Archive for May, 2009

Nokia Ovi Store Content Guidelines?

Wed, 27 May 2009

eWeek published an article yesterday quoting an unnamed “Nokia spokesperson” describing Nokia’s criteria for accepting applications into the newly launched Ovi Store:

“Every publisher is passed through a review process prior to their content proceeding through the system. Once they have been approved, a developer’s content passes through a moderation process which looks at each content item and evaluates it against our content guidelines. After each content item passes the moderation step it proceeds through our quality assurance process which runs a set of test cases on the targeted devices according to the content type.”

It’s also stated that applications must go through Symbian Signed Express Signed before being submitted.


The Symbian Signed Story, Part 2

Tue, 26 May 2009

Previously on The Symbian Signed Story:

  • Public launch on 18th May 2004
    A quality mark to replace “Nokia OK” and other manufacturer certifications
  • Self-supporting (neither subsidised nor profit-making)
    Fees for signing go to third-party Certificate Authority, fees for testing go to third-party test house
  • Security was not a primary goal
    Symbian OS didn’t have platform security until 2 years later

The next phase in the evolution of Symbian Signed focused on reducing the cost to developers of getting their apps certified. As we have noted, the fees paid by developers were divided between fees for signing (mainly for issuing publisher certificates) going to VeriSign and fees for testing going to Capgemini. Symbian therefore resolved to bring the benefits of an open market for signing and testing services to bear.


Behavioural Targeting

Thu, 21 May 2009

[Sorry, I’m getting a bit behind on things I want to blog about, part 2 of the Symbian Signed story will be up soon!]

On Tuesday I attended a seminar in Westminster on the topic of “Behavioural Targeting, Social Networking and the Challenges of Online Privacy“. “Behavioural targeting” refers to monitoring users’ behaviour online and using the collected data to present them with targeted content (often in the form of advertising).

There was an interesting mix of participants, from government and the civil service (the Home Office had the largest representation of any one organisation) to privacy advocates (Open Rights Group), industry (notably Phorm) and journalists. I wasn’t the only one who thought this might be relevant to mobile – several mobile network operators were present. There is clear potential for monitoring significantly more personal information via a mobile device carried with you, compared to a work or home PC.


Happy Birthday Symbian Signed!

Mon, 18 May 2009

Symbian Signed launched publicly on 18th May 2004, which makes it five years old today 🙂

Although I can’t claim the credit (or blame!) for it, I have been somewhat involved with it for all that time, so I thought it might be useful to record some of the background and rationale. Symbian Signed now has an opportunity to develop in new directions, but it’s always good to be informed by the lessons of history.


The Mobile Malware Threat

Tue, 05 May 2009

Last week, the BBC World Service radio programme Digital Planet included a piece on mobile phone viruses. This was based on research done at the Center for Complex Network Research (CCNR) entitled Understanding the Spreading Patterns of Mobile Phone Viruses.

Steve Litchfield of All About Symbian, pulling no punches, calls this “a load of BBC tosh” 🙂 To be fair though, I don’t particularly blame the BBC, who have simply taken journalistic license with the report’s main conclusion: “it is not unconcievable[sic] that the phase transition point will be reached in the near future, raising the possibility of major viral outbreaks.”

Unfortunately for the BBC and Professor Barabási at the CCNR, I think the research is flawed. (more…)

Security Patterns

Mon, 04 May 2009

I’m on the program committee for the 3rd International Workshop on Secure Systems Methodologies Using Patterns (SPattern’09) and I’ve just submitted my reviews of submitted papers (2 days late, sorry!)

I first got involved in this several years ago, as a member of the Open Group Security Forum. Back then, using design patterns to address security problems was quite a new idea, and we spent a long time in the group (I think about 2 years!) coming up with a few basic Security Design Patterns, finally published in 2004.

Since then, there have been several books published on security patterns, and security is now an accepted domain of interest in the patterns community. The recent Symbian Press book, Common Design Patterns for Symbian OS, includes 4 patterns in the Security category, including one (Secure Agent) authored by yours truly 🙂

I believe etiquette dictates that I shouldn’t discuss the papers I reviewed, as they may or may not make it on to the final workshop programme, but if you are interested in taking advantage of the collected security expertise embodied in security patterns please make a note in your diary of the workshop dates: 31 Aug to 04 Sep 2009 in Linz, Austria.

I’ll update this post when the final workshop programme is published.