Articles and samples about distributing applications through BlackBerry World.

Blog

    Publish
     
    • Guidelines for Personally Identifiable Information in the BlackBerry® World™ storefront

      Published Feb 09 2018, 2:20 PM by adandy

      This article applies to the following:

      • BlackBerry® World™ storefront

      A primary privacy concern for most mobile customers is the question of what happens to information that personally identifies them, commonly called personally identifiable information (PII).  They want to know what is collected, how it’s used, how it’s stored, who can access it, and with whom it may be shared. This article attempts to clarify what BlackBerry considers personal information and provides general guidance on how it should be protected.  By applying these principles, and otherwise complying with privacy/data protection legislation, third-party app developers will not only help protect customers’ PII, but also help ensure that their apps can remain listed in BlackBerry World. This article builds on previous guidance provided by BlackBerry. With that said, these guidelines are not legal advice, and an app that complies with them is not guaranteed to meet all of a developer’s legal obligations. As always, it is up to app developers to comply with applicable laws, regulations, and standards and to meet the terms of their contracts.

       

      The legal definition of PII can vary widely between legal jurisdictions. Since the vendor may choose to make its app available in BlackBerry World globally, this presents a significant challenge for app developers.  As a general rule, however, anyone collecting, using, or disclosing PII is expected to gain consent to do so from the person they are collecting information about. With that said, privacy/data protection legislation may make an exception to this rule, depending on the information or scenario involved. Different types of information or circumstances may also call for different forms of consent. For example, more sensitive PII, such as health or financial data, may require a more explicit and immediate request for consent.

       

      PII is typically defined as information about an identifiable individual. Because of the broad nature of PII definitions in relevant legislation, it is not possible to compile a definitive or comprehensive list of what is PII. The PII Examples in this document are therefore not an exhaustive list or legal advice, but are only intended to provide illustrative examples.  The list does not reflect the PII definitions of any particular jurisdiction, and does not replace independent legal advice for app developers about customers in varying jurisdictions. And, of course, the guidance below is also subject to change as the global climate around privacy continues to evolve.

      When handling customers’ PII, BlackBerry recommends app developers use best practices, including:

       

      Use the Principle of Least Permissions – Limiting Collection

      Only collect, use or disclose personal information for purposes that are reasonable. Likewise, only request the permissions your app reasonably needs to perform its intended functions.  Do not request or require permissions that your app can function without, and explain why you are seeking the permissions requested.

       

      Consider the Impact of Third-Party Code

      If your app includes third-party code, understand how it works, the functionality it provides, and if or how it handles customers’ information. Ensure that appropriate contracts are in place with any third party service that you use. Consider how SDKs and third-party add-ins affect your app. For example, a third-party ad service might access and use PII that your app would not otherwise access.

       

      Get Consents and Implement a Privacy Policy

      If your app processes PII, you should have a publicly available privacy policy that complies with applicable law that explains what you do with information you gather.  Ensure that your privacy policy is easily available and understandable to users. If you use unexpected practices or process sensitive information, include more explicit user consent explaining your practices and the reasons for them. 

       

      Be Accountable

      Understand where your app is being sold and what legal privacy protections are in place for users in those locations. Ensure your app and its policies comply with all applicable laws. Please be aware that data collected about minors or children can require additional special protections depending on the particular jurisdiction in which the app is sold.

       

      Be Transparent

      Build trust with your customers by explaining clearly and simply how your app works, what data it collects, and what it does with that data. This should include information about whether the information is sent off the device to remote servers. Consider options to explain these aspects, such as a separate link to how the app works or a special notice page in the app.

       

      Secure Your Customers’ Data

      If the app collects, accesses, stores, or sends data to an external server, always safeguard that data. Use encryption at all layers, including encrypting the data stored on the phone, and use a secure transport layer for off device access such as SSL or TLS.  Limit access to all user data to those who have a legitimate business purpose for accessing the data.

       

      Empower Your Customers to Control Their Information

      Give users additional choices and controls, including the use of a Settings menu or privacy-sensitive default settings.  For example, if you are collecting additional PII that is not strictly necessary for the app, make it clear to the customer that providing it is optional and allow users to opt out.   Consider providing a paid version that doesn’t include ad packages.

       

      Further reading

       

      To read the Privacy Policy of BlackBerry Limited, see www.blackberry.com/legal/privacy.shtml.

       

      For information about suggested best practices for developing secure apps, look for articles about application security on the BlackBerry Developer Blog.

       

      For information about the guidelines and rules governing BlackBerry World, read the RIME Store Vendor Agreement (formerly BlackBerry App World Vendor Agreement), and the BlackBerry World Vendor Guidelines.

