URL Shortening

Parent Previous Next

As of version 2.5.0 multiFEED allows you to remember or share shortened versions of the article URLs instead of the often long and complicated ones included in the feeds. Currently multiFEED supports two URL shortening services, Google (goo.gl), and bitly (bit.ly). Each has their own pros and cons...

Google URL Shortener






1 Although bitly allows you to shorten URLs without an account, using an account has many benefits. multiFEED does not support using bitly without logging in.

This is not an exhaustive list of the features of each service. In general though, the Google URL shortener is faster than bitly, but bitly gives you far more control over your shortened URLs, both during creation and afterward. Both services have near perfect uptime reliability so you can use either one with confidence that you and others will be able to open the original URLs using the shortened versions.

If you configure multiFEED to shorten URLs when sharing or remembering article links, you will be asked to log in to your account and authorize multiFEED to create short URLs on your behalf. You should only need to do this once for each service, unless the authorization expires or you revoke it. Note that you can configure multiFEED to use a different URL shortening service for sharing than it does for remembering links. If you do this you will have to log in and authorize both services before URL shortening will work.

Google URL Shortening on BlackBerry 10.3.3+

As of BlackBerry 10.3.3 and later, Google URL shortening won't work unless you import an encryption (SSL) certificate into BlackBerry 10 for your local device (localhost).

To protect you from having your access tokens stolen in transit, Google OAuth2 sets a browser flag which demands an encrypted connection when authorizing URL shortening. Prior to Blackberry 10.3.3 the system browser ignored this flag, allowing multiFEED to use an unencrypted HTTP authorization server on localhost (IP address on your BlackBerry device), but from the 10.3.3 version onward multiFEED must run an encrypted HTTPS authorization server for you to be able to connect to your Google account. Web sites that use OAuth2 can get their SSL encryption certificates from an official certificate authority (CA), but a CA cannot issue a certificate for localhost so that method won't work for OAuth2 in a mobile app. Instead, multiFEED must use a "self-signed" certificate, but the drawback is that this type of certificate must be manually imported onto the device as it can't rely on a CA for verification.

The certificate which needs to be installed is self-signed by arsMOBILIS and is only valid for localhost. You can inspect the certificate settings before installing it from the Certificate Details page and abort the installation if you don't feel safe adding it to your device. If you choose not to install the certificate then Google URL shortening won't function and you either need to use bit.ly shortening instead or don't use URL shortening at all. If you do install the certificate you can remove it whenever you like by going to Settings...Security and Privacy...Certificates and look for the certificate titled "localhost". Removing the localhost certificate will disable the Google URL shortening if you enabled it.

Note that SSL encryption for the OAuth2 authorization server is enforced by Google on BlackBerry 10.3.3 and higher, and cannot be overridden by multiFEED, which is why manual certificate installation is now required.

Authorization Browser

IMPORTANT: By default multiFEED uses the Blackberry 10 Browser for Google and bitly authorization rather than a built-in login page. This allows you to verify that you are actually connecting to the respective services and not a nefarious "phishing" page that could capture and compromise your login credentials. Although this is somewhat awkward compared to logging in from within multiFEED, arsMOBILIS values your security more than your convenience, and in any case, you should only have to authorize each service once unless you revoke the authorization later. It is important to remember that any application that asks you to log in to one of your accounts using a built-in page could potentially steal your login details. If you trust that arMOBILIS will not spy on your authorization session, you can choose to use an internal browser for authorization instead, which is quicker and easier than using the full BlackBerry Browser.