Introduction

If you are a BlackBerry developer, you are familiar with BlackBerry code signing keys. If you are consumer you may not know that in order for a company to make BlackBerry apps, it must apply for “code signing keys ” from RIM.  RIM requires certification that companies are legitimate, legal, and properly registered before they will give out code signing keys to them, and developers must put these keys into the apps they make in order for them to work.

That is just one level of security that RIM employs to ensure good quality, and safe apps for the consumer. When you install an app on your BlackBerry, you are probably familiar with permissions, and the permissions pop-ups you get when you run an app for the first time. If you have BES you have been asked to “grant an app trusted application status”. I am going to go into more details about permissions and the multiple levels of security from device-level to server-level security that every consumer should be aware of. RIM  has recently published an article discussing application permissions that you might find useful as well, you can read it here.

What are Permissions?

You have probably heard many times that the BlackBerry is a very secure device, and one of the things that makes it so secure is its permissions model, so I am going to explain it at a high level. When you install an application on your BlackBerry, your BlackBerry will ask you whether that app has permission to access certain resources (this can include data – such as your messages or contacts; hardware – such as your camera, or your network or memory). You can individually decide whether to grant a permission or deny it, and your BlackBerry will protect the denied resource, and deny an app access to it . You can think of permissions like locks to different places in your BlackBerry, and you have to explicitly give permission to unlock each lock. They are locked by default.

How to view/edit permissions on your BlackBerry

To get to applications permissions in your BlackBerry, follow these screenshots:

Go to options>security options>application permissions

Select an application from the list of installed applications, I have select MyListy Pro app:

There are 3 categories of permissions -  Connections, Interactions, and User Data. Each of these 3 has many sub-categories:

The Connections category expanded:

When you allow connections permissions, you are granting access to such things as: your USB, Bluetooth, Phone, as well as access to your location, and the internet with your data plan (BIS or BES) and WiFi.

The Interactions category expanded:

When you allow interactions permissions, you are granting apps permission to communicate with such things as: other apps on your phone (including native apps), items you typically find in the Options menu, your media & themes, your browser (apps can intercept webpage URLs), and device inputs (this means they can potentially enter keystrokes on your keyboard or press buttons).

The User Data category expanded:

When you allow user data permissions, you are granting apps permission to access such things as: messages (email, PIN, and SMS), contacts, calendar, memo pad and tasks, all files in your memory or media card.

3rd party apps and security concerns

Now that you know how to view an applications permissions settings, and what information these settings grant to an application, you can understand how important it is to be selective and careful when installing 3rd party applications. It is always a good idea to evaluate applications before installing them on your BlackBerry. It is not a good idea to install every new app you can get your hands on. I am a huge fan of BlackBerry apps and all things BlackBerry. It is AWESOME how easy it is to install apps, and the App World has tons of great apps. However, with that being said, you should use protection when installing and using new apps . I going into all of this in detail in my other article, you can read it here. 

Some things to do before installing BlackBerry apps:

1. Go to the website for the app and the company that makes the app, and read about it.
2. Read product documentation for apps before you install them.
3. Check to see if the app uses HTTPS for all communications, especially if the app involves purchasing things with your credit card, or entering in banking or other private data.
4. Consider getting a second BlackBerry to test new apps on. This should not be the same BlackBerry that your critical data is on.

What does security encompass? aka what is a “security”

Application permissions on the device itself are only one aspect of security that you should be aware of. There are many things that BlackBerry apps consumers and BlackBerry developers must take into account in regards to security. The concept of easily downloadable BlackBerry apps for consumers is new, so many consumers are not familiar with how BlackBerry devices work and how apps are built, and the apps interact with your BlackBerry, and the consequences of such interactions that might render your BlackBerry useless or your private data compromised. Below is a overview of the security measures that ScreamingToaster takes into account to protect your data, end-to-end:

1. Device level security – we make you aware of every single application permission we require upfront for (eg: MyListy Pro, DulyNoted Pro, Wicked). Also, I am writing this article to educate consumers of the ins and out of application permissions.
2. Network level security (from device to server/cloud) – this includes securing data transferred over the public internet via HTTPS, and corporate intranet via BES. All ScreamingToaster applications and services use HTTPS, exclusively, for all communication between the device and the cloud. For our enterprise deployments we only use BES/MDS.
3. Server/cloud level security -  this includes where and how your data is secured, and encompasses multiple layers of security:

• The first is the physical security of the servers in the data center and whether servers are in a secure building, and a secure room. All ScreamingToaster servers are stored in a secure location.
• The second is server OS security, and whether firewalls, anti-spyware and anti-virus software is used. All ScreamingToaster machines use enterprise grade security software and firewalls.
• The third is service level security (for services running in a cloud) – this involves encrypting information such as your user name, password, and your app data. It also involves restricting who has access to your data. All ScreamingToaster services encrypt any data that they work with. Also, as an added security measure at ScreamingToaster, we do not store your credit card numbers anywhere. All of your application data (lists, notes, blog information, and user profile) are saved in a secure manner.

Feedback & Comments

Please leave any thoughts you have on this article here.

We do not just build mobile “apps”, we build mobile experiences

Let us build you mobile experiences for Android, BlackBerry, and iPhone. We can also build you cloud-connected experiences that span Mobile (Android, BlackBerry, iPhone), Web (Safari, Firefox, Internet Explorer) and Desktop (PC, Mac, Linux) for a truly connected real-time experience. See our work in action: download RainOrShine for BlackBerry and CityRyde for Android.

• We provide full service, full lifecycle consulting services (planning, graphic design, architecture, marketing, support, and implementation).
• We provide Architecture guidance before implementation; marketing strategy after implementation. Click here to learn more.

Zen Application Framework

All our applications are built using our Zen Application Framework, which helps you avoid the common pitfalls around mobile development. Zen drastically reduces development time & cost for mobile, web, and desktop experiences. Click here to learn more.

Our training services make You self-sufficient & sustainable

Want to learn from the best? We offer Android and BlackBerry developer training programs. Whether you are just starting out, or want advanced training, we have courses for different skill levels & technology requirements. Contact us to learn more, and sign up.

Our values: Open-source. Democratization of knowledge. To lead, never follow

We are leaders in mobile technology. We have done and seen it all. We do not follow trends set by others & we do not make the mistakes made by others. We set the trends for mobile because we are mobile visionaries.

This entry was posted on Thursday, October 1st, 2009 at 5:24 pm and is filed under BlackBerry, How-to. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.