Since creating the first article, I’ve had a barrage of requests to create a follow up article. Before I jump into those though, I want to mention that following the previous article several developers have made changes to their code and one developer in particular has taken the article seriously and dropped everything to adopted new strategies to their apps. The new Inst4gram application may look the same on the outside as Insta10 – but after careful testing – it has had some critical foundational changes (in a good way) as mentioned in this tweet.
In addition, several other applications mentioned such as Blaq have also buttoned down the hatches on any findings and several applications are no longer available. So without further ado, lets run through a list of applications.
TL;DR
Everything is coming through clean in my last batch of tests.
Web Security : BlackBerry 10 Applications | |||||
Snap2Chat | No longer available | ||||
Snap10 | No longer available | ||||
Insta10 / Inst4gram | Clean | ||||
Blaq | Clean | ||||
Gadget Box | Clean | ||||
Neatly | Clean | ||||
Snap2Share | Clean | ||||
Clipman | Clean | ||||
PhotoStudio | Clean | ||||
Instant | Clean | ||||
SmartList10 | Clean | ||||
Privacy Suite Pro | Clean |
Before We Continue
The developers and people I’ve met with regarding these articles have been truly great to work with and I’ve had some amazing discussions with people in the community over the last 4 weeks – so a big thank you to anyone that read the articles and provided feedback. With this one minor exception aside the community support has been great.
As a result I do apologize to anyone who finds this worth reading and was dismayed about the delay, this follow up article has been pushed back far more than I intended it to and it will likely be the last article from me on this topic. If anyone wishes to conduct their own analysis, don’t forget to use this article as a starting point …and if your article rocks, let me know so I can link to it.
Updated Items
Now for the apps that have been updated and reported back to me.
Inst4gram / Insta10 – Status: Clear
- Logs
- Connection point on KellyEscape is confirmed not in use
- Flurry was moved to SSL (Note: This was not a required step per the assessment)
- Smaato issue with background add requests is resolved
- At this time there are no outstanding security items for Inst4gram
- The application is now marked as clean and actually functioning better than any Instagram application tested so far.
Blaq – Status: Clear
- Awaiting package for retest
- Flurry was moved to SSL (Note: This was not a required step per the assessment)
- IP 0,0,0,0 connection is resolved
Newly Tested Items
4 Square: Clear
- Analytics for doubleclick.net, encrypted
- All other data encrypted
PushBullet: Clear
- No Analytics
- All other data encrypted
Snap2Share: Clear
- Flurry analytics passed unencrypted
- No other data sent
SmartList10: Clear
- No Analytics
- No other data sent
PhotoStudio: Clear
- No Analytics
- No other data sent
Privacy Suite Pro: Clear
- Analytics, Encrypted
- No other data sent
Neatly: Clear
- Analytics, Self Encrypted
- No other data sent
Instant: Clear
- No Analytics
- No other data sent
Gadget Box: Clear
- Flurry analytics, unencrypted.
- No other data sent
Clipman: Clear
- No analytics
- No other data sent
I continued to test another dozen or so applications, including built-in BlackBerry applications and some Android variants. None with any concerns at this time.