When Blackberry announced that it was bringing an Android-based device to market, it promised that it could do so without compromising its own reputation for security. Yesterday, the company shared some of the changes it made to Google’s Android OS, and how those changes impact the upcoming Blackberry Priv.

Here’s how Blackberry is going to lock down the Priv (and presumably future devices):
First, all hardware is cryptographically signed and verified. The CPU has an embedded boot ROM that verifies the digital signature of the boot ROM, which then verifies the OS signing key. The OS verifies the file system and the file system verifies the hashes of all loaded applications. Given that Blackberry devices are built on ARM processors, we can assume that the company uses ARM’s TrustZone technology.

Blackberry is also promising that its picture logins will be more secure than traditional methods. I’m dubious on that, especially since the government might be able to compel you to offer your head for a login photo (they can already compel you to give up fingerprints). Blackberry’s next point is that it supports a variety of communication services that are built on offering high levels of security, including WatchDox private file sharing, various BBM services, and SecurSuite for private voice calls. Blackberry also claims that none of its software is backdoored and all use cryptography schemes that have been certified by BlackBerry Certicom. Whether or not those services actually provide the security they claim to offer is an entirely different question. Claiming to offer cryptography is easy, actually certifying that code is bug-free is extremely difficult. Other features of the OS include “a hardened Linux kernel with numerous patches and configuration changes to improve security,” full disk encryption enabled by default, and full support for BES12, Blackberry’s enterprise security platform.

As for user privacy, Blackberry is claiming that its version of Android contains “privacy monitoring hooks deep within Android that provide users with powerful feedback and control over how applications make use of security-critical device resources. This includes the exclusive DTEK™ by BlackBerry warning system app, as well as other features. Privacy health is communicated in a simple and elegant manner, resulting in confidence instead of complexity.”