×

Discussion Board

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    signing applications without UI

    I am wondering will symbian sign (express or ceritfied) such application which uses ReadDeviceData and Location to:
    1) Log CellId's change and/or GPS data change to a file
    2) Send data to server using gprs (automaticly, once a day for exaple)

    It is possible to display ANY security or license warnings to user only during install, and after that application needs to be completely invisible.

    I am new to symbian signed, and that's why I have following questions:

    1) Is it possible at all to sign such an application?
    2) If yes, can I use express signed?
    3) If yes, what will happen if symbian will choose my application by random to look closer on it?
    4) If no, what can I do to get it signed?

    Remarks
    * The only billable event - using GPRS to transfer data to server. I'll put A LOT OF WARNINGS in configuration app (which cannot be runned from user menu (only during installation))
    * I am going to share location data to another application through (do not know yet, can you suggest?)...something, and that application will show last logged cellid to user, etc. And I didnt finished that app yet.
    * Gonfiguring app will include filling in username/password, data send rate, and if needed all kind of warnings.
    * As for user privacy - there are only two things involved - imei and location.

    Thanks.

  2. #2
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Budapest, Hungary
    Posts
    28,752

    Re: signing applications without UI

    Quote Originally Posted by StasV View Post
    1) Is it possible at all to sign such an application?
    Yes, it is possible.
    2) If yes, can I use express signed?
    Yes, you can.
    3) If yes, what will happen if symbian will choose my application by random to look closer on it?
    Then your application is going to be tested in the 'usual' way.
    The details you list do not really matter here and now. From signing point of view what is important is that your application has to comply with the requirements accessible on the SymbianSigned site. You should read both the guide and the test criteria from www.symbiansigned.com

  3. #3
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    Re: signing applications without UI

    So I can sign almost everything?
    Can I sign for example apllication which will provide base stations data to other applications (even self-signed)?

    Will symbian signed testers sign such an application on certified signed?

  4. #4
    Nokia Developer Champion
    Join Date
    Mar 2006
    Location
    Helsinki, Finland
    Posts
    8,347

    Re: signing applications without UI

    Quote Originally Posted by StasV View Post
    So I can sign almost everything?
    Can I sign for example apllication which will provide base stations data to other applications (even self-signed)?

    Will symbian signed testers sign such an application on certified signed?
    There should not be any such problem. Test houses are there for this purpose. Just go through the test criteria before submitting your application for Symbian Signing.
    Nokia Developer Wiki Moderation team

  5. #5
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    Re: signing applications without UI

    Does symbian test criteria include any restrictions on "extracting" capability I need to the separate process? I really can't get the moment when "capability extracted to separate process" becomes usefull application which can be signed easily (I must provide an explanation, right?)

  6. #6
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,359

    Re: signing applications without UI

    Are you talking about a server leaking capabilities to its clients?
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  7. #7
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    Re: signing applications without UI

    Probably. Such kind of application will not be signed? And when do such leaking becomes resonable? (Or maybe symbian os prevent processes with different capabilities to communicate with each other?)

  8. #8
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,359

    Re: signing applications without UI

    Plarform Security is enforced at server level and it the responsability of server developers to ensure that capabilities are not leaked. Aside from that, of course, processes with different capability sets can communicate with each other.

    The questions are:
    - why would you leak the capability?
    - why would Symbian Signed agree with that?

    If you think you have a good enough answer to the above questions then go ahead with your project.
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  9. #9
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    Re: signing applications without UI

    Finally! You get my IDEA!!!
    I have GUI which uses ReadDeviceData capability to log cellid changes.
    Now I have to log changes even if GUI isn't running. So, GUI now don't really need that capa, because server application already logged everything. So I do not need to sign GUI, just server application. Will this reason be enough for symbian testers, and if not, what else can I do to get everything working and signed?

  10. #10
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Budapest, Hungary
    Posts
    28,752

    Re: signing applications without UI

    I would guess that SymbianSigned people would be more convinced if you would secure communication between the server and the client via checking VendorId/SecureId.

  11. #11
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,359

    Re: signing applications without UI

    Quote Originally Posted by wizard_hu_ View Post
    I would guess that SymbianSigned people would be more convinced if you would secure communication between the server and the client via checking VendorId/SecureId.
    Exactly, that would be an advisable security measure.

    The capability would be leaked if the Server publishes an API which other developers can use to bypass the platform security settings. If you keep the said API private and only your clients can use that server then you are not leaking the capability.
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  12. #12
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    Re: signing applications without UI

    So I need to prevent applications of other deveopers to interfere with my server?

    To achieve this I need to specify Secure Id in gui application. And by doing that (Just a guess) I prevent myself from self-signing my GUI?

    Can I check by UID of my GUI application? Can I request it from my symbian account to be from unprotected range?

  13. #13
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    Re: signing applications without UI

    In other words I cannot have my GUI self-signed?

  14. #14
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,359

    Re: signing applications without UI

    To beging with you need to study the Platform Security and the secure servers concept.

    There is nothing stoping you from using an unprotected UID3/SID with your secure (and certified server).
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  15. #15
    Regular Contributor
    Join Date
    Jul 2007
    Posts
    161

    Re: signing applications without UI

    I have found nothing definite on SID subject. I'm still googling for it.

    But if looking from self-signed point of view, one can easily fake all necessary uids, if some self-signed application already uses signed server successfully. And why would he care that there are two apps in the world exists, mine and his with same ids?

    I hope that I'm wrong, because I haven't got enough attempts to sign GUI, because it changes too often.

Similar Threads

  1. What is signing process of j2me applications
    By manojkumar.m in forum Mobile Java General
    Replies: 2
    Last Post: 2008-11-15, 11:44
  2. Install wizard for connected JME applications
    By JWtheCoolOne in forum Mobile Java General
    Replies: 0
    Last Post: 2008-06-04, 15:17
  3. Signing applications for new handsets of the same platform
    By juliand77 in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 1
    Last Post: 2007-12-07, 10:02
  4. Applications crashing in Cingular-branded 6682. Feedback appreciated.
    By Razor1973 in forum General Development Questions
    Replies: 3
    Last Post: 2006-01-27, 13:11
  5. Signing problem with 6630 and jad file
    By panwoo in forum Mobile Java General
    Replies: 7
    Last Post: 2005-11-19, 14:57

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×