Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Dynamics SDK for iOS 6.0
  3. BlackBerry Dynamics SDK for iOS Release Notes
  4. BlackBerry Dynamics SDK for iOS version 6.0

BlackBerry Dynamics SDK for iOS
 version 6.0

What's new in 
BlackBerry Dynamics SDK for iOS
 version 6.0

Required SDK changes
Feature
Description
Changes to software requirements
The 
BlackBerry Dynamics Runtime
 static library requires DeviceCheck.framework in the Link Binary With Libraries build phase. For a full list of the required frameworks and libraries, see the Requirements section of the BlackBerry Dynamics SDK for iOS Development Guide.
Changes to the Automated Test Support Library (ATSL)
The 
BlackBerry Dynamics
 ATSL is now delivered as a dynamic framework, with the sources available on 
GitHub
. For more information, see the Testing and Troubleshooting section of the BlackBerry Dynamics SDK for iOS Development Guide.
General SDK changes
Feature
Description
Changes to cipher support
Support for the following ciphers has been removed in this release as they do not meet the security standards of the SDK:
  • RC4
  • RC4-MD5
The next release of the 
BlackBerry Dynamics SDK
 will remove support for additional weak ciphers, including the following:
  • SSLv3
  • ECDHE-RSA-AES128-SHA
  • ECDHE-ECDSA-AES128-SHA
  • ECDHE-RSA-AES256-SHA
  • ECDHE-ECDSA-AES256-SHA
  • DHE-RSA-AES128-SHA
  • DHE-RSA-AES256-SHA
  • AES128-SHA
  • AES256-SHA
  • DES-CBC3-SHA 
Support for multiple UIWindow objects
This release adds support for apps that use UIWindow objects. No coding is required to use this feature. The AppKinetics sample app has been updated to demonstrate support for multiple UIWindow objects.
Changes to WKWebView support
  • The SDK now supports multiple WKWebView instances. Previously, only one secure instance was supported at a time.
  • The SDK supports loading WKWebView from UIStoryBoard. To ensure that you avoid any possible data leaks, you must load WKWebView from UIStoryBoard after the initialization of the SDK.
Changes to RSS Reader sample app
If cellular access is enabled for a feed, the name of the feed is green in the app. If cellular access is not enabled for a feed, the name of the feed is black in the app.
Programmatic activation
The programmatic activation feature enables a 
BlackBerry Dynamics
 app to activate without any user interaction and without displaying activation prompts or progress screens. This can be useful when targeting your apps to a consumer audience or for developing apps for devices that have limited or no means of user input.
This release features a new implementation of this feature. For more information, see 
programmaticAuthorize
 in the BlackBerry Dynamics SDK API Reference.
Note that as a result of this new implementation, the following APIs have been deprecated:
  • (void) programmaticAuthorize: (NSString *) userID withAccessKey: (NSString *) accessKey
  • (void) programmaticAuthorize: (NSString *) userID withAccessKey: (NSString *)  accessKey networkOperationCenter: (NSURL *) nocAddress
     
