[pa4o85]

I want to build application that uses Persistent Store to save the data of the application. I need the best security level i can reach. Do i need to encrypt the data of the persistent store objects or the persistent object model gives this functionality?

[simon.hain]

PersistentObject delivers different possibilities of implementation.
In the basic way everybody that knows your storeKey can access it.
If you include a ControlledAccess-Object you can restrict reading and/or changing the store to clients signed with a certain key.

Without knowing your storeKey the access to the store is not possible

[sn0wshrew]

However, if your objects are not encrypted when you store them, then even if you protect them from other applications that don't have your key, they can still be read in plaintext off the flash memory - so if someone steals your BlackBerry, your application's data is theirs unless you have encrypted it.

You can test this if you turn security on in the simulator. Have your application store some Strings in the persistent store. Then exit the simulator and run a binary string tool such as strings.exe on the file system of the simulator (which is itself a file in the simulator directory). You'll see all the strings that you stored in the output. Now if you encrypt the Strings before you store them and do the same test, you won't find them in the simulator's file system anymore.