The accepted wisdom made famous by initiatives such as Microsoft’s Security Development Lifecycle (https://www.microsoft.com/security/sdl/), SafeCode (http://www.safecode.org/), BSIMM (http://bsimm.com/), and similar is that in regard to software security an ounce of prevention is worth a pound of cure (if you work in imperial measurements still). In other words, if security is considered earlier in the development lifecycle you can significantly reduce the likelihood of finding issues late in the cycle, or worst-case, after release. Although this approach should begin in the requirements and design stages, consideration during development is equally important and thus this chapter.

In this chapter you look at how to write secure BlackBerry applications from a development perspective. To develop applications in a secure manner, understanding the features that you can implement is important from the outset so that you take the corresponding security and API selection considerations into account during development.

This chapter first looks at how to secure BlackBerry OS Legacy applications before looking at BlackBerry 10 native, Cascade, and HTML and JavaScript applications. It does not cover BlackBerry 10 Adobe AIR–based apps because support for it is depreciated in 10.3.1.

Securing BlackBerry OS 7.x and Earlier Legacy Java Applications

As you write BlackBerry OS 7.x and earlier legacy (or BlackBerry classic) applications in ...