       

      PII Examples

       

      When collecting and using customer data, consider whether the data is included in, or similar in nature to, the examples below. Please note that the following is not a definitive or exhaustive list of PII, and it may change or be updated without notice.  Developers should consult their own legal counsel when determining what is PII, and what consent(s) or other privacy/data protection practices are appropriate.

       

      Account/User Information  

      • Name/identity of the end user
      • Date Of Birth
      • Gender
      • Address
      • Email address
      • Telephone number
      • Account credentials (e.g., usernames and passwords or BlackBerry® ID)
      • Credit/debit/payment card information, or other personal banking/financial records
      • Driver’s license  number  or other government-issued identification information
      • Medical/health information (may include biometric data)

      Unique Device Info

      • Unique device and customer identifiers (such as IMEI, IMSI, UDID, mobile phone number or PIN)
      • IP Address that the developer is, or should be, aware is associated with an identifiable individual/invariable identifier that is known

      Usage/Tracking Data

      • Geo-location data (e.g. GPS)
      • Physical Addresses
      • Media usage history (e.g. music, videos), or browsing history
      • Applications downloaded/installed/used on device, or purchase history
      • Logs of phone calls, SMS or instant messaging (including BBM, or call logs of BBM Voice, BBM Video, BlackBerry® MVS)

      User Generated Content

      • Contacts List/Address Book
      • Photos and videos or audio recordings
      • Calendar or reminder entries
      • Message content (e.g. email, P2P, BBM™, text messages) 

       

      Legal disclaimers

       

      ©2014 BlackBerry. All rights reserved. BlackBerry® and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. All other trademarks are the property of their respective owners. This documentation is provided "as is" and without condition, endorsement, guarantee, representation or warranty, or liability of any kind by BlackBerry Limited and its affiliated companies, all of which are expressly disclaimed to the maximum extent permitted by applicable law in your jurisdiction.

    • ERROR !! When Attempting to Login to the Vendor Portal for BlackBerry World

      Published Feb 09 2018, 2:20 PM by msohm

      Product(s) Affected:

      • BlackBerry® World™ Vendor Portal

      Environment

      • Vendor Portal for BlackBerry World
      • Windows® Internet Explorer® 11 

       


       

      Overview

      When attempting to login to the Vendor Portal for BlackBerry World (https://appworld.blackberry.com/isvportal/home.do) using Windows Internet Explorer 11 browser, the website displays the message:

       

      ERROR !!

       


       

      Cause

      This is a previously reported issue that is being investigated by our development team. No resolution time frame is currently available.

       


       

       

      Workaround

      In the Explorer 11 browser:

      1. Go to Tools
      2. Select Compatibility View Settings
      3. In the 'Add this website' field, enter: blackberry.com
      4. Click Add.
      5. Click Close.
      6. Refresh the Page, or close and re-open the Browser, and retry the Vendor portal website.

       

       

    • "Unable to update customer device info" message received when trying to download through the BlackBerry World Sandbox

      Published Feb 09 2018, 2:20 PM by gbeukeboom

      Symptoms

      After the latest server update of BlackBerry® World™ some vendors may see the following error message when attempting to download applications through the vendor account sandbox:
      "Unable to update customer device info" 

       

      This has not been reported for any scenarios outside of sandbox downloads, so it is not expected to be customer impacting.

      Diagnosis

      If using a BlackBerry® 10 device and attempting to download an application through the BlackBerry World sandbox using the following steps:

      1. Open BlackBerry World client on device
      2. From the application menu select "Settings"
      3. Select "Development Mode"
      4. Enter the content ID or SKU of the application within your vendor portal that you would like to download.

       

      Should you receive the error "Unable to update customer device info"  then please follow the steps outlined in the "Solution" section of this article to perform a workaround which should help get past this error until an update to the BlackBerry World server is released with this issue resolved.

      Solution

      The workaround is to make an update to the "Screen Name" associated with your BlackBerry ID. Do perform this change:

      1. Open the settings application
      2. Select "BlackBerry ID"
      3. Select the "Edit" action item to bring up the edit screen
      4. Modify your "Screen Name" then click "Back" to save

       

      You should now be able to continue downloading through the BlackBerry World sandbox

    • Considerations when testing purchases through a sandboxed account

      Published Feb 09 2018, 2:20 PM by gbeukeboom

      This article applies to the following:

      • Applications created with any of the BlackBerry® PlayBook™ development SDKs that include Payment Services
      • Applications created with any of the BlackBerry® Smartphone™ development SDKs that include Payment Services

      The BlackBerry® World™ sandbox accounts allow developers to test their applications without needing to pay as normal BlackBerry World consumers would; this can be used for testing paid apps or apps that use in-app payments to ensure everything is functioning as expected before posting for sale. Note that sandbox accounts are specific to a Vendor account meaning that a Vendor can add users to their account and allow users to use applications for free posted by that Vendor only.

