Developer

Blackberry Development

LIVE Enterprise Developer Webcast: BBM Enterprise SDK allows you to securely add voice, video, and messaging based workflows to your apps and services

Today, it is imperative that you provide rich, high touch experiences as part of your apps and services. Even in the most secure environments, users want immediate access to information from their peers and service providers. Providing this rich end user experience with real time communications will drive adoption and loyalty for your offerings. How can you provide multi-level communications securely within your apps? Enter communication platforms as a service (CPaaS). CPaaS allows developers to add voice, video, and messaging to their applications thru APIs. In this webinar learn best practices for how you can bring rich new interactions to your apps and services. Understand how CPaaS offerings can immediately bring new levels of interaction to your apps, and create new types of service models for your business.

Webcast topics we will explore:

  • How to integrate secure, enterprise-grade communications functionality into applications with ease
  • The advantages of using a proven IP-based communication stack for voice, video, and messaging
  • Best practices for leveraging a secure communications framework, which can free up valuable development time and resources
  • Understand the risks and rewards of providing real time, multi-level communications in your apps and services

BBM Enterprise SDK allows you to securely add voice, video, and messaging based workflows to your apps and services

DATE: February 22, 2017
TIME: 1:00 PM ET

Register Now

 


Source: Developer Blackberry

Are iOS apps harder to secure than Android apps?

locker_locks

Are your enterprise apps secure?  Do they have vulnerabilities that could expose confidential corporate data?  Are iOS apps harder or easier to secure than Android apps?

There is not much data out there on these matters, certainly not about mobile app security in a world where developers are frequently asked to support multiple platforms.  It’s pretty easy to find surveys of IT and security professionals about app risks generally, or to find statistics about the prevalence of malware in app marketplaces.  But the opinions of actual, active developers?  Not so much. That’s why we at BlackBerry’s Center for High Assurance Computing Excellence (CHACE) have conducted a new study of the BlackBerry developer community, including attendees of the BlackBerry Developer Summit, and subscribers to our BlackBerry Enterprise Apps Newsletter.

One of the suggestions we have heard for why vulnerabilities are left in apps is that developers may not be as aware of security assurance practices as they should be, or don’t prioritize them.  So we asked developers to rate the importance of the following security practices: code reviews or audits, automated security analysis tools, use of formal security requirements, and security or pen testing.  At least 73% of the group rated each of these practices as “somewhat important” or “very important”.  The top ranked security practice?  Security or penetration testing.   Whether they practice them vigorously or not, the developers seem to know them and value them.  And lest you suspect that developers think everything is important, only about 44% felt app wrapping was to some degree an important security assurance practice.

A hot-button question is whether iOS apps are easier to secure than their Android counterparts.  Regardless of what you think of the security of the platforms themselves, you might expect that many app security concerns will be common regardless of platform.  For example, ensuring the security of sensitive data when in transit to back-end cloud services. But when we asked developers if they thought iOS apps were harder to secure than Android, over 40% disagreed, and only about 20% of them agreed.

Beyond platform differences, we wanted to know if developers thought containerization solutions such as BlackBerry Dynamics made app security easier, so we asked them if apps on iOS and Android were harder to secure without containerization solutions.  For iOS, responses were nearly equally distributed between “harder”, “not harder” and “neutral”.  However, for Android, containerization was generally looked upon as being more helpful:  50% of the developers felt it was harder to secure Android apps without containerization, and only 18% disagreed that Android app security was harder without containerization.

app-security-comparative

The results are interesting because you would think containerization solutions can help with app security on iOS as well as on Android.  For instance, OWASP advises iOS developers that iOS mobile apps commonly have insufficient transport layer protection for sensitive data, but BlackBerry Dynamics provides Secure Communications APIs to simplify ensuring the safety of data in transit.

