12-27-2010 04:29 AM
In 2009 RIM said sth like ...
"... in that our currently Guidelines do not allow certain types of encryption, unless being used for banking purposes, authentication, digital signature or copyright protection.
I cannot comment on applications that are currently available for download from App World, but I do encourage you to submit your application. We review each application on an individual basis, as well we plan to open up the Guidelines with regards to encryption in the coming version of App World."
So I wonder what happens if your app uses HTTPS to transmit data to the cloud? When i submitted my app I saw that I had to answer alot of crypt related questions. Does anybody of you make some experience regarding HTTPS? Has your (blackberry) app been accepted?
12-27-2010 06:02 PM
12-28-2010 03:41 AM
HTTPS/SSL is allowed. You just have to state in the app submission that you're app uses one of these protocols.
01-07-2011 04:32 PM
What about SQLite encryption? Is that allowed? I have an idea for an application that would be password protected, but also I would like to encrypt the local database. Nothing nefarious at all, just protecting the database content. It is a fairly standard practice. I wonder if that falls under allowed encryptions. Anyone have any ideas?
01-07-2011 04:43 PM
Encrypting SQLite is allowed and encouraged. Just note it during your submission.
Thank you, I searched the forum but didn't see it anywhere.
01-07-2011 06:08 PM
I would rather say except for "banking purposes, authentication, digital signature or copyright protection" no data encryption is allowed by vendor guidelines. It is not important if you store an password hash in an SQL, SharedObject or flatfile. Especially in the US there are tough restrictions regarding data enryption algos and key sizes.
Hopefully RIM updates these guidelines soon since those restrictions do not exist like that in other app stores.
03-07-2011 11:13 PM
Is there a good way to encrypt data and pass between PlayBook and PHP on the serverside?
I am looking along the lines of this example for Android: http://groups.google.com/group/android-developers/
Secondly, will RIM reject an app with such a builtin encryption capability? The use case is for secure transmission of data for health/banking app.
Lastly, if there are export restrictions on these cryptographic features, should i restrict the app to US market?