BlackBerry Secure Work Space (SWS) is a containerization solution, which allows enterprises to manage iOS and Android devices. SWS essentially extends BlackBerry security to protect corporate data at-rest as well as data in-transit through the global and secure BlackBerry Infrastructure. Apps in SWS are secured and separated from personal apps and data, providing IT departments the capability to manage a BYOD environment.
SWS Defaults Apps, Partner Apps, and In-House Apps
BlackBerry SWS for iOS and Android includes an integrated email, calendar, and contacts app, an enterprise-level secure browser, a secure document viewing and editing app, and Work Security ID to connect with RSA Soft Token security. Since the announcement of SWS with BES10, our enterprise app catalogue has grown rapidly, offering more trusted apps than any other MDM vendor. Many popular and essential enterprise apps are available for users to download such as Box, Harmon.ie, and WebEx. A full list of apps is available on Enterprise Mobility Marketplace for SWS.
SWS also enables enterprises to develop and deploy secure in-house apps that meet their own set of requirements to protect sensitive business information, and prevent data leakage. The data within the “work space” cannot be copy/pasted, forwarded, offloaded or accessed outside the work space.
All apps deployed in SWS are to be wrapped as shown in a diagram below:
Wrapping an app will secure and encrypt its local data, and facilitate the management of the app. After an app is wrapped, standard network and system calls are intercepted and replaced with secure calls from SWS libraries. For more details of the app wrapping process is described on this blog here.
Developing a Secure Camera App for iOS
We recently developed sample secure camera apps for Android and iOS to show case how to take confidential photos and securely store and share via email in SWS. A secure camera app can be useful in enterprise space to protect sensitive images and prevent data leakage.
To deploy a camera app in SWS on the iOS platform, the app doesn’t need to be rebuilt or require additional source code. However, there are some design considerations to handle images securely. Non-secured camera apps usually store images to “Camera Roll” or “Photos” allowing other apps to access the images via Photo Library. When the camera app is wrapped and deployed to SWS, users won’t be able to save images to the shared photo library. We designed the secure camera app to store images to its local data storage so that images are encrypted, not accessible by other apps, but can be emailed securely as an attachment via Work Connect, . When the app is deleted, all images are removed from the device.
Here are the steps with code snippets:
Step 1: Invoke a built-in camera to take a photo and store the image locally. The photos are not accessible by Camera Roll or Photos on the personal side.
Step 2: Present a list of previously taken photos in the app’s data storage.
Step 3: Display a photo via UIImagePickerConroller class
Step 4: Use “Open In” to transfer the currently viewing photo to Work Connect. When the app is deployed in SWS, Work Connect will be available. For details on how to use UIDocumentInteractionController class, refer to Document Interaction Programming Guide.
After building the secure camera app using Xcode, the app must be wrapped, resigned and deployed to SWS via BES. The details of resigning and deploying iOS apps are described here. SWS is also compatible with iOS8. Once the app is installed in SWS, you should be able to take photos and share them securely without the images being visible on the personal side.
The following screens show when running the secure camera app in SWS.
Left: Images are listed within the Secure Camera app
Right: Images are not listed from the Photos app
Left: Preview an image
Right: When users tab “Open In”, Work Connect is displayed
You can download the complete iOS secure camera sample as well as Android sample from the Secure-Work-Space project on BlackBerry’s GitHub.