Overall, BlackBerry’s enterprise app developers appear to be well set up for secure app development:  they have a strong sense of the importance of successful security assurance practices, and feel that containerization solutions are helpful in securing Android apps. If you would like to contribute your thoughts and opinions, you can take the survey yourself online. The survey has plenty of places to provide extra commentary too:  we would love to hear your thoughts.


Source: Developer Blackberry

UEM Getting started with REST

rest-area

BlackBerry UEM is the first release of our core EMM solution to include public REST APIs.  For legacy BES users, BWS (BlackBerry Web Services) was the sole API for programmatically invoking actions on BES and was built on legacy SOAP calls. Good Control, the core EMM Good solution similarly had a collection of SOAP calls, but at the time of its purchase by BlackBerry was already starting down the path of REST API’s.  With the release of UEM, REST now takes prominence as the future of API calls from the legacy of both previous products.

Why REST?
Primarily two reasons.  First, performance.  REST calls are tight, minimal JSON objects compared to the broad, rather descriptive calls that SOAP requires. Not particularly friendly to mobile communications given the slower speeds and bandwidths available to mobile users.  2) its JSON, and its 2017.  Developers frequently use JSON objects as there default payload whether in web development or native apps.  Developers expect to see JSON, not xml.  So, as part of the migration from BES/GC to UEM, REST, full speed ahead.

What’s available in the first launch?

  • REST API’s use the same port and authentication scheme the older BWS interface (port 18084).
  • EMM functions provided by Good Control have been ported to UEM as REST calls
  • The initial launch of REST API’s is a short list, but will be growing on each release as we update older calls from SOAP to REST.
  • As new features are added to UEM, you can expect access to them as new REST API’s.
  • Note: BWS calls that were in BES12.5 are STILL there, and will remain unchanged.

For more info, check the release notes for UEM: http://help.blackberry.com/en/blackberry-uem/12.6/release-notes-and-advisories/iju1484768858105.html

How to get started…
There are many ways to invoke a REST API, commonly, you can build your own (Java, .Net, Javascript, etc.) The online doc’s show samples using the command line tool CURL, but I prefer using a nice UI.  I recommend using a modern UI based tool, in this case, I recommend Postman (https://www.getpostman.com/apps )

You will also need access to a UEM server https://global.blackberry.com/en/enterprise/blackberry-uem.html

To test your connection try it with “ping”.   There 2 versions of ping available, one authenticated, and one without.

Let’s try it without authentication first:

Your URL will look like this:

https://myserverURL:18084/tenantGuid/api/v1/util/ping

where

  • myserverURL is the URL to your UEM server,
  • 18084 is the default port that REST API calls are made with.
  • tenantGuid is the identifier you used when registering your UEM server, also known as the SRPID.

The request doesn’t require authentication and should return a plain text string with uptime like so:

rest1

You might notice, that this would just as easily have worked in a browser:

rest2

Most REST calls however, require authentication.  Like “ping” there is an “authorization” call.

Your URL will look like this:

https://myserverURL:18084/tenantGuid/api/v1/util/authorization

It requires a header with content type like so:

Key=”Content-Type”  value=”application/vnd.blackberry.authorizationrequest-v1+json”

This request is going to be a “POST” not a “GET”.  In the body of the “POST” place the following:

{
  "provider" : "LOCAL",
  "username" : "edbourne",
  "password" : "cGFzc3dvcmQ="
}

Where the value of password is base64 encoded.  This is a bit of a pain.  There is no base64 encode command built into Windows (what I’m using).  Search for a solution, there are lots, but, if you’re a fan of Notepad++, it does include this as a feature.  Simply type in your password (I’m literally using password), highlight it, right click on it, choose plugin commands, Base64 Encode, like so:

rest3

Copy and paste the result into the field above.

Here it is with the body displayed:

rest4

Here it is with the Headers displayed:

rest5

And after you press send with your POST you should see the authorization string you will need:

You are now ready to try the authenticated ping from earlier.

