Get Started with BlackBerry Dynamics SDK for Android

Architecture Overview

The BlackBerry Dynamics SDK provides a powerful set of tools to ISV and enterprise developers. It allows developers to focus on building commercial and business apps rather than learning how to secure, deploy, and manage those apps. The BlackBerry Dynamics Platform includes:

• Lifecycle management

• Security and compliance policies

• Secure connectivity to enterprise services

• Secure storage

• Secure inter-app communication

• Application configuration and application specific policies

The simplest way to understand the BlackBerry Dynamics platform is to think of it as three key components: the BlackBerry Dynamics SDK and BlackBerry servers (BlackBerry UEM) connected by BlackBerry Cloud Infrastructre (or Network Operatioons Centre). BlackBerry Dynamics provides the services and architecture to build, securely deploy, and manage apps. BlackBerry UEM includes the BlackBerry Dynamics Secure Mobility Platform and delivers the Enterprise Mobility Management (EMM) solution to securely manage devices.

With the acquisition of Good Technology by BlackBerry, BlackBerry has created a unified product with best-in-class Bring Your Own Device (BYOD), EMM, and Mobile Device Management (MDM) capabilities.

 BlackBerry Dynamics Secure Mobility Platform

The BlackBerry Dynamics (BD) platform consists of BD Runtime, the BD Network Operation Center (NOC), and BD servers.

The BD Runtime is included in every BD mobile app. The runtime has an API that gives the app access to activation, user authentication, secure storage, communication behind the firewall, and much more, all while enforcing security policies on behalf of the organization. To work with the BD Runtime, you need to download the BlackBerry Dynamics SDK for the target platform (iOS, Android, Cordova, React Native).

By including the BlackBerry Dynamics SDK in your app, you will have access to app policies, inter-app communication, secure storage, shared services, authentication delegation, single sign-on (KCD), user and app config information, and much more.

 BlackBerry UEM

BlackBerry UEM is the server component that brings everything together. It merges the best-in-class BYOD functionality of BlackBerry Dynamics with the best-in-class EMM (including MDM) solution. Administrators use UEM to manage users, groups, policies, apps, app configurations, and more.

The BlackBerry Cloud Infrastructure (or NOC) enables secure communication between your BD Runtime app and the BlackBerry Proxy. The BlackBerry Cloud also verifies the validity of user and access keys before data touches your enterprise, in addition to supporting the secure push infrastructure from server-side apps to BD Runtime apps.

UEM includes the BlackBerry Proxy servers as part of the EMM solution. They provide various services to users, devices and apps.

For app developers, you get:

• Security and compliance policies

• Secure connectivity to enterprise services

• App configuration

• App policies

• Secure storage on-device

• Wipe and lock functionality

• Secure inter-app communication

• Application lifecycle management 

BlackBerry Enterprise Mobility Server (BEMS)

The BlackBerry Dynamics platform offers enterprise mBaaS (Mobile Backend as a Service) capabilities. Many of these mBaaS services are implemented in the BlackBerry Enterprise Mobility Server (BEMS). BEMS provides programmatic connectivity through standardized APIs to enterprise systems including Microsoft SharePoint, Microsoft Teams, Microsoft Exchange, Cisco Jabber, Active Directory and more. BEMS provides APIs to invoke services such as push notifications, directory lookups, key value store, document access, IM, and presence. Developers can add these services to apps without having extensive knowledge of how to configure or connect to specific back-end systems of records.

These high quality enterprise back-end services are leveraged by BlackBerry Work, BlackBerry Connect, and other BlackBerry Secured apps. ISV and custom BlackBerry Secured apps can also make use of these services.

A Closer Look at the BlackBerry Dynamics SDKs

The BlackBerry Dynamics Platform provides a range of SDKs and plug-ins, allowing developers to work in familiar environments to build native, hybrid, and web apps. Once apps are built, developers can assume the role of an IT admin to quickly validate the management and distribution of their apps through the BlackBerry Dynamics Platform.

The BlackBerry Dynamics SDK is available natively to major platforms and development technologies including iOS and Android.

In addition, BlackBerry supports cross-platform development frameworks via dedicated BlackBerry Dynamics SDKs for Cordova and React Native.

Security Services

Security Services allow you to address security concerns about making sensitive company information available on mobile devices. You can ensure that the content that is stored on devices, exchanged with resources behind the corporate firewall, or shared between BlackBerry-secured apps is always encrypted. Since the platform uses government-grade device-independent crypto libraries, content is always encrypted. The BlackBerry Dynamics SDK includes support for the following security services:

• Identity & Authorization APIs

• Secure Storage APIs

• Secure Communications APIs

• Secure Inter-App Data Exchange APIs

Mobile Services

Mobile Services allow you to create engaging apps that will improve user productivity. You can reduce development time by using existing services -- no more building everything from scratch! And because the BlackBerry Dynamics Platform is the foundation for all services, government-grade encryption ensures end-to-end security. The BlackBerry Dynamics SDK includes support for the following mobile services:

