Application signing/certification is something I have been involved with for both Windows Mobile and Symbian. In both cases the processes involved significant effort for very little gain from the developer’s perspective…

I have found that code certification or signing slows development and actually discourages product updates because any new versions have to also re-tested. This cost and inconvenience results in relatively few companies and virtually no hobbyists currently signing applications.

A long while ago I submitted an application for Microsoft "Designed for Windows CE". Within months, Microsoft renamed their mobile platform rendering my certification confusing for most users. In hindsight, I can’t say there were any advantages of having the application certified.

Symbian signed and JAVA verified are the latest incarnations of signing. Some argue the former doesn’t equate to Application Quality. I don’t agree with this. Symbian applications are in fact tested to ensure they don’t misbehave when used as described in the their user guide. However, some tests are very strange and ill-defined. The test criteria describe test tools that the developer does not have access to, resulting in the situation that it’s impossible to fully test applications prior to submission. The strangest of all the tests is the start up memory test. Again, this requires use of a test tool that, due to developer pressure, recently become available for download via the Symbian signed site. Even though you can now obtain the test tool, it’s a strange test. The test tool creates an artificial low memory limited (’lowmem’) environment for you application to run under. This is not the same environment (the available phone memory) that the Series 60 OS memory checking API uses. Hence, for example, if you check you have memory before allocating a large block of memory you may appear to have enough memory while the ‘lowmem’ environment stops it from being allocated. Hence you fail the test even though you tested for memory. It’s best to check for failed memory allocation rather than do any checking prior to allocation.

Another anomaly is that signed apps may present confusing messages to the user on older phones where the Symbian certificate isn’t already on the phone. The user needs to download the certificate onto earlier S60 and UIQ phones - but they don’t know this.

There are a few people who criticise JAVA verified, for its high costs and high failure rate. Also, not all phones, for example the Nokia 6600, 6230 and 3220 won’t actually allow JAVA verified applications to be installed! You get the error, "Installation Security Error, Unable to install". This is because the root certificate is missing.

If some people are right we are approaching a time when all phones will be locked down and most applications would need to be signed. Two things may happen with time. One is that mobile programming will become a marginalised, specialised activity much like, for example, device driver development. Some people will do it because they have to and are willing to suffer the pains. The other possibility is relaxation of the strict controls. We have already seen this with Orange and 3 in UK who released locked UIQ and MS Smartphone UIQ phones only to open them up later, via OS updates, when there was a backlash from developers.

This entry was posted on Monday, August 8th, 2005 at 3:24 pm and is filed under Symbian, Series 60, Mobile, J2ME. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.