Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Adobe AIR Development

Reply
Highlighted
Contributor
Posts: 22
Registered: ‎12-17-2010
My Device: Not Specified
Accepted Solution

SharedObject Security

Hello List!

 

Does anybody know how the SharedObject is implemented in the Playbook SDK? My basic question is ... is it possible to access the persisted objects of "foreign" apps? How could we treat security relevant information then, is there a concept?

 

Cheers

Marco

New Developer
Posts: 27
Registered: ‎12-11-2010
My Device: Not Specified

Re: SharedObject Security

As far as I can see it uses the standard AIR model. You can't legitimately access others apps private storage but anyone who stole a device and rooted it probably could quite easily. I don't think its been decided whether there will be shared storage but I'd be surprised if there wasn't.

 

You can't use the encrypt local storage/shared objects function but you can encrypt SQLite databases using the inbuilt AIR functions.

 

So if you're worried about security, perhaps because you're storing passwords the easiest method is to use encrypted SQLite.

Contributor
Posts: 22
Registered: ‎12-17-2010
My Device: Not Specified

Re: SharedObject Security

I tried the SharedObject functionality using the simulator and it worked great :-)

So I assume that there will be the same functionality (hopefully) in the final product as well, because many apps rely on it :-)

New Developer
Posts: 27
Registered: ‎12-11-2010
My Device: Not Specified

Re: SharedObject Security

 


germama wrote:

I tried the SharedObject functionality using the simulator and it worked great :-)

So I assume that there will be the same functionality (hopefully) in the final product as well, because many apps rely on it :-)


You can't encrypt the SharedObject (or actually I think the encryption is on the level of the apps storage) though.

 

Developer
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: SharedObject Security

I believe apps will be protected from other apps reading their data. I expect the way they'll do that is to create per-application userids on-the-fly as apps are installed, and to make sure their application and application storage directories are not readable by other users. This should all be transparent to us, other than if we try to read other app's files in our app. Although in the simulator everything is currently running as "root", I'm sure that won't be the case in the released product. In fact, the next SDK could even fix that... we expect it to be released "real soon now".

Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
BlackBerry Development Advisor
Posts: 417
Registered: ‎10-27-2010
My Device: PlayBook

Re: SharedObject Security

That is correct. Apps would be running in their own sanbox as it own user and cannot read or write data of other apps. They can write and read data from shared folders though.

You have to explicetly share the files in this case.

Which should be done using Air API, but I don't know the details.