Originally Posted by simon.hain
i would say the first option is not really manageable, it would be diametral to the blackberry security concept to allow an application to "phone home"
That's what code signing is for. Besides, do you really think only a browser should be able to make http(s) requests? It may not be feasible, but it's certainly possible.