Installation guide
BlackBerry Enterprise Solution 61
Each third-party application requires authorization to run on the BlackBerry device. MIDlets (applications that
use standard MIDP and CLDC APIs only) cannot write to memory on a BlackBerry device, access the memory of
other applications, or access the persistent data of other MIDlets unless they are digitally signed by RIM’s
signing authority system. For more information about code signing and third-party applications, see the
BlackBerry Signing Authority Tool Administrator Guide.
Using code signing on BlackBerry MDS Runtime Applications
Your organization’s developers can digitally sign BlackBerry MDS Runtime Applications that they create using
BlackBerry MDS Studio, before publishing these applications to the BlackBerry MDS Application Repository.
BlackBerry devices support using a private key with a corresponding certificate in X.509 syntax to digitally sign
BlackBerry MDS Runtime Applications.
BlackBerry MDS Runtime Applications communicate with enterprise systems through the BlackBerry MDS
Integration Service, a component of the BlackBerry Enterprise Server. The BlackBerry MDS Integration Service
verifies the digital signature on the BlackBerry MDS Runtime Application code before sending the application to
BlackBerry devices over the wireless network. When the BlackBerry device receives the BlackBerry MDS Runtime
Application, it displays the certificate subject details as the code signer identity, and prompts the BlackBerry
device user to accept or reject the application.
The BlackBerry device does not display the code signer identity to the user, and does not install the application if
any of the following conditions are true:
• the application is signed with an untrusted certificate
• the signature is invalid
• the Allow Unsigned Applications option is set to False for the BlackBerry MDS Integration Service, and the
application is not digitally signed
Protecting lost, stolen, or replaced BlackBerry devices
The BlackBerry Enterprise Server administrator controls BlackBerry devices remotely to immediately protect
confidential enterprise information using IT administration commands.
IT administration
command
Description
Set Password and Lock
Handheld
Use this command to create a new password and lock a lost BlackBerry device
remotely. The BlackBerry Enterprise Server administrator can then verbally
communicate the new password to the user when the user locates the BlackBerry
device. When the user unlocks the BlackBerry device, the BlackBerry device prompts
the user to accept or reject the new password change.
Erase Data and
Disable Handheld
Use this command to remotely delete all user information and application data that
the BlackBerry device stores. If a BlackBerry device is lost and might be recovered
by the user, the BlackBerry Enterprise Server administrator can configure a delay, in
hours, before the BlackBerry device starts the process of deleting all of its user
information and application data. The BlackBerry Enterprise Server administrator
can also specify whether to allow the user to terminate the process of erasing data
from and making the BlackBerry device unavailable during the delay period.
The BlackBerry Enterprise Server administrator can use this command to prepare a
BlackBerry device for transfer between users in your organization.
For more information, see the BlackBerry Enterprise Server System Administration Guide.
www.blackberry.com