Author: Peter Werry

Trusting 3rd Party BlackBerry Apps: What Can They Do?

22 Comments

what hat hacker

BlackBerry Cool has been asking me about what BlackBerry apps can do and recently the notion of malicious applications has come up. In this article, I address what third party apps can do, and how it relates to the safety of your personal data.

The first area to look at are you emails. Emails can contain very private personal information including username/password combinations and if the user isn’t diligent, credit card information. It is possible to listen for incoming messages and pull out their contents, so you should always be cautious of any app looking to alter email permissions. I would have to look more into whether an app can read all of your existing messages that were already on your device before the app was installed. I can’t think of a good use case for this so I obviously haven’t tried it myself.

Username and Password information are commonplace with third party apps. As for stealing 3rd party passwords, it all depends on how the 3rd party app/service is storing things on the device. For example, a developer can listen to framework calls (I won’t divulge how) and check to see what parameters are passed into those calls (for example the identifier that specifies where a password is kept in persistent storage).
Continue reading about what BlackBerry apps can do and the security of your personal data