Signing your app
Before you can distribute your applications on the BlackBerry World storefront, you must first sign them. Signing an app is a matter of requesting a .bar or .cod file signature from the RIM Signing Authority. You can sign your app using the Ripple emulator, or using the command-line tools.
Before you start, make sure you have configured your computer for code signing. See Set up for signing for more information.
Why must I sign my app?
The specific reason for app signing actually depends on which BlackBerry device your app is targeting, but it really all boils down to security.
On BlackBerry 10 and BlackBerry PlayBook devices, apps are signed so that the application's capabilities can be verified and unique identifiers issued for that application.
In BlackBerry 7.1 and earlier, apps must be signed for security and export control reasons whenever certain sensitive BlackBerry APIs are used. Because the BlackBerry WebWorks Packager framework makes use of some of those sensitive APIs, all WebWorks apps must be signed before they can run on a BlackBerry device.
In all cases, however, signing is used to provide proof of authorship. By signing your app, you are binding your (or your company's) identity to the apps that you develop and distribute to users. This proof of authorship protects both you as the developer, and the user, since the source of the app can be traced and cannot be altered.
And, perhaps the most important reason, at least for developers: apps must be signed before they can make you money. Until apps are signed, they cannot be distributed through, and generate income from, the BlackBerry World storefront.
When must I sign my app?
For BlackBerry 10 and BlackBerry PlayBook, app signing is only required when your app is complete, that is, when you are ready to publish it to BlackBerry World. An app must also be re-signed every time you update and re-publish it. When you update, you'll need to increment the version for your app and perform the signing process again.
Note that during the development phase, however, you can deploy an unsigned app on a device for testing purposes using a debug token. A debug token gives permission for an unsigned application to run on those BlackBerry devices specified by the token creator. For more information about creating and using debug tokens, see Package and deploy to a device.
If you're targeting BlackBerry 7.1 and earlier, you'll need to sign your WebWorks app whenever you want to load it onto a device. On BlackBerry 7.1 and earlier, there is no concept of a debug token, so the app must be signed even if you just want to deploy it for testing.
For all BlackBerry versions, you can deploy and test an unsigned app on a simulator at any time. For more information on testing your app on a simulator, see Package and deploy to a simulator.