested, the iPhone was able to withstand government demands for customer data -- and, though not perfect, Apple's closed in-house duopoly of hardware and software makes it far tougher to crack than most other devices.

So what's the most secure Android phone available now? Your best bet is a Nexus smartphone, which researchers believe are the least vulnerable to flaws and issues because of rapid vulnerability patching.

Update at 2:25pm ET: to add that after this security analysis went live, BlackBerry had patched the remaining Quadrooter flaw, a little over a week after it was first revealed.

Specifications

General
SAR Value 0.83 W/kg (body) / 1.19 W/kg (head)
Integrated Components Rear-facing camera, front-facing camera, audio player, voice recorder, navigation
Phone Features
Phone Functions Speakerphone, call timer, conference call, flight mode, vibrating alert
Sensors Accelerometer, ambient light sensor, proximity sensor, magnetometer, gyro sensor, hall sensor
Cellular
Technology WCDMA (UMTS) / GSM
Type Smartphone
Integrated Components audio player, front-facing camera, navigation, rear-facing camera, voice recorder
Navigation BeiDou, GLONASS, GPS
Band WCDMA (UMTS) / GSM 850/900/1800/1900
Mobile Broadband Generation 4G
Phone Form Factor touch
Service Provider not specified
Operating System Family Android
Operating System Android 6.0 Marshmallow
SIM Card Type nano SIM
Input Device Multi-touch, capacitive
Messaging & Internet
Messaging Services MMS, SMS
Supported Social Networks and Blogs Yes
Miscellaneous
Sensors accelerometer, ambient light sensor, gyro sensor, hall sensor, magnetometer, proximity sensor
Color Black
Color Category black
Communications
Data Transmission EDGE, FD-LTE, GPRS, HSDPA, HSPA+, HSUPA, LTE, TD-LTE
4G LTE Band Band 1, Band 2, Band 20, Band 28, Band 3, Band 38, Band 40, Band 41, Band 7, Band 8
Data Transmission Operating Frequency LTE 700/800/900/1800/1900/2100/2300/2500/2600
Wireless Interface Bluetooth 4.2, IEEE 802.11a/b/g/n/ac, NFC
Display
Display Resolution 1920 x 1080 pixels
Color Depth 24-bit (16.7 million colors)
Pixel Density (ppi) 424
Diagonal Size 5.2 in
Diagonal Size (metric) 13.2 cm
Smartphone Diagonal Size 5.2 in
Protection scratch-resistant glass
Color Support color
Processor
Clock Speed 1.5 GHz
Manufacturer Qualcomm MSM8952 Snapdragon 617
Processor Core Qty Octa-core
64-bit Architecture Yes
Camera
Digital Zoom 4
Focus Adjustment automatic
Camera Light Source dual LED flash
Features 6-element lens, Burst mode, Panorama, Phase Detect Auto-Focus (PDAF), face detection, picture stabilizer
Media Player
Supported Digital Video Standards MKV, VC-1, AVI, MOV, XviD, MPEG-4, ASF, DivX, 3GP, H.264, H.263, WebM, 3G2, VP8, VP9, H.265
Supported Digital Audio Standards WAV, AAC, AMR, MP3, FLAC, XMF, AAC +, OGG, WMV (Sound), MXMF, AWB, IMY, RTTTL, RTX
Memory
RAM 3 GB
Supported Flash Memory Cards microSDXC - up to 2 TB
Multimedia
Graphics Accelerator Qualcomm ADRENO 405
Environmental Parameters
Min Operating Temperature 32 °F
Max Operating Temperature 95 °F
Battery
Standby Time Up to 576 Hours
Capacity 2610 mAh
Run Time Details Mixed usage: up to 17 hrs
Talk: up to 1020 min
Standby: up to 576 hrs
Playback (audio): up to 40 hrs
Playback (video): up to 8 hrs
Digital Camera
Digital Zoom 4
Lens Aperture f/2.0
Focus Adjustment automatic
Camera Light Source dual LED flash
Video Recorder Resolutions 1920 x 1080 (1080p)
Features 6-element lens, Burst mode, Panorama, Phase Detect Auto-Focus (PDAF), face detection, picture stabilizer
Header
Brand BlackBerry
Product Line BlackBerry
Model DTEK50
Packaged Quantity 1
CE Input Device
Type touch sensitive screen (multi-touch)
Touchscreen Technology capacitive
Features
Sensors accelerometer, ambient light sensor, gyro sensor, hall sensor, magnetometer, proximity sensor
Phone Functions call timer, conference call, flight mode, speakerphone, vibrating alert
Digital Player (Recorder)
Supported Digital Audio Standards AAC, RTX, WAV, WMV (Sound), XMF, AMR, AWB, FLAC, IMY, MP3, MXMF, OGG, RTTTL
Supported Digital Video Standards 3G2, 3GP, MPEG-4, VC-1, VP8, VP9, WebM, XviD, ASF, AVI, DivX, H.263, H.264, H.265, MKV, MOV
RAM
Installed Size 3 GB
Flash Memory
Internal Memory Capacity 16 GB
Max Supported Size 2 TB
Supported Flash Memory Cards microSDXC
Graphics System
Graphics Accelerator Qualcomm ADRENO 405
Optical Sensor
Sensor Resolution 13 pixels
Front-facing Camera
Sensor Resolution 8 Megapixel
Lens Aperture f/2.2
Dimensions & Weight
Width 2.85 in
Depth 0.29 in
Height 5.79 in
Weight 5.2 oz

Topics: Security, BlackBerry, Google, Smartphones

Top ZDNET Reviews

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Where To Buy

BlackBerry DTEK50

Part Number: DTEK50
Price
$299.99

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All