The core value of this group is to bring developers up to speed with BB technology, concentrating on BB10.Exploring efficiency, beauty and power BlackBerry provides to its users by designing Apps that can be used globally and that improves developers life as it improves community life.
Last night I attended the Tech in Motion Mobile Security Panel Discussion in Chicago. The panelists consisted of Richard Rushing, the Chief Information Security Officer of Motorola Mobility; Andrew Hoog, CEO/co-founder of viaForensics; Amit Shah, the Co-Founder and CTO at Vaporstream; and John Storozuk, Senior Security Product Manager for Product Security at BlackBerry. The panel provided a great diversity in experiences, which made for a very informative panel.
The evening began with Andrew showing just how easy it was to hack an Android phone. The hack began with a phishing email. A phishing email is an email that looks like it comes from a trusted sender and includes a form or a link for the user is to click. Once they click this link, they are taken to the hacker’s web server where the damage begins. From there, the demonstration showed how a hacker could take advantage of known compromises and gain control of the user’s device.
This demonstrated one of the key aspects of mobile security: Mobile Security Begins with You! In the above demonstration, if the user had not clicked on the link, the hackers would not have gained access to the device. As Andrew says: “users need to be the front line of defence”. It is kind of like how home security has progressed. Your parents or grandparents probably didn’t even lock their doors. Security wasn’t an issue. Slowly, people realized they need to secure their homes and began locking their doors. Then they stepped up security again with alarm systems and home monitoring cameras. Your mobile device carries an incredible amount of information about you. It has business information, hundreds of contacts, documents, banking apps, etc. In the wrong hands, this information can be very damaging.
Clearly you can’t put a key lock on your device like you do with your home, but you can put a software lock. Step one in securing your mobile device is to put a power on/wake up password on the device. This does a couple of things for you. First, it makes it harder for thieves to get access to your device if it is lost or stolen. They have to get past the password. Second, if you are using encryption on your device, it enforces that encryption. If your device uses encryption and you do not have a password, you really aren’t using the encryption. Once the device is on and unlocked, the device is decrypted. If you don’t have a password, your device is always in a decrypted state.
Also, if your device allows, use a password that is more than four numbers. A four number password is very easy to hack via brute force (simply trying all combinations). Use at least six characters and, ideally, throw in some letters and symbols. Yes, it is a little more of a hassle to wake up your phone, but if you lose it or it is stolen, you will be much happier knowing the thieves can’t easily access your phone.
The second thing you should do is pay attention to the applications you install and what permissions they are requesting. Many free apps are free because they want access to your contacts or email. When you install the application, it will prompt you to grant these permissions. If you grant those permissions, the application can do what it wants. Say you install a flashlight app and it asks for contact information. If you agree, that company now has all your contacts information. All your friends’ names, email addresses, and phone numbers. Chances are they are going to sell that information or use it for marketing purposes. When installing apps and they ask for permissions, ask yourself why they need those permissions. If something seems wonky (like a flashlight app asking for contact access), don’t install the app.
A third thing you should keep in mind is your connection to the Internet. Wi-Fi® hotspots are popping up everywhere: airports; coffee shops; public parks; etc. But do you really know who is providing that hotspot? A potential security issue exists if you connect to an unknown hotspot. This hotspot could actually be capturing the information you sending. This could compromise your passwords and other vital information. Imagine you hook up to a hotspot while sitting at a park. You might even think how nice it is to have Wi-Fi access at the park. You proceed to log on to little Web Shopping. Bammo! The hacker who set up that Wi-Fi link now has your account information to the sites you logged into and maybe even your credit card information. Also, if you use the same password for all your log ins (which you shouldn’t do), they may have access to your bank account, credit card information, and other highly damaging sites that use the same login/password combination.
