Image By Taavi Adamberg (Own work) [CC-BY-SA-3.0 (www.creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons
Did you know that you can use your debug token for much, much more than just debugging? In fact, utilizing it properly can improve the security of your application development process.
There are four key roles that the debug token plays in the BlackBerry® application development lifecycle:
- Allows loading of unsigned applications on a BlackBerry® PlayBook™ tablet
- Enables debugging tools to connect to a BlackBerry PlayBook tablet
- Helps to protect your organization’s Code Signing Keys
- Facilitates controlled beta programs
Allows Loading of Unsigned Applications
Using a debug token for loading unsigned applications is the most common use case for a debug token and one that most developers use unknowingly because many of the BlackBerry Development Tools automate this process for you. This scenario is a major improvement over the workflow used for developing for BlackBerry® OS 7.1 and lower, which does not support the use of debug tokens. When developing for 7.1 and lower, you had to sign every build of an application before loading it on a BlackBerry smartphone. This required connections to be made to the RIM® signing servers for every build you wanted to test, which could take an inconvenient amount of time for a very large application. It also rules out developing without an Internet connection.
Debug tokens came to the rescue here, removing the signing requirement when testing and allowing for offline development. Simply create the debug token and load it onto your BlackBerry PlayBook tablet, and you will now be able to install and test your BlackBerry PlayBook applications without signing them. The initial creation of the debug token does require an Internet connection, but once created, it is valid for 30 days, giving you lots of time to develop while you’re away from an Internet connection.
Enables Debugging Tools to Connect to a BlackBerry PlayBook tablet
Having a debug token installed along with an unsigned development build of your applications enables all sorts of tools that can be used to debug your application. The tools available will vary depending on the type of application you are developing. For BlackBerry® WebWorks™ applications, it allows the use of WebInspector. Adobe® AIR® and Android™ applications can make use of the debugger and debugging tools in their respective SDKs. Developers using the BlackBerry NDK can use the standard debugging tools along with some more specialized features; such as views for memory and process information as well as code coverage. It also allows you to copy files to and from your application’s private sandbox area when running an unsigned development version of the application.
Protect your organization’s Code Signing Keys
You can run an unsigned application on a BlackBerry PlayBook tablet by using a debug token, removing the need to have access to the keys to sign the application. Debug tokens allow you to separate the process of application creation and publication. You can create and test an application using a debug token, then deliver the application to a supervisor or a client for signing and publication. This enables you to keep your code signing key on a secure central build machine or in the hands of the client who will own the application. Remember, your code signing key is the component that uniquely identifies you as a developer. It’s very important to keep this safe because anyone with access to your code signing key is able to distribute upgrades to your application that appear to come from you. You should also back up your keys because if you lose them you lose the ability to release updates for your applications.
Facilitate Controlled Beta Programs
This is likely something you haven’t thought of using your debug token for. You can use debug tokens to assist with running controlled beta. Recall that debug tokens are tied to an application developer and BlackBerry PlayBook tablet PIN(s). They also expire after 30 days. Put these together and you have the means to create a time bombed release that can only be installed on a BlackBerry PlayBook tablet whose PIN you whitelist. The beta testers would first need to install the debug token you provide and then the unsigned version of your application. Having the debug token tied to their BlackBerry PlayBook tablet PIN makes it difficult for them to share the application with others. You can also supply them with the BlackBerry Tablet OS Graphical Aid so that your users don’t have to install these using the command line.
Wrapping It Up
As you can see there are many uses for your debug token. If you don’t yet have a set of BlackBerry Code Signing Keys to use to create a debug token, head on over to the BlackBerry code signing key registration form and get signed up today. You’ll want to be ready for part 2 of this article where we explain how to configure your debug token to explode when it expires, as captured in the image above*.