Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Adobe AIR Development


Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.


Reply
Developer
Posts: 123
Registered: ‎03-22-2011
My Device: curve 8900
My Carrier: Rogers

Re: Apps can be extracted from the Playbook?

@peter, I have no doubt in my mind that they know about it but we need to pressure them into doing something about it.

I had a lot of updates I wanted to add into my app and I would like to release a paid version as well but if anyone can simply extract our apps then there's no way in hell I'm going to release anything else on the PlayBook.

Can someone test and see if they can actually sideload an extracted app? I'm guessing since they're already signed, the app will easily be loaded.

I can image someone creating a repository app that will load our apps into the playbook without any effort.
--
Bitbox
Developer
Posts: 278
Registered: ‎10-27-2010
My Device: Playbook

Re: Apps can be extracted from the Playbook?

[ Edited ]

This is a little concerning, though, not truly a surprise.  I am disappointed that this seems to be so easy to pull off.  I hope that RIM pushes out a fix for this soon.

 

I wonder if putting specific air features in your application would break this hack from working in browser.  I believe SQLite only works with AIR.  That should mean that SQLite commands should, in theory, break the application.  It might help to lock down your application by catching errors and using those as a way of ejecting from a normal run cycle.  I am only speculating on this until it can be tested, but I think it should work.

 

I guess you could go simpler and test whether the app is running in the Air environment, or with the Flash Player in a browser.  You should be able to use this as your ejection check.  Again, just mulling possibilities.

 

I am in the testing phase with my paid app...  I wonder if I would better off just keeping that application to myself, or releasing in other markets until this is fixed by RIM.

--------------
kdittyr

Accepted PlayBook Applications:
HDB Converter -- Utilities/Calculators
Developer
Posts: 669
Registered: ‎02-19-2011
My Device: BlackBerry PlayBook 32GB
My Carrier: Sprint

Re: Apps can be extracted from the Playbook?

obfuscation does nothing for javascript. Also: now the only thing left to try would be to rezip the .bbb files with packages in it you didn't buy but got from someone else. If that works the piracy floodgates have been opened in less than 2 weeks...

Staff UI Prototyper (read: full-time hacker)


My BB10 apps: Screamager | Scientific RPN Calculator | The Last Weather App

Highlighted
Developer
Posts: 114
Registered: ‎08-09-2010
My Device: Tour
My Carrier: Bell

Re: Apps can be extracted from the Playbook?

It would appear from this that RIM puts its security efforts into the wrong places.

 

All the stuff that we have gone through in the past couple of weeks with the debug tokens, all the **bleep** that we put up with just to deploy our own apps to our own hardware for the sake of security...procedures that are just plain annoying and getting in the way of productivity. And then we find out this bit of news.

 

Amazing (I have other words instead of that one, but I suppose this is a family-friendly forum).

Developer
Posts: 278
Registered: ‎10-27-2010
My Device: Playbook

Re: Apps can be extracted from the Playbook?

I'd like to hear a reply from RIM before I get too upset over this.

--------------
kdittyr

Accepted PlayBook Applications:
HDB Converter -- Utilities/Calculators
Developer
Posts: 133
Registered: ‎12-02-2010
My Device: Z10 & Dev Alpha C
My Carrier: T

Re: Apps can be extracted from the Playbook?

Wow this is huge security issue RIM! No encryption or security at all!

---------------------------------------------------------------------
Developer of Stocks for Blackberry 10
Developer
Posts: 425
Registered: ‎03-17-2011
My Device: Developer
My Carrier: Telus

Re: Apps can be extracted from the Playbook?

I feel violated! This is a ridiculous oversight.

 

DM backups should be disabled until they can be properly secured by encription. Or apps should not be backed up at all. They can be reinstallrd from AppWorld if necessary.

 

Is anybody at RIM listening?

_________________________
In the dark and need a sky map?
Discover What's up at App World.
Follow What's up on Facebook

Developer
Posts: 246
Registered: ‎12-13-2010
My Device: Not Specified

Re: Apps can be extracted from the Playbook?

[ Edited ]

This is a pretty big security flaw.........

 

 

 

It seems that they can be extracted from Desktop Manager backup files. Why aren't these backup files encrypted?

Developer
Posts: 114
Registered: ‎08-09-2010
My Device: Tour
My Carrier: Bell

Re: Apps can be extracted from the Playbook?

kdittyr, I am all for giving the benefit of the doubt. After all bugs happen, security holes happen, these are things we always have to deal with in the industry.

Problem is, when it comes to RIM, it becomes increasingly hard as time goes by to see where they have earned the benefit of the doubt in any given situation.
Developer
Posts: 249
Registered: ‎11-02-2010
My Device: PlayBook
My Carrier: -

Re: Apps can be extracted from the Playbook?

[ Edited ]

Well, knowing how swf are loaded, this is a normal behaviour I would say: extracting swf is part of the game, like extracting a simple jar file. Also reverse engineering is always possible in all technologies.

All the signing process is there only to protect the PlayBook: only signed stuff can be executed on the PB. But extracted content, as swf, can be run in any FlashPlayer.

-it's up to the dev. to put in place some check that forbid execution if not run on a PlayBook. => this should be provided as a QNX API.

-what also can be "fixed" (asap...) is the "exposing" of swf files in the .bbb files for sure.

-app. can also use "dynamic" license.

-and for reverse engineering... well, it's against the law.

 

 

JC