What can you do? Simple, never provide sensitive information over public Wi-Fi. This includes Wi-Fi hotspots you know. After all, you can’t be 100% certain their setup hasn’t be compromised. Never connect to unknown Wi-Fi hotspots just like you wouldn’t get into a stranger’s car. When connecting to any public hotspots, if you are asked to create an account, use a pseudonym and a nonsense password. Asking to create an account is a great way for hackers to get username and password information that you may use on other sites. So don’t give it to them. Your connection is going to be temporary, make your identity that way too.
Before you ditch your mobile device all together, remember that it can be simple to keep your device secure. Follow the steps outlined in this article and just keep your wits about you. Remember the age-old wisdom: if it seems too good to be true, it probably is. Mobile security starts with you.
Most of our community is aware that BlackBerry is aligning its developer program with our corporate strategy by placing more emphasis on the development of enterprise and productivity applications. One of the changes we are making to move in this direction is by ending the BlackBerry Jam Zone Rewards Program.
First, we want you to know that we will give everyone one final order per person. And, we’ll add a BlackBerry Z30 and BlackBerry PlayBook to the list of items you can select. This will allow those of you that have accumulated a large number of points to purchase BlackBerry devices. Another option for your outstanding points is to donate them. We know that you value community and sharing knowledge, so we have made arrangements to contribute $1 for every 25 points to local charities that promote programming education. A list of these country charities is below, and for those countries where we have not been able to identify a charity, we will donate the funds to Code Club World and Code.org.
Many of you will be asking if we will replace the program. We don’t have firm plans at this point, but we’ll be looking at new programs that allow us to ship virtual goods or rewards and other ways to support those of you who will be transitioning with us to our focus on enterprise. We value your feedback, and welcome your comments here and @BlackBerryDev as well as participation through the developer forums.
July 24, 2014
All developers with Jam Zone points notified by email that the program is closing.
Each person with points can make one final order and will have until Aug 15, 2014 to make the order.
No additional points awarded.
Aug 15, 2014
All outstanding points converted to charitable donations.
Wrap up blog post identifying charities and donations made.
Here’s the list of countries and the charities we’ve selected:
A Headless application is native code that can run without any UI, with minimal memory and CPU cycles. However, developing a WebWorks application that works together with a headless service is relatively easy. Using this approach means you can still leverage WebWorks for all the main application development, while augmenting the app with a small piece of code that responds to any of the headless triggers, or runs constantly in the background. For me this is really taking advantage of the best of each development approach.
Using the latest WebWorks 2.1 SDK, you can create a new project from a template which includes a headless portion. This will set up an application that you can easily edit to suit your needs. Run this command to do so:
This command will create a WebWorks 2 application with some extra parts to the config.xml file, and a native application project in the HeadlessService folder. The compiled version of this code will be in the www/assets folder, where the config.xml file knows to launch it from.
If you look at the config.xml, you’ll see the definition of two entry points:
Another part of the config.xml sets up the headless application to run when the system starts:
There are lots of different triggers that you can use, and each one is configured through the Invocation API similar to the example. Visit this page on Triggers to see the other options.
I won’t get too much into the sample native code. The project created by the create-headless command can be imported into Momentics so you can edit it. Follow our guide for making headless applications to see what features you can take advantage of.
In this blog post, I’d like to focus on communication between your headless app, and the UI portion. There are really a lot of different ways you might come up with to do this, but a couple nice simple ways are provided for you to start with. The template project uses the Notification API – so it creates a notification in the hub which, when launched, invokes the UI portion.
Another approach is to use the file system. Both the headless and UI parts have access to the same sandbox, making it easy to have the headless app store data there, which can be read by the UI. Our other sample in GitHub uses this approach. The headless portion listens to the accounts on the device and logs message changes in a text file. The UI portion uses the standard HTML5 File API and the blackberry.io plugin to read that file and display the contents.
Headless applications are not able to invoke the UI portion directly, so how you connect the two parts depends on how you need to interact with the user. Notification will allow you to get their attention if you need it, while using the file system will allow you to have content ready for the user as soon as they open the application.
To learn more about creating WebWorks applications with headless components see the documentation on our developer site. Whole new categories of applications should be possible now.