App signing is becoming more of a problem than ever.
I recently read that when a signed app is installed on a device you cannot set networking and positioning to always allowed at the same time in an app (If one is set to always allowed, the other automatically changes to ask first time).
So now I have a tracking app(GPS) so that people can find their kids, spouses, staff .... that can be autostarted with an SMS but the person on the other side has to confirm that the GPS connectivity or internet connection is allowed.
This can not be an invasion of privacy, because you own the device the app is running on. Otherwise how did the app get loaded on the device (By Magic???). Obviously the person carrying the device is informed of the app and what it does.
What I intend to use the application for is security. I live in South Africa where crime is rife, phones get stolen, people get abducted/kidnapped.
Scenario: I can not reach my sales rep on the phone, it is getting late and I am getting worried. So I start up the application. Now my employee is tied up in the boot of her car and she can not get to the phone to press yes to the STUPID questions being asked by a device that may help save her life.
I have successfully managed to trace a stolen phone, the app was already running, so the scenario is real.
My problems with signing (and I have gone on about this many times in the past) are as follows:
1. Signing stops software that works well from working (device specific certificates)
2. Signing Is costly (I do not mind paying for something that helps, but I am reluctant to pay for something that hinders)
3. Having an app signed does not gaurantee anything really (networks also get a say in what your device can and can't do)
4. Gives you no extra security (always allowed is never flagged by default on a signed app, you have to go and change it yourself)
So based on point 4 above why don't device manufactures/networks create a certificate that allows everything (even sms) to be always allowed if the user so wishes or even better get rid of the whole process.
As far as I am concerned the whole process is nothing more than a money making racket when it comes to J2ME.
I am very happy to see that Android will be making the whole thing a lot easier (but I have not seen it and seeing is believing)
If anyone anywhere has a "workaround" I would aprreciate seeing what it is (there is one self signing certificate available for devices such as the 6680)