Important! A new Community experience launched on September 26, 2017. Read more about it here or continue to Base Camp.
Voting: 
Vote up!
5 Votes
1 Replies
Answered

security

Question asked by jayant on Sep 16, 2014 20:56 EDT

Hi Kony Team, i would like to know after developing my application on different channels , what are the different securities i have to incorporate in my application. one thing i know is configuring SSL certificate , password hashing,database priviledges. is there any other way kony provides the security to app to prevent intruder attack. also how to configure the SSL certificates on different handsets of ios , android, blackberry and windows. How to deploy my app on different public app stores with security enabled?. Regards, Zelio Fernandes

Kony Answered Certificate
Vote up!
2 votes
Vote down!

Hi Jayant,
 
Kony data security model ensures that any data transaction between the device and server is encrypted using the industry standard mechanisms. This encryption applies to the data stored on the device as well (in case the application logic demands so).
 
Applications developed and hosted by Kony are tested regularly by an approved QSA and are certified to be PCI compliant. Kony follows industry standard practices during the design, development, testing and deployment of the applications to ensure compliance with the PCI requirements. 
 
Coming to device side storage security, Kony provides API for encryption and decryption. Refer the link given below.
http://docs.kony.com/5_6_PDFs/Kony_API_Reference_Guide.pdf
>>under crypto API
 
Also, please refer the link below for Kony Security info.
http://developer.kony.com/twiki/pub/Portal/Docs/Kony_Server_Internals_Guide/Default.htm#Security.htm%3FTocPath%3DSecurity%7C_____0
 
To configure SSL certificates on different handsets like BB, android & iphone,refer the below links 
Android: 
http://www.guyrutenberg.com/2013/03/16/manually-install-ssl-certificate-in-android-jelly-bean/
 
IOS:
http://blog.httpwatch.com/2013/12/12/five-tips-for-using-self-signed-ssl-certificates-with-ios/
 
BB:
http://yourbusiness.azcentral.com/set-up-ssl-certificate-blackberry-19571.html
 
Regarding Kony Apps security, we can bundle the certificates with the app.We are having a feature to configure certificates from application app properties.
 
Steps for the same are as follows
To allow only specific certificates you can use "Allow Bundled Certificates" option IDE -> Application-> Properties (right click on the App)->Native-Android : click on the drop down list box , beside the text "Allow Self Signed /Untrusted Certificates" and select "Allow Bundled" option.
To bundle the certificate in the application please create a folder with name "certs" in assets folder and place the certificate files in this "certs" folder 
<workspace>/<app>/resources/mobile/native/android/assets/certs/"
 
Note: Create "assets" directory under “<workspace>/<app>/resources/resources/mobile/native/android/" if it is already not present.
 
For publishing apps to public store ,follow the below links.
https://developer.apple.com/app-store/review/
http://developer.android.com/distribute/tools/launch-checklist.html
http://developer.android.com/tools/publishing/app-signing.html
 
Please do let us know in case you need any further details around the same topic.
 
Regards
Srinivas Kolaparthi

Answered by: Sep 17, 2014 06:06 EDT