Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Native Development

Reply
Developer
Posts: 587
Registered: ‎04-01-2009
My Device: Z10, PlayBook
My Carrier: NA

Sending BAR files to user to test

Is it possible to create a signed BAR file to send to users to test without the risk of that BAR file being illegally distributed?  For example, a timeout mechanism that would cause it to only work for 10 days, etc.

Developer
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: Sending BAR files to user to test

Without any risk whatsoever? No. Even if you build in a mechanism like that, a motivated attacker can decompile, patch, or otherwise modify the contents of the .bar file to remove your protection, resign, and install on their own device or post to a pirate site. (The latter would risk them getting their signing credentials revoked, but that doesn't help you much.)

With reduced risk? Sure... depends on how much time you want to invest in the process.

You could, for example, add the device_identifying_information permission to your package and have your app retrieve the users' PIN, and "whitelist" that in a web server which code in the app will check. That would limit the distribution to just the users you pick, subject to the above risk. At least one author of a very popular app does something like that for his beta program.. I'll let him comment for himself if he reads this and wants to.

You could also build in a timeout... but for your purposes, rather than have it be a fixed duration like 10 days, set it for a fixed date in the future (10 days away) so that they can't just uninstall then reinstall to reset the timer.

You could also use the debug token mechanism which has a 30 day timeout capability like that built in.

An experienced developer, or one willing to teach themselves some new tricks, could easily subvert many of these methods, but if your users are generally honest and not particularly technical, almost any such mechanism will suffice as it raises the bar (no pun intended) on redistribution just above the level of triviality, which may well be enough for you.

Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Highlighted
Developer
Posts: 587
Registered: ‎04-01-2009
My Device: Z10, PlayBook
My Carrier: NA

Re: Sending BAR files to user to test