Your URL will look like this:

https://myserverURL:18084/tenantGuid/api/v1/ping

What is the difference?  This is no /util in the string.  The util apis of authorization and ping, do not require authentication, while all other API’s do.

Add a header, with key = Authorization, and value= the string you generated above in the authorization call.

Press send, and you will get the same up and running result as previously.

rest6

Here is a more complex example, this time using

https://myserverURL:18084/tenantGuid/api/v1/directories/users

and I’m going to add the options of searching for myself, and including existing users = true.

https://myserverURL:18084/tenantGuid/api/v1/directories/users?search=bourne&includeExistingUsers=true

and of course, I add in a header with the authorization key and value pair from above.

The result looks like this:

rest7

Try the other REST API’s in Postman, or whatever tool or language you prefer.


Source: Developer Blackberry

Happy Valentine’s Day from BlackBerry World

BBW_AppsGames_ValentinesDay_1920x640

Make your Valentine’s Day even more special this year by enjoying our great selection of Valentine’s Day themed applications. Capture those special moments, express your love, and have some fun with this week’s highlighted apps. Let’s take a look at some of the ones you and your special one can indulge in this holiday!

pencil_cameraCapture those special memories and turn them into a romantic collage with the Valentine Special-Insta Photo Collage app. Relive those emotions with your loved ones and create amazing love stories with the Love Collages and share your pictures on BBM. Enjoy the freedom to customize and pick from a wide variety of romantic frames and instaframe effects to enhance those lovely photos in a fresh way. Spoil yourself even more adding a unique twist to your photos with the Valentine’s Special Pencil Camera! With a simple and intuitive user interface, you can convert your photos into beautiful Valentine sketches. Unleash your creative power and upload your Valentine photos to Pinterest or share them with your friends on Facebook and BBM.

valentines_greetingsGet into the caring and loving mood with our special Valentines theme for your BlackBerry. Love Themes Free for BlackBerry 10 offers the most attractive themes for your device this holiday and helps set the mood for a day filled with joy and love. Want to add some more special features to your device to express your love? Impress you Valentine with glowing shapes in the dark. Valentine Edition Flashlight allows you create an unforgettable atmosphere with unique and glowing hearts and many other symbols of love. Illuminate the special night away with this romantic feature on your BlackBerry device.

bubble_blastCan’t express your love enough to your significant other? Send romantic Valentines greetings to your partner or loved ones with the Valentine Greetings app. Choose from a vast range of romantic and touching greetings and let those you care about know how much they mean to you with this helpful app. Having trouble finding the right things to say? Love Quotes and Sayings offers a collection of beautiful quotes to think about your significant other and be inspired by the power of love. Let your loved ones know how much they mean to you with the help of these two great apps and make this Valentine’s Day the best one yet.

Don’t forget to check out one of our classic Valentine’s Day games, BubbleBlastValentine. Bursting bubbles has never been more entertaining than in this chain-reaction puzzle game, made for all ages!

Find these and other loving apps in our Valentine’s Day Collection!


Source: Developer Blackberry

ISV App Certification

isv-app-certification

All BlackBerry Dynamics ISV apps that are sold on public app stores (e.g. the Apple App Store, Google Play) or published to the BlackBerry Marketplace must be certified. Certification testing ensures a consistent security level within apps and across apps in the BlackBerry ISV ecosystem. Customers of BlackBerry Dynamics expect and require apps to be certified. Results of pen-tests performed by customers have shown significantly less issues with BlackBerry Dynamics secured applications than those secured by competitors. For these reasons BlackBerry Dynamics certification benefits customers, ISVs and BlackBerry.

BlackBerry Dynamics applications are structured as in the diagram above using either the Native or Hybrid approach. A large portion of the code (red boxes), typically well above 90%, is developer or framework code independent of BlackBerry Dynamics. The rest of the application consists of the SDK API library from BlackBerry Dynamics (orange boxes) and the device OS APIs (orange-blue box).