• Presence Service

• Send Email Service

• Transfer Files Service

• Push Service

• Directory Lookup Service

• Docs Service

• Launch Service

Platform Services

Platform Services make it easy to integrate apps with enterprise infrastructure (e.g., Active Directory, SharePoint, Exchange, Office 365, Lync). Focus on creating innovative apps without worrying about programming for the back-end, server maintenance, or deploying complex infrastructure. Single sign-on, horizontal scaling, HA/DR, VPN-less access to the intranet -- simply building on the current version of the BlackBerry Dynamics Platform enables it all. The BlackBerry Dynamics SDK includes support for the following mobile services:

• Identity & Access Management

• Single Sign-on Authentication

• Reliable App Deployment at Scale

• Secure Access to Corporate Data

• App-Level Controls for IT

Software requirements

See Requirements and support for platform-specific features in the BlackBerry Dynamics SDK Development Guide.

The BlackBerry Dynamics SDK can be integrated into an Android app using Gradle.

In the build.gradle file of the app add the following:

Repositories configuration

repositories {

    // BlackBerry Dynamics SDK repository
    maven { url 'https://software.download.blackberry.com/repository/maven' }

    // other repositories
}

Dependencies configuration

// Adjust this value according to the latest version available on the BlackBerry developer website
def dynamicsVersion = '11.2.0.10'

dependencies {

    // Main BlackBerry Dynamics SDK library
    implementation "com.blackberry.blackberrydynamics:android_handheld_platform:${dynamicsVersion}"

    // Optional libraries of BlackBerry Dynamics SDK

    // To use the secure version of the AndroidWebView
    implementation "com.blackberry.blackberrydynamics:android_webview:${dynamicsVersion}"

    // Provides support for secure backup if the app uses the feature
    implementation "com.blackberry.blackberrydynamics:android_handheld_backup_support:${dynamicsVersion}"

    // Include this if the app performs SafetyNet or PlayStore attestation flows
    implementation "com.blackberry.blackberrydynamics:android_handheld_gd_safetynet:${dynamicsVersion}"

    // For integration with BlackBerry Protect
    implementation "com.blackberry.blackberrydynamics:android_handheld_blackberry_protect_support:${dynamicsVersion}"

    // For automated testing of UI controlled by BlackBerry Dynamics SDK
    testImplementation "com.blackberry.blackberrydynamics:atsl:${dynamicsVersion}"

    // other dependencies
}

Note: The BlackBerry Dynamics SDK package available in the Downloads section of the BlackBerry developer website contains a convenient folder that contains a Maven-compliant structure so it can be used locally or uploaded to any internal Maven-compliant server; to use it, the URL of the Maven repository in the app's build.gradle will have to be adjusted accordingly.

New App

The easiest way to get started with the BlackBerry Dynamics SDK for Android is to use the BlackBerry Dynamics sample apps that are available in the SDK package.

Perform the following steps to use the apps:

1. Ensure the latest version of the BlackBerry Dynamics SDK is configured for dependency com.blackberry.blackberrydynamics:android_handheld_platform 

2. Edit the GD Application ID to your own in file assets/settings.json 
   Note:  The general form is com.yourcompany.application_name (lowercase only, no spaces, and must not begin with com.good or com.blackberry). The same id can be used for multiple apps on different platforms, such as iOS and Android, so it is a best practice to avoid platform-specific information (example: com.yourcompany.android.application).

3. Build, deploy, and run the app.

Existing App

Add and configure the BlackBerry Dynamics SDK

In order to add the BlackBerry Dynamics SDK into an existing project, perform the actions described in the section "Install & Configure".

Once the BlackBerry Dynamics SDK has been added to the project it needs to be configured, perform the steps below to configure it.

1. Create a file settings.json inside the assets folder for the app project 

2. Set the BlackBerry Dynamics Application ID and BlackBerry Dynamics Version in the settings.json created before.
   
   GDApplicationID
   The general form is com.yourcompany.application_name (only lower case, no spaces, and must not begin with com.good or com.blackberry).
   The same id can be used for multiple apps on different platforms such as iOS and Android. It’s recommended to avoid including the platform-specific information (example: com.yourcompany.android.application).
   
   GDApplicationVersion
   A version number is four parts. Use 1.0.0.0 for the first version of the app with BlackBerry Dynamics SDK
   It is not recommended to change the version often unless it’s required to provide different access to specific users or to differentiate a new app from existing versions of the app due to newly added services.
   
   An example is
   {
    "GDApplicationID":"com.yourcompany.application_name",
    "GDApplicationVersion": "1.0.0.0"
}

3. If the app supports backup it needs to include the dependency com.blackberry.blackberrydynamics:android_handheld_backup_support and the below should be added in AndroidManifest.xml to the application tag 
   android:fullBackupContent="@xml/gd_backup_scheme"

Integrate the BlackBerry Dynamics SDK

Establishing a connection to the BlackBerry Dynamics platform requires the authorization of the end user and the app. There are 2 alternative ways of initiating both authorizations in a BlackBerry Dynamics app:

• Indirect initiation

• Direct initiation

An app can use only direct or indirect authorization initiation, not both. Both mechanisms each require different implementations in the app code. The mechanisms also place different restrictions on classes in the app user interface influencing how they interact with the BlackBerry Dynamics SDK.

