Carrier and MIDLet Signatures
MIDLets are applications that
use only MIDP2 and CLDC APIs and are not specifically targeted at
BlackBerry devices. Signatures and permissions for these applications
are handled following MIDP2 specifications, and signature verification
is slightly different from the behavior of BlackBerry applications.
Unsigned MIDP applications that use sensitive MIDP or CLDC APIs (for
example, javax.microedition.pim.Contact) will be allowed to run, but the
user will be presented with annoying prompts each time the application
uses a sensitive API (see Figure 3).
The user’s answer to the prompt is not remembered, and a malicious
application could run in an infinite loop prompting the user all day. A
conspiracy theorist might even suggest that RIM made its so unsigned
application behavior so obnoxious so that developers would sign their
applications or not use controlled APIs.
Each device has a
carrier certificate installed that is used when verifying the signature
on MIDP applications. Most carriers will install a certificate chained
to VeriSign, but this is not guaranteed, and some carriers have their
own code-signing processes. Once an application is signed with a carrier
certificate, the application is “trusted” and the BlackBerry will not
prompt the user when the application is installed or uses sensitive
APIs, unless the device policy specifically requires it.
Handling Permission Errors in MIDP Applications
As
shown in the earlier section on debugging, the BlackBerry JVM performs
permission checking for MIDP APIs at runtime. When a security error
occurs, a java.lang.SecurityException is thrown by the offending API and
the application has a chance to handle it. Developers can detect the
security error and either disable the offending
functionality or show more information to the user. For example, a
Solitaire application could disable the high score upload feature if the
user blocks network access (see Listing 1).
Listing 1. Manually Handling a SecurityException Using Try/Catch
try {
//Opening a ContactList will cause a java.lang.SecurityException if the
//user denies the "Access personal information" prompt.
ContactList contactList =
ContactList)PIM.getInstance().openPIMList(PIM.CONTACT_LIST,
PIM.WRITE_ONLY);
} catch (PIMException e) {
//Handle PIMException
} catch (SecurityException secE) {
//Show dialog to the user or disable functionality
}
|
Locking Devices
Users and BES
administrators can require a password to be entered every time a user
wants to unlock a device or connect it to a PC. By default, a password
is not required to unlock the phone, and the password is never required
to answer incoming phone calls. To keep attackers out, the user
specifies the maximum number of times an invalid password can be
entered. If this number is exceeded, then the device is fully wiped; all
contacts, messages, and media files are first deleted and then the
memory is explicitly overwritten to delete any traces that may remain in
the flash memory. The user has to type in blackberry between every couple of invalid login attempts. This keeps one’s pockets (or children) from wiping the device by accident.
To specify a password, follow these steps:
1. | Open Options | Security Options | General Settings.
|
2. | Change the Password setting to Enabled.
|
3. | Exit the menu by pressing the Escape key.
|
4. | Select Save.
|
5. | Specify and confirm the password.
|
Once a password is specified,
the user must supply the password when unlocking the device or changing
any of the security options. Note that the password for the Password Keeper application is unrelated to the password specified in the General Settings dialog.
Managing Application Permissions
Users can control which
permissions are allowed for which applications, and these permissions
apply even to signed applications. Deep within the BlackBerry device’s
options is an Application Permissions menu that lists each installed
application and its associated permissions. Permissions can be changed
on the device or pushed down by the enterprise administrator through
BES. Because IT administrators rule all, BES policies have precedence
over user-specified device policies. Here’s how to manually change
permissions for an application:
Open the Application Permissions menu (Options | Security Options | Application Permissions).
Select the application you want to control permissions for.
Click
the BlackBerry key and choose Edit Permissions. The overall device
permissions can be changed by opening this menu and selecting Edit
Default Permissions. The default permissions will be applied when an
explicit permission definition for an application does not exist.
Choose
the corresponding permission and set it to Enable/Disable/Prompt. If
Prompt is chosen, you will be shown a prompt the first time the
application uses a controlled API that requires the corresponding
permission. The BlackBerry will remember your choice and not show the
prompt again unless the permission policy is changed back to Prompt.
If a permission is changed to be more restrictive, the device may reboot to ensure the new permission set is enforced.
