
How I built the best-selling BlackBerry app - nsainsbury
https://www.neilwithdata.com/how-i-built-bbsmart
======
rcarmo
It's ironic to think that one of the main selling points of Blackberry was
end-to-end security (the devices talked to an on-premises server via a
dedicated mobile APN which had to comply with a number of requirements), and
yet its on-device security model allowed an app to take over such critical
functionality _by design_.

I have a number of fun stories about RIM (I was one of the BB product managers
at a telco), and this post reminded me that it might be a good time to record
them for posterity... :)

~~~
generalpass
> It's ironic to think that one of the main selling points of Blackberry was
> end-to-end security (the devices talked to an on-premises server via a
> dedicated mobile APN which had to comply with a number of requirements), and
> yet its on-device security model allowed an app to take over such critical
> functionality _by design_.

While true, the initial versions of iOS and Android represented a step down in
security. (BlackBerry at least encrypted the phone, by default - maybe even
required?)

I was always baffled that the tech media would never mention how insecure
Android or iOS were.

~~~
reaperducer
Maybe because Android and iOS came out at the same time as people were
learning that Blackberry's "security" was a pastiche.

In order to operate in some countries, all Blackberry traffic had to be routed
through that country's government servers.

It's been a long while, but I'm pretty sure that India was one such country.
And at least one Middle Eastern country.

~~~
generalpass
> Maybe because Android and iOS came out at the same time as people were
> learning that Blackberry's "security" was a pastiche.

> In order to operate in some countries, all Blackberry traffic had to be
> routed through that country's government servers.

> It's been a long while, but I'm pretty sure that India was one such country.
> And at least one Middle Eastern country.

This was only related to the BlackBerry Messenger (BBM), and even then only on
the standard consumer phones. The corporate servers had their own keys, IIRC.
Plus, it was only for messages traversing Indian or Pakistani networks, and my
memory was that BlackBerry did not hand the keys over, just answered all of
their requests.

Even at that, this level of encrypted communications was not otherwise widely
available for consumers. The actual migration from BBM to whatever iPhone and
Android were offering were downgrades.

I'm not aware that BlackBerry devices were ever rooted, and they were default
encrypted with 128-bit AES. The OS required users to grant permission for apps
to access resources, such as GPS. This took something close to a decade to be
installed and enabled by default in iOS and Android.

There was a big story where 3rd-party apps installed by providers contained
malware. It was a huge story run everywhere and headlines made it sound as if
every single phone had this vulnerability. However, they didn't mention the
vulnerability could not affect BlackBerry devices because BlackBerry had a
contract with all providers that the provider could not install any software
to the device.

Not security-related, but a big complaint from devs at the time was that
BlackBerry had so many different devices that it was very expensive to develop
for. Apple, for sure, and maybe Android promised this would never happen on
their platforms. Only the truly naive could believe this.

My takeaway was that BlackBerry somehow pissed-off all of the tech journos and
suffered appropriately. That's why they got nothing but bad press.

The other thing they suffered from was this "co-CEO" nonsense. For whatever
reason, it seems nearly universal that if more than one person is in charge,
nobody is accountable.

Edit:

And something even I forget about is that prior to the Snowden releases,
concerns over government snooping were only for the tin-foil hat donned black-
helicopter dodging conspiracy theorists. It just wasn't on the public's radar.

~~~
parliament32
>it was only for messages traversing Indian or Pakistani networks, and my
memory was that BlackBerry did not hand the keys over, just answered all of
their requests

They handed over their "global encryption key" to the RCMP, see
[https://www.techdirt.com/articles/20160414/10482434186/canad...](https://www.techdirt.com/articles/20160414/10482434186/canadian-
law-enforcement-can-intercept-decrypt-blackberry-messages.shtml)