Authorization generally includes establishing a data connection to the UEM server infrastructure and to the enterprise that provisioned the end user. In addition, authorization will also include any necessary registration of the device, at the BlackBerry Dynamics Network Operation Center (infrastructure activation), and at the enterprise (enterprise activation).

Authorization may include user interaction. All user interaction that is part of authorization takes place in a user interface that is part of the BlackBerry Dynamics Runtime library, not part of the app.

The authorization API is state-based and asynchronous. The initiation method generally returns immediately. Success or failure of authorization is then notified to the app code later, as a transition of the authorization state. The app should generally wait to be notified of the transition to the authorized state before attempting to utilize any other BlackBerry Dynamics APIs.

Indirect authorization initiation

When using indirect initiation of the authorization flow, each Activity in the app needs to invoke the activityInit API of GDAndroid class and provide an implementation of interface GDStateListener to listen to the events generated by the BlackBerry Dynamics SDK. 

The GDStateListener provides simple state transition notifications. At each state transition, the corresponding callback methods in the application code would be invoked by the runtime. When the user is authorized the method onAuthorized would be called, after that the app could make full use of all BlackBerry Dynamics APIs. There are no limitations on which class can implement the GDStateListener interface.

The activityInit must be called as early as possible in the Activity lifecycle therefore the onCreate method is the best candidate for it.  

The following snippet shows the indirect initiation of BlackBerry Dynamics authorization processing where the Activity is also implementing the GDStateListener; for more advanced scenarios please refer to the documentation of GDAndroid and GDStateAction classes.

Java

public class MyActivity extends AppCompatActivity implements GDStateListener {

    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        // Initiate the BlackBerry Dynamics authorization process
        GDAndroid.getInstance().activityInit(this);

        // rest of Activity initialization
    }

    //GDStateListener method implementations
    public void onAuthorized() {
        // Fictional method calls that require BlackBerry Dynamics SDK APIs
        startSecureDBAccess();
        startSecureAppComms();
    }

    // Additional GDStateListener methods
}

Kotlin

class MainActivity : AppCompatActivity(), GDStateListener {

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        // Initiate the BlackBerry Dynamics authorization process
        GDAndroid.getInstance().activityInit(this)

        // rest of Activity initialization
    }

    //GDStateListener method implementations
    override fun onAuthorized() {
        // Fictional method calls that require BlackBerry Dynamics SDK APIs
        startSecureDBAccess()
        startAppComms()
    }

    // Additional GDStateListener methods
}

Direct authorization initiation

When using direct initiation of the authorization flow, the app must invoke the authorize API of GDAndroid class and provide an implementation of interface GDAppEventListener to listen to the events generated by the BlackBerry Dynamics SDK. 

The event handler would receive all GDAppEvent objects dispatched from the  BlackBerry Dynamics Runtime, which would include an event of type GDAppEventAuthorized when the end user is authorized. After receiving that event, the app could make full use of all BlackBerry Dynamics APIs. There are no limitations on which class can implement the GDAppEventListener interface.

In order to make sure that the app is only used after the user has been authorized, regardless of its state, the API authorize should be called in the onResume method only if the user wasn't already authorized.

The following snippet shows the direct initiation of BlackBerry Dynamics authorization processing where the Activity is also implementing the GDAppEventListener; for more advanced scenarios please refer to the documentation of GDAndroid and GDStateAction classes.

Java

public class LaunchActivity extends Activity implements GDAppEventListener {

    private boolean authorizeCalled = false;

    public void onResume() {
        super.onResume();

        if (!authorizeCalled) {
            GDAndroid.getInstance.authorize(this);
            authorizeCalled = true;
        }

        // Rest of activity initialization here, no use of BlackBerry Dynamics APIs.
    }

    public void onGDEvent(GDAppEvent appEvent) {

        switch (appEvent.getEventType()) {
            case GDAppEventAuthorized:

                // start the app UI if user is authorized
                startMainActivity();
                break;

            case GDAppEventNotAuthorized:

                // reset the authorizeCalled flag so the authorization flow can be started
                // again when the onResume is called
                authorizeCalled = false;
                break;

            // handle other GDAppEventType
        }
    }

    // rest of class code here.
}

Kotlin

class LaunchActivity : Activity(), GDAppEventListener {

    private var authorizeCalled = false

    // Override annotation should go here
    override fun onResume() {
        super.onResume()
        if (!authorizeCalled) {
            GDAndroid.getInstance.authorize(this)
            authorizeCalled = true
        }

