Today we finally review BBM  Protected and as with Threema and Signal, there are a few issues with  it. The main problem we have with BBM Protected is actually getting hold  of BBM Protected. I was thinking of writing one of our rant articles  about it, but instead I counted slowly to 10 and breathed in and out to  stay calm. Well, a big thank you to Dr. A at Privacy Central, because  without him we would still be waiting for a response from BlackBerry.  For you guys at BB, if you have a product which people actually want,  then sell it and don't make it so complicated to acquire. Asking your  customers to send emails to you and then not responding might be one  reason why others like Apple and Google are ahead of the game. It can't  be blamed on the OS!

If you are interested in BBM Protected,  either contact Dr. A or myself and we'll hook you up with someone at BB  who can actually make things happen.

The next issue is that BBM  and BBM Protected also do not publish the source code. In other words  the code is not open source, so whatever the guys at BlackBerry tell us,  we need to believe.

Now we've got that out of the way, let's take  a look at BBM. We need to mention BBM before BBM Protected in order to  explain what you will actually receive. BBM is an instant  messenger/social network which is pre-installed on every BlackBerry  device. It can be downloaded on iOS and Android as well. We tested all  three versions and they work flawlessly on all devices. However, we  should mention that on iOS you have less power from the channel  notifications and group sounds. Android works perfectly, the same way  BB10 does.

BBM is free and is a lot of fun! Let's be clear that  from all the messengers we have in the race, BBM has the most features.  You have a Timeline (Feeds), Channels, Groups and Stickers. It almost  feels like Facebook but without the privacy issues. BBM also has a  calling feature and thanks to the PIN on each channel and the PIN on  your own account, BBM protects your privacy.

Let's explain the PIN  first. Every user has a PIN, similar to Threema's QR-ID, so you can  scan the code and connect to another person. If you know someone's email  address and he has BBM linked to his email, you can also invite him to  connect with you using the invite feature on BBM. Unlike with Threema,  the other side needs to agree to make the connection. Therefore,  regardless if someone knows your PIN or not, he won't be able to connect  until you say it is ok. Channels can be open to the public or by  invitation only. Each Channel has a PIN which is not linked to the  Admin's account. Therefore the Admin is not known by the public. If an  administrator comments on one of his posted feeds, he would be shown  with the channel's name, not with his private account. On channels, you  can enable a chat feature and comments or just post your links and  stories.
This brings us to another complaint. The channels do not  allow multiple administrators and they are limited to 400 characters per  post. It does have more to offer than Twitter in terms of the number of  characters, but it comes nowhere close to Facebook and other social  networks. However, it's not accessible over the internet (website) and  therefore can't be searched on Google and the like. This makes it a  little more private when compared to a regular Facebook channel. To be  fair, administrators can post articles and upload pictures over a Web UI  if they feel inclined to do so. For people who are really concerned  about their privacy, BBM would be a perfect replacement for their  Facebook account since you can be sure BlackBerry is not meta mining and  selling your information to advertisers and government agencies.

This  was just a short introduction of what BBM is about, but since we are  reviewing BBM Protected today, let's get started with that.

BBM  Protected cost $29 per year. All communications receive an extra layer  of encryption and participants exchange a PGP like key the first time  they connect. This key is not known by BlackBerry and can be exchanged  in person, via SMS or email. BBM Protected has also the option to auto  approve the key and exchange it over BBM without complicated exchanges  of keys. This feature can be enabled in your administration area and is  called BBM Protected Plus. This is a great option but for security  reasons, I would recommend exchanging the key in person or over another  encrypted channel. The key can be a password or a phrase with multiple  words. These words will generate the key to be exchanged for the  protected chats.

The other side will receive a pop up and enter  the phrase or password the first time a connection is made between the  protected members. An outstanding feature is that only one participant  in the chats needs to have BBM Protected. If you have Protected enabled,  all of your contacts and chats will be BBM Protected. This is  regardless of whether or not they have BBM Protected themselves. This  includes Team Chat where teams can enjoy context-specific, secure BBM  collaboration sessions, with a subject assigned to each session. BBM  Protected works also with Group Chats in channels.

