113 April 2023

GETTING DOWN TO BUSINESS

9 May 2014 Dennis Reumer @reumerd

DroidCon Berlin 2014

BLACKBERRY SECURE WORKSPACE& ANDROID

213 April 2023

CONTENTS• What makes up BlackBerry Enterprise Service 10.1

• BlackBerry 10 Recap

• Universal Device Service + Mobile Device Management

• BlackBerry Secure Workspace for Android and iOS

• Leveraging the Power of Secure Workspace in Your Application

• Deploying an Application to the Secure Workspace

• References

• Q&A

313 April 2023

Best in Class Enterprise Mobility Management

BLACKBERRY ENTERPRISE SERVICE 10

413 April 2023

SERVICE NOT SERVER ?

BlackBerry Device Service

Universal Device Service

BlackBerry Connection Service

BlackBerry Administration Service

BlackBerry Web Services

BlackBerry Management Console

Etc.

513 April 2023

BLACKBERRY ENTERPRISE SERVICEManage:

Users,

Devices,

Profiles

Policies

Group Users to

Simplify and Scale Deployments

Manage Applications

for Users and/or Groups

613 April 2023

BLACKBERRY BALANCEThe Work Perimeter• Secure• Encrypted File Space• Can be Revoked Centrally• Encrypted Connectivity Behind the

Firewall• Push to deliver Real Time Information• Corporate Application Management

713 April 2023

APPLICATIONMANAGEMENTWhitelisted Public ApplicationsLicensed or Corporate Applications

Company Apps Can BeOptional and appear for download,or be Required and pushed silentlyto the user’s device.

813 April 2023

Mobile Device Management on Android and iOS

UNIVERSAL DEVICESERVICE

913 April 2023

• Manage Users and Groups

• Configure Profiles, Policies etc

• Whitelist Applications

• Deploy Corporate Applications

MDM TO ANDROID & iOS

1013 April 2023

MDM TO ANDROID & iOS

1113 April 2023

CORPORATE DATA & BYOD

MDM is Great, but….

• User’s don’t want their personal devices locked down

• Eg. Hide the default camera application, Hide the default web browser, Disable data service when roaming

• Separation of Work and Personal

• Corporate Data needs to be secure at rest and in transit

1213 April 2023

Separation of work and personal data that is secured and controlled

BLACKBERRY SECURE WORKSPACE

1313 April 2023

A separation of work and personal data that is secured and controlled

• Authentication is required

• Data is saved to the secure file system as work data

• Work data cannot be shared outside the secure work space

• Cut / copy / paste is only allowed within the secured work space

• Personal applications cannot access work data

A device work space where applications are secured

• Integrated Email, Calendar, Contacts, Notes* and Tasks

• Secure Browser

• Secure attachment viewing and editing

• Ability to secure enterprise applications

Secure Connectivity

• Provides an AES 256bit secure connection between the Secure Workspace and corporate network via BlackBerry Enterprise Service 10

• All apps provided in the Secure Work Space will use this secure connection, including securely wrapped enterprise applications

• Does not require a 3rd party VPN for Secure Workspace apps

• Uses the port 3101 already configured for communication between BES and BlackBerry smartphones

BLACKBERRY SWS OVERVIEW

1413 April 2023

TITLEHEREWORK CONNECT

1513 April 2023

TITLEHEREWORK BROWSER

1613 April 2023

TITLEHEREDOCUMENTS To Go

1713 April 2023

Leverage Secure Connectivity and Storage for Your Applications

DEVELOPING FOR SWS

1813 April 2023

DEVELOPINGFOR SWS

EMBEDDING OF SDK

• Additional development effort

• Risk: Potential for error integrating the SDK

• Decision on whether the App can be securely deployed during App development.

APPLICATION WRAPPING

• No source modification required:• Saving effort• Preventing error

• Decision on whether the App can be deployed with MDM Admin

1913 April 2023

TRADITIONALAPPLICATIONARCHITECTURE

• Create application

• Interact with API’s and available OS entry points

• Manage all security for data at rest

2013 April 2023

WRAPPEDAPPLICATIONARCHITECTURE• Secure wrapping manages

interaction with system APIs• Compliance• Authentication• Application level controls• Network

• Data encryption using AES 256 for data-at-rest

2113 April 2023

TITLEHEREWRAPPING PROCESS1. Development Team Build and Sign Application

2. Pass to BlackBerry Enterprise Service Administrator

3. Administrator Uploads the Application to BES for Wrapping

4. Wrapped Application is Downloaded

5. Wrapped Application Passed Back to Development Team

Why? -> The Application has been modified in the process and thus requires re-signing

6. Development Team re-sign the application

7. Pass to BlackBerry Enterprise Service Administrator

8. Application Definition Created for Application

9. Added to a Software Configuration

2213 April 2023

WRAPPING PROCESS UPLOAD TO SERVER

2313 April 2023

WRAPPING PROCES WAIT

2413 April 2023

WRAPPING PROCESS DOWNLOAD

2513 April 2023

TITLEHEREWRAPPING PROCESS RESIGNjarsigner -verbose

-sigalg SHA1withRSA-digestalg SHA1-keystore C:\Users\<mich.user>\.android\release.keystore-storepass BlackBerry-keypass blackberrySecureUnsigned.apkandroidrelease

zipalign.exe -v 4SecureSigned.apkSecureSignedAligned.apk

2613 April 2023

WRAPPING PROCESAPPLICATION DEFINITION

2713 April 2023

WRAPPING PROCESS SOFTWARE CONFIGURATION

2813 April 2023

TITLEHERESECURE WORKSPACE REFERENCES• Wrapping for iOS and Android:

• http://developer.blackberry.com/devzone/develop/enterprise/install_android_or_ios_work_space_app.html

• Free Trial version of BlackBerry Enterprise Service 10 for testing:

• http://www.bes10.com

• Example app and resigning script:

• https://github.com/blackberry/Secure-Work-Space

• Administration Guide to the Universal Device Service 10.2.1:

• http://docs.blackberry.com/en/admin/deliverables/62506/BES10_v10.2.1_UDS_Advanced_Admin_Guide_en.pdf

2913 April 2023

Ask now or be forever silent ;-)

QUESTIONS &ANSWERS

K E E P O N M O V I N G .

BLACKBERRY

3113 April 2023

THANK YOU !

Dennis Reumer - @reumerd

linkedin.com/in/dennisreumer

MAY 08 2014

DroidCon Berlin 2014

BLACKBERRY SECURE WORKSPACE& ANDROID