Know thy permissions; Know thy BlackBerry.
Just about every time you install a new application on your BlackBerry, you're asked to set permissions. Long ago, Research In Motion decided that only the BlackBerry end user would be able to decide how apps would interact with the smartphone. Unlike some other device creators, there are no code signing or other workarounds to granting the permissions. Only the user or the BES administrator can choose to allow permissions.
Without certain permissions, your new app will not run on your BlackBerry. But what permissions should be granted? Should you give Trusted Application status to your newly installed program? Should I give it access to my personal data? These are important questions to ask.
Permissions - In three categories
There are three main categories of permissions: Connections, Interactions, and User Data. The Connections permissions deal with how the BlackBerry can communicate to the outside world. USB, Bluetooth, and Wi-fi permissions are all in the category. Interactions cover the permissions an app would need to access the "internals" of the smartphone. Media, recording, and that mysterious "Security Timer Reset" are all included in the category. Finally, the User Data permissions include permission to access email, sms (text) messages, contacts, calendars, and the files on your BlackBerry.
When you first run an application, you'll be prompted to set the permissions to allow the app to interact with your BlackBerry. All permissions have a default setting, but some apps will need more authority than that. You'll be asked whether to grant Trusted Application status and possibly to grant more permissions in a later screen. You should be aware of what you're allowing on your phone and only grant the permissions that you know the app will need.
When an application asks for permissions, it usually doesn't tell you exactly what is needed and/or why. Although there is simple code for explaining why a permission is needed, most developers do not use it. If you're unsure as to why an application needs permission, don't grant it. If it is needed later, the app should prompt you again. If not, you can still change the app's permissions.
Permissions are set individually to each application. To change them, you'll need to edit permissions for your app. Many permissions can be set to Allow, Deny, or Prompt; though some cannot be set to Prompt. Setting a permission to Prompt just means the application will ask you if it's okay to use a resource (such as location data) if and when it needs to.
*Bolded options are the default BlackBerry options
- USB: Allow/Deny access to use the USB port for data transfer
- Bluetooth: Allow/Deny access to use Bluetooth communication
- Phone: Allow/Deny/Prompt for the ability to make phone calls and access call logs
- Location Data: Allow/Deny/Prompt for the ability to access GPS and cell-tower location information
- Internet: Allow/Deny/Prompt for access to the internet through your wireless service provider (Verizon, Rogers, O2, etc.)
- Wi-Fi: Allow/Deny/Prompt for access to the internet through Wi-Fi
- Cross Applications Communications: Allow/Deny the app's ability to communicate with other applications on the device
- Device Settings: Allow/Deny/Prompt for the ability to turn off the BlackBerry and to change other device settings, such as display options
- Media: Allow/Deny/Prompt for access to media files, such as videos and music
- Application Management: Allow/Deny the ability for the app to add or delete modules and get information like module names and version numbers
- Themes: Allow/Deny the ability for the app to be a source of customized themes
- Input Simulation: Allow/Deny the app to simulate actions like pressing a key
- Browser Filtering: Allow/Deny the app to register a filter than can change, add, or delete internet data before it displays in the browser
- Recording: Allow/Deny/Prompt the ability for the app to record audio and video data
- Security Timer Reset: Allow/Deny the app to change the length of time that your phone stays unlocked after you stop using it
- Display Information While Locked: Allow/Deny the app to display information while the phone is locked
- Email: Allow/Deny the app to access email, SMS (text) messages, MMS ("texts" with video/pictures) messages, and PIN messages
- Organizer data: Allow/Deny the app to access contacts, calendars, tasks, and memos
- Files: Allow/Deny the app to access files stored on the device
- Security Data: Allow/Deny the app to use keys and certificates in the key store
Trusted Application Status
Most apps will ask for Trusted Application status as soon as you first run it. Trusted Applications simply set a variety of permissions to allow, and makes it easier to start using applications that you trust. My recommendation is to avoid doing this. Only applications that you truly trust should be granted this option. Granting this status does nothing more than set some permissions. You can always change it later.
TA Status sets all permissions to Allow except:
- Security Timer Reset and Recording are set to Prompt
- Input Simulation, Browser Filtering, and Display Information While Locked are set to Deny
Permissions in OS6
While Research in Motion's goal with the BlackBerry OS6 permissions was to make things easier for the user, the end result is additional confusion. In OS Five and previous versions, the user was presented with all of the permissions and asked to set the ones he or she needed to make the application run. In OS6, the user is presented with and asked to enable a category of permissions.
For example, if the application needs to be able to access the Security Timer Reset (which simply allows the app and the BlackBerry to stay active for an extended period of time), the user is asked to grant all permissions in the "Interactions" category. The permissions screen asks the user to grant "Advanced Capabilities." Similarly, if the application needs to access files or the security key store, the user is asked to grant all permissions in the "User Data" category after asking for access to "Personal Information."
The following are my personal recommendations for what permissions to grant applications; this is what I use on my personal BlackBerry. With the App Specific recommendations, the vast majority of applications will work just fine. Some times when an app requests "Personal Information" it simply needs to access files on your BlackBerry. Recently, I had a great deal of trouble getting Google Maps to work with my default settings - the ones listed here. It wasn't until I granted access to the key store (Security Data) and Files (allows app to access and create files on your BlackBerry) that Google Maps actually started to work. Though the app wasn't looking to get a hold of my email and contact information, it still prompted me to access "Personal Information."
Though it takes longer to do, I seriously recommend not granting blanket permissions to an application. It is better to manually tweak the permissions settings and have the app fail a couple of times than to expose your personal information to a unscrupulous app developer. If these default and App Specific selections do not work for your application, consider what the app is to do. An application such as Xobni needs access to your email and organizer data. It can't do its job without it. On the other hand, a flashlight application has no business knowing your email address. If you still remain unsure as to why an app won't work with your desired permissions, contact the developer and find out why your personal information is needed to make the app work.
Permissions give you, the user, ultimate control over how applications will run on your device. Neither Research in Motion nor app developers will be able to decide that for you. Know your applications, and know your app developers. Keep your personal information safe, now that you know just what your new app is trying to do.
Thanks go out to Shao-soft; without their expertise, this article would have been considerably less informative.