       

      One very important thing to note about using sandbox accounts which will make the rest of this article make much more sense, when a purchase is made while in the sandbox no money is exchanged and no transaction record generated. Transaction records are what BlackBerry World uses to know a purchase has been made which means a few things:

      1. Trying to retrieve past purchases (including subscriptions) of digital goods from BlackBerry World will not return any results
      2. The Transaction ID of any purchase will always be ‘0’

       

      This means that if you are checking for existing purchases during testing and/or validating or recording the transaction ID values, it would be good to account for the above scenarios which will be encountered when testing.

       

      For more information on Sandbox testing:

    • How to Request Built for BlackBerry™ Testing

      Published Feb 09 2018, 2:20 PM by iamtheallspark

      1. Your app must have a Status of Approved or Up for Sale
      2. In your browser, visit https://appworld.blackberry.com/isvportal
      3. Log in to the Vendor Portal for BlackBerry® World™ using a user account with Admin role
      4. Select Manage Products
      5. Under the Built for BlackBerry column click Apply
      6. If you read and agree to the Terms and Conditions, click the check box
      7. If you also want to apply for 10k Developer Commitment, read and agree to those Terms and Conditions, click that check box (For a limited time only).

    • How to Submit or Update a Privacy Policy in the BlackBerry® World™ Vendor Portal

      Published Feb 09 2018, 2:20 PM by iamtheallspark

       

      To help protect mobile app users’ personal information, BlackBerry® has implemented initiatives to mitigate privacy infringement in apps, one of which is guidelines for Personally Identifiable Information.

       

      Add or Update Privacy Policy in your BlackBerry® World™ membership account

      1. In your browser, visit https://appworld.blackberry.com/isvportal
      2. Log in to the Vendor Portal for BlackBerry World using a user account with Admin role
      3. Select Manage Account Details
      4. In the Vendor Info tab, new and existing vendors can enter a URL for their (company’s) privacy policy in the Privacy Policy URLfield
      5. Click Save

    • How To: Live Testing the Payment SDK with PlayBook Applications

      Published Feb 09 2018, 2:20 PM by gbeukeboom

      This article applies to the following:

      • Applications created with any of the BlackBerry® PlayBook™ development SDKs that include Payment Services

      Live testing

       

      Live testing permits you to test the purchase of digital goods against the live Payment Service server without being charged real money. To test your applications live, you must perform the following actions:

      • Add your application to the vendor portal for the BlackBerry® World™ storefront. Don't send your application to RIM for approval, but keep it in Draft state.
      • Add digital goods and a release bundle to your application in the vendor portal.

      • If you do not already have a BlackBerry ID account, register for one at na.blackberry.com/id/.
      • Create a sandbox account by registering your BlackBerry ID in the vendor portal.

      After you add your application and digital goods, you can download your application from BlackBerry World and start testing the purchase process against the live Payment Service server.

       

      By registering the BlackBerry ID with the vendor portal, you can use the BlackBerry ID to perform test purchases of applications, as well as digital goods within your applications. When you initiate a purchase, and log in using the BlackBerry ID that you registered with the vendor portal, you can simulate a real purchase without any charges to your account. The BlackBerry ID that you register with the vendor portal can be used only to purchase digital goods from the applications associated with your BlackBerry World vendor account.

       

      For more information about submitting applications and creating sandbox accounts, see the BlackBerry World vendor documentation at www.blackberry.com/go/appworld/vendordocs/.

       

      Creating a sandbox account

       

      Before you make products available to BlackBerry PlayBook tablet users, you can test the purchase of your products and any digital goods that you sell within your products by creating a sandbox account. When you create a sandbox account, you specify the email address that is associated with a BlackBerry ID. You then use the BlackBerry ID to test the purchase of your products without being charged for the purchases.

      When you test a purchase using a sandbox account, BlackBerry World doesn't create a purchase record. If your application calls getExistingPurchases(true), the function doesn't return the purchases that you make using the sandbox account.

       

      1. On the vendor portal for the BlackBerry World storefront, click Sandbox.
      2. Click Add New User.
      3. In the Email field, type the email address associated with a BlackBerry ID.
      4. In the Description field, type a description for the sandbox account.
      5. Click Create.

       

      Download an application before you make it available for distribution

       

      • Add your application, a release bundle, and digital goods in the vendor portal for the BlackBerry World (the application status can remain as Draft).
      • Create a sandbox account in the vendor portal using a BlackBerry ID.

