BlackBerry Dynamics

March 2019

Quick Into

  • David Fekke
  • Swyft Technology, L.L.C.
  • Chief Mobile Architect
  • Secure Salesforce apps for finance and life sciences

Mobile Threat Vectors

  • Web
  • Mobile Apps
  • IoT Devices

Deploying apps to Enterprise

  • Do your users like carrying around two phone?
  • MDM (Mobile Device Management)
  • BYOD (Bring your own Device)

Current options

  • AppConfig
  • MobileIron
  • Microsoft InTune
  • Maas360
  • BlackBerry Dynamics

BlackBerry Dynamics

  • Supports MDM and BYOD
  • Containerized
  • FIPS AES256 Encryption
  • Jailbreak/root detection
  • Secure Socket Tunnel
  • No need for per app VPN

Good Technology

  • BlackBerry no longer in handset business
  • Security Software and RTOS main business
  • Good acquired by BB in 2016 
  • Good Dynamics renamed
  • Fully integrated into BlackBerry UEM

Server Products

  • Good Control
  • Unified Endpoint Manager (Formally BEMS)
  • BlackBerry Proxy

Dynamics API

  • Secure File Storage
  • Secure HTTP Tunnel
  • AppKinetics
  • BlackBerry NOC

BlackBerry Apps

  • Work (Secure Email and Calendar)
  • Access (Secure Web Browser)
  • Share (Document sharing)
  • Connect (Messaging)

Partner Ecosystem

  • BlackBerry supports 3rd party software
  • Swyft is an ISV partner with BlackBerry
  • Veracode static analysis
  • Our apps offered through BlackBerry channel sales

Adding Dynamics to

your apps

  • Start new Dynamics app from template
  • Add Dynamics to existing code base
  • Use Appdome with APKs or IPAs

Custom App Policies

  • Assign unique app specific policies and settings
  • Can be free text fields, boolean values, checkboxes and drop down lists
  • Can set default values
  • Should default to most secure option

Implementing

  • Just adding Dynamics does not make your app secure!
  • Find any place where you write/read to the file system
  • Make sure any remote calls use at least TLS 1.2
  • Use HTTP APIs to use secure socket tunnel and NOC
  • iOS NSHTTPSession
  • Android either GDSocket or GDHTTPClient
  • A Secure SQLite comes with Dynamics

Entitlement

  • Every app needs a Entitlement ID
  • Entitlement version, i.e. 1.0.0.0
  • Entitlement will be the same across operating systems
  • Set in info.plist and settings.json on Android

Language Support

  • Cordova iOS/Android
  • Objective-C/C/C++/Swift on iOS
  • Java/Kotlin on Android 

Demo

Questions

Resources

  • https://github.com/davidfekke/blackberrydynamicsexample.git
  • https://www.blackberry.com/us/en/products/apps/blackberry-dynamics

Contact

  • David Fekke at gmail dot com
  • twitter: @davidfekke
  • skype: davidfekke

BlackBerry Dynamics

By David Fekke

BlackBerry Dynamics

These are the slides for David Fekke's security presentation on BlackBerry Dynamics to the OWASP user group.

  • 960