Hands On: BlackBerry KeyOne's Business Security Features

We check out the DTEK app, device settings, app-level permissions, and encryption options.

533816-blackberry-keyone-dtek-security-9751180

BARCELONA—BlackBerry is back in a big way at Mobile World Congress this year, returning to its business-focused smartphone roots with the new BlackBerry KeyOne.

Yes, BlackBerry made a phone again. But is there a market for it in 2017? In an enterprise landscape where corporations and institutions have long since migrated to Android devices and iPhones, the KeyOne needs to give businesses a compelling reason to switch.

That’s why we hit the BlackBerry booth at MWC to dive deeper into what made BlackBerry devices the go-to smartphone for businesses and governments: security. As we noted in our consumer hands-on of the device, the KeyOne has plenty of business flourishes including integrated Slack messaging, and of course its capacitive physical keyboard with customizable shortcuts and a fingerprint sensor under the space bar. At the launch event, BlackBerry said it built security “into every layer of the KeyOne.”

To test that claim, we dug into the device settings, app-level permissions, encryption capabilities, and DTEK visibility dashboard app, and any other security setting or permission we could find.

A Deep Dive Into DTEK

The KeyOne runs Android 7.1 Nougat, which includes OS-level features like Direct Boot and file-based encryption. The phone also gets monthly Android security updates, downloaded automatically. But beyond the built-in Android features, most of the KeyOne’s security, privacy settings, and permissions run through DTEK.

DTEK, an earlier version of which came with the BlackBerry Priv, is a visibility dashboard into the security status of your phone, allowing you to adjust settings and fine-time security parameters. The first thing I saw when I opened the DTEK app is a big device security status meter with red, yellow, and green gauge colors (above). I was testing an unlocked demo phone, so a POOR status wasn’t a surprise.

Below that, you can start scrolling through the settings list, which includes a blue check mark or an “X” on a red shield icon that signals whether that parameter is secure. In the Apps and Permissions section (which had a check), I scrolled through to see all the available apps (calendar, camera, contacts, Google Play, messages, etc.) and searched by permissions to check which apps had access to the calendar, microphone, location, SMS, and more.

534076-multi-factor-unlock-on-blackberry-keyone-1149427

DTEK also tracks overall operating system integrity, and gives you the option to turn remote management on and off through Android Device Manager. The device manager gives you some more device-level management features such as geolocating the phone, making the device ring, remotely locking the device, and wiping the data.

Scrolling further down into the DTEK checklist, I also found security options including the ability to set up a custom unlock combination of password, PIN, and fingerprint biometrics. Multiple two-factor authentication options is a strong feature. I also found a “Trusted app sites” setting, which adds an additional layer of security atop Google Play vetting to scan for malicious apps before download. According to BlackBerry, the KeyOne is also set to go through full US government certification processes in order to be usable by the Department of Defense.

What About EMM?

Outside of DTEK, I also found another array of security features in the main device settings. This is where you can swipe to enable event logging, which tracks device activity, and encrypts and stores it locally. This is essentially where you’re enabling the DTEK app to gather all the security data it needs. In the main KeyOne device settings, I also had the ability to set up a SIM card lock, make passwords visible or hide them, and view or deactivate device administrators.

Many of the KeyOne’s features touch on mobile device management (MDM), but one thing I didn’t find in this launch version is deeper enterprise mobility management (EMM) integration. From an IT management and corporate compliance perspective, BlackBerry has a golden opportunity to double down on its enterprise selling point with the KeyOne by marrying the hardware with built-in Good Technology Secure EMM Suite capabilities.

BlackBerry bought EMM provider Good Technology in 2015 for $425 million. I asked several BlackBerry execs about a deeper integration on the EMM side for business IT departments, but they didn’t have much more detail on potential crossover. That’s not terribly surprising, as the KeyOne was developed as part of the BlackBerry hardware brand of Chinese smartphone manufacturer TCL. Though during the launch announcement, BlackBerry touted the collaboration between TCL and BlackBerry Ltd. (formerly RIM) on the software side.

If BlackBerry and TCL want any chance of seeing meaningful enterprise adoption of the KeyOne, they should start with BlackBerry’s existing EMM customers. Offering deeper application and device-level integration with the company’s MDM platform would make life easier on the IT department, and give company CTOs and CISOs a reason to go to bat for the smartphone. For an enterprise tech company with a new piece of mobile hardware to complement its portfolio of enterprise software, it’ll be interesting to see if they can put it all together.

Source