Put Android to work for you.
Reliability you can count on.
Convenience Key and Shortcuts
Most secure Android smartphone.
Secure hardware provides the solid foundation for all other security layers.
Hardware Root of Trust
BlackBerry KEYone was manufactured through a Secure Process and loaded with a Signed OS from the BlackBerry servers in Canada.
BlackBerry Secure Compound
A trusted execution environment that guarantees the sensitive data and security-focused apps running inside it is protected.
Secure Boot Process
When you boot up a BlackBerry KEYone, the secure boot process validates each component of hardware and software to ensure only a BlackBerry signed OS is loaded.
Improvements to the Android OS keeping apps, data, and networks safe from attacks.
OS and Linux Kernel Hardening
Hardening the device with kernel patches and configuration changes to decrease security vulnerabilities.
FIPS 140-2 Compliant Disk Encryption
Protecting the private information and data on your device from being stolen- even if your phone is lost.
Address Space Layout Randomization
Scrambles application/ system memory making it difficult for attackers to target a BlackBerry KEYone.
Data in Transit Protection
Because many employees work outside the office, mobile solutions must protect data in transit across your entire network. BlackBerry KEYone has extra protection to the Wi-Fi, VPN, Bluetooth and NFC connections.
Enhancing the device management capabilities for all device deployment scenarios.
Device & Profile Owner Activations
Disable voice dictation and search in work apps, transfer of work data over NFC, Bluetooth OPP, and Wi-Fi Direct, logging on everything running in the managed profile, debugging of applications within the managed profile
Set whether mail in the managed profile may be transferred over Bluetooth
Enable, deploy and manage Wi-Fi network profiles for exclusive use by work applications, improved password and certificate management for authentication
Control media card access from the work profile, access to USB On The Go devices from the work profile
Force the media card to use adoptable storage mode, a device to enter a lock state if the max number of password attempts is exceeded
Wi-Fi: Disable Wi-Fi screen casting, disable/ re-enable computer access to the device via Wi-Fi
Bluetooth: Disable/ re-enable the BT radio, set restrictions on the BT functionalities, set a minimum BT encryption key length
SMS and MMS: Set restrictions on incoming or outgoing, set a signature on all SMS and MMS messages originating from the device
Set: timeout value for captive portal login attempts, proxy to be used for work VPN network connectivity
OS updates: restrict OS updates and specify if updates can occur over Wifi only or both Wifi and Cellular networks
Common Criteria Mode: restrictions will be placed on the device compliant with Mobile Device Fundamentals Protection Profile as written by NIAP
Profile Owner Activations
Set whether personal applications may access managed Wi-Fi networks
Force the passwords of the managed and unmanaged profiles to be unique