DEVELOPERS BLOG

Using BlackBerry Dynamics and Android Things to Securely Manage IoT Apps

The internet of things (IoT) is growing at an incredible pace, but something very dangerous is lurking behind billions of smart devices…. unsecured software! At BlackBerry, we have been working tirelessly to save the world from this emerging threat, and to make BlackBerry Dynamics and BlackBerry Unified Endpoint Manager (UEM) the premier solution for IoT security and device management.

How can developers secure their IoT applications?

Today, I’ll talk to you about how you can use BlackBerry Dynamics to secure your IoT application. Using our tools, you will be able to assign policies to your app, track app analytics, preconfigure endpoints with app config, and more! To do this, we will use the Android Things framework, which allows you to use the core Android framework to build software for your IoT hardware. In this example, I installed Android Things onto a Raspberry Pi, but you can use any board compatible with Android Things, plus whatever sensors and accessories you want to play with.

What You Need

 To get started, you will need to meet the following prerequisites:

Securing Your IoT Application

Developers familiar with our SDK will recognize how easy it is to get started with our development tools using the steps below:

  • Open your project and import the ‘gd’ and ‘gd_backup_support’ libraries from the BlackBerry Dynamics SDK
    • In Android Studio, click File -> New -> Import Module, and then enter the local path to the ‘gd’ folder found in the BlackBerry Dynamics SDK (…/BlackBerry_Dynamics_for_Android/sdk/libs/handheld/gd)
    • Repeat the above step for the ‘gd_backup_support’ folder

(…/BlackBerry_Dynamics_for_Android/sdk/libs/handheld/gd_backup_support)

  • Add the modules that you just imported as dependencies to this project by going to File -> Project Structure and then clicking the ‘Dependencies’ tab for your app Module. Click the ‘+’ button to add the gd and gd_backup_support as module dependencies.
  • If you have declared support for your application to participate in the backup and restore infrastructure, i.e. you’ve set the android:allowBackup=”true” attribute in your AndroidManifest.xml file, then include the following line in your manifest under the <application> tag::
<!-- points to rules from support lib for Auto Backup --> android:fullBackupContent="@xml/gd_backup_scheme">
  • If you have declared support for right-to-left (RTL) layouts, i.e. set the android:supportsRtl=”true” attribute in your AndroidManifest.xml file, then include the following line in your manifest under the <application> tag:
<!-- keep higher priority manifest value --> tools:replace=”android:supportsRtl”
  • Create a new Assets folder in your project, and then create a file called ‘settings.json’ within this folder. You can do this by right clicking your app, then selecting New -> Folder -> Assets folder. After the folder is created, right click it and select New -> File -> and then name the file ‘settings.json’. ‘
  • Enter the following information in the newly created settings.json file:
{   "GDLibraryMode": "GDEnterprise",   "GDApplicationID": "com.blackberry.things", //    "GDApplicationVersion": "1.0.0.0" }

*Note that your GDApplicationID must be unique to your application. It is used when registering your app on the BlackBerry UEM console.

  • Add the v7 appcompat library to your project to allow the BlackBerry Dynamics authentication screen to inflate when your app runs. To do this, simply add the following line to your app’s build.gradle file under ‘dependencies’:
implementation 'com.android.support:appcompat-v7:26+'
  • Implement the GDStateListener in your launch activity (flagged in the manifest with the IOT_LAUNCHER attribute) and implement the methods for this interface (you can leave them blank for now, as seen below). Finally, call GDAndroid.getInstance.activityInit(this) from your onCreate() method.


public class MainActivity extends Activity implements GDStateListener { @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); GDAndroid.getInstance().activityInit(this); } @Override public void onAuthorized() { } @Override public void onLocked() { } @Override public void onWiped() { } @Override public void onUpdateConfig(Map map) { } @Override public void onUpdatePolicy(Map map) { } @Override public void onUpdateServices() { } @Override public void onUpdateEntitlements() { } }

And that’s it! You can now manage and authenticate your IoT application using BlackBerry Dynamics. If you have an instance of BlackBerry UEM or BlackBerry UEM Cloud available, you can use the BlackBerry UEM console to assign BlackBerry Dynamics IT policies to the application, and then track analytics plus enable tons of other app management features for your IoT use case.

Geofence Sample

 Now that we’ve integrated BlackBerry Dynamics with Android Things, we will examine an a real-life IoT use-case that makes use of this secured combination. This sample will demonstrate how an IoT device can be ‘geofenced’, granting it certain permissions based on the area it is located. It is worth noting that in this sample the IP address is used to obtain the device’s location (using a BlackBerry Dynamics HTTP request to the ip.api API). In a production use-case, a GPS antenna or something more precise could be used to obtain the device’s location.

 There are a few key elements of the sample we will examine.

1). The Fence



Double workLatitude = 37.285; Double workLongitude = -121.95; Integer radius = 1;

This will act as “the fence” where the permissions will be granted. The workLatitude and the workLongitude will act as the center point and the radius length will determine the area of the circle surrounding the point.

2). The Location



private InputStream getInputStreamFromIpApi(String url) throws IOException { GDHttpClient httpClient = new GDHttpClient(); final HttpGet request = new HttpGet(url); HttpResponse response = httpClient.execute(request); InputStream stream = response.getEntity().getContent(); return stream; }

Here we are using the dynamics GDHttpClient API to create a secured HTTP request to https://ipapi.co/json to get the location information based on our IP address.

3). The Permissions



private void geoCheck(Double distance) throws IOException { if (distance < radius) { Apa102 ledstrip = RainbowHat.openLedStrip(); ledstrip.setBrightness(31); int[] rainbow = new int[RainbowHat.LEDSTRIP_LENGTH]; for (int i = 0; i < rainbow.length; i++) { rainbow[i] = Color.HSVToColor(255, new float[] { i * 360.f / rainbow.length, 1.0f, 1.0f }); } ledstrip.write(rainbow); ledstrip.close(); } else { AlphanumericDisplay segment = RainbowHat.openDisplay(); segment.setBrightness(15); segment.display("EROR"); segment.setEnabled(true); segment.close(); } }

After the distance of the current location is calculated, it is fed into the geoCheck() function, which is connected to the gpio of a Rainbow Hat on our Raspberry Pi (you can swap in whatever peripheral you would like to activate/deactivate with your fence). If your Raspberry Pi is hooked up to a monitor, it will display the current coordinates, city and region of the device, and light up if you are within the geofence or display EROR if you are not.

For the full source code for this project, check out the BlackBerry Github page. You can also get access to the latest features and improvements to our tools on the BlackBerry Developer site. Thanks for reading!

Jeff J.

About Jeff J.

As a part of the Enterprise Solutions Team, I work to bring the latest BlackBerry software and security features to life on the Android platform.