A guide to managing BlackBerry application permissions

You can ensure that each app gets the access it needs to your sensitive data -- and no more

Research in Motion's BlackBerry smartphone OS is known for security, and that's for good reason. RIM designed the mobile OS with security in mind from the start, and it shows; the BlackBerry OS offers several ways for smartphone owners and IT administrators to control how mobile applications interact with your device and all of the data stored on it.

For the purposes of this article, I'll focus on how individuals can safely and efficiently manage BlackBerry application permissions, but if your BlackBerry is work-issued or otherwise connected to a BlackBerry Enterprise Server (BES), your BlackBerry administrator has the final say on what applications can be installed on your device, as well as the app permissions you can or cannot modify.

Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter.

(Note the information provided in this article in based on BlackBerry OS 6, but most of the advice also applies to other recent versions of RIM's OS.)

BlackBerry "trusted app status"
Whenever you install a new BlackBerry application on a smartphone, right after you download it and even before you open it for the first time, you're asked if you want to grant the software "trusted application status." By granting such status to an application, you're allowing it to access potentially sensitive information on your device without prompting you for permission again, and as such, you should be very selective about the apps that get trusted status.

Once you grant an app Trusted status, you can always go into your individual application permissions and modify them or remove the trusted status -- I'll explain how to do so shortly. But it's a good idea not to grant this special status for the majority of apps you install.

Examples of applications that might deserve trusted app status are applications from reliable developers and/or brands that you simply trust; very popular apps used by many without any sort of negative security  or privacy reviews in BlackBerry App World (RIM's mobile software shop) or elsewhere; and, perhaps, applications you use or have used frequently enough to trust that also require constant permissions acknowledgements.

Still, I don't really recommend granting trusted app status, because you're basically giving a piece of software free reign of your device by doing so, and that could lead to trouble.

Best practices for managing BlackBerry app permissions
BlackBerry application permissions are broken down into three categories: connections, which control application-access to device features including Bluetooth, Wi-Fi, and USB; interactions, which dictate how applications can interact with device settings, and media and recording options; and user data, which let you decide which personal data to open up to applications.

When you first install or open a new BlackBerry app, it may prompt your for access to specific device features and functionality. You then have options to either grant the required permission or deny it. And you also often see a "Do not ask again" option that lets you grant the app ongoing access to that specific feature or functionality.

You should pay particular attention to permission requests related to your personal user data, because this type of data is usually the most sensitive information stored on most people's smartphones. It also pays to be skeptical of apps that request access to core BlackBerry functions, like network connectivity, messages, and GPS- and/or cell-tower-based location information.

Some applications legitimately require access to sensitive user information, including e-mail, organizer data, files and BlackBerry "security data," such as key store keys and certificates. And some applications, like the app for the popular location-based social network Foursquare, clearly need access to your location data. So you shouldn't automatically deny requests for access to such information.

But you do want to pay attention to the kinds of permissions apps are asking for. If something seems odd, deny the permissions request and see if the app still functions the way it should. Denying a permission request could affect some functionality in the app, but sometimes the software will still work fine. And you can always modify those permissions at a later data if need be.

For example, if a news reader application requests access to your location information, you might want to deny that request, because such an app should be able to function without your location. Many ad-based applications request access to your location data so they can serve up relevant advertisements based on your whereabouts. However, denying a location request from such an app may stop it from functioning properly because the developer could have built in a feature that blocks content from being served if ads are disabled.

To modify BlackBerry application permissions at any point, simply open up your device options, select the Device option, then select Application Management. In BlackBerry OS 6, you next see a screen that lists all of the applications installed on your device. Find and highlight the app for which you want to change permissions, press the BlackBerry Menu key and then select the Edit Permissions option.

On the following screen, you see options for the three BlackBerry permissions categories. Scroll over one of them, press the BlackBerry Menu key again and choose Expand to see the full list of permissions within each category. To change a specific permission, find it within the appropriate category and then change the setting to Allow or Deny. Some permissions also offer a Prompt option, which makes the app request approval for access to certain features or functionality every time it needs them or until you grant it full permission. The Prompt function can be valuable, because it notifies you whenever an app is accessing a potentially sensitive function or personal data.

In the end, managing BlackBerry application permissions is not a science, and it takes more than a little common sense -- even a bit of paranoia on occasion. But properly managing your app permissions pays off with the peace of mind of knowing your smartphone isn't subjecting you, your reputation, and your wallet to any undue risk.

For more details on managing BlackBerry smartphone application permissions, check out CrackBerry.com's post on the subject.

Al Sacco covers mobile and wireless for CIO.com. Follow Al on Twitter @ASacco. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Al at asacco@cio.com.

This story, "A guide to managing BlackBerry application permissions" was originally published by CIO.