The 3-step certification process is designed specifically for this structure:

  1. Static binary testing is performed using a service provided by Veracode which scans apps looking for security vulnerabilities. A policy of more than 100 tests is applied to the app binary. The tests correspond to a subset of the vulnerabilities found in the Common Weakness Enumeration on the site maintained by Mitre (see https://mitre.org/data/slices/2000.html). An example is CWE 391 which is failure to check return codes that can result in a device being rooted. ISVs upload their apps to Veracode for scanning, address any flaws identified and submit results to BlackBerry for review. The BlackBerry Dynamics SDK is also scanned.
  1. Dynamic functional testing is done to ensure that the ISV has integrated the BlackBerry Dynamics APIs and implemented data leakage requirements correctly. Functional test use cases are provided by BlackBerry for the ISV to test against. All applicable tests must be passed. Video clips of the test runs are sent to BlackBerry for review.
  1. The Security Team Review is the final step in the process. ISVs present a checklist indicating which APIs and data leakage rules are applicable to their app and indicate compliance or request exceptions. The exception process is designed to address issues outside the scope of the BlackBerry Dynamics architecture or security rules. The granting of exceptions is fairly rare.

The steps above ensure that the entire app is tested for vulnerabilities, the APIs are integrated correctly and any exceptional situation is addressed. Overall, the process is reasonably light weight, but has been very successful in meeting the needs of our customers. BlackBerry recommends that customers do more extensive testing including pen-testing as appropriate to meet their security needs. BlackBerry works closely with ISVs and customers to resolve any issue that might arise.


Source: Developer Blackberry

Message Listener

message_listener_title

Recently there was a requirement from customer (major bank) to a create messaging application that can listen for inbound and outbound messages, for the Android-powered BlackBerry PRIV device. I wanted to share my experience of how I implemented the solution by making a sample application. It is useful for developers, if they need to perform some action when a message is sent or received (block it, log it, etc.). At the end, I have provided the GitHub links for downloading the code, for you to extend and use for your own needs.

Implementation:

When the sample application is installed on the device, any SMS you receive or send is reflected by toast. A service class is used which runs at back-end and listens to the messages. A Content observer is registered in the onStart() method of the service, to listen for the changes in the content of the messages.

public intonStartCommand(Intent intent, int flags, intstartId) {
Toast.makeText(this, "Service started", Toast.LENGTH_LONG).show();
myObserver = new MyObserver(new Handler());
ContentResolvercontentResolver = this.getApplicationContext().getContentResolver();
        contentResolver.registerContentObserver(Uri.parse("content://sms"), true, myObserver);
}

Whenever any change occurs it calls its own overridden method onChange().

class MyObserver extends ContentObserver {
   public MyObserver(Handler handler) {
      super(handler);
   }

   @Override
   public void onChange(booleanselfChange) {
Toast.makeText(getApplicationContext(), "Message listened", Toast.LENGTH_SHORT).show();
   }
 }

For incoming messages, I have also registered a Broadcast receiver which will provide additional information regarding the sender, number and message body.

<intent-filter>
<action android:name="android.provider.Telephony.SMS_RECEIVED" />
</intent-filter>

If at some point you want to stop listening messages, you will have to unregister the content observer inside the onDestroy() method

public void onDestroy() {
super.onDestroy();
getContentResolver().unregisterContentObserver(myObserver);
Toast.makeText(this, "MyService Completed or Stopped.", Toast.LENGTH_SHORT).show();
   }

Our sample application even supports Android permissions starting from the Marshmallow release (API Level 23).

Security for the application is provided by the BID framework. By using the BID framework in our application, we can ensure that the application will only run when the device is in a secure state. Currently this feature is supported only on BlackBerry devices running the Android operating system.

message_listener_1 message_listener_2

Support for Enterprises:

The application can also be leveraged in enterprise environments, as it is also supported when used with Android for Work and Samsung Knox frameworks.

For more information about the installation and usage of Android for Work, feel free to refer to: Developing Apps for Work

GitHub source code:

The source code of the application is available here.

