Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Dynamics SDK for Android 5.0
  3. BlackBerry Dynamics SDK for Android Release Notes and advisories
  4. BlackBerry Dynamics SDK for Android version 5.0

BlackBerry Dynamics SDK for Android
 version 5.0

What's new in the 
BlackBerry Dynamics SDK for Android
 version 5.0

Feature
Description
Changes to software requirements
  • The supported 
    Android
     OS is 6.0 or later. Previously it was 
    Android
     5.0 or later.
  • The minimum API level for the 
    BlackBerry Dynamics
     Handheld Library is now 23. Previously it was 21.
  • The minimum API level for the 
    BlackBerry Dynamics
     Wearable Library is now 23. Previously it was 21.
  • The 
    Android
     Wear Emulator API level is now 23. Previously it was 22. 
  • The required 
    Gradle
     plugin version (com.android.tools.build:gradle) is 3.1.4. Previously it was 2.3.2.
Support for 
SafetyNet
 attestation
BlackBerry UEM
 version 12.10 and later supports 
SafetyNet
 attestation for 
BlackBerry Dynamics
 apps. You can use 
SafetyNet
 to extend 
BlackBerry
 root and exploit detection and to enhance app security and integrity. For instructions to integrate 
SafetyNet
 support into your apps, see the BlackBerry Dynamics SDK for Android Development Guide.
Anti-debugging protection
This release of the 
BlackBerry Dynamics SDK for Android
 introduces a compliance enhancement to protect against malicious attempts to add a debugger to deployed 
BlackBerry Dynamics
 apps. Compliance profiles in 
UEM
 and compliance policies in 
Good Control
 provide the ability to detect when a device OS is rooted and to initiate an enforcement action. This feature now extends to deployed 
BlackBerry Dynamics
 apps, compiled with SDK version 5.0, where an active debugging tool is detected. If the detect rooted OS compliance setting is enabled, the 
BlackBerry Dynamics Runtime
 stops a 
BlackBerry Dynamics
 app if it detects an active debugging tool. 
Please note that if you want to debug one of your 
BlackBerry Dynamics
 apps in an environment where a compliance profile or compliance policy is applied, the compliance setting to detect rooted devices must be disabled.
The setting to detect rooted devices is disabled by default in 
UEM
 compliance profiles and enabled by default in standalone 
Good Control
 compliance policies. It is recommended that you test your custom 
BlackBerry Dynamics
 apps in an environment with the detect rooted devices setting enabled before you distribute the app in the production environment, to ensure that the app works as expected while this setting is enabled.
Logging changes for enhanced security
This release of the 
BlackBerry Dynamics SDK for Android
 includes logging changes for enhanced security. You can configure how your 
BlackBerry Dynamics
 apps generate console log information. For more information about console logs controlled by developers and container logs controlled by 
UEM
 or 
Good Control
 administrators, see BlackBerry Dynamics Runtime activity log.
If your app uses SDK version 5.0 and the administrator has turned off “Enable detailed logging for BlackBerry Dynamics apps” in the 
BlackBerry Dynamics
 profile (
UEM
) or security policy (
Good Control
), the app does not generate console log information. This provides additional protection against attacks by malicious users. This change has no impact on how container logs are generated.
The “Enable detailed logging for BlackBerry Dynamics apps” setting is off by default.
For 
BlackBerry Dynamics
 apps running SDK version 5.0 or later, console logs are generated only if this setting is turned on or if the app is running in enterprise simulation mode.
SCEP support for 
BlackBerry Dynamics
 apps
The 
BlackBerry UEM
 version 12.10 release adds support for certificate enrollment using SCEP with 
Entrust
 and 
Microsoft
 NDES for 
BlackBerry Dynamics
 apps. 
UEM
 administrators can configure and assign a SCEP profile for 
BlackBerry Dynamics
 apps in the 
UEM
 management console.
For more information, see “SCEP profile settings” in the UEM Administration Guide
Device-based certificate retrieval
The 
BlackBerry UEM
 version 12.10 release adds support for the 
BlackBerry Dynamics Runtime
 to enroll certificates from a device's 
Android
 key chain instead of getting them from the server. These certificates can be used to sign and decrypt data for SMIME emails and to perform client certificate-based authentication on TLS connections, using private keys that are saved in the 
Android
 key chain. 
UEM
 administrators can configure and assign a user credential profile to control this behavior.
For more information, see “Using user credential profiles to send certificates to devices” in the UEM Administration Guide
Changes to PushChannel
This release adds a new PushChannel constructor to improve infrastructure performance. The previous PushChannel constructor will be deprecated in the next release. For more information, see the PushChannel Class Reference.

