Creating Secure Apps
Creating secure apps
Research In Motion provides several options to help you protect data in your apps.
Authentication
BlackBerry smartphone users can set a password for their smartphones. When this password is active, the user must provide the password to gain access to the smartphone.
In addition, you can implement authentication of the connection between your app and the server, internet or intranet using HTTP Basic authentication or HTTPS.
Encryption
Encryption is the process of making data unreadable until it is decrypted. There are several ways that you can encrypt data in your app:
|
Encryption method |
Description |
|---|---|
|
RIM Cryptographic API |
This API helps you encrypt and decrypt data, manage cryptographic keys, and digitally sign and verify data. It also helps you create secure connections. |
|
Content protection |
Built on the RIM Cryptographic API, the Content Protection API provides a solution for encrypting String and byte array objects. The Content Protection API works with the Content Protection framework on the BlackBerry smartphone. The framework must be enabled by an IT policy rule or Option setting. |
|
SQLite encryption |
The Database API includes encryption functionality for SQLite databases. |
|
Media card encryption |
This functionality is based on JSR 75. It allows you to encrypt data stored on external media cards (microSD) and built-in media storage (eMMC). |
Access restriction
You can restrict the other apps on a BlackBerry smartphone from having access to data in your app. How you do this depends on how your data is stored.
|
Data storage location |
How to restrict data access |
|---|---|
|
Files |
You can restrict access to files in the file system with code signing keys used in conjunction with the ControlledAccess class. |
|
SQLite databases |
The Database API provides the Protected security option, which makes the database available only to apps that are signed with the same code signing key. |
|
Persistent store |
You can restrict access to objects in the persistent store with code signing keys used in conjunction with the ControlledAccess class. |
|
Record store |
You can store data privately so that other apps on the smartphone can't access it. |
|
Runtime store |
You can restrict access to objects in the runtime store with code signing keys used in conjunction with the ControlledAccess class. |
Transport protection
You can protect data while in transport:
|
API |
Transport security |
|---|---|
|
RIM Cryptographic API |
The RIM Cryptographic API includes TLS, WTLS, and SSL APIs that help you create secure connections. |
Content protection
Content protection addresses the problem of someone stealing a BlackBerry smartphone and copying its data, which may be possible even when data is encrypted and the smartphone is locked. Content protection encrypts data in such a way that the encryption key is inaccessible when the smartphone is locked.
Other security mechanisms
This guide does not describe every form of security in detail.
The central resource for BlackBerry security is www.blackberry.com/security.
For more information about security of specific data storage approaches such as SQLite databases, the persistent store, and the runtime store, see the BlackBerry Java SDK Data Storage Development Guide, available at www.blackberry.com/go/devguides.