Code for the application developed in BID framework can be found here.


Source: Developer Blackberry

Recorded – Enterprise Developer Webcast Series: BlackBerry Dynamics, BlackBerry Workspaces & the Expanded Developer Website

Missed last week’s webcast?

The value and security behind BlackBerry Dynamics,
Integrating BlackBerry Workspaces into apps
& the new Expanded Developer Website

Watch it Here

 

New Expanded Developer Website and Resources for the new BlackBerry Development Platform
This collection of new online tools offers the ability for developers to expand their scope, focus on driving business value to enterprise organizations, and to enhance the end user experience by developing secure, feature-rich apps and mobile solutions.

Integrating BlackBerry Workspaces into an application using REST
An overview of the BlackBerry Workspaces REST interface and application integration. Learn how to incorporate secure document sharing and management into your mobile applications.

Why BD Apps matter? Understanding the business value and security behind BlackBerry Dynamics and Secure app certification for Customers and Partners
An overview of BlackBerry Dynamics ISV app certification will be given, including the process and benefits for BlackBerry, ISVs and customers.

Developer Event Announcement
Coming off the recent successful NYC Developer Summit, be the first to hear about our Developer Summit in Europe coming soon… get a sneak peek at our topics built just for Developers

 


Source: Developer Blackberry

BlackBerry Developer Summit Europe: Registration is NOW OPEN!

dev-summit-banner-europe

Registration is now open and space is limited!

Join us at the BlackBerry Developer Summit Europe, March 24th, 2017 in London, UK. Secure your spot to learn and collaborate with the experts behind BlackBerry Enterprise Software, the world’s most trusted solutions.

Whether you are a Customer or a Partner, and are an expert or new to the BlackBerry Dynamics SDK, we have interactive coding sessions that will help build best-in-class enterprise apps to mobilize today’s businesses. This event isn’t designed to just teach, it’s designed to immerse, inspire and allow attendees to create in real time, fueling the possibility for more efficient, productive and creative application development.

During the event, attendees will have the opportunity to have hands-on experience with the newest features and capabilities of the BlackBerry Development Platform, leveraging the BlackBerry Dynamics SDK. Both Beginner and Advanced session tracks available. We also have experts on hand to answer questions on the extended BlackBerry Development Platform.

When:
Friday, March 24th, 2017
9:00 am – 5:30 pm

Where:
Kings Place Events
90 York Way
London, UK

Who Should Attend?
Attendees must be able to write code. Mobile Enterprise Application Developers, Engineers and Architects from BlackBerry enterprise customers and partners.

Why Attend?
The BlackBerry Secure Software Platform is powerful and flexible. Develop feature-rich apps and mobility solutions quickly and securely.

DEVELOP FEATURE-RICH MOBILITY SOLUTIONS
The expanded BlackBerry development platform augments the world class mobility capabilities of BlackBerry Dynamics for building secure apps, by adding tools for BlackBerry Unified Endpoint Manager (UEM), BlackBerry Workspaces, BlackBerry Enterprise Identity, BlackBerry 2FA, BBM Enterprise Services and BlackBerry Analytics. This collection of tools offers opportunities for developers to expand their scope, focus on driving business value and enhancing the end user experience by developing feature-rich mobility solutions.

HANDS ON EARLY RELEASES
Get an exclusive first look at BlackBerry’s upcoming releases including an early look at BlackBerry’s  recently released BBM(R) Enterprise Services, the next generation of Secure Communications SDK. This exciting new offering will enable developers to embed secure messaging into their own apps.

STEP-BY-STEP BEGINNER AND ADVANCED TRAINING TO CREATE SECURE ENTERPRISE APPLICATIONS
Whether you’re new to the BlackBerry platform or experienced, we have content tailored to your needs. Participate in hands-on training on the BlackBerry Dynamics SDK with iOS® or Android™ and learn more about the Cordova™ and Xamarin™ development frameworks.

