There's currently a little bit of a buzz going on today on Twitter and CrackBerry among BlackBerry people about an article titled Web Security Analysis Of 12 BlackBerry 10 Applications published by a website called FileArchiveHaven.

The FileArchiveHaven post takes a look at various popular BlackBerry 10 applications, and analyzes the third-party Internet connections they make while they are running.

Some apps are called out for making unencrypted connections to various web services and for potentially passing user-identifying information in the clear. This is a definite no-no for app devs who care about data security.

Flurry Analytics is referenced several times throughout the article as one of the services being used over an unsecured connection. This doesn't have to be, as Flurry supports sending analytics data over HTTPS (also known as SSL and TLS).

Because Flurry Analytics is a popular web service that many BlackBerry 10 devs integrate to learn more about how their apps are being used, I'm sharing some info today on how to make the Flurry SDK connect from an app to the Flurry web service over a secured/encrypted connection. It's actually fairly straightforward as I will illustrate below.

The following example uses the Flurry SDK for Native/Cascades C++ BlackBerry 10 applications. The same can be easily accomplished for developers who are using the BlackBerry 10 Native C APIs, as well.

Here's how a typical Cascades application would establish a Flurry session within an app's main method within main.cpp:

Q_DECL_EXPORT int main(int argc, char **argv)
{

    Flurry::Analytics::StartSession("ABC1234567890"); // API key faked for obvious reasons ...

    // ... Rest of app initialization logic continues here ...
}

With 1 additional line of code, app developers using the Flurry Analytics SDK for BlackBerry 10 can enable analytics data to be sent over an encrypted HTTPS connection.

Modify your main method so that it now looks like:

Q_DECL_EXPORT int main(int argc, char **argv)
{

    Flurry::Analytics::SetSecureTransportEnabled(true); // Note this new line telling Flurry to use a "secure transport"
    Flurry::Analytics::StartSession("ABC1234567890"); // API key faked for obvious reasons ...

    // ... Rest of app initialization logic continues here ...
}

That's all there is to it.

Protect your users and your own good reputation as a BB10 app developer by only using encrypted web services wherever possible!

Flurry References:

• Blackberry10Agent: Flurry Analytics C++ Interface
• Analytics/GettingStarted/TechnicalQuickStart/Blackberry - Flurry