BlackBerry Dynamics Launcher Library

This release uses 
BlackBerry Dynamics Launcher Library
 version 2.9.0.74.

Fixed issues

The following issues are fixed in this release:
  • If you used 
    Android
     NDK r18, gradle builds of an app failed with the following error: "RuntimeException: No toolchains found in the NDK toolchains folder for ABI with prefix: mips64el-linux-android". (GD-37972)

Known issues

  • If a 
    BlackBerry Dynamics
     app uses app-based client certificates from the 
    BlackBerry UEM Client
    , and a user tries to open and activate the app before the 
    UEM Client
     has been provisioned for 
    BlackBerry Dynamics
    , the 
    UEM Client
     becomes locked. (GD-39573)
    Workaround:
     Provision the certificate provider app (
    BlackBerry UEM Client
     or 
    Entrust
     Smart Card credentials) before you provision 
    BlackBerry Dynamics
     apps that use app-based client certificates.
  • If the 
    UEM
     administrator configures and assigns a SCEP profile to devices with 
    BlackBerry Dynamics
     apps, 
    BlackBerry Dynamics
     apps cannot enroll the certificate if the CA instance name specified in the profile includes a space or a character that is not alpha-numeric [0-9a-zA-Z] or $-_.+!*'(), for example, non-ASCII, URL-reserved, or unsafe URL characters. (GD-39207)
    Workaround:
     Use a CA instance name that follows the noted restrictions.
  • If a 
    BlackBerry Dynamics
     app imports the same certificate from another user credential profile, the app crashes. This issue occurs only on 
    Android
     devices set to Korean language settings. (GD-38725)
  • If the 
    UEM
     administrator enables FIPS in a 
    BlackBerry Dynamics
     profile and assigns it to a user account, 
    BlackBerry Dynamics
     apps on the user's device cannot verify an MD5 certificate thumbprint. (GD-38397)
    Workaround:
     Turn off FIPS in the 
    BlackBerry Dynamics
     profile or use SHA1, SHA224, SHA256, SHA384, or SHA512 instead.
  • After an administrator assigns a user credential profile, the user imports the required certificates when they install and open a 
    BlackBerry Dynamics
     app. When subsequent 
    BlackBerry Dynamics
     apps are installed and opened, the user is prompted to log in to the first app in order to share and use the previously imported certificates. If the user completes the initial certificate import using an app built with the 
    BlackBerry Dynamics SDK
     version 5.0, and a subsequent app was built using a previous version of the SDK, the prompt to log in to the initial app will get stuck at a progress spinner and will not proceed. (GD-38337)
    Workaround:
     Update all deployed 
    BlackBerry Dynamics
     apps to use the 
    BlackBerry Dynamics SDK
     version 5.0.
  • If the 
    UEM
     administrator configures and assigns a user credential profile with a native keystore CA connection, on devices with a 
    Samsung KNOX
     activation type, certificates may not be pre-selected during the app activation process. This is due to a known issue with 
    Samsung KNOX
      . (GD-38251)
  • After an administrator assigns a user credential profile to a user, the user imports the required certificates when they install and open a 
    BlackBerry Dynamics
     app. When the user installs and opens additional 
    BlackBerry Dynamics
     apps, the user will see a list of certificates with previously imported certificates already selected. If the user selects additional certificates that are not pre-selected, the certificate enrollment will fail. The user can only proceed if they use the pre-selected certificates. (GD-38084)
  • If an administrator changes the settings of a SCEP profile or user credential profile based on a native keystore, users are not prompted to enroll the certificates again and only new certificates receive the updated settings. The administrator must delete the profile and create and assign a new one to apply the new settings. (GD-37857)
  • On an 
    Android
     P device, if the Prevent Screen Capture policy setting is disabled, the user can cut, copy, and share data from a 
    BlackBerry Dynamics
     app to a non-
    BlackBerry Dynamics
     app, even when data leakage prevention (DLP) is enabled via 
    Pixel
     Launcher functionality. To prevent data leakage, it is recommended that you enable the Prevent Screen Capture policy setting. (GD-36449)
  • If the 
    UEM
     administrator assigns a user credential profile that uses 
    Entrust
    , and another user credential profile that uses PKI, when activating 
    BlackBerry Dynamics
     apps using an authentication delegate, the user is prompted to enroll the PKI certificate multiple times. (GD-35783)