API changes
  • getApplicationConfig features a new 
    GDAppConfigKeyPreventScreenRecording
     key to support the 
    BlackBerry Dynamics
     profile setting to allow or disable screen recording and sharing.
  • Previously, the 
    allowsCellularAccess
     property of the NSURLSessionConfiguration class was ignored. In this release, the 
    allowsCellularAccess
     property (set to YES or NO) is enforced.
Improvements to the log upload screen
Improvements have been made to the log upload screen in 
BlackBerry Dynamics
 apps to better notify the user that a log has been uploaded successfully and to remove additional options that often resulted in duplicate log uploads.
New APIs
Feature
Description
Preventing password autofill
Password autofill is an 
iOS
 feature that automatically provides suggestions for a user’s password or other privacy data in an app. This feature does not satisfy the security standards of the 
BlackBerry Dynamics
 platform and can lead to the exposure of sensitive data.
The 
BlackBerry Dynamics SDK
 disables the password autofill feature for all screens in 
BlackBerry Dynamics
 apps but it does not block the feature in the app UI. 
BlackBerry
 provides an open source sample on 
GitHub
 that demonstrates how to prevent the password autofill feature in the app UI. For more information, see AutoFill blocking solution for Password AutoFill in UITextField.
This method is independent of and does not rely on the 
BlackBerry Dynamics SDK
. Note that this solution applies only to UITextField. 
Crypto C programming interface
This release adds a new Crypto C language programming interface that allows an app to retrieve public key certificates that are stored in the 
BlackBerry Dynamics
 credentials store and use those certificates for signing and verification of messages and documents such as PDFs. Note that 
BlackBerry Infrastructure
 certificates cannot be retrieved from the store and that the private key will remain inaccessible. A new sample app demonstrates the use of this interface.
For more information, see the Crypto C Programming Interface appendix in the API reference. 
Locally block or unblock the app UI
The 
BlackBerry Dynamics SDK
 includes the following APIs that can be used to locally block or unblock a user’s access to the UI of a 
BlackBerry Dynamics
 app:
These APIs can be used to temporarily prevent access to an app under certain conditions. For example, if the user accesses a public 
Wi-Fi
 network that is not trusted, you can use GDiOS.executeBlock to prevent access to the app until the user is once again on a trusted 
Wi-Fi
 network. While the app UI is blocked, the app’s network activity and container storage access is not affected.
You can use GDiOS.executeBlock to display a message to the user that explains why access to the app has been blocked and how the user can restore compliance and unblock the UI.
The RemoteDB sample app has been updated to demonstrate the use of these APIs. 
It is possible to circumvent a UI block if the user is able to restore a backup that was created before the block occurred. Take this condition into account when developing and testing your app.
Background Authorize
Background Authorize is a restricted API that allows a recently locked 
BlackBerry Dynamics
 app to use the principal BlackBerry Dynamics APIs (such as secure storage and secure communication) when the app is running in the background.
This feature can be useful in scenarios where the app has stopped unexpectedly and is started in the background in response to an APNS message (for example, a new email). If Background Authorize is enabled, the app can download new messages and store them in the secure container. When the user brings the app to the foreground they can authorize and immediately access their new messages.
To access this restricted API, submit a request to the 
BlackBerry Dynamics
 Registrar program at BlackBerryDynamicsRegistrar@blackberry.com.
For more information about this feature, see the Background Authorize Security White Paper.
New administrative and security features in 
BlackBerry UEM
 version 12.11
Feature
Description
iOS
 app integrity check
A new option in activation profiles in 
UEM
 12.11 allows an administrator to periodically check the integrity of 
BlackBerry Dynamics
 apps using the 
Apple
 DeviceCheck framework. For more information, see Framework: DeviceCheck.
Note the following:
  • This feature is supported for 
    iOS
     11 or later devices and requires 
    BlackBerry Dynamics
     apps to use the 
    BlackBerry Dynamics SDK
     version 6.0 or later. Earlier versions of the SDK will fail the integrity check and the configured compliance failure action will be applied.
  • This feature is not supported by all 
    BlackBerry Dynamics
     app types. The integrity check is available only for apps that are signed with a regular 
    Apple
     Developer Account. This requirement applies to apps created by 
    BlackBerry
     and custom Enterprise-developed apps that are published in the 
    App Store
    . The app integrity check is not available to Enterprise apps that are signed with an Enterprise Developer Account.
Changes to the 
BlackBerry Dynamics
 connectivity profile
The 
BlackBerry Dynamics
 connectivity profile in 
BlackBerry UEM
 12.11 includes a new Default route option that is intended to replace the Route all traffic option (the Route all traffic option is still available). The new Default route option allows for more detailed control over how 
BlackBerry Dynamics
 apps that use SDK version 6.0 or later can connect to app servers.
The troubleshooting section of the RSS Reader sample app has been updated to allow you to check the route that is used for any user-entered URL or port. 
Note the following:
  • After you upgrade to 
    BlackBerry UEM
     12.11 or later, existing settings in the 
    BlackBerry Dynamics
     connectivity profile will apply to 
    BlackBerry Dynamics
     apps that use any version of the 
    BlackBerry Dynamics SDK
    . If you want to configure the profile after the upgrade to add new settings or to make changes, the Route all traffic option will apply only to 
    BlackBerry Dynamics
     apps with a version of the SDK earlier than 6.0 (released prior to June 2019). The Route all traffic option will not apply to 
    BlackBerry Dynamics
     apps with SDK version 6.0 or later (released in June 2019 or later). 
    BlackBerry Dynamics
     apps with SDK version 6.0 or later will use the new Default route settings that can be configured in the profile.
  • The route settings (deny or direct) should only be configured after all 
    UEM
     components and the 
    BlackBerry Connectivity Node
     are upgraded to version 12.11 or later.
  • If Route all traffic is selected and configured to use the Deny option, connections from 
    BlackBerry Dynamics
     apps with an SDK version earlier than 6.0 will be blocked.
  • Priority is given to configuration settings in the following order: app servers, IP address ranges, allowed domains, default domains, Default route. If Route all traffic is enabled, any 
    BlackBerry Dynamics
     apps with an SDK version earlier than 6.0 will prioritize that route over any direct route. 
Using 
Entrust
 for 
BlackBerry Dynamics
 apps
In 
UEM
 12.11, you can now use an 
Entrust
 PKI connection to enroll certificates for 
BlackBerry Dynamics
 apps using the User credential profile.

BlackBerry Dynamics Launcher Library

This release uses 
BlackBerry Dynamics Launcher Library
 version 2.10.0.231.

