Using BlackBerry Dynamics and Android Things to Securely Manage a Smart Speaker

Recently, Google announced that they are refocusing Android Things to be a platform for building smart speakers and smart displays. We love using smart speakers, and are excited to see what new and creative devices will emerge from this shift. But after years of working as cyber-security professionals, it’s tough to put all our trust in a voice-enabled device beaming conversations to the cloud. We need to be sure that the OEMs building these speakers are thinking about security first and foremost.

Today, OEMs can use BlackBerry Dynamics to secure smart devices built on Android Things. After reading our first blog post, you should be familiar with the basics of setting up BlackBerry Dynamics and the Android Things framework to secure your IoT applications. Today, we’d like to expand on this topic by showing you a little more of what BlackBerry Dynamics is capable of.

3 essential features that allow BlackBerry Dynamics to secure smart speakers are:

1.     Programmatic Activation and Authentication for devices

2.     Remotely applying app configuration policies

3.     Integration with BlackBerry Enterprise Mobility Server (BEMS)

These are 3 very powerful tools that will enable new possibilities for Android Things applications, by providing the enterprise level of security that BlackBerry is famous for.

Programmatic Activation

When activating and authorizing a regular BlackBerry Dynamics application via BlackBerry UEM, an email and access key are required. However, the majority of IoT devices do not have a graphical user interface to facilitate this process. To get around this, we can use the programmatic activation API. This allows us to automatically activate and authenticate our Android Things application, enabling all the network and application security of BlackBerry Dynamics.

Code Snippet

private static final String FILE_NAME = "access_key.json"; private static final String EMAIL = "Email"; private static final String ACCESS_KEY = "AccessKey"; public ActivationCreds getActivationCredentials( ){ String file_contents = getSettingsFile(FILE_NAME, mContext); ActivationCreds ret = new ActivationCreds(); ret.access_key = checkSettingsFileForKey(ACCESS_KEY, file_contents); = checkSettingsFileForKey(EMAIL, file_contents); return ret; }

public CredentialsHelper.ActivationCreds getCredsFromJSON() { CredentialsHelper credsHolder = new CredentialsHelper(this); CredentialsHelper.ActivationCreds creds = credsHolder.getActivationCredentials(); return creds; }

public void activateFromJSON() { CredentialsHelper.ActivationCreds activation_creds = getCredsFromJSON(); GDAndroid.getInstance().programmaticActivityInit(this,, activation_creds.access_key); }

App Configuration

Next, let’s talk about application policy and configuration. With these features, IT admins and users are able to remotely change variables in their application from UEM. This is done by first uploading a .xml file to UEM that contains the configuration we’d like to change.

For example, if we would like to geofence the device, we could set the longitude, latitude and radius of the geofence to be configurable variables in UEM. When the app config is pushed to the application, the policy can be read by the application to disable the device if it is out of the boundary of the specified geofence.

After our app config file is uploaded to UEM, we just need to write a few functions to get our geofence values. This can be used by a supervisor or dispatch to remotely modify values in the app, or change permissions that any IoT device may require..

Code Sample

private void getFence() { workLongitude = appPolicy.getLongitude(); workLatitude = appPolicy.getLatitude(); radius = appPolicy.getRadius(); } @Override public void onAuthorized() { appPolicy = new AppPolicy(GDAndroid.getInstance().getApplicationPolicy()); getFence(); text_IP.setText("Checking Geofence Coordinates"); new getIPAsyncTask().execute(); }

BEMS (BlackBerry Enterprise Mobility Server)

Say our device has a few extra sensors on it that are collecting temperature and pressure. We can collect this info in a log, and then upload the file securely to our BlackBerry Enterprise Mobility Server (BEMS). Once the logs have been uploaded to BEMS, the files can be made accessible to authorized users. This has nearly limitless application in the IoT space, as it can be applied to any devices or applications that needs to securely log information. 

public void uploadLogs() { //Ensure there is a known server to connect to. if (!hasDocsService) { Log.e(TAG, "Error! BEMS Docs Service is not configured."); } else { //Upload the log file through BEMS. //Use the first BEMS Server found. String server = docsServers.get(0).getServer(); //Request a GD Auth Token used for authentication with BEMS. GDUtility util = new GDUtility(); util.getGDAuthToken("", server, this); } }

For an example of all of these APIs in action, check out our IoT sensor example on BlackBerry’s Github page. You can also get access to the latest features and improvements to our tools on the BlackBerry Developer site. For all other comments and questions, check out the BlackBerry Developer Forums. Thanks for reading and happy coding!

Jeff J.

About Jeff J.

As a part of the Enterprise Solutions Team, I work to bring the latest BlackBerry software and security features to life on the Android platform.

Mark Sohm

About Mark Sohm

Senior Technical Solutions Manager on the Solution Architects team.

Mark Sohm joined BlackBerry in 2003 and currently works as a Senior Technical Solutions Manager on the Solutions Architects team. Mark Sohm has been helping developers create applications using BlackBerry technologies for over 15 years, starting way back with the very first BlackBerry JDK on BlackBerry OS 3.6 through to BlackBerry 10 and now Android with BlackBerry Dynamics and Android Enterprise.

Eliot Boyd

About Eliot Boyd

At BlackBerry, I focussed heavily on mobile development and IoT. I am passionate about Android, Android Things, and Node.js.