Fork me on GitHub

Sorry about the red box, but we really need you to update your browser. Read this excellent article if you're wondering why we are no longer supporting this browser version. Go to Browse Happy for browser suggestions and how to update.

Creating Secure Apps

Creating secure apps

Research In Motion provides several options to help you protect data in your apps.

Authentication

BlackBerry smartphone users can set a password for their smartphones. When this password is active, the user must provide the password to gain access to the smartphone.

In addition, you can implement authentication of the connection between your app and the server, internet or intranet using HTTP Basic authentication or HTTPS.

Encryption

Encryption is the process of making data unreadable until it is decrypted. There are several ways that you can encrypt data in your app:

Encryption method

Description

RIM Cryptographic API

This API helps you encrypt and decrypt data, manage cryptographic keys, and digitally sign and verify data. It also helps you create secure connections.

Content protection

Built on the RIM Cryptographic API, the Content Protection API provides a solution for encrypting String and byte array objects. The Content Protection API works with the Content Protection framework on the BlackBerry smartphone. The framework must be enabled by an IT policy rule or Option setting.

SQLite encryption

The Database API includes encryption functionality for SQLite databases.

Media card encryption

This functionality is based on JSR 75. It allows you to encrypt data stored on external media cards (microSD) and built-in media storage (eMMC).

Access restriction

You can restrict the other apps on a BlackBerry smartphone from having access to data in your app. How you do this depends on how your data is stored.

Data storage location

How to restrict data access

Files

You can restrict access to files in the file system with code signing keys used in conjunction with the ControlledAccess class.

SQLite databases

The Database API provides the Protected security option, which makes the database available only to apps that are signed with the same code signing key.

Persistent store

You can restrict access to objects in the persistent store with code signing keys used in conjunction with the ControlledAccess class.

Record store

You can store data privately so that other apps on the smartphone can't access it.

Runtime store

You can restrict access to objects in the runtime store with code signing keys used in conjunction with the ControlledAccess class.

Transport protection

You can protect data while in transport:

API

Transport security

RIM Cryptographic API

The RIM Cryptographic API includes TLS, WTLS, and SSL APIs that help you create secure connections.

Content protection

Content protection addresses the problem of someone stealing a BlackBerry smartphone and copying its data, which may be possible even when data is encrypted and the smartphone is locked. Content protection encrypts data in such a way that the encryption key is inaccessible when the smartphone is locked.

Other security mechanisms

This guide does not describe every form of security in detail.

The central resource for BlackBerry security is www.blackberry.com/security.

For more information about security of specific data storage approaches such as SQLite databases, the persistent store, and the runtime store, see the BlackBerry Java SDK Data Storage Development Guide, available at www.blackberry.com/go/devguides.