Protect persistent objects from access by unauthorized applications

by Retired ‎06-15-2010 10:06 AM - edited ‎09-16-2010 03:05 PM (12,106 Views)



This article applies to the following:


  • BlackBerry® smartphones based on Java® technology





BlackBerry smartphone applications can use the PersistentStore class and PersistentObject class to store data in flash memory. This data is persistent, meaning that it continues to exist across BlackBerry smartphone resets.


Objects that are stored using the PersistentStore are identified by a unique key, which has a value that is of primitive type long. To retrieve an object from the PersistentStore, the key that was associated with the object when it was stored must be supplied in method calls, as shown depicted in the following code sample:



long key = 0x52834c0559055c3L;
PersistentObject rec = PersistentStore.getPersistentObject(key);
String stored_value = (String) rec.getContents();



Unless precautionary measures are taken, any application on the same BlackBerry smartphone that has access to this key value can access the associated PersistentObject.


In some cases, this situation is acceptable and you can use this approach to share data between applications. In other cases, it might be necessary to restrict access to only specific, authorized applications to maintain the privacy of the stored information. Relying on the key value being unknown does not provide adequate privacy for stored information.


The BlackBerry Java API has included the ControlledAccess class since BlackBerry® Java® Development Environment (BlackBerry JDE) 3.6.0. You can use this class, in conjunction with a key generation and key signing procedure, to restrict access to data in the PersistentStore to specific, authorized applications.


To restrict access the PersistentStore data, complete the following steps:




  1. Wrap the PersistentObject in a ControlledAccess object, which is associated with a signing key that is created using the BlackBerry® Signing Authority Tool.
  2. Sign applications that require access to the protected data using the same signing key that protects the data.


The remainder of this article uses three applications to illustrate the detailed steps to achieve this result.

The procedure is performed in two stages:



  • Applying Protection
  • Granting Access


Applying protection

To protect objects that are stored in the PersistentStore from unauthorized access, complete the following tasks:


Task 1: Create a signing key using the Private Key Administration application in the BlackBerry Signing Authority Tool




If this is the first time that you have started this tool, you must create a key pair. Follow the on-screen instructions until you click the Create Key Pair button.


Task 2: Add your public key to your BlackBerry JDE Plug-in for Eclipse or BlackBerry JDE project


The public key you created in task 1 is a .key file, and is named according to the ID that you typed when you created the key. The public key is stored in the data folder in the BlackBerry Signing Authority Tool installation folder. For example, in a standard installation on a computer that is running Windows®:



C:\Program Files\Research In Motion\BlackBerry Password Based Code Signing Authority\data


If the ID that you specified was MDW then your public key file will be called MDW.key.


In the BlackBerry JDE Plug-in for Eclipse add the key to your development project by dragging and dropping it into your src directory or selecting Add File To Project. The BlackBerry JDE will recognizes the file automatically as a signing key.






Task 3: Use the ControlledAccess class and CodeSigningKey class to protect your data


The following code sample shows how to wrap a data object in a ControlledAccess object, which uses your signing key to protect the data from unauthorized access before storing it in the PersistentStore:


Task 4: Sign the data creation application


To sign the data creation application, complete the following steps:


  1. Sign your application using your standard code signing key as issued by Research In Motion.
  2. Start the File Signer application in the BlackBerry Signing Authority Tool.
  3. Click Browse.
  4. Browse to the location of your application's .cod file, and click the file.



5.  Click the Sign button,




6.  Enter your password and click the Sign button.




Note: You can double-click the .cod file to open the signature tool and display the details of the keys that were used to sign the .cod file.




Granting Access


To allow an application to access the data that is stored and protected by another application, the application that will access the protected data must be signed using the same key that protects the persistent objects.


Use the File Signer application in the BlackBerry Signing Authority Tool as described above to sign this application's .cod file.


In addition, the application must use the same code signing key when retrieving data from the PersistentObject as illustrated below:



long key = 0x52834c0559055c3L;
try {
PersistentObject rec = PersistentStore.getPersistentObject(key);
int moduleHandle = ApplicationDescriptor.currentApplicationDescriptor().getModuleHandle();
CodeSigningKey codeSigningKey = CodeSigningKey.get( moduleHandle, "MDW" );
String b = (String) rec.getContents( codeSigningKey );
Dialog.inform("Read PersistentObject. Value="+b);
} catch (ControlledAccessException e) {
Dialog.alert("ControlledAccessException - not authorised to read this data");






You can test your application using a BlackBerry Smartphone Simulator or a BlackBerry smartphone. To use a simulator, you must configure the BlackBerry® JDE Plug-in for Eclipse® to turn on device security and to delete the BlackBerry Smartphone Simulator's persistent store each time you switch the device security setting.


To turn on device security, complete the following steps:



  1. In Eclipse®, on the Run menu, click Debug Configurations.
  2. Click the profile that you intend to work with.Click the Simulator tab.Select the Enable device security check box



To delete the simulator's persistent store, on the BlackBerry menu, click Erase Simulator File > Erase All.




Additional information



If you try to protect a PersistentObject using a key, but the application that creates and protects the data was not signed by the key, you will get a ControlledAccessException. You might see an assertReplacePermission associated with the exception. If the exception does not appear on screen of the BlackBerry smartphone, the exception might be present in the BlackBerry smartphone’s event log.You might need to turn on Java exceptions in the Event Log Viewer options on the BlackBerry smartphone.


If an application that has not been signed by the key that protects a PersistentObject tries to access the object, you also receive a ControlledAccessException.


You can view details of the signing keys that each application module was signed using by clicking Options > Advanced Options > Applications > Modules on your BlackBerry smartphone and viewing the properties of each module.


In the following screen shot, the MDW key is listed as a Signer Id for the ControlledAccessCreator module:




The application that is authorized to access the protected data also MDW listed lists the MDW key as a Signer ID, while the unauthorized application does not.






Source Code


You can download the source code for the three test applications that are discussed in this article using the link at the bottom of the article.



ControlledAccessCreator Creates a persistent object, protects it from unauthorized access, and stores it in the PersistentStore.
ControlledAccessUnauthorisedUser Attempts to access the object that is protected in ControlledAssessCreator using the appropriate key value and illustrates what happens when an unauthorized application attempts to access protected data
ControlledAccessAuthorisedUser Has been granted the permission to access the protected object using the procedure documented below and is able to access the data as expected



Create a separate project for each application and remember to create a signing key and add the key to the src folder for your ControlledAccessCreator application. You must also change the name of your key file as referenced in the code, from MDW to whatever ID you chose when you created your keys.