        // Rest of activity initialization here, no use of BlackBerry Dynamics APIs.
    }

    override fun onGDEvent(appEvent: GDAppEvent?) {
        when (appEvent?.eventType?.ordinal) {

            // start the app UI if user is authorized
            GDAppEventType.GDAppEventAuthorized.ordinal -> startMainActivity()

            // reset the authorizeCalled flag so the authorization flow can be started
            // again when the onResume is called
            GDAppEventType.GDAppEventNotAuthorized.ordinal -> authorizeCalled = false

            // handle other GDAppEventType
        }
    }

    // rest of class code here.
}

Enterprise Simulation Mode

To run and test any BlackBerry Dynamics app, a BlackBerry UEM server is needed but, with considerable limitations, Enterprise Simulation Mode can be used to test an app without a connection to a BlackBerry UEM server

In Enterprise Simulation Mode, there is no user authentication at the enterprise level, so there will be no communication through the enterprise firewall. If the app requires a connection behind the firewall then a BlackBerry UEM server is needed.

Important: the Enterprise Simulation Mode is not intended for a production environment and it is limited to run on an iOS simulator only.

Although Enterprise Simulation Mode is not suitable for the production deployment of an app, it is useful during development, and for verifying proper execution and behavior when migrating existing apps to BlackBerry Dynamics.

In simulation mode, a valid activation key is not required to open the app because there is no direct communication with BlackBerry Dynamics servers. Communication with the BlackBerry Dynamics NOC, however, continues to take place.

To enable Enterprise Simulation Mode for a BlackBerry Dynamics app, add the following to the Info.plist file:

<key>GDLibraryMode</key>
<string>GDEnterpriseSimulation</string>

To disable it, change the value to GDEnterprise or remove the key altogether.

When a BlackBerry Dynamics app is running for the first time on a target, it needs to be activated with the BlackBerry Dynamics server. In Enterprise Simulation Mode, any email address and any 15-character access key are valid to complete the activation process. After the app is activated, the app will prompt the user to create a password.

The Password Requirements link at the bottom of the screen provides guidance on the required password complexity. When not running in Enterprise Simulation Mode the password complexity is controlled via policies managed by your IT admin through the UEM management console.

Enterprise Simulation Mode presents the following differences from standard enterprise execution:

• [Simulated] will appear in the BlackBerry Dynamics Runtime user interface

• Any email address and activation key will be accepted for enterprise activation

• No information is actually sent to enterprise servers, including the email address and activation key

• The provisioning and policy setup flow is simulated in the UI

• A hard-coded set of security and compliance policies are in effect; authentication is not delegated

• When run on a real device, not an emulator, the app will be wiped

• Attempts to change the mode from GDEnterprise to GDEnterpriseSimulation for an app that is already installed on a device will result in the app being wiped

• No lost-password recovery is available

• Inter-container Communication (ICC) cannot be used, which means that the BlackBerry Dynamics Services API cannot be used

Otherwise, the secure storage, secure communication, and push channel APIs are all available in Enterprise Simulation Mode.

The communication APIs will not be able to connect to any enterprise app servers through the UEM server, although direct connections to enterprise app servers can still be made, if, for example, the iOS Simulator is running on a machine that is on the enterprise network or VPN.

Using BlackBerry UEM server

BlackBerry UEM or BlackBerry UEM Cloud instance is required to perform testing on an actual smartphone or tablet.

Follow the required steps to configure a BlackBerry Secured app for testing in UEM. If you do not yet have a UEM instance in place, you can configure one with a free developer trial license. Click here to generate a trial license and start configuring your server.

Once the servers are in place, continue with the following steps.

1) Configure the app on BlackBerry UEM or BlackBerry UEM Cloud

The first thing to do is to define the app in the BlackBerry UEM 

1. Log in to the BlackBerry UEM management console.

2. Click Apps > New App > Internal BlackBerry Dynamics app entitlements > Next.

3. Specify the BlackBerry Dynamics Entitlement ID and BlackBerry Dynamics Entitlement Version that was set in the Info.plist file. For example, com.mycompany.testApp and 1.0.0.0.

4. Click Add.

Your application will be included in the list of available apps. If you need to provide additional configuration parameters for your app, such as whitelisting servers or configuring an app policy, select your app from the list and configure it as necessary.

Recommendation: Add the Bundle ID to the app’s configuration. This allows the use of Easy Activation, which avoids the requirement of entering an access key when first starting the app. This is also required if your app uses any BlackBerry AppKinetics services.

To add these values:

1. Click the app.

2. On the iOS tab, enter the appropriate value

3. Click Save.

2) Disable Anti-Debug detection

BlackBerry UEM has the capability to prevent debug versions of BlackBerry Dynamics apps from being run. To allow for app development, this must be disabled in the Compliance profile assigned to the user used for testing.

To disable the policy, follow the steps below:

1. Log in to the UEM management console.

2. On the left menu, click Policies and profiles > Compliance.

3. Open the compliance profile assigned to the test user.

4. On the iOS tab, if Jailbroken OS is checked, ensure that Enable anti-debugging for BlackBerry Dynamics apps is not selected.

