×

Discussion Board

Results 1 to 6 of 6
  1. #1
    Registered User
    Join Date
    Jun 2009
    Posts
    19

    All Permissions Should Be User Assignable

    I think all permissions for Midlets need to be user assignable, i.e. the user should have the authority to decide whether or not an untrusted Midlet has 'always allow' permission for each and every activity.

    It's very frustrating to be able to write your own apps for your own phone and not be able to give them permission to run unhindered by irritating dialogues without involving some third party.

    This situation also makes Android a more attractive platform if you're making a bespoke apps for a companies own internal use.

  2. #2
    Nokia Developer Expert
    Join Date
    Aug 2007
    Posts
    1,595

    Re: All Permissions Should Be User Assignable

    Hello SteveW,

    are you referring to Java ME in general or Nokia devices which support Java ME in particular?

    From Nokia devices' perspective, all the latest Series 40 (since Series 40 6th Edition, FP1) and Symbian (since S60 3rd Edition, FP2) devices support end-user interaction for configuring the security settings of 3rd party signed Java ME applications during application runtime (including setting 'Always allowed' for most of the permissions). Furthermore, the Nokia devices include optimized Nokia security policy for unsigned Java ME applications which effectively means significantly reduced number of security prompts per an interaction for most function groups as by default. More about the Nokia security policy on Java Developer's Library:

    Java Developer's Library 3.11 > Developer's guides > Security > MIDP security > Appendix A: Supported Security policies > Nokia security policy

    http://library.developer.nokia.com/i...EBE86A60D.html


    In addition, the latest Symbian devices allow setting the 'Always allowed' during application's installation. More on Java Developer's Library online:

    Java Developer's Library 3.11 > Developer's guides > Security > MIDP security > MIDP application security in Nokia devices > Installation time security

    http://library.developer.nokia.com/i...F21D905D9.html

    Regards,
    r2j7
    Last edited by r2j7; 2011-10-31 at 17:12.
    [URL="http://library.forum.nokia.com/java"][B] >>> Java Developer's Library <<<[/B][/URL]
    [URL="https://www.developer.nokia.com/Resources/Support/Technical_support.xhtml"] [B]>>> Technical Support for Java ME development <<<[/B][/URL]
    [URL="https://publish.ovi.com/info/"][B]>>> Nokia Publish: reach millions of Nokia users worldwide through Nokia Store <<<[/B][/URL]

  3. #3
    Registered User
    Join Date
    Jun 2009
    Posts
    19

    Re: All Permissions Should Be User Assignable

    Hello r2j7, thanks for your reply

    Quote Originally Posted by r2j7 View Post
    are you referring to Java ME in general or Nokia devices which support Java ME in particular?
    Well I'd prefer it if it were standard J2ME behaviour but I'd really like to see NOKIA implement it even if it's not.

    Quote Originally Posted by r2j7 View Post
    Java Developer's Library 3.11 > Developer's guides > Security > MIDP security > Appendix A: Supported Security policies > Nokia security policy

    http://library.developer.nokia.com/i...EBE86A60D.html
    Thank you for this link, the point I was making is that the 'Always allowed' option should be user assignable for every 'Function group' even if the midlet is in the 'Unidentified third party domain'.

    So long as the user has to make a conscious decision to assign those permissions I don't see a reason not to offer this option. Java is managed so there shouldn't be any risk to the functioning of the device, the only risk is the users and it is the user who is assigning the permission.

    In my opinion removing this restriction of what the user can do with their own device would increase the appeal of Series 40.

  4. #4
    Nokia Developer Expert
    Join Date
    Aug 2007
    Posts
    1,595

    Re: All Permissions Should Be User Assignable

    SteveW, thank you for the clarification, much appreciated.

    In addition to this discussion board thread, for the suggested security policy enhancements you might also want to use the Nokia Developer tool online for submitting feature requests: http://www.developer.nokia.com/bugs/...ture%20Request

    Regards,
    r2j7
    [URL="http://library.forum.nokia.com/java"][B] >>> Java Developer's Library <<<[/B][/URL]
    [URL="https://www.developer.nokia.com/Resources/Support/Technical_support.xhtml"] [B]>>> Technical Support for Java ME development <<<[/B][/URL]
    [URL="https://publish.ovi.com/info/"][B]>>> Nokia Publish: reach millions of Nokia users worldwide through Nokia Store <<<[/B][/URL]

  5. #5
    Nokia Developer Champion
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,192

    Re: All Permissions Should Be User Assignable

    No answers, just some additional comments :-(

    First off, Java ME specification does not allow that, so the specification would need some revising. That change would need to trickle down to the devices (after the change has been done) and that that would take some time. And that would not change how the old phones would operate (some would possibly get the fix through a firmware update...).
    Secondly, some Nokia and other manufacturers' phones are sold through operators which are limiting the MIDlet's capabilities even more than what the Java ME specification defines (AT&T, T-Mobile, Sprint, etc..) - so changing all the above would not change the behavior on all Nokia phones..

    My personal opinion follows: The security policy has been an issue for more than 5 years now. I do not see any major change to happen for it now or later.

    Hartti

  6. #6
    Registered User
    Join Date
    Jun 2009
    Posts
    19

    Re: All Permissions Should Be User Assignable

    Hello hartti

    Quote Originally Posted by hartti View Post
    My personal opinion follows: The security policy has been an issue for more than 5 years now. I do not see any major change to happen for it now or later.
    I tend to think you're right hartti, I don't have much optimism for a change actually happening.

    Beyond being a nice mobile I could see the new Asha 303 being quite a useful piece of hardware for companies or home automation enthusiasts. Having a qwerty keyboard, touchscreen, WiFi and TCP sockets on an affordable, easily programmable device that you can put in your pocket has some real potential - but those irritating dialogues :¬(

    Oh well

Similar Threads

  1. Re: pls help with SMS permissions
    By scc in forum Mobile Java Networking & Messaging & Security
    Replies: 2
    Last Post: 2009-07-17, 12:24
  2. Faking user acceptance in midlets permissions
    By amarzo in forum Mobile Java General
    Replies: 2
    Last Post: 2008-08-27, 12:42
  3. API Permissions
    By saurio in forum Mobile Java Networking & Messaging & Security
    Replies: 1
    Last Post: 2008-03-10, 22:19
  4. Self-Signed for User Grantable Permissions
    By pzul_wisner in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 6
    Last Post: 2008-03-05, 18:46
  5. S60 3rd - permissions
    By Waldi666@op.pl in forum Symbian
    Replies: 5
    Last Post: 2007-02-12, 14:24

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •