×

Discussion Board

Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    Registered User
    Join Date
    Mar 2007
    Posts
    2

    Problems with signing in symbian third edition

    Hi all,

    I would to stimulate the community about a real problem:
    the signing of applications on symbian third edition.

    There are a lot of problems about signing method and I try to explain my point of view:

    1) It's really unfair to obligate the developer to use the certificate to obtain access to the complete API. It sound like a blackmail in computer science.

    2) I can understand the charge of 350US$ / YEAR for a certificate, but this could be largely sufficient. Can you imagine the scenario ??? Every time I should correct a bug of my software or I produce a new release, I should pay (from 275 € to 560 € !!!????) to re-test the application ???

    3) Moreover there is a delicate question.
    I should send my application (and obviously MY IDEA) to the test house BEFORE the application could be already on the market ??
    My ideas are very precious and I don't want to give them to unknown people
    .

    I posted this message to stimulate the rebellion.
    We must remember that the lucky of symbian depends also on the number of utilities and applications the cellular's customer could find and so,
    from the number of DEVELOPERS involved in this activity. Symbian should simplify their work, not put obstacles.

    I think that if this situation doesn't change, I will leave the development on symbian and I will start to develop on Linux based platform.

    I would know other opinion about this argument.

    Bye

  2. #2
    Registered User
    Join Date
    Mar 2007
    Posts
    7

    Re: Problems with signing in symbian third edition

    I strongly agree with the points made - below is what I posted on Sun's Java Wireless forum, and I would like to repeat it here.

    As it happens, Symbian have done something about it, but only for Symbian C++ native applications (unless I am missing something and the same process can be used to sign Midlets).

    Either Symbian, Nokia, Sun or JVP should do something - considering their corporate size and resources, I can't really see the problem here in 'porting' the Symbian Developer Certificate to be more J2ME-friendly.

    Or, we might as well all go and develop for Windows Mobile - Microsoft (knowing well how to capture developers' share of mind) certainly do not 'blackmail' developers in forking $500 to test an 'Hello. world' app across Bluetooth or HTTP....

    I truly hope someone takes notice and does something about it soon!

    --- quoted text follows:

    Dear all:

    It would appear that to have a midlet run on an ACTUAL Nokia S60 3rd ed phone, one has to actually sign it with a real certificate - ie, one released by a CA (eg Verisign or Thawte) and not a self-generate certificate (ie, one generated by keytool).

    Now, this is hugely annoying, as it would cost (at best) $199 from Thawte, when the requirement would just be to TEST the app on one or two phones lying about in the dev room.

    Of course, once one goes to market, a REAL certificate would be needed.

    Symbian have a Developer Certificate programme - that works a beauty, but it seems it only works for SIS (Symbian C++ native apps) and cannot be used to sign Java MIDP midlets.

    SO a couple of questions spring to mind:

    1. having the Java Verified Programme (JVP) up and running, why don't they set up a process similar to Symbian for Java developers?

    It is all automated, no real cost involved for JVP, and the certificate issued is only valid for 6 months on one device (IMEI) so no security threat either.

    2. why is not Sun (Or, actually, Nokia - as they caused the problem in the first place) coming up with some sort of solution to the problem? there must be literally thousand of developers around the world, working for small start-ups developing Java code for mobile phones who can't afford to spend $199 (or even $499 for a Verisign certificate) just to 'give the code a spin'

    It's all good and well to run the code in the emulators, but as we all know, development on mobile devices, requires extensive testing on the real thing.

    Am I missing something here?
    can anyone help - or care to join in generating some swell of support in getting the JVP to have a bit more friendly approach to us, the small guys?

    Cheers,
    Marco Massenzio
    Managing Director, Infinite Bandwidth ltd
    admin@infinitebw.com

  3. #3
    Super Contributor
    Join Date
    Mar 2006
    Posts
    516

    Re: Problems with signing in symbian third edition

    i agree 100% with u guys

  4. #4
    Registered User
    Join Date
    Oct 2006
    Posts
    3

    Re: Problems with signing in symbian third edition

    I can only say thanks for the strong words that have used here to point out an unbelievable situation. I am a student using the J2ME environment for my final year project. For weeks I looked for solutions to the signing problem, because I wouldn't believe there is no way of self signing (as in using a self-created certificate) a MIDlet in the S60 3.Ed. As a consequence I stopped using the N80 phone I got on a developer loan from nokia and had to buy a S60 2nd Ed. via ebay because I needed the MIDlet to run without annoying security warnings for my presentation. The technical possibilities of J2ME and S60 are amazing it is really frustrating to see them limited in such an uneccessary way.
    Daniel F.

  5. #5
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: Problems with signing in symbian third edition

    Daniel,

    In fact the Java ME specification (more specifically recommended security domain policy) kind of restricts the possibility of signing with your certificate.

    "Any Authority Certificates obtained after device manufacture MUST NOT be used for authentication of MIDlet suites. This does NOT prevent obtaining Identified Third Party Authority Certificates from the specified location in the SIM, USIM or WIM."

    Yes, it is recommendation only, but still...

    I understand your situation, and I know that you are not the only developer getting frustrated by these security domains and confirmations. However these protections are there for a reason (to protect the user).
    Are there some points for improvement in these specifications? Likely. However I am not sure, which changes should be exactly made...

    Hartti

  6. #6
    Super Contributor
    Join Date
    May 2003
    Location
    Vancouver, Canada
    Posts
    985

    Re: Problems with signing in symbian third edition

    Actually the pain of Symbian Signed is not only for J2ME developers and commercial developers.

    As an independent Symbian C++ developers, I have a lot of problems signing open source applications too.

    I have written an open letter to Symbian Signed too, http://mobile.antonypranata.com/2007...ned-authority/.
    Hope that someone at Symbian will hear developer's voices.

    Antony

  7. #7
    Registered User
    Join Date
    Mar 2007
    Posts
    2

    Re: Problems with signing in symbian third edition

    Quote Originally Posted by hartti
    I understand your situation, and I know that you are not the only developer getting frustrated by these security domains and confirmations. However these protections are there for a reason (to protect the user).
    Are there some points for improvement in these specifications? Likely. However I am not sure, which changes should be exactly made...

    Hartti
    Hi Hartti

    I perfectly understand that Symbian wants to protect the users and I agree with this point of view. But I think also that Symbian must simplify the work of developers (expecially for freeware applications) and shorten the time for certificates (and create a free-of-charge certificate for freeware apps).
    But the real question is another.
    It's unbelivable that I should send my application to the test center BEFORE it could be on the MARKET !!! I don't work for give my ideas to unknown people (the test companies are private companies, NOT no-profit organizations !)
    Moreover, I already wrote a letter to Italian AntiTrust Authority, because the test process is strongly violating the industrial secrets rights.
    I encourage all developers to do the same thing in their countries.

    I would to know your opinion about it

  8. #8
    Registered User
    Join Date
    Apr 2007
    Posts
    4

    Re: Problems with signing in symbian third edition

    hi,
    i have this problem and it can be solved quite easily..i have done that and maybe the information will be useful to u as well....
    the security feature in Symbian 3rd edition is restrictive...
    just have a look at the following :-
    http://discussion.forum.nokia.com/fo...d.php?p=300050

    Himanshu.

  9. #9
    Registered User
    Join Date
    Aug 2003
    Posts
    15

    Re: Problems with signing in symbian third edition

    i think symbian is already dead for normal developers, what im doing now if some company wants application for smartphones i suggest always windows mobile, i dont need worry there about signing cost.

    You will see in few years symbian will lost his position, already seing here that most of friends is buying pda or smartphone with windows mobile. And i have already more windows mobile devices for testing than symbian, only chance for Symbian is stop taking money for signing and give the access to full funcionality withou restriction.

    Security is not problem, normal user can recognice app from trusted company.

  10. #10
    Regular Contributor
    Join Date
    Jul 2006
    Location
    Italy
    Posts
    99

    Re: Problems with signing in symbian third edition

    Exactly davidhornak, you are right! I think that nokia and symbian make a big mistake! Instead to work on diffusion of they mobile, they only think to restrict and block the develop of application. I think that symbian is more like Windows Vista than Linux....and we know very well wich operating system it's better I'm sorry for symbian and nokia, I hope that the thinks will change very soon...otherwise I think that I stop to develop for symbian...perhaps I start to develop in windows mobile or linux..

  11. #11
    Registered User
    Join Date
    Mar 2003
    Posts
    4

    Re: Problems with signing in symbian third edition

    I just got an E90 and found that JAVA finally performs well on (Symbian) phones ... :-)
    I was looking forward to move some programs / features from the server and PC to the Phone ... :-)

    BUT this is a REAL SHOWSTOPPER - I don't want to buy a certificate from verisign to be able to "run" my SW!
    I already have a legal company and personal certificate!

    Today we distribute all our server and PC SW without any kind of certificates - because our customers trust us - and they get the SW from us - not from a suspect email!

    Do the Midlet specification prevent Nokia from either:
    1) Create a "Run as signed" option for unsigned Midlets?
    2) Create a "Run as external signed" option for Midlets signed with a selfsigned certificate?
    3) Allow the user to import a trusted "company certificate"?
    4) Something else ...?

    I still LOVE my E90, but is afraid that Nokia will loose the battle to Win-based phones if you don't "set JAVA for Nokia" free.

    BTW: A certificate don't guarantee bug / virus free software... Just that the people at "NiceSoftware Gmbh" had a lot of money ;-)

  12. #12
    Regular Contributor
    Join Date
    Apr 2006
    Posts
    63

    Re: Problems with signing in symbian third edition

    "I posted this message to stimulate the rebellion.
    We must remember that the lucky of symbian depends also on the number of utilities and applications the cellular's customer could find and so,
    from the number of DEVELOPERS involved in this activity. Symbian should simplify their work, not put obstacles.

    I think that if this situation doesn't change, I will leave the development on symbian and I will start to develop on Linux based platform."



    Hey I am always happy to support a rebellion for freedom of course.. anyway

    I think it's just plain stupid to force developers to fork over $200 at least to do
    some basic testing on a real phone, the emulator don't cut it when you're developing for the real world,
    it might run 100% good on an emulator but crash at the start on the real thing..
    I also think that the operators and middle man make enough cash for nothing on us developers as it is collecting royalties for what is not their work in the first place,
    and now such a benchmark for the market, I might be happy to pay the $500 to get a real certificate for a market ready application but hesitate pay that much just to test a piece of code
    which might be half a year from release or never make it there..

    So I encourage Symbian and Nokia to make the lives of developers a little easier and at least provide developer cerificates or something that will allow
    running of application for free,..

    I don't understand how a self signed application installed via the Nokia PC Suite(explicitly) can be of any harm to anyone, I suppose if you install you're
    application you're self you must know what you're doing so where's the
    client protection aspect in this, I don't get it?!


    Regards, Martin

  13. #13
    Registered User
    Join Date
    Aug 2003
    Posts
    15

    Re: Problems with signing in symbian third edition

    Yes, Nokia and other companies should do some change, even the same problem is with games, as we are distributing games for mobiles too. As soon as did appear Symbian 3rd edition, there are no new games based on symbian, why? Is very easy cause games have often some bugs, and then a company should pay for each game test several hundreds dollars, for each new version, so nobody wants to do games for symbian, cause signing and testing cost.

    So you guys from Nokia better read this theme and do something about it, i told this already one year before and i still telling symbian in this attitude is dead player on mobile platforms.

  14. #14
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: Problems with signing in symbian third edition

    hveDK,

    "Do the Midlet specification prevent Nokia from either:
    1) Create a "Run as signed" option for unsigned Midlets?"

    Yes. (see below)

    "2) Create a "Run as external signed" option for Midlets signed with a selfsigned certificate?"

    yes (see below)

    "3) Allow the user to import a trusted "company certificate"?"

    yes (see below)

    below:
    The MIDP 2.0 specification contains a recommendation for MIDlet security. In that recommendation, all those things you asked are forbidden. Now, it is only recommendation. So differences are possible and unfortunately there are quite a lot of differences out there. For more information see
    http://wiki.forum.nokia.com/index.ph...curity_Domains

    Hartti

  15. #15
    Registered User
    Join Date
    Mar 2003
    Posts
    4

    Re: Problems with signing in symbian third edition

    Thx for your reply Hartti.

    Do "Python for Nokia" suffer the same annoying "user confirmation bug" - or will I be able to create a Python application that will run without user intervention when the application wants to access user data?

Similar Threads

  1. Open C FAQ
    By Nokia Ron in forum Open C/C++
    Replies: 4
    Last Post: 2010-10-01, 09:02
  2. Getting WAP IAP Name in Symbian 3rd edition?
    By khurshed79 in forum Symbian
    Replies: 3
    Last Post: 2008-05-05, 11:23
  3. S60 3RD EDITION SDK FOR SYMBIAN OS install problems on a raid system
    By rolfstenholm in forum Symbian Tools & SDKs
    Replies: 2
    Last Post: 2007-02-22, 15:25
  4. Can be Symbian SDK for 3rd Edition installed to Borland IDE
    By pokymartin in forum Symbian Tools & SDKs
    Replies: 2
    Last Post: 2006-08-22, 08:02
  5. Replies: 3
    Last Post: 2003-07-17, 04:11

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×