Participants  will see the typing indicator saying "protected" and the typing is blue  and not in the standard black color. With the latest update, you can  also write priority messages which would ping the other end and be shown  in red, indicating high priority.

In addition, BBM Protected  offers an IT policy: "Restrict Copy/Paste". IT administrators can now  restrict employees from using copy and paste functions within a BBM Chat  through the Enterprise Identity by BlackBerry IT Admin Console.

BBM  Protected is designed to provide full end-to-end message encryption  from the time a BBM Protected user sends a message to when the recipient  receives the message. It incorporates three layers of security.
• BBM Protected introduces a new layer of encryption to the existing BBM security model.
•  Messages between BBM Protected users are encrypted using a PGP like  model. The sender and recipient have unique public/private encryption  and signing keys.
• These keys are generated on the device, by the  FIPS 140–2 certified cryptographic library, and are controlled by the  enterprise.
• Each message uses a new random symmetric key for message encryption.
•  A Triple DES 168-bit BBM scrambling key encrypts messages on the  sender's smartphone, and is used to authenticate and decrypt messages on  the recipient's phone.

• TLS encryption between the  smartphone and the BBM infrastructure helps protect BBM messages from  eavesdropping or manipulation.

Another excellent feature is time based messages. Set a message  to 6 seconds or any amount of seconds/minutes you like and the other  side will not be able to continue to read the message after the given  time. Also, the message can only be seen during this timeframe by  actually holding the message on the screen. A counter indicates time  remaining to view the message.

Within your BBM Protected  administrator enterprise panel, you can also specify a time in minutes  how long your messages stay posted. A 0 would be without time  restriction but you could set 5 minutes for example, and the message  would expire and be removed from the chat on both devices, whether or  not it has been read.

Sent messages and pictures etc., can be  retrieved from both ends, and can be removed from the chat. In other  words if you make a mistake or wrong send a message, you can edit it or  even delete it.

Another noteworthy feature is that a BBM Protected  user would be informed if the other end makes a screenshot of your  conversation.

Moving further into the world of privacy, let's say  you want to have a conversation, and do not want that conversation to  touch any cloud. Even if you have exchanged the key, you just feel like  having extra security. You can establish a chat by clicking the green  indicator on top of the chat, and the chat would establish an end-to-end  connection, not touching the cloud. This would be set up with a call  like ringing feature, with the other side accepting the call (it  actually looks like a phone call) and a chat window would be opened. So  all chats are fully end-to-end, and do not touch the cloud. This chat  will not allow screen shots and the chat drops as soon one of the two  closes the chat. This is by far the best way to chat, without any chance  of a man in the middle attack.

BBM protected also has the BBM  calling feature, working in the same way as BBM calls are working, but  with the additional layer of encryption thanks to your key exchange.

From all of the messengers we have reviewed, BBM has the best and the most features. It compares well with business messengers such as Slack or  even social networks like Twitter and Facebook. However, it has  additional layers of privacy which disallow BB administrators and  employees from spying on your conversations. BBM is a winner when it  comes to business orientated team and group chats which link sharing and  short blogging. The biggest problem BBM has, is that it carries the BlackBerry name. It seems BlackBerry can only get the word out to  BlackBerry users. As we mentioned above, BBM and BBM Protected also work  well on iOS and Android. If we explain to anyone to hit us on BBM they  say, we don't have a Blackberry or is BlackBerry still around? Yes,  Blackberry is still around! Try BBM and you will fall in love with it.  But is it the most secure solution when compared with Signal and  Threema? With BBM alone, not really. But BBM Protected is pretty much  the top end when it comes to secure communications. Tomorrow we will  find out which of the three is the best and most secure messenger.

NOTE! BBM discontinued!