+ Adding security management, including auditing, to the kernel.

It's a work in progress. Code to jailbreak or root the QNX-based PlayBook OS (so you can load apps apart from BlackBerry App World) is available from DingleBerry.it, specifically Version 3.3, which was a big step up in simplicity and ease of use. A 4.0 version is in development. The PlayBooks will eventually run BlackBerry 10, so if blocking root access is a priority for RIM, then they may be harder to jailbreak with the release of the new OS.

One advance to protect data is already present in the PlayBook OS and will be a key part of BlackBerry 10, according to Totzke. BlackBerry Balance creates separate and secure work and personal "perimeters" at the data level. Corporate apps and data are encrypted in the work perimeter, and can't be transferred or copied to the personal perimeter. (Encryption for personal data will be available in the next release of the PlayBook OS, he says.)

"But I [as the end user] don't have to think about this separation," says Totzke. "There's a unified presentation to the data [in the user interface], but under the covers, the system separates the data." There is only one email system and UI, for example, on the device, but work and personal emails are kept separate by the underlying system.

Neutrino's microkernel architecture keeps an essential set of services in the core, but drivers, , protocol stacks, and the file system run outside the microkernel, effectively sandboxed in what's called memory-protected user space. This means that almost any of these external components can fail and be replaced and restarted without affecting other components or the kernel itself, according to QNX. Presumably malware designed to compromise the kernel likewise will be isolated in these protected spaces.