BB10 Security question

**barnyr** · 01-31-2013, 06:38 AM

I wonder if someone could point me to a BB10 security whitepaper? WP8 has a whitepaper that discusses security on the phone, and addresses my specific issue which is separation of apps and app data. Quote from that WP8 document "Isolation. No communication channels exist between apps on the phone other than through the cloud. Apps are isolated from each other and cannot access memory used or data stored by other applications, including the keyboard cache."
I understand that running BES10 would allow for IT control over the enterprise section of the device. I am not going to force BES10 on my IT dept for the few BB10 users we may have, unless Office 365 is going to include BES10 as part of their service (I haven't heard anything on this topic to date). The current issue for me is can I be confident that some developer with bad intent can't get a facebook app on BB app world which can access a user's email without authorization?

**Sith_Apprentice** · 01-31-2013, 06:40 AM

How the BlackBerry 10 OS uses sandboxingto protect app data

The BlackBerry 10 OS uses a security mechanism called sandboxing to separate and restrict the capabilities andpermissions of apps that run on the BlackBerry 10 device. Each application process runs in its own sandbox, which is avirtual container that consists of the memory and the part of the file system that the application process has access to at aspecific time.Each sandbox is associated with both the app and the space that it is used in. For example, an app can have one sandboxin the personal space and another sandbox in the work space; each sandbox is isolated from the other sandbox.The BlackBerry 10 OS evaluates the requests that an application's process makes for memory outside of its sandbox. If aprocess tries to access memory outside of its sandbox without approval from the BlackBerry 10 OS, the BlackBerry 10 OSends the process, reclaims all of the memory that the process is using, and restarts the process without negatively affectingother processes.When the BlackBerry 10 OS is installed, it assigns a unique group ID to each app. Two apps cannot share the same groupID, and the BlackBerry 10 OS does not reuse group IDs after apps are removed. An app's group ID remains the same whenthe app is upgraded.By default, each app stores its data in its own sandbox. The BlackBerry 10 OS prevents apps from accessing file systemlocations that are not associated with the app's group ID.An app can also store and access data in a shared directory, which is a sandbox that is available to any app that has accessto it. When an app that wants to store or access files in the shared directory starts for the first time, the app prompts the

user to allow access.