BlackBerry have announced the developer release of BlackBerry Integrity Detection (BID), a trusted/secure background process running at the system level, that monitors the device for known security vulnerabilities.
BlackBerry’s DTEK app has been using the BID framework since it launched and now that the Priv has been updated to Marshmallow (API23), the same service providing data to DTEK is now being made available to Developers targeting PRIV.
Third-party developers will now have the ability to run their own BID reports just prior to instances where security is absolutely paramount, to ensure that the device is not compromised and running as securely/privately as possible.
The BID service has its definitions updated regularly (silently) to ensure that you’re protected against existing and future exploits.
BlackBerry suggest the following example scenarios where a developer could choose to run a BID report prior to:
- Prompting a user for their login credentials (sample code)
- NFC Transaction (data transfer, mobile payment) (sample code)
- Device unlock screen
- MDM/EMM monitoring
- Invoking another app or Intent filter
- Connecting to a WiFi hotspot
The BID engine is exposed to developers via the standard Android ContentHandler API. and framework is made available as an on-device library, meaning that a physical device would be required for testing/debugging purposes.
BlackBerry have published two technical papers surrounding BID within their BlackBerry Developers Knowledge Base section which outline BID Usage and BID Overview.