Please note that as of October 24, 2014, the Nokia Developer Wiki will no longer be accepting user contributions, including new entries, edits and comments, as we begin transitioning to our new home, in the Windows Phone Development Wiki. We plan to move over the majority of the existing entries over the next few weeks. Thanks for all your past and future contributions.

Archived:Variance in security domains for MIDlets on certain operator variant Series 40 2nd Edition phones (Known Issue)

From Wiki
Jump to: navigation, search

Archived.pngArchived: This article is archived because it is not considered relevant for third-party developers creating commercial solutions today. If you think this article is still relevant, let us know by adding the template {{ReviewForRemovalFromArchive|user=~~~~|write your reason here}}.

Article Metadata
Created: User:Technical writer 1 (24 Aug 2006)
Last edited: hamishwillee (24 Jul 2013)


Certain operators have defined different access rights for MIDP security (untrusted 3rd party, trusted 3rd party, and manufacturer) domains in relation to certain restricted APIs (for example, low-level net access, application auto-start, and file access) than defined in the "Recommended security domain policy for GMT/UMTS compliant devices" included in the MIDP 2.0 specification.

MIDlets in untrusted 3rd party domain, trusted 3rd party domain, and manufacturer domain have different default and available access rights to certain APIs than generally available.


The MIDP 2.0 specification includes a recommended policy for security domains for MIDlets. The document specifies what kind of access rights a MIDlet in each of the four available domains should have (both default and all available settings). In general access even untrusted 3rd party MIDlets should have access to all of the restricted APIs, even though in most of the cases the system has to prompt the user for every access to the API.

Some operators, especially in the U.S., require manufacturers to customize the domain policy for the devices sold under their brand.

As an example, domain policy specification may not allow 3rd party MIDlets (both unsigned and signed) to create socket connections or to use SSL connections. Also PushRegistry use as well as user data access may be prohibited for unsigned MIDlets.

The details for the security domain policies for the operators should be requested from the specific operators directly.


Developers can use generic phones for development, or try to work closely with the operator to overcome the limitations.

This page was last modified on 24 July 2013, at 10:17.
40 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.


Thank you!

We appreciate your feedback.