You have to love all the craziness going on since the latest round of NSA spying leaks. Many of us working in security know how little privacy we truly have which makes these worries seem comical. The latest report comes from a researcher in Germany that was shocked to find that BlackBerry is sending their email account credentials to BlackBerry’s servers whenever you sets up an email account. He correctly assumes that BlackBerry is doing this to help detect the setup of the email server but he was surprised that BlackBerry did not disclose doing this.
I have asked BlackBerry about this in the past since the whole legacy BlackBerry BIS system is based on BlackBerry storing your email credentials. BlackBerry has a whole configuration database now of how each email server works and autodetecting the best settings. BlackBerry is using that system to help setup your BlackBerry 10 email account. Now the report does have a point that BlackBerry should disclose the fact that they are doing this but my guess is that you will find this somewhere in the user agreement.
On one hand I do think BlackBerry could have an option that allows users to “use BlackBerry’s servers to help optimize the setup of your email account” but that would just complicate the process. BlackBerry has been transmitting user email credentials since the creation of BIS and has been managing to keep them secure for over a decade. Now with BlackBerry 10 they do not even store them so the issue seems to be even less.
Either way I really hope BlackBerry gets in front of this issue with full disclosure on what they are doing with this information. I reached out to them earlier and am awaiting a response.
You can see all the details on Geekheim’s report here. Scroll down for English.
Img credit: Imgur