NETWORK AND COLLABORATE
Share your project with top architects and engineers of BlackBerry’s development platform. You will also have a chance to collaborate with your peers to explore ideas and discuss solutions to common challenges.

See you in London!

REGISTER HERE


Source: Developer Blackberry

BlackBerry Dynamics Cordova Plugins released!

BlackBerry Dynamics SDK for various platforms was released recently and included are some great improvements to our Cordova support!

Previously a script called gdEnableApp.sh was used to “enable” Cordova based apps. While it got the job done well, it could at times prove to be a challenging process. Today that has changed.

Introducing: BlackBerry Dynamics Plugins for Cordova
The challenge at hand was to integrate the BlackBerry Dynamics tools with Cordova based applications in an easy, familiar way. We decided to leverage the powerful, already existing, Cordova Plugin system which easily allows for managing plugins.

How is the Plugin Approach better?
The plugin approach offers the developer seamless integration of the BlackBerry Dynamics SDK into their Cordova apps using an already familiar command line interface.

Why more than one Plugin?
Unlike the single gdEnableApp.sh script, there are several BlackBerry Dynamics plugins modularized for a different service. This provides the developer more gainular control over what plugins and resources are added to the project.

Although there are several plugins they all depend on one “cordova-plugin-bbd-base” plugin that contains all the basic configurations and as such, is the only plugin that will require the one-time steps during initial setup.

There is also the option to install all available plugins at once by adding the “cordova-plugin-bbd-all” plugin to the project.

With this plugin approach, utilizing the BlackBerry Dynamics features and services couldn’t be easier. Whether you are a veteran developer or new to Cordova, it’s a good time to start discovering the realm of mobile enterprise security using BlackBerry Dynamics.

For more information about the plugins and services check out the documentation at  https://community.good.com/community/gdn/resources/dynamics/downloads


Source: Developer Blackberry

Live Enterprise Developer Webcast Series: BlackBerry Dynamics, BlackBerry Workspaces & the Expanded Developer Website

The value and security behind BlackBerry Dynamics,
Integrating BlackBerry Workspaces into apps
& the new Expanded Developer Website

DATE: January 26, 2017

TIME: 11:00am ET

Register Now

 

New Expanded Developer Website and Resources for the new BlackBerry Development Platform
This collection of new online tools offers the ability for developers to expand their scope, focus on driving business value to enterprise organizations, and to enhance the end user experience by developing secure, feature-rich apps and mobile solutions.

Integrating BlackBerry Workspaces into an application using REST
An overview of the BlackBerry Workspaces REST interface and application integration. Learn how to incorporate secure document sharing and management into your mobile applications.

Why BD Apps matter? Understanding the business value and security behind BlackBerry Dynamics and Secure app certification for Customers and Partners
An overview of BlackBerry Dynamics ISV app certification will be given, including the process and benefits for BlackBerry, ISVs and customers.

Developer Event Announcement
Coming off the recent successful NYC Developer Summit, be the first to hear about our Developer Summit in Europe coming soon… get a sneak peek at our topics built just for Developers.


Source: Developer Blackberry

These events allow to you to share time with other replica watches sale watch lovers as well as learn about what the brands are up to. In the process, you'll get treated to rolex replica sale fabulous dinners, meet celebrities, receive gifts, and feel like a valued customer who the brands really want to rolex replica sale have a relationship with. Depending on where you live and the brands you like to purchase from, these events can be quite frequent, and also really fun. Their value should not be underestimated, and again, if you don't purchase rolex replica sale watches in an "official manner" you'll never be included. Personally, I have to say that while I don't like spending more money than I need to, the value of these above unexpected benefits, in many instances, can make up for the discounts replica watches available at gray market retailers when you want to buy a new watch. In a sense, each time you rolex replica sale purchase a high-end timepiece, you are designating yourself as part of a elite group of replica watches sale people who have the appreciation and resources for luxury items.