[heskech]

I have just been "issued" a corporate BlackBerry (7290 v4.0/OS, BES 3.6x), would like to retire my Treo600 so that I only have one device, but have found out that my company disables the loading of third party software purely for security reasons. Because I have software functionality on my Treo600 that I find useful and can't load a suitable replacement onto my BlackBerry, I don't really want to retire my Treo.

My IT department tells me that as long as the application is signed by RIM, I can install it. I'm told this ensures the application has been accepted by RIM to be secure, virus free, etc. and, more importantly, meets our IT security requirements.

I have two questions on this:
(1) If third party applications don't access the controlled APIs (runtime, Blackberry application, Blackberry cryptography, or Certicom cryptography), how could a third party application present a security risk?
(2) If applications are so easy and inexpensive (100 USD) to sign, why don't more aftermarket software vendors sign their applications? Wouldn't this amount to more revenue for them?
(3) Can someone please provide a list of aftermarket applications that are signed by RIM? I haven't been able to find one.

Thanks.

[Mark Rejhon]

There's several levels of signing

(1) RIM applications signed by RIM (highest security)

(2) Signed by third party through RIM's server (medium-high security)

(3) Unsigned (no protected API's) (medium-high security)

[heskech]

Quote:

Originally Posted by Mark Rejhon

There's several levels of signing

(1) RIM applications signed by RIM (highest security)

(2) Signed by third party through RIM's server (medium-high security)

(3) Unsigned (no protected API's) (medium-high security)

Ok, so unless I'm misinterpreting our internal IT, an aftermarket application vendor may choose option (1), (2), or (3) with Option (1) being the highest level of security. Please correct me if this is not the case.

If the IT policy is configured to disallow installation of 3rd party applications, only applications signed under option (1) may be installed. Is this true?

Finally, if Option (1) is available to an aftermarket vendor, why wouldn't this option be the default for any vendor looking to maximize software revenue assuming cost of signing is insignificant and the vendor's application is, in fact, secure? Isn't option 1 the most inclusive?

Thanks.

[Mark Rejhon]

BlackBerries are among the most secure cellphones -- currently nearly impossible to have a computer virus on them. You won't get a Bluetooth virus on it like with some other cellphones. The government is a major customer. Even the CIA is impressed (disassembly and attempting to read the chips directly, failed). RIM wants to keep the government a good customer.

Option (1) would require the third party vendor to pay many thousands of dollars to RIM to look at the code line-by-line to ensure that it wasn't doing anything fraudulent.

Option (1) is a very, very, very low level system that is dangerous for computer viruses, etc. A rogue coder could, for example, put in a backdoor in the source code, without the software company's knowledge. (It has happened before with PC based applications -- including a videogame containing a keylogger-type security hole in the past because of a rogue coder!)

Option (2) gives reasonable amount of API control, while keeping most of the rest of the operating system secure. Since RIM doesn't even need to *look* at the source code (it's all done automatically and cryptographically), the signed key costs only $100. It also kind of encrypts the software against espionage and hacking.

There might even be an option (1.5) that's in between the two in terms of security, a compromise of sorts. Not 100% sure.