Archive for the ‘Applications’ Category

The Symbian Signed Story, Part 4

Fri, 02 Jul 2010

It really is time that I brought my very occasional series of posts on the history of Symbian Signed up to date. We have some future changes in the pipeline that we are hoping will make things still less of a burden for developers, and I think it’s helpful to put that in the context of what has gone before (a 6 year history of incremental improvements).

In the last instalment, I had got up to 2006, when the first phones with platform security started shipping. This was a major turning point in the perception of Symbian Signed, as before then it was an optional thing for developers, but afterwards it was a requirement for access to the more security-sensitive APIs on the platform. I’ve already explained (I hope!) why that was necessary, but it did mean that some developers who would really rather not care about security now were forced to, and started to complain very loudly about it.

(more…)

Freeware Application Testing Idea

Thu, 01 Apr 2010

We know that there is a lot of inconvenience associated with distributing free (as in beer) applications for the Symbian platform at the moment – either the developer has to pay to get it Symbian Signed or every user has to sign the application for their own phone using Open Signed Online.

I am suggesting that the Symbian Foundation should host a beta test site for free applications. Developers and volunteer testers would be able to sign up to the site with just an email address and an IMEI, and then they could upload any application they like, and download any application they like. On download, the application would automatically go through Open Signed Online and be signed for that user’s specified IMEI.

(more…)

Health Apps on Phones?

Mon, 08 Feb 2010

This post is about trustworthiness (security in a broad sense) and specifically about reliability.

I see increasingly frequent suggestions that people should use their phones to monitor their health. This is, on the face of it, attractive; being an insulin-dependent diabetic, I carry a blood glucose meter with me pretty much everywhere, and in line with the general trend of convergence (calculator, camera, music player, radio, etc.) wouldn’t it be great if that was built in to my phone?

Well yes, that would be very convenient, but I’m afraid I think it’s a fundamentally bad idea.

(more…)

Apps for the Paranoid Needed?

Mon, 04 Jan 2010

I can’t let Karsten Nohl‘s presentation at 26C3 go without comment. To be clear, he was only talking about weaknesses that were already known (so headlines like “Secret mobile phone codes cracked” are at best misleading) but his purpose was to demonstrate that those theoretically known attacks are now practical. His point is a very valid one, and holds for most (all?) cryptographic algorithms: researchers will discover more efficient attack techniques, and technology will evolve to make such attacks practical, so you’d better design your cryptographic protocols so you can switch to different algorithms if and when the future need arises.* Happily this is the case for the GSM protocols, and all (!) that is needed is for the phone manufacturers and network operators to deploy the A5/3 algorithm and we can all go about our business.

That said, there is an interesting point made, almost in passing, in the presentation. (more…)

The Symbian Signed Story, Part 3

Mon, 08 Jun 2009

Previously on The Symbian Signed Story:

  • Symbian Signed costs reduced by open market for services
    Developers could choose between 3 test houses and 2 certificate authorities

And now, introducing platform security…

(more…)

Nokia Ovi Store Content Guidelines?

Wed, 27 May 2009

eWeek published an article yesterday quoting an unnamed “Nokia spokesperson” describing Nokia’s criteria for accepting applications into the newly launched Ovi Store:

“Every publisher is passed through a review process prior to their content proceeding through the system. Once they have been approved, a developer’s content passes through a moderation process which looks at each content item and evaluates it against our content guidelines. After each content item passes the moderation step it proceeds through our quality assurance process which runs a set of test cases on the targeted devices according to the content type.”

It’s also stated that applications must go through Symbian Signed Express Signed before being submitted.

(more…)

The Symbian Signed Story, Part 2

Tue, 26 May 2009

Previously on The Symbian Signed Story:

  • Public launch on 18th May 2004
    A quality mark to replace “Nokia OK” and other manufacturer certifications
  • Self-supporting (neither subsidised nor profit-making)
    Fees for signing go to third-party Certificate Authority, fees for testing go to third-party test house
  • Security was not a primary goal
    Symbian OS didn’t have platform security until 2 years later

The next phase in the evolution of Symbian Signed focused on reducing the cost to developers of getting their apps certified. As we have noted, the fees paid by developers were divided between fees for signing (mainly for issuing publisher certificates) going to VeriSign and fees for testing going to Capgemini. Symbian therefore resolved to bring the benefits of an open market for signing and testing services to bear.

(more…)

Happy Birthday Symbian Signed!

Mon, 18 May 2009

Symbian Signed launched publicly on 18th May 2004, which makes it five years old today 🙂

Although I can’t claim the credit (or blame!) for it, I have been somewhat involved with it for all that time, so I thought it might be useful to record some of the background and rationale. Symbian Signed now has an opportunity to develop in new directions, but it’s always good to be informed by the lessons of history.

(more…)

Code Signing Can Be Trusted (but not blindly)

Wed, 08 Apr 2009

Ben Laurie, who certainly knows security, and is a top bloke for the work he has done on FreeBMD, posted yesterday on why signatures don’t provide assurance of trustworthiness or quality.

I have to respectfully disagree on this.  The context is the W3C widget signing specification, and the wording in that spec that is at issue is:

Widget authors and distributors can digitally sign widgets as a trust and quality assurance mechanism.

If third-party CAs issue code signing certificates to widget authors, and the device trusts the widget authors’ signatures, then I agree it won’t assure either trustworthiness or quality.  I think that’s the model Ben is criticising (as in Microsoft Authenticode) and I agree with him so far as that goes.  There is, however, an alternative model which is the one that Symbian Signed has been successfully using for the past several years: the device doesn’t trust the developer’s signature, but the developer submits their signed application to a certification programme, which enforces acceptance criteria before re-signing the application with a different signature that is trusted by the device.

You can of course argue with the specific acceptance criteria, but surely this model can theoretically provide assurance of trustworthiness or quality, and the W3C widget signing spec can be used with that sort of signing scheme.