3) Entitle app users

After an app is registered in a BlackBerry UEM server, users must be entitled to install and use the app. Individual users or user groups can be entitled to an app. For production deployment, it’s recommended to use user groups. When developing or testing, individual users can be used.

To entitle an app to an individual user, follow the steps below:

1. Log in to the UEM management console.

2. Search for and select a user account.

3. In the Apps section in the user profile, click +.

4. Search for and select your app.

5. Click Next.

6. Leave the Disposition as optional (installation will not be forced) and click Assign.

7. Depending on your authentication delegate configuration, you may need to generate an Activation Password that will be used when the app is run for the first time after installation.

To generate a new Activation Password:

1. In the user's profile, under the Summary tab, click Set activation password.

2. In the Activation option drop-down list, click Default device activation.

3. In the Activation password drop-down list, click Set device activation password.

4. In the Device activation password text field enter the password to be used when the app is run for the first time after installation.

5. For development purposes, it can be useful to extend the Activation period expiration to the maximum allowed (30 days)

6. Click Submit.

7. The user receives an email with the credentials and a QR code that can be used to activate the app when it's first run after installation.
   The email sent to the user can be seen also from the UEM console by clicking on the link "View activation email"

8. Install the app to the intended target using the preferred deployment method (including via Xcode).

9. When prompted select an activation type between the ones available 

   • Use "enter credentials" to use email and activation password directly.

   • Use "Scan QR code" if the app is running on a device with a camera and the QR code from the activation email is available to scan even from a screen.

Automated testing of BlackBerry Dynamics SDK

The BlackBerry Dynamics SDK includes the BlackBerry Dynamics Automated Test Support Library (ATSL) to support automated testing for your BlackBerry Dynamics apps.

The library includes helper functions for testing common user interactions in BlackBerry Dynamics apps, such as activation and authorization. The configuration and structure of the library are compatible with the tools offered by Apple for user interface testing.

It makes use of the following components:

• XCTest framework

• Accessibility identifiers

For more information about these components and iOS user interface testing, see Apple Documentation Archive: User Interface Testing.

You can use the BlackBerry Dynamics library and the native library components mentioned above to automate the building, execution, and reporting of your application tests.

Since the BlackBerry Dynamics ATSL is delivered as a framework, you cannot make your own changes to it.

Integrate the BlackBerryDynamicsAutomatedTestSupportLibrary framework

The BlackBerryDynamicsAutomatedTestSupportLibrary framework can be integrated into the test target of a project as any other framework in the BlackBerry Dynamics SDK.

Refer to the instructions in the section "Install & Configure" for detailed steps.

Using the BlackBerryDynamicsAutomatedTestSupportLibrary framework

In the same directory as the test code, create a file credentials.json with content similar to below:

{
    "GD_TEST_PROVISION_EMAIL":"testUser@mydomain.com",
    "GD_TEST_PROVISION_ACCESS_KEY":"activationPassword",
    "GD_TEST_PROVISION_PASSWORD":"passwordForApplication"
}

Note: The fields GD_TEST_PROVISION_EMAIL and GD_TEST_PROVISION_PASSWORD could be hard-coded but if the test operates on a non-activated app then the GD_TEST_PROVISION_ACCESS_KEY must be regenerated before the tests start via the BlackBerry UEM REST APIs or it has to be set manually in the BlackBerry UEM server with an extended validity (set the Activation period expiration to 30 days for example).

If the test doesn't reinstall the app and the app is provisioned, the value of GD_TEST_PROVISION_ACCESS_KEY won't be used as the BlackBerry Dynamics SDK can be authorized simply using the password set during the initial provisioning of the app, taken from the field GD_TEST_PROVISION_PASSWORD.

To use BBDAutomatedTestSupport class in any test, follow these steps:

1. Instantiate the main class AbstractUIAutomatorUtils. This will also load the credentials defined in com.good.gd.test.json
   AbstractUIAutomatorUtils uiAutomatorUtils = UIAutomatorUtilsFactory.getUIAutomatorUtils();

2. Launch the authorization flow with
   assertTrue("Failed to login or provision app", BBDActivationHelper.loginOrActivateApp());

3. Verify that the authorization process was successful and the app main UI is shown with something like
   assertTrue("Dynamics Authorization failed", uiAutomatorUtils.checkGDAuthorized());
assertTrue("Main UI for app not shown", uiAutomatorUtils.isScreenShown(
            "com.myorg.myapp",
            "MainActivityIdentifier",
            Duration.of(PROVISIONING)));

Notes:

• The json file with credentials must be inside the assets folder of the test target and can only be called either com.good.gd.test.json or com.myorg.myapp.json

• Biometric authentication is only partially supported by the BlackBerryDynamicsAutomatedTestSupportLibrary because, by its own nature, it's limited to being tested automatically only on a simulator. successful but the main app UI was not shown")

Notes:

• The json file with credentials can have a different name and/or path, it can be loaded using variants of fetchCredentials() function.

