×

Discussion Board

Results 1 to 7 of 7
  1. #1
    Registered User
    Join Date
    Oct 2009
    Posts
    126

    Security warning after express signing

    This is new:
    I've signed my sis using Symbian Signed (Express signing), and after installing the signed sis (N97, 5800) I get the "user data" security warning, as if it is self signed sis.
    Here are some details:
    1. It is a flash lite app, signed using Kunerlite (as all my previous apps - never had this issue)
    2. It uses accelerometer sensors (as some of my previous apps - never had this issue)
    3. I'm installing the application in \private\<UID>\ (this is the first time)
    4. The application includes inner-active ads. (as one of my previous apps - had no such issue)
    5. I'm calling: System.security.allowDomain("*.inner-active.com") and publishing for local files (otherwise I can't have sensors + ads working together)

    I've tried signing using the free OVI signing and got the same issue (see here), so I switched to good old Symbian signed, but got same problem...
    Please advise - I have no idea what my next steps should be...
    Thanks in advance,

    Ranco,
    MobilityCraft

  2. #2
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,355

    Re: Security warning after express signing

    Let's clarify: you're getting these warnings after the installation (i.e. at run time) or during the installation (i.e. as in the case of self-signed apps the user must accept this and that type of behavior).

    In the first case, it has nothing to do with Symbian Signed, the problem is runtime specific and you have to verify if anything changed in Flash's security model.

    In the later, I'd like to see the sis file since what you describe is indeed very odd.
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  3. #3
    Registered User
    Join Date
    Oct 2009
    Posts
    126

    Re: Security warning after express signing

    Quote Originally Posted by ltomuta View Post
    Let's clarify: you're getting these warnings after the installation (i.e. at run time) or during the installation (i.e. as in the case of self-signed apps the user must accept this and that type of behavior).

    In the first case, it has nothing to do with Symbian Signed, the problem is runtime specific and you have to verify if anything changed in Flash's security model.

    In the later, I'd like to see the sis file since what you describe is indeed very odd.
    Only after installation.

  4. #4
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,355

    Re: Security warning after express signing

    The signature applied to a SIS file (be that self-signed, Express Signed or Certified Signed - Ovi Publish used Express Signed by the way, so it changes nothing) is checked at install time, when the install succeeds or not, depending on what the package contains and what the signature allows.

    Everything that you see happening after that is defined by the Flash Run-Time, so check again the content of the PKG file, the location where files are installed and all the other details which are relevant for a Flash application (I'm not an expert in Flash, so I can't comment much about these details).
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  5. #5
    Registered User
    Join Date
    Oct 2009
    Posts
    126

    Re: Security warning after express signing

    Quote Originally Posted by ltomuta View Post
    The signature applied to a SIS file (be that self-signed, Express Signed or Certified Signed - Ovi Publish used Express Signed by the way, so it changes nothing) is checked at install time, when the install succeeds or not, depending on what the package contains and what the signature allows.

    Everything that you see happening after that is defined by the Flash Run-Time, so check again the content of the PKG file, the location where files are installed and all the other details which are relevant for a Flash application (I'm not an expert in Flash, so I can't comment much about these details).
    I can send you the express_signed file - please advise how.
    Ranco

  6. #6
    Registered User
    Join Date
    Oct 2009
    Posts
    126

    Re: Security warning after express signing

    Quote Originally Posted by ltomuta View Post
    The signature applied to a SIS file (be that self-signed, Express Signed or Certified Signed - Ovi Publish used Express Signed by the way, so it changes nothing) is checked at install time, when the install succeeds or not, depending on what the package contains and what the signature allows.

    Everything that you see happening after that is defined by the Flash Run-Time, so check again the content of the PKG file, the location where files are installed and all the other details which are relevant for a Flash application (I'm not an expert in Flash, so I can't comment much about these details).
    Well, you were right. The problem wasn't the signing!
    There are two ways to wrap flash lite app into .sis. I've used the Flash Lite Stub method. When I use the other way (Flash Launcher) it works fine. I don't get this warning anymore !
    Thanks again,
    Ranco

  7. #7
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,355

    Re: Security warning after express signing

    I guess the packaging tool may need an update ... But good to hear that you have found a way to make it work.
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

Similar Threads

  1. Security warning
    By swaroop55 in forum Mobile Java General
    Replies: 2
    Last Post: 2011-05-06, 14:29
  2. [Moved] Express Signing and Certified Signing
    By prashant.sharma in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 7
    Last Post: 2010-02-20, 12:54
  3. Security Warning
    By helwg1130 in forum Mobile Java Networking & Messaging & Security
    Replies: 19
    Last Post: 2009-06-30, 14:58
  4. Pushregistry, Security Alert after signing the midlet?
    By juppi in forum Mobile Java Networking & Messaging & Security
    Replies: 15
    Last Post: 2007-08-08, 11:04
  5. Security warning
    By codectrl in forum Symbian C++
    Replies: 2
    Last Post: 2003-03-20, 19:33

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •