Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® World™ Development

Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.

Posts: 1,269
Registered: ‎12-29-2010
My Device: PlayBook, Z10 LE, Dev Alpha C

Thoughts on permissions and shared storage




I was just reading a blog story about "The top 10 apps to load on
your new Z10", and went to look at the BlackBerry World page for one of
the apps that I hadn't seen before. I just happened to notice one of the
most recent reviews giving low ratings and complaining that the app was
requesting permission to access all the user's documents, even though
the app was narrow enough in focus to only be applicable to particular
types of documents. The reviewer probably did not realize that this was
not the fault of the app developer, but rather a result of how
application sandboxes and permissions are set up.


To me this looks like an opportunity for BlackBerry to improve the
sandbox system. Currently if say a music app wants to be able to index
your music collection, it "needs", as far as BB10 is concerned, to be
able to access your photos and documents, even though the app has no
functionality to do anything with such files.


What if instead the sandbox system could have more granularity, to say,
grant access only to a particular subdirectory of shared access area
and/or only to particular types of files? In the case of the music app,
it probably only really needs access to audio files and read/write
capability for preferences and playlists.


Additionally, a single level of granularity for shared access is an
avenue for spear phishing attacks. The victim has sensitive information
in their shared storage area, and downloads an innocent enough looking
app that "needs" shared access, and because access to the shared area is
all or nothing, they grant access, trusting the app, and off goes their
sensitive information to someone with nefarious intent.