• Biometric authentication is only partially supported by the BlackBerryDynamicsAutomatedTestSupportLibrary because, by its own nature, it's limited to being tested automatically only on a simulator.

The code snippets used in this section are from two Android projects available for download from GitHub. 

Java Samples: Getting Started and Getting Started BD

Kotlin Samples: GettingStartedKotlin and GettingStartedKotlinBD.

Each pair of projects demonstrate the differences between a native Android app and its equivalent app secured with the BlackBerry Dynamics SDK

To see the full details of BlackBerry Dynamics APIs, see the BlackBerry Dynamics SDK API Reference.

Use the BlackBerry Dynamics File System

The secure file system is part of the BlackBerry Dynamics Secure Storage feature. For apps, the BlackBerry Dynamics secure file system behaves like the default file system, with the following differences:

• All data within the secure file system is stored on the device in an encrypted form.

• Directory and file names are also encrypted.

• There is no current working directory in the secure file system. Paths should always be specified as absolute paths, beginning with a / character.

• The secure file system cannot be accessed until the BlackBerry Dynamics authorization processing is complete. For more information, see  authorize  in the GDAndroid class reference.

Encryption and decryption are transparent to the app code:

• File-writing interfaces accept raw data. The BlackBerry Dynamics Runtime encrypts the data and stores it on the device.

• When a file-reading interface is utilized, the BlackBerry Dynamics Runtime decrypts what was stored and returns plain data.

• Path access interfaces accept plain parameters for directory and file names. The BlackBerry Dynamics Runtime encrypts the parameter values in order to create paths in the secure store.

• Directories and file names provided as return values are plain. The BlackBerry Dynamics Runtime decrypts paths in the secure store in order to generate the return values.

The encryption method used by the BlackBerry Dynamics Runtime generally requires that the user has entered a security password, from which an encryption key is derived. For more information, refer to the File I/O package documentation.

From a coding perspective, the BlackBerry Dynamics file system APIs are very similar to the standard Android file system APIs. The changes required are minimal and only involve changing some of the class names used. Comparing the before FileFragment.java  and after FileFragment.java or the before FileFragment.kt  and after FileFragment.kt  files, you’ll observe the following changes:

Java

Update Import Statements

Original

import java.io.FileOutputStream;
import java.io.InputStream;

BlackBerry Dynamics

import com.good.gd.file.FileInputStream;
import com.good.gd.file.FileOutputStream;
import com.good.gd.file.GDFileSystem;

Use GDFileSystem to Open the File for Writing

Original

outputStream = getContext().openFileOutput(FILENAME, Context.MODE_PRIVATE);

BlackBerry Dynamics

outputStream = GDFileSystem.openFileOutput(FILENAME, Context.MODE_PRIVATE);

Use GDFileSystem to Open the File for Reading

Original

InputStream inputStream = getContext().openFileInput(FILENAME);

BlackBerry Dynamics

FileInputStream inputStream = GDFileSystem.openFileInput(FILENAME);

After making these minor changes, the app is now able to securely read and write encrypted files.

Kotlin

Update Import Statements

Original

import java.io.FileOutputStream
import java.io.InputStream

BlackBerry Dynamics

import com.good.gd.file.FileInputStream
import com.good.gd.file.FileOutputStream
import com.good.gd.file.GDFileSystem

Use GDFileSystem to Open the File for Writing

Original

val outputStream: FileOutputStream = context!!.openFileOutput(FILENAME, Context.MODE_PRIVATE)

BlackBerry Dynamics

val outputStream: FileOutputStream = GDFileSystem.openFileOutput(FILENAME, Context.MODE_PRIVATE)

Use GDFileSystem to Open the File for Reading

Original

val inputStream: FileInputStream? = context!!.openFileInput(FILENAME)

BlackBerry Dynamics

val inputStream: FileInputStream? = GDFileSystem.openFileInput(FILENAME)

After making these minor changes, the app is now able to securely read and write encrypted files.

Use the BlackBerry Dynamics SQLite Database

The secure SQL database is part of the BlackBerry Dynamics Secure Storage feature. Data stored in the secure SQL database will be encrypted on the device by the BlackBerry Dynamics Runtime. The BlackBerry Dynamics secure SQL database is based on the SQLite library. Encryption is added by BlackBerry Dynamics transparently to the app. A secure SQL database cannot be accessed until BlackBerry Dynamics authorization processing is complete.

BlackBerry Dynamics apps access the secure database using replacements for the native android.database and android.database.sqlite packages. To access the replacement classes instead of the native classes, change android.database to com.good.gd.database wherever it occurs in the app code.

The replacement packages support the same APIs as the native packages, with the following exceptions:

• The LOCALIZED and UNICODE collators provided by the native android.database.sqlite package are not supported.

• There is an additional function, importDatabase. See below for more information.

