Explaining BlackBerry Security for Developers: IT Policy

How-to

So you’ve had your stroke of genius, you’ve developed the BlackBerry® smartphone application that’s going to sell a million copies on BlackBerry App World™, and you’re ready for your final end-to-end testing on a live device.  You put the application up on your web server, enter the URL into the BlackBerry® Browser, choose the option to download, and then half way through, the download comes to a halt with this message:

“This application does not contain a signature. It might not be from a trusted source. Do you want to proceed?”

Your mind starts racing.  “How are my users going to react?  How do I make this message go away?”

This is the first of a three-part series of blog posts that will outline how consumer applications are handled from a security perspective in the enterprise with BlackBerry Enterprise® Server.  First and foremost, it is important to understand that there are two categories of security to consider: IT policy and application control. In part one of this series, we’ll cover IT policy; in part two, we’ll cover application control; in part three, we’ll talk about code signing and how that affects application development regarding these two categories.

IT policy is a security setting in BlackBerry Enterprise Server that IT administrators in medium-to-large sized organizations use to manage and control employee use of BlackBerry smartphones.  For example, an IT administrator could set an IT policy that allows or prevents use of the camera, phone service, the browser, etc.  IT policy only applies to users who are connected to a BlackBerry® Enterprise Server.

When are you most likely to encounter IT policy? Typically only in organizations that require some level of security.  As an application developer, if you don’t have the time to learn about all of the various IT policy settings that can affect the use of your applicaton within these organizations, then at least take note of the big one: Disallow Third Party Application Download.  How will you know if you’ve run into this setting?  When downloading an application via over-the-air download, users will get the following error:

“Download Failed: 910 Application authorization failure.”

In order to get your application on this user’s BlackBerry smartphone, you’ll need to convince the BES administrator to either relax this setting or white list your application.  The good news is that smartphone users are not likely to encounter this setting very often at all; most administrators will use the default IT policy settings that are set in BlackBerry Enterprise Server, and these settings are application friendly.

For more information on IT policy settings for BlackBerry smartphones connected to a BlackBerry Enterprise Server, please see the BlackBerry Enterprise Server Policy Reference Guide.  Note:  Should you wish to query any IT policy values from within your application, see the javadoc for the ITPolicy class.

Stay tuned for part two of this series!

About Brian Z.

Brian joined Research In Motion (RIM) in 2005 working with Independent Software Vendors (ISVs) who specialize in Bluetooth, GPS, multimedia, and gaming. As a senior member of the Developer Relations Team, it's Brian's mandate to not only support the application development efforts for a number of ISVs, but also to act as a voice at RIM for third party application developers. Like RIM, Brian's roots are in the enterprise world, but over the past couple of years he's quickly adapted to the consumer space, and that's where he spends most of his time today.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus