DEVELOPERS BLOG

What’s New in the BlackBerry Dynamics SDK for P-Series Release

The BlackBerry Dynamics SDK for Android and iOS v.5.0 (P-series) is now available.  In this release, focus is on developer tool updates, ongoing PKI support and security enhancements including support for Android SafetyNet. Highlights for latest changes listed below.

Changes to Software Requirements

 iOS

  • Xcode 10 and Swift 4.2 support.

Android

  • Android OS is 6.0 support or later. Previously it was Android 5.0 or later.
  • The minimum API level for the BlackBerry Dynamics Handheld Library is now 23. Previously it was 21.
  • The minimum API level for the BlackBerry Dynamics Wearable Library is now 23. Previously it was 21.
  • The Android Wear Emulator API level is now 23. Previously it was 22.
  • The required Gradle plugin version (com.android.tools.build:gradle) is 3.1.4. Previously it was 2.3.2.

Changes to PushChannel

This release adds a new PushChannel constructor to improve infrastructure performance. The previous PushChannel constructor will be deprecated in the next release.  For more information, see the PushChannel Class Reference.

 

PKI Enhancements

SCEP Support

The BlackBerry UEM version 12.10 release adds support for certificate enrollment using SCEP with Entrust and Microsoft NDES for BlackBerry Dynamics apps.  Dynamics apps can use client certificates obtained via the SCEP server for certificate-based authentication, for example to access work mail accounts from BlackBerry Work and internal websites from BlackBerry Access, thus removing the need for users to enter credentials.

  • Certificate is available to all Dynamics apps. Once certificate is enrolled by a Dynamics app, that certificate can be shared by other Dynamics apps on the same device that are allowed the SCEP profile
  • UEM administrators can configure and assign a SCEP profile for BlackBerry Dynamics apps in the UEM management console.
  • Requires upgrade to Dynamics SDK for iOS v.5.0 and Dynamics SDK for Android v.5.0; UEM Server 12.10

For more information, see “SCEP profile settings” in the UEM Administration Guide.

Android Device Based Certificate Retrieval

 The BlackBerry UEM version 12.10 release adds support for the BlackBerry Dynamics Runtime to enroll certificates from a device’s Android key chain instead of getting them from the server. These certificates can be used to sign and decrypt data for SMIME emails and to perform client certificate-based authentication on TLS connections, using private keys that are saved in the Android key chain.

  • UEM administrators can configure and assign a user credential profile to control this behavior.
  • Requires upgrade to Dynamics SDK for Android v.5.0; UEM Server 12.10

For more information, see “Using user credential profiles to send certificates to devices” in the UEM Administration Guide.

 

Security Features

Anti-debugging protection

This feature ensures that a debugger can’t be attached to BlackBerry Dynamics apps built using the updated anti-debugging checks when the Jailbreak/Root Detection policy is enabled.

  • Protects against malicious attempts to add a debugger to deployed BlackBerry Dynamics apps.
  • The feature can be deactivated by switching off root or jailbreak detection in the compliance policies in the UEM or legacy GC management console.
  • When this policy is enabled, the BlackBerry Dynamics Runtime stops the application if a debugging tool such as adb or Xcode debugger is active.
  • Policy can be disabled for those application developers that need to attach debugging tools.
  • Requires upgrade to Dynamics SDK for iOS v.5.0 and Dynamics SDK for Android v.5.0;
  • No server upgrade required – supported via UEM and Good Control

Restrict console logging

This release includes logging changes to provide additional protection against attacks by malicious users.

  • If your app uses the Dynamics Android or iOS SDK v.5.0, generation of console log information will now be controlled by the “Enable detailed logging for BlackBerry Dynamics apps” setting in the BlackBerry Dynamics profile (UEM) or BlackBerry Dynamics security policy (Good Control).
  • If the policy is disabled, the app will not generate console log information. Console logs will only be generated if this setting is enabled, or if the app is running in enterprise simulation mode.
  • This update has no impact on how container logs are generated.
  • Requires upgrade to Dynamics SDK for iOS v.5.0 and Dynamics SDK for Android v.5.0
  • No server upgrade required – supported via UEM and Good Control

For more information about console logs controlled by developers and container logs controlled by UEM or Good Control administrators, see BlackBerry Dynamics Runtime activity log.

Support for Android SafetyNet

This release adds support for Google SafetyNet attestation to test the authenticity and integrity of BlackBerry Dynamics apps.

  • Any Dynamics-enabled application deployed on Android can utilize SafetyNet Attestation to test application integrity and authenticity
  • Requires upgrade to Dynamics SDK for Android v.5.0; UEM Server 12.10.

BlackBerry Dynamics apps must include a new application attestation policy in order to support SafetyNet Attestation check.  For instructions on how to integrate SafetyNet support into your apps, see the BlackBerry Dynamics SDK for Android Development Guide.

You can download the BlackBerry Dynamics SDK for Android and iOS v.5.0 today.

Deborah Critten

About Deborah Critten

Deborah is the Director of Product Management for BlackBerry Dynamics