• Paths of database files are interpreted relative to the root of the BlackBerry Dynamics secure file system of the app. The root of the secure file system is within the app's data directory. There is no need to utilize functions such as the native getFilesDir to generate database file paths.

For more on using SQLite databases refer to the SQLite package documentation.

If you compare the modifications required for SQLite in the Java before and after samples or the Kotlin before and after samples, you’ll notice that the only changes required are for the import statements. The rest of the SQLite in the app can remain as is. Here are the changes that were made:

Java

Modify Import Statements in ColorDbHelp.java

Original

import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;

BlackBerry Dynamics

import com.good.gd.database.sqlite.SQLiteDatabase;
import com.good.gd.database.sqlite.SQLiteOpenHelper;

Modify Import in SqlFragment.java

Original

import android.database.sqlite.SQLiteDatabase;

BlackBerry Dynamics

import com.good.gd.database.sqlite.SQLiteDatabase;

Kotlin

Modify Import Statements in ColorDbHelp.java

Original

import android.database.sqlite.SQLiteDatabase
import android.database.sqlite.SQLiteOpenHelper

BlackBerry Dynamics

import com.good.gd.database.sqlite.SQLiteDatabase
import com.good.gd.database.sqlite.SQLiteOpenHelper

Modify Import in SqlFragment.java

Original

import android.database.sqlite.SQLiteDatabase

BlackBerry Dynamics

import com.good.gd.database.sqlite.SQLiteDatabase

Use the BlackBerry Dynamics HTTP/HTTPS Connections

This class is an extension of the Apache HttpClient for utilizing BlackBerry Dynamics secure communication. See the BlackBerry Dynamics Communication Package for an introduction to the BlackBerry Dynamics secure communication feature. This class is a subclass of the native com.good.gd.apache.http.impl.client.DefaultHttpClient class and has the same API, with the following exceptions:

• Some SSL certificate validation checking can be disabled for development purposes. This should not be done for production deployments.

• The connection manager associated with a BlackBerry Dynamics HTTP Client instance should always be closed by calling its shutdown() method before the client instance is released or goes out of scope. This ensures that SSL verification can be re-enabled.

• This class is not thread-safe. Use of ThreadSafeClientConnManager is not supported. This class only supports SingleClientConnManager.

• Data communication does not go via the proxy specified in the mobile device's native settings, if any.

• Kerberos authentication is supported.

If the BlackBerry UEM  server has disallowed connections to any server, the address of the destination app server must be registered in the UEM management console.

The HTTP networking section of these samples is based on the Android HTTP network connection sample included with Android Studio. If you have also based your networking classes on this example, the changes to HttpFragment.java are concentrated within a single method. Refer to the before HttpFragment.java and after HttpFragment.java or the before HttpFragment.kt and after HttpFragment.kt for complete code samples.

Java

Update Import Statements

Original

import java.net.HttpURLConnection;
import java.net.URL;

BlackBerry Dynamics

import com.good.gd.apache.http.HttpResponse;
import com.good.gd.apache.http.client.methods.HttpGet;
import com.good.gd.net.GDHttpClient;

Modify the downloadUrl Method

Original

private InputStream downloadUrl(String urlString) throws IOException {
    URL url = new URL(urlString);
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    conn.setReadTimeout(10000 /* milliseconds */);
    conn.setConnectTimeout(15000 /* milliseconds */);
    conn.setRequestMethod("GET");
    conn.setDoInput(true);
    // Start the query conn.connect();
    InputStream stream = conn.getInputStream();
    return stream;
}

BlackBerry Dynamics

private InputStream downloadUrl(String urlString) throws IOException {
    GDHttpClient httpclient = new GDHttpClient();
    final HttpGet request = new HttpGet(urlString);

    HttpResponse response = httpclient.execute(request);
    InputStream stream = response.getEntity().getContent();

    return stream;
}

Kotlin

Original

import java.net.HttpURLConnection
import java.net.URL

BlackBerry Dynamics

import com.good.gd.apache.http.HttpResponse
import com.good.gd.apache.http.client.methods.HttpGet
import com.good.gd.net.GDHttpClient

Modify the downloadUrl Method

Original

@Throws(IOException::class)
 private fun downloadUrl(urlString: String): InputStream {    
    val url = URL(urlString) url.openConnection();
    val conn = url.openConnection() as HttpURLConnection
    conn.readTimeout = 10000
    conn.connectTimeout = 15000
    conn.requestMethod = "GET"
    conn.doInput = true    
    // Start the queryInputStream stream = conn.getInputStream();
    conn.connect()
return conn.inputStream

}

BlackBerry Dynamics

@Throws(IOException::class)
private fun downloadUrl(urlString: String): InputStream {   

    val httpclient = GDHttpClient()
    val request = HttpGet(urlString)
    val response = httpclient.execute(request)
    return response.entity.content
}

Make BlackBerry Dynamics Socket Connections

This class is an extension of the native java.net.Socket class, for utilizing BlackBerry Dynamics secure communication. See the BlackBerry Dynamics Communication Package for an introduction to the BlackBerry Dynamics secure communication feature.

