×

Discussion Board

Results 1 to 9 of 9

Thread: Secuirity issue

  1. #1
    Registered User
    Join Date
    Oct 2006
    Posts
    33

    Secuirity issue

    Hi,
    Sorry for the long post.

    I have a signed (VeriSign class 3) j2me application that needs to access FileConnection api (to read files from the memory card), the api used is
    "javax.microedition.io.file.FileConnection".
    Here's the issue:
    The phones I'm testing on are "Nokia 6280" the operator is Orange Israel (also named Partner).
    If I add to my jad requested permission:
    MIDlet-Permissions: javax.microedition.io.file.FileConnection.Read"
    (I've actually tried several other permissions) the application installs fine but renders itself "invalid application" (in this case, when going to the details, the application is "certificate: yes" but the location and other properties seem to be empty.

    If the permissions are placed to the MIDlet-Permissions-Opt (and removed from the MIDlet-Permissions) the application installs fine (and the details are showing everything correctly, certified, the vendor and other properties all filled correctly),
    further, when I try to "play" with the "application access" menu it allows me to set almost everything I want including Communication - messaging, http etc. HOWEVER, the one thing that I need which is to access files (permission I believe is set through "Applicaiton Access->Phone Access->Read user data or Add and Edit data ARE NOT ALLOWED and none of the other options are available -- grayed out.
    I have previously ran my application on another 6280 phone (at that time my app was not signed) and it did allow access but the "one shot" style -- everytime the app accessed that restricted api. unfortunatly I don't have access to that phone anymore to retest it.

    THE QUESTION:
    As far as I understand from the documentation, my application (being signed by verisign class 3) runs under the trusted 3rd party secuirity domain.

    1.Who is controlling what is allowed and not allowed for this domain?

    2. Is this something I can change? My operator can change?

    3. Is it possible that someone completely blocked access to jsr75 (file api)?

    4. what workaround one might think of?

    5. I can place my signed midlet on the web if someone with 6280 (or another phone for that matter) is willing to download it (its signed) and see if this happens on your device as well.

    Thanx for any tip,
    --tzurs

  2. #2
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: Secuirity issue

    There is a recommended security policy document for MIDP2, which is now part of MIDP 2.1 spec. This recommendation states what kind of API access policies should be implemented on phones. According this doc, the access to user data (including FileConnection) should be available (separate settings for read and write).

    To answer your questions
    1&2) some operators have restricted the API access for certain security domains on their branded phones more than what the recommendation states.
    3) yes, that is possible. In your case (Orange Israel), there has been a couple of reports on these boards on these restrictions.
    4) You might try to get the midlet signed by your operator (placing it to the operator domain), but in most cases this is available only selected partner companies.
    5) I guess there are a number of people on this boards, which could test your app on 6280. If I happen to have any extra time, I can try it too, but even without trying I guess that your midlet works just fine on a non-operator branded phone.

    Hartti

  3. #3
    Registered User
    Join Date
    Oct 2006
    Posts
    33

    Re: Secuirity issue

    Hi,

    Thanks for the informative reply.
    One more quick one that perhaps someone knows,
    I'm running around between the provider, the distributers of the actual handsets (a different company) and Nokia (world) to understand who actually is responsible for this (fiasco?),
    Does Nokia have some kind of official access point that I can communicate this issue with?
    best regards,
    --tzurs

  4. #4
    Super Contributor
    Join Date
    Dec 2005
    Location
    Europe/Poland/Warsaw
    Posts
    1,697

    Re: Secuirity issue

    hi,

    Nokia has that noted already some time ago:
    Variance in security domains for MIDlets on certain operator variant phones

    regards,
    Peter

  5. #5
    Registered User
    Join Date
    Oct 2006
    Posts
    33

    Re: Secuirity issue

    Thanx for the info!
    I must admit this looks like a super problematic issue.
    What good is it to have a standard interface if its not supported (matter's not if this is a phone issue or a provider issue),
    I wish there was a way to detect this programatically,
    Does anyone know if "resetting" the phone somehow can overcome these restrictions?
    Thanx for all the help,
    --tzurs

  6. #6
    Super Contributor
    Join Date
    Mar 2003
    Location
    Finland
    Posts
    9,569

    Re: Secuirity issue

    In many cases, as a user, you can always sell the device with such restrictions and buy an unrestricted/retail device, instead (and in the future stay away from restricted devices).

    In general, the only way to reset firmware/ROM restrictions is to reflash the device with a different firmware variant without such restrictions.

    Nokia will not (via repair/service centers or the do-it-yourself Nokia Software Update tool) change the firmware from an operator customized version to a retail/uncustomized version, but only update to a newer version of the operator customized software, if such is available.

    The operator can, of course, always remove restrictions in updates to their customized version, if they wish to do so (e.g., if sufficient numbers of their customers demand it, or they realize otherwise that users do not wish to have such restrictions placed upon them).
    Last edited by petrib; 2006-10-22 at 08:24.

  7. #7
    Registered User
    Join Date
    Oct 2006
    Posts
    33

    Re: Secuirity issue

    Yeh,
    I guess you're right.
    The funny thing is that no one at customer service/data services seem to take responsibility over this.."talk to nokia" they tell me..
    the problem is really not personal but one of market size, it is unacceptable to sell software that will not work for some customers, just thinking about the support personal required to reply to "unhappy" customers of my software is a mind blow.

    Thanks for everything though.
    --tzurs

  8. #8
    Registered User
    Join Date
    Nov 2007
    Posts
    2

    Re: Secuirity issue

    did you solve the problem finally?
    i have the same issue.

  9. #9
    Registered User
    Join Date
    Nov 2007
    Posts
    2

    Re: Secuirity issue

    is it possible to reflash the body with the original ( from the Nokia site) file? The version number is the same. (06.43)

Similar Threads

  1. Issue with 6265i - APp Install
    By romar_mro in forum PC Suite API and PC Connectivity SDK
    Replies: 2
    Last Post: 2006-10-03, 22:06
  2. Issue with APp deployment on 6265i
    By romar_mro in forum Mobile Java Tools & SDKs
    Replies: 1
    Last Post: 2006-09-10, 07:15
  3. Image Scaling/Sizing issue on the N70
    By sameet in forum Symbian Media (Closed)
    Replies: 0
    Last Post: 2006-07-24, 12:03
  4. Security code issue for 6230
    By kababoom in forum General Development Questions
    Replies: 1
    Last Post: 2004-08-19, 05:39

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×