However, if your objects are not encrypted when you store them, then even if you protect them from other applications that don't have your key, they can still be read in plaintext off the flash memory - so if someone steals your BlackBerry, your application's data is theirs unless you have encrypted it.
You can test this if you turn security on in the simulator. Have your application store some Strings in the persistent store. Then exit the simulator and run a binary string tool such as strings.exe on the file system of the simulator (which is itself a file in the simulator directory). You'll see all the strings that you stored in the output. Now if you encrypt the Strings before you store them and do the same test, you won't find them in the simulator's file system anymore.
|