This class offers the same API as the java.net.Socket class, with the exception of the following features that are not supported:

• Out of band data

• Urgent messages feature

• Traffic class

• Server socket methods (such as accept())

• bind() method

• connect (SocketAddress) method

If the app attempts to use an unsupported feature, a java.lang.UnsupportedOperationException is thrown. Only the default constructor is supported. Other constructors, for example those with parameters for proxy or host address, are not supported.

A GDSocket must always be closed by calling the close() method to prevent resource contention. This applies even if the socket was never connected or used. An unused java.net.Socket object can be safely abandoned without the need for an explicit close.

Data communication does not go via the proxy specified in the mobile device's native settings, if any. The getInetAddress() method does not return the address of the connected remote host.

If your BlackBerry UEM server has disallowed connections to any server, the address of the destination app server must be registered in the enterprise's UEM management console.

For more information, see the GDSocket class reference.

Looking at the modifications required for socket connections in the samples, the required changes are almost limited to changing the import statement and class name. There is one other minor modification because the constructor for Socket and GDSocket differ slightly. Refer to the before Socketfragment.java  and after Socketfragment.java or before SocketFragment.kt and after SocketFragment.kt files for complete code samples.

Java

Update Import Statements

Original

import java.net.Socket;

BlackBerry Dynamics

import com.good.gd.net.GDSocket;

Update Class Name and Constructor to use connect Method

Original

Socket socket = null;
socket = new Socket("developer.blackberry.com", 80);

BlackBerry Dynamics

GDSocket socket = null;
socket = new GDSocket();
socket.connect("developer.blackberry.com", 80, 1000);

Kotlin

Original

import java.net.Socket

BlackBerry Dynamics

import com.good.gd.net.GDSocket

Update Class Name and Constructor to use connect Method

Original

var socket: Socket? = null
socket = Socket("developers.blackberry.com", 80)

BlackBerry Dynamics

var socket: GDSocket? = null
socket = GDSocket()
socket.connect("developers.blackberry.com", 80, 1000)

Secure Copy, Paste and AutoFill Operations

Secure Widgets

The BlackBerry Dynamics runtime may secure or block text in transit to or from the clipboard, depending on the policies for data leakage prevention (DLP) policy configured in BlackBerry UEM. The runtime secures text by encrypting it when it is cut or copied to the device clipboard, and then decrypting it when it is pasted from the clipboard.

The BlackBerry Dynamics SDK provides replacement widgets that implement this functionality. Other functions of these widgets remain the same. For an example of their use, refer to the SecureCopyPaste sample project in the BlackBerry Dynamics Android Samples.
 

Basic Widgets
 

• GDAutoCompleteTextView

• GDEditText

• GDEditTextPreference

• GDMultiAutoCompleteTextView

• GDSearchView

• GDTextView

• GDWebView

The classes from BlackBerry Dynamics SDK can be used simply by changing their package from android .widget to com.good.gd.widget
 

AppCompat Widgets

Replacement classes for AppCompat widgets are available, that are subclassed from the AppCompat view classes. These are as follows:

• GDAppCompatAutoCompleteTextView

• GDAppCompatCheckedTextView

• GDAppCompatEditText

• GDAppCompatMultiAutoCompleteTextView

• GDAppCompatSearchView

• GDAppCompatTextView

These classes should be used in any app that uses AppCompatActivity.
 

Automatic Widget Substitution in AppCompat apps
 

Apps using a theme derived from AppCompat can install the provided GDAppCompatViewInflater in their theme as follows:

<style name="AppTheme" parent="Theme.AppCompat">
  <item name="viewInflaterClass">com.good.gd.app.GDAppCompatViewInflater</item>
</style>

This will automatically substitute the following classes in layout files:

Note, however:

• This does not apply to the programmatic creation of widgets, or to JetPack Compose

• SearchView is included in this scheme, but only when the full class name of the AppCompat class is given. The reason for this is that the AppCompat Searchview widget is not a subclass of the base Android class, so the Activity/Fragment code would have to be updated in any case.
   

Use BlackBerry Dynamics ClipboardManager

Copy and paste as well as drag and drop operations can be supported in the original android.widget classes or in other custom fields by making use of  com.good.gd.content.ClipboardManager, which is a replacement for  android.content.ClipboardManager.

For an example of its use, refer to the SecureClipboardView class in the SecureCopyPaste sample project in the BlackBerry Dynamics Android Samples
 

Disable AutoFill

Some apps, such as password managers or keyboards, can learn from and fill out views in other apps. This is a form of data leakage that should be disabled. This functionality is disabled in the com.good.gd.widget.* classes.  It should be disabled in other widgets by overriding the  getAutofillType()  method as shown below.

Java

@Override
public int getAutofillType() {
   return AUTOFILL_TYPE_NONE;
}

Kotlin

override fun getAutofillType(): Int {
  return AUTOFILL_TYPE_NONE
}