      If your application has any distribution restrictions (such as the BlackBerry device models or BlackBerry Device Software versions that it supports), make sure that the BlackBerry device that you download the application to is compatible with your application, otherwise you won't be able to locate your application in the BlackBerry World storefront If you purchase another vendor's application or digital goods using your BlackBerry ID account that is configured for testing, the transaction is real, not simulated, and your account is charged. You can simulate only the purchases of your own applications and digital goods.

       

      1. On the home screen of the BlackBerry PlayBook tablet, tap the BlackBerry World icon.
      2. Swipe your finger from the bottom left corner of the screen toward the center of the screen to display the keyboard.
      3. Type tst. Tap Return.
      4. Open the browser on the tablet.
      5. In the address bar, type the location of the application that you want to test (for example, you can type http://appworld.blackberry.com/webstore/content/xxxxx, where xxxxx is the ID of the application).
      6. On the Details screen for your application, click Purchase.
      7. Complete the instructions on the screen to download the application.

      You can use the same BlackBerry ID login information to purchase the digital goods that your application offers.

       

       

      NOTE: As no charges are incurred when performing Live testing there is no transaction history generated. As such, any simulated purchases will not appear in the transactions history if queried programmatically.

    • Error "Package ID already in use" When Uploading BAR File to BlackBerry® World™

      Published Feb 09 2018, 2:20 PM by msohm

      Problem

       

      The following error is reported when attempting to upload a BAR file using the BlackBerry® World™ Vendor Portal.

       

      Package ID already in use

       

      Cause

       

      An BAR file with the same package name has already been uploaded using a different vendor account.

       

       

      Resolution

       

      If you need to upload multiple versions of your application to different vendor accounts, ensure that you have a unique package name for each vendor account.  Keep the package name for each vendor account consistent to prevent issues for users upgrading to newer versions of your application.

       

      Modifying the package name for an existing application will prevent users from upgrading to your new release.  If a user attempts to install the new version with the modifed package name the application will appear as a second icon on their device and the upgraded application will not have access to the previous application's saved data.

    • Error "File bundle (your_name) has been rejected." When Uploading BAR File to BlackBerry® World™

      Published Feb 09 2018, 2:20 PM by msohm

      Problem

       

      The following error is reported when attempting to upload a BAR file using the BlackBerry® World™ Vendor Portal.

       

      File bundle (YOUR_NAME) has been rejected. Package ID is required for all .bar file. If this is an upgrade, Package ID must match Package ID in original file bundle.

       

      Cause

       

      You are attempting to upload a new version of your application, which contains a different package ID than the previous version.

       

      Modifying the package ID for an existing application will prevent users from upgrading to your new release. If a user attempts to install the new version with the modifed package name the application will appear as a second icon on their device and the upgraded application will not have access to the previous application's saved data. 

       

      Resolution

       

      The package ID is made up of two components, which are the package name of your application and your BlackBerry® Code Signing Key or BlackBerry® ID account (used to create the BlackBerry ID Token for signing). Ensure that the new version of your application uses the same package name and is signed with the same BlackBerry Code Signing Key or BlackBerry® ID account (used to create the BlackBerry ID Token for signing) as the previous version.  If you have linked your BlackBerry Code Signing Key to your BlackBerry ID account, you can sign your with either your BlackBerry Code Signing Key or BlackBerry ID Token (created from the BlackBerry ID account you linked your code signing key to).

       

      Workaround

       

      If you no longer have access to the code signing keys used to sign your application, you can contact BlackBerry World Vendor Management Support to clear the ID flag for your application, allowing you to update your application.  However, note that if you do this your application upgrade will appear as a new, separate application when downloaded from BlackBerry World.

    • Error "You have already purchased this item" When Attempting to Make an In App Purchase

      Published Feb 09 2018, 2:20 PM by msohm

      Problem

       

      The following error is reported when attempting to make an in application purchase using the BlackBerry® Payment Service.

       

      You have already purchased this item

       

       

      Cause

       

      The user is attempting to purchase an item that they have already purchased.  The list of items available for purchase in the application is out of sync with the list of items already purchased using the BlackBerry Payment Service.  This can occur if the application has been re-installed, but has not retrieved a listing of previous purchases made by the user.

       

      Resolution

       

      1.  When your application starts up for the first time you should call:

       

      PaymentEngine.getExistingPurchases(true)

       

      This will return them an array of previous purchases from the server. Using this array they need to indicate which items have been previously purchased.

       

      2.  If you catch the error “You have already purchased this item” (which should not occur if the approach above is used) you can unlock that item.

    3 pages