They jumped from "most secure" to "least secure" effectively immediately once
they did that.

~~~
generalpass
> >it was only for messages traversing Indian or Pakistani networks, and my
> memory was that BlackBerry did not hand the keys over, just answered all of
> their requests

> They handed over their "global encryption key" to the RCMP, see
> [https://www.techdirt.com/articles/20160414/10482434186/canad...](https://www.techdirt.com/articles/20160414/10482434186/canad..).

> They jumped from "most secure" to "least secure" effectively immediately
> once they did that.

That article is an absolutely fantastic example of how the press treated
BlackBerry (average consumers might come away thinking that BlackBerry devices
are insecure).

It is after BlackBerry was dead from a market share perspective, so this isn't
really applicable to the period I am referring to, which was from iPhone
launch to maybe as late as 2012, when BlackBerry went from hero to zero.

------
saagarjha
> Critically, from that handler, it was then possible to get a reference to
> the current UI stack via the call to UiApplication.getUiApplication() - Once
> you had that reference, you could do whatever you want with any screens in
> the current display stack. You could pop screens from the stack, push new
> screens on the stack, and grab any screen in the stack and dig in and modify
> any of the UI components on any screen (deleting them, replacing them,
> etc.).

Give people extensibility and they can do things you'd never imagine: just
take a look at the early jailbreaking community, who had neither APIs nor
support from Apple but were able to do quite a bit just by being able to
inject code into system applications to augment them. (I like to think that a
faint echo lives on today in Mail plugins for macOS.) Sadly, we seem to be
moving away from this for reasons that are touted to be for security…

~~~
pjc50
The security issue is very real. Ultimately the distinction between a useful
capability-adding hack and an exploit is whether the end user wanted it to do
what it does. And there's a big supply of what are euphemistically called
"potentially unwanted programs" (PUPs) which trick the user into installing
keyloggers, etc.

~~~
dahfizz
I think the Android model is perfectly good here. You get the option to load
unsigned apps or unlock the bootloader, etc, but those options are all off by
default and full of warnings to the user.

~~~
scarface74
And “warnings” like UAC worked _really_ well to keep Windows secure and to
keep ransomware and malware from infecting Windows computers.

It’s also not working too well to keep Android devices secure.

~~~
dahfizz
I don't think you understand how this works.

The analog to UAC on Android is permissions, which work pretty similarly to
ios. You could argue that the user gets used to just clicking agree and that
not much is gained for the average user.

Sideloading apps and unlocking the bootloader is much different. It requires
the user to actively go through the settings to enable the options, which
would only happen if the user knew what they were doing in the first place.
And after you try to enable the settings, you are bombarded with warnings
before the settings actually apply.

An app can't trick you into flipping these switches. Most of them are actually
hidden in developer mode anyway.

I challenge you to prove these have ever been a vector for attack. It's just
not practical.

The security lost is zero, and the freedom gained is immense.

~~~
scarface74
_I challenge you to prove these have ever been a vector for attack. It 's just
not practical._

[https://www.cnet.com/news/fortnites-battle-royale-with-
andro...](https://www.cnet.com/news/fortnites-battle-royale-with-android-
security-problems-is-just-getting-started/)

------
bb101
Perhaps it's just nostalgia, but I miss my BlackBerry Bold.

A buzz in the pocket, email symbol on the screen, main button to open the
email, right-click button to forward, physical scroll to a recent colleague
and select, lock & back in pocket.

All that before 3G. Easy, quick and no fuss, muscle memory took care of most
of it.

~~~
kilroy123
I was watching the movie "Up in the Air" last night. There is a scene where
George Clooney's character is chatting on his blackberry, and the buzzing
sound made me feel super nostalgic. RIP BBM.

I often still wish phones had physical keyboards.

~~~
martin_a
I would love if someone would revive the HTC G1/HTC Dream.

That was my first smartphone and I loved the dual use with the sliding
keyboard in landscape mode.

Should be possible to make something like this with all the improvements we
had along the way... Anyone listening here? Please make it happen! :-)

~~~
rchaud
The FxTec Pro 1 is a landscape KB-based Android phone with an unlocked
bootloader and support for Sailfish and LineageOS. It's made by a small
company, so while the phone is available and shipping, production batches are
small, and you might have to wait a bit to receive your order.

