Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Developer
Posts: 10
Registered: ‎09-10-2009
My Device: Not Specified

How secure is embedded content?

I was wondering how secure is any embedded content within an app, such as a picture or video.  Specifically, can someone easily copy the file from your app to their computer?  I'm not talking about screenshots and stuff, but can a user extract the file itself?  I'm guessing a hard core hacker can get anything they want, so let's say a mischevious person :smileywink:
Developer
Posts: 905
Registered: ‎02-07-2009
My Device: BlackBerry Torch 9800
My Carrier: Globe Telecom

Re: How secure is embedded content?

are you referring to the images in a third party app like for example splash screen? if yes, there's no way for other users to extract that image programmatically, not that i'm aware of.  unless your application displays a content which is in the phone memory or media storage and can be visible using the RIM's file explorer. 

 

usually when you add a picture in your project it is included in your compilation.  

Developer
Developer
Posts: 324
Registered: ‎05-26-2009
My Device: Not Specified

Re: How secure is embedded content?

Depends on how you have embedded your content. If you simply copy content as unencrypted files on memory card or device memory then anyone who knows how to use blackberry email would be able to access your content and redistribute it.

 

 

New Developer
Posts: 10
Registered: ‎09-10-2009
My Device: Not Specified

Re: How secure is embedded content?

Thanks, I guess my next job is to read up on encrypting files.  The files would be in the application bundle (like a home screen image, etc), so I don't think that those get stored on the BB as separate files.  But maybe an embedded video would be stored separately?
Developer
Posts: 905
Registered: ‎02-07-2009
My Device: BlackBerry Torch 9800
My Carrier: Globe Telecom

Re: How secure is embedded content?

Yup they are not stored as a separate file. Embedded video i think will be stored separately because of the effect it will bring on the application. given videos usually are large in size. 
Developer
Posts: 84
Registered: ‎09-21-2008
My Device: Not Specified

Re: How secure is embedded content?

It is probably pretty trivial to extract embedded resource files out of the cod files, I wouldn't add anything to the files that you really do not want people to get their hands on. I include an xml file as a resource in my application and I can find the text from that file directly in one of the cod files, not encrypted or anything just plain text. Im sure with the specification of the COD file it wouldnt be too difficult to build a resource extractor from cod files, without the spec a bit of reverse engineering, but still not very difficult since the data is just sitting in the cod file waiting to separated out. 

 

You can do a test yourself, just open up one of your cod files with any hex editor and you will see the included files in there somewhere, easiest to see how insecure it is if you include some sort of text file and search for the text contained in that file. 

 

Bottom line, don't store anything too sensitive in the cod file itself.. Images probably are not worth it, but if there is sensitive data you need to include in the cod file, you might consider encrypting it and decrypting it on the device.. Even this is not 100% secure since you will have to have the encryption defined somewhere in the code to decrypt the file, but it would make a bit more difficult to separate out the data. 

 

 

New Developer
Posts: 10
Registered: ‎09-10-2009
My Device: Not Specified

Re: How secure is embedded content?

Thanks for the insight knight.  I appreciate others' experience and advice to help me make good decisions. :-)
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: How secure is embedded content?

Although third-party applications cannot read the full binary contents of modules (including their own), I wonder whether it still is possible to read the built-in resources (those packaged inside modules/CODs) of other applications programmatically. I haven't tried this myself, but I suspect all you need is obtain a reference to a Class object coming from the target module (e.g., Class.forName()) and invoke Class.getResourceAsStream().
Highlighted
Developer
Posts: 19,636
Registered: ‎07-14-2008
My Device: Not Specified

Re: How secure is embedded content?

Agree completely with knight9 and see the same myself.  Like klyubin, I can see no reason why I would not be able to get the resources in any cod on the device, if I know its full name.  So embed stuff with caution.