Advanced Multimedia Supplements Security

Addendum to the Advanced Multimedia Supplements API (JSR-234) version 1.1


This document, Advanced Multimedia Supplements Security is an addendum to the Advanced Multimedia Supplements (JSR-234) version 1.1 for the JavaTM Platform, Micro Edition. The specification is aimed at implementations of the Advanced Multimedia Supplements API, especially with the Mobile Information Device Profile, Version 2.x (JSR-118) and Connected Device Configuration (CDC), Version 1.0 or later specifications. The above specifications can be found at, and, respectively.

The terminology used herein is defined by the above specifications except where noted.

Who Should use this Document

The audience for this document is the Java Community Process (JCP) experts, implementers of the Advanced Multimedia Supplements, application developers using MIDP or CDC and the Advanced Multimedia Supplements, service providers deploying MIDP or CDC applications, and wireless operators deploying the infrastructure to support MIDP or CDC devices. This document specifically targets network operators, manufacturers, and service and application providers operating in GSM and UMTS networks.

Scope of this Document

The purpose of this document is to identify the security concerns regarding Advanced Multimedia Supplements and to define the corresponding security policy identifiers (permission names) when it is used in conjunction with MIDP 2.x, or CDC 1.0 or later.

This document does not specify what the security framework is or how it functions; they are specified and implemented by the implementing platform, e.g. in MIDP 2.0.

Advanced Multimedia Supplements implementations on MIDP 2.x must follow this document. CDC based implementations using the CDC security framework for application security must follow the security defintions for CDC in this document.


  1. Connected Limited Device Configuration (CLDC)

  2. Mobile Information Device Profile (MIDP)

  3. Mobile Information Device Profile, Next Generation (MIDP 2.0)

  4. Security for GSM/UMTS Compliant Devices Recommended Practice.
    Addendum to the Mobile Information Device Profile version 2.0. JSR-118 Expert Group, Version 1.0, Nov 5, 2002.

  5. Mobile Media API, version 1.2.

  6. Advanded Multimedia Supplements, version 1.1.

  7. FileConnection API
    PDA Optional Packages for the J2ME™ Platform, version 1.0.

  8. Java Technology for Wireless Industry (JTWI).

  9. Connected Device Configuration, version 1.0.

  10. Connected Device Configuration, version 1.1.

1. General

The Advanced Multimedia Supplements (AMMS) specification does not define a security framework of its own. Rather, implementations of AMMS are subject to the security mechanisms provided by the underlying profile and configuration, e.g. MIDP 2. Some methods in AMMS are defined such that a SecurityException will be thrown when called without the appropriate security permissions from the caller.

An implementation MUST guarantee that:

  1. the SecurityException is thrown when the caller does not have the appropriate security permissions to execute the method;
  2. the method can be used when the appropriate permissions are granted.

2. Security Concerns for Advanced Multimedia Supplements

The security of AMMS concerns the use of camera and tuner.

In order to perform any security sensitive actions using AMMS the application MUST be granted the permission to do so. The mechanism to grant the permission is implementation specific and not in the scope of this document.

2.1 Permissions for camera in MIDP 2

Camera security concerns privacy and storing of images. CameraControl.enableShutterFeedback is used to control the possible audible and visual feedback of taking a picture. In order to disable the shutter feedback the application must be granted the permission to perform the operation. Otherwise, SecurityException is thrown.

It should be noted that because of differing local regulations it may not be possible to disable the shutter feedback at all. In those cases MediaException will be thrown.

AMMS permissions for the camera are specified in table 1.

Table 1: AMMS permissions for the camera
 API call  Permission

Security regarding storing of images affects AMMS only indirectly. AMMS does not specify its own permissions for storage but they are handled by the API which is used to store the images. With MIDP, the permissions of the FileConnection API (JSR-75) are used when images are written to the file system.

AMMS implementations must follow the security practices of the FileConnection API to store the images when AMMS and FileConnection API exist in the same implementation.

Similarly, MMAPI specifies the security practices concerning capture of images in general. Since AMMS uses the MMAPI framework, AMMS implementations do not exist without MMAPI. Images taken by AMMS must follow the image capturing security practices of MMAPI.

References to other APIs which may affect AMMS are listed in table 2. Information concerning related permissions can be found from those API specifications.

Table 2: Other APIs whose security settings may affect AMMS
 API call  Related API
 SnapshotControl.setDirectory(java.lang.String directory)
 FileConnection API (JSR-75)
 SnapshotControl.start(int maxShots)
 Mobile Media API (JSR-135)

2.2 Permissions for tuner in MIDP 2

The TunerControl of AMMS allows use of the tuner (usually FM or AM radio). The API allows accessing and setting of the preset channels of the native tuner application. The Java application must be granted permission to set the native presets in order to perform these operations. AMMS permissions for the tuner are specified in table 3.

Table 3: AMMS permissions for the tuner
 API call  Permission
 TunerControl.setPreset(int preset)
 TunerControl.setPreset(int preset, int freq, java.lang.String mod, int stereomode)
 TunerControl.setPresetName(int preset, java.lang.String name)

2.3 Permissions for CDC based implementations

Implementations using security permissions based on must include class javax.microedition.amms.AmmsPermission and the methods below must perform permission checks.

Table 4: AMMS security definitions for CDC based implementations
 API call  Action in javax.microedition.amms.AmmsPermission
 TunerControl.setPreset(int preset)
 TunerControl.setPreset(int preset, int freq, java.lang.String mod, int stereomode)
 TunerControl.setPresetName(int preset, java.lang.String name)