~~~
martin_a
Yeah, I saw that other comment just after I posted. Checked out their website
and I got a somewhat strange feeling about their fake product image where they
run GMail and a browser window in desktop mode in split-view mode. Somewhat
fishy.

~~~
retrog
I must agree, the images on their website do look slightly staged, but being a
new Pro1 user (since my order finally arrived in January) I can honestly say
its the best phone I have every had.

------
ir77
blackberry was the case of 'not knowing any better'.

i never had to use one for work but blackberry was my first smart phone, it
came with a truly unlimited plan from verizon.

here are some fond memories of it:

\- i got notification that new OS was available, i did an over the air update
and it wiped 90% of my contacts. i came from dumbphones and remember i had to
re-enter 100 or so contacts by hand, i don't think i ever upgraded the SW on
it again.

\- went out to HH with some friends and getting ready to go home i thought of
using the internet on my fancy BB to look up the bus schedule, i pulled up the
cttransit website and it would not open the .pdf with the bus time natively,
it pointed me to buying some pdf viewer for something like $25. at the same
time, my co-workers iphone 3G or whatever it was, opened the pdf without any
additional apps.

so much for a "computer" in your pocket and being all about "business and not
play", the stereotypical mantra of old crackberry.com. i think the next year
on valentines verizon got the iphone 4 and that was the end of blackberry for
me.

i can't believe people have nostalgia for this garbage phone.

------
swypych
I love these stories, Neil was basically able to create a business on what
essentially amounts to hack.

~~~
gfiorav
There are so many reasons why I wouldn't have done this nowadays:

\- Don't implement a feature

\- Don't rely on a hack that could change

... in the end, it worked for him. Great write up indeed.

~~~
exikyut
> _Don 't implement a feature_

This obviously requires contextualization and I naturally assume it was stated
with that context implicit, but I'm not entirely sure what the connotation is.
Don't implement OS-level features, so when the OS (re)does them (potentially
better, notwithstanding incompetence) you die?

------
dmix
I see it also had basic emojis or "smiley" support, heh. I like the simplicity
of it all, ignoring all of the obvious security issues.

[https://i.imgur.com/ho3XV6q.png](https://i.imgur.com/ho3XV6q.png)

------
dangerscouse
Ha, snap! We did the same with the PhoneListener(?) class and our PBX client.
Allowed us to cancel and make calls, send DTMF for call-back and call-through.
I also had my own app which sent calls straight to speakerphone.

I look back on BB with alot of nostalgia, you really had to work to make
things look good. If you didn't want your Views (widgets) black, white and
blue then you were making them from scratch.

------
schlu
This was such a fun walk down nostalgia lane. The mountain of hacks both
available and required on BlackBerry was incredible.

I worked at a startup that built a BlackBerry app in 2007. I wrote up my
experience here: [https://schlu.org/2014/05/29/Things-Are-
Better.html](https://schlu.org/2014/05/29/Things-Are-Better.html)

------
Havoc
That's a cool write-up.

Interesting how one small piece of technical knowledge changed someone's life

------
imafish
But how much did it make? :D

~~~
Insanity
I guess it would be hard to really measure the impact with 100% certainty.

There's the sales part, but there's also the "got a job at blackberry" part
which might or might not have happened without the app.

And by the sounds of it, a good job as well!

------
animalnewbie
BB10 and Windows Phone 8 were the victims of the apple Google duopoly but both
were individually far ahead of them. I still have hope Microsoft would make a
comeback. I could hope that BB open sources BB10 but that is not going to
happen.

~~~
thedance
I mean, no. BlackBerry was a victim of having a terrible product going head to
head with the iPhone. As a development platform it was garbage. I vividly
remember the inaugural BlackBerry developer conference where one of the
sessions devolved into a revolt. People had written apps for the iPhone and
they were not pleased with the APIs on the BB. Every attendee at that
conference was supposed to receive a 9000 but they shipped a year late. RIM
needed no duopoly to kill them. They died of natural causes.

~~~
mardifoufs
Yep, I think people tend to forget how bad the blackberry line up was compared
to the iPhones and even androids they were competing against. Their flagship
in ~2011 was the Bold, which could barely browse the internet, had a horrible
camera and an extremely dated UI. Going up against the iPhone 4s which is
still functional to this day.

Sometimes some companies just deserve to fail. The current duopoly formed
because the competition just couldn't keep up, and that's on them

~~~
thedance
The API for BB app development allowed you to have UI elements like text
labels or buttons, stacked vertically on the screen. That was the whole thing.
If you wanted a table you were on your own. The web browser was very similar
to MSIE 3, or NetPositive: it laid everything out vertically, didn’t support
tables or CSS. When the iPhone came out with a real web browser it was like it
came from another galaxy.

~~~
exikyut
I get the vertical UI was because the system had initially gone all-in on a
scrollwheel, and never fundamentally moved on beyond that point.

