Information Technology Reference
In-Depth Information
Security features
There are two types of BlackBerry users—consumers who buy and use the device, and en-
terprise users who are provided with the BlackBerry device by their employers. The con-
sumer devices are usually configured to use the BIS, whereas the enterprise user devices
are configured to use BES. In a BES environment, security is usually enforced by the enter-
prise through appropriate settings and application controls.
Although BlackBerry uses a proprietary operating system, its third-party application frame-
work is mostly based on Java. Third-party apps that are not signed have very limited access
to this restrictive functionality. Even in the case of signed applications, user permission is
needed to perform important actions such as calling a number, accessing a contact, and
more. BlackBerry apps are written in Java and then compiled into COD files. But before
compiling the apps, they are preverified for certain security checks and are tagged to con-
firm that the checks have been carried out. When the Java Virtual Machine ( JVM )
present on BlackBerry loads the class, it can cross-check and perform its own verification
much faster. Any changes to the code after the preverification can be easily detected at
runtime and JVM will prevent their execution. This makes BlackBerry a secure platform
that is less susceptible to malware when compared to other smart devices.
In order for an application to get full access to all the APIs, the application must be signed
by RIM. When the developers first register with RIM, they receive a developer key. Using
the signing tool provided by RIM, the SHA1 hash of the application can be sent to RIM.
Upon receiving this, RIM generates a signature, which is then sent back to the developer
and added to the application. When the signed application is loaded onto a BlackBerry
device, the JVM links the COD file with the API libraries and checks that the application
has the required signatures. If the required signature is not present, JVM will refuse to link
the application to the respective APIs, and hence, the application will fail at runtime. This
way, BlackBerry ensures security for the device through the code-signing process.
The security strength of BlackBerry can be attributed to the granular control that it provides
through the IT policies present on the BES. It is important to note that many of the security
controls that are enabled with BES devices are not present in consumer devices that use
BIS. BES devices come with various security features, as follows:
• Data protection : All the data that is sent between the BES and a BlackBerry
device is encrypted using BlackBerry transport layer encryption. Before the Black-
Berry device sends a message, it compresses and encrypts the message using the
device transport key. When the BES receives a message from the BlackBerry
Search WWH ::




Custom Search