Fixed issues

The following issues are fixed in this release:
  • Previously, if a user tried to activate a 
    BlackBerry Dynamics
     app that was designated as the primary authentication delegate by using the secondary authentication delegate app, and the secondary delegate was locked, the activation prompt became stuck in a loop. This issue is now resolved. (FIRST-15509)
  • If you upgraded a 
    BlackBerry Dynamics
     app to SDK version 5.0.0.52, and a 
    UEM
     administrator remotely locked the app at some point, subsequent remote lock commands did not work. This issue is resolved by upgrading the app to SDK version 6.0. (GD-42770)
  • If a 
    BlackBerry Dynamics
     app uses app-based client certificates, and a user tries to open and activate the app before the certificate provider (the 
    BlackBerry UEM Client
     or 
    Entrust
     Smart Card credentials) has been provisioned for 
    BlackBerry Dynamics
    , the 
    BlackBerry UEM Client
     becomes locked.
    A descriptive error message has been added to clarify how to resolve this scenario. (GD-39573)
  • If the 
    UEM
     administrator configured and assigned a SCEP profile to devices with 
    BlackBerry Dynamics
     apps, 
    BlackBerry Dynamics
     apps could not enroll the certificate if the CA instance name specified in the profile included a space or a character that was not alpha-numeric [0-9a-zA-Z] or $-_.+!*'(), for example, non-ASCII, URL-reserved, or unsafe URL characters. This issue is now resolved. (GD-39207)
  • Previously, if a user reactivated a 
    BlackBerry Dynamics
     app that was assigned as the authentication delegate, the user had to enroll the client certificate again. In this release, if a user reactivates an authentication delegate app, the app tries to retrieve the client certificate from other 
    BlackBerry Dynamics
     apps on the device. If no other apps have the certificate, then the user is prompted to enroll the certificate again. (GD-23372)

Known issues

  • When a 
    BlackBerry Dynamics
     app with SDK version 4.1.x or later is upgraded to a new version that uses SDK version 6.0, if the user selects the “Forgot Password” option when logging in, the remote unlock of the app is successful but future unlock attempts could fail in certain scenarios.
  • For 
    iOS
     11 devices, if the "Do not allow copying data from non 
    BlackBerry Dynamics
     apps into 
    BlackBerry Dynamics
     apps" setting is not enabled in a 
    BlackBerry Dynamics
     profile that is assigned to a user, the user will see an additional Look Up option when they try to paste copied text. When tapped, the Look Up option does not do anything. This issue occurs due to a known issue with 
    iOS
     11. (GD-41723)
  • If an activated 
    BlackBerry Dynamics
     app is blocked because of a compliance violation (based on the assigned 
    UEM
     compliance profile), when the user tries to activate additional 
    BlackBerry Dynamics
     apps, those apps cannot be activated because they cannot retrieve certificates from the blocked app. (GD-41592)
    Workaround:
     Resolve the compliance issue with the blocked app or remove the blocked app and try the activation process again.
  • If an app uses the new Crypto C programming interface and the "Enable device certificate store" setting is enabled in the 
    BlackBerry Dynamics
     policy that is assigned to the user, this setting applies to SSL/TLS verification only, not to PKCS#7/SMIME. (GD-40906)
    Workaround:
     Install the trusted CA certificate in the 
    BlackBerry Dynamics
     certificate store using a 
    UEM
     CA certificate profile. 
  • If the 
    UEM
     administrator enables FIPS in a 
    BlackBerry Dynamics
     profile and assigns it to a user account, 
    BlackBerry Dynamics
     apps on the user's device cannot verify an MD5 certificate thumbprint. (GD-38397)
    Workaround:
     Turn off FIPS in the 
    BlackBerry Dynamics
     profile or use SHA1, SHA224, SHA256, SHA384, or SHA512 instead.
  • If the 
    UEM
     administrator changes the settings in a user credential profile, any users that are assigned that profile are not prompted to enroll the certificates again. (GD-38029)
  • When using apps in split-screen mode, text input actions when using UIWebView or WKWebView are limited and may not work as expected. (GD-37985)
  • When a user first installs and opens a 
    BlackBerry Dynamics
     app, the app attempts to get shared certificates from another 
    BlackBerry Dynamics
     app on the device. To obtain the shared certificates from another app, the user must log in to that app. If the user clicks Forgot Password at this point, then unlocks that app using a key from 
    UEM
     or standalone 
    Good Control
    , the process to share the certificate and log in to the new 
    BlackBerry Dynamics
     app does not complete successfully. (GD-37931)
    Workaround:
     Close the new 
    BlackBerry Dynamics
     app, manually open and log in to another 
    BlackBerry Dynamics
     app that uses the shared certificates, then open and log in to the new 
    BlackBerry Dynamics
     app.
  • If the 
    UEM
     administrator assigns a user credential profile that uses 
    Entrust
    , and another user credential profile that uses PKI, when activating 
    BlackBerry Dynamics
     using an authentication delegate, the user is prompted to enroll the PKI certificate multiple times. (GD-35783)