Details are starting to emerge publicly on how Symbian OS 9 platform security is going to work. A Nokia Forum powerpoint presentation and Symbian paper for ISVs explain capabilities, data caging and process identification.

In summary, it’s possible to still have signed and unsigned applications. Unsigned ones can ask the user for ‘blanket’ permission to do certain things at the time of install. Other things, more importantly network services such as making a call, accessing the internet and sending a text will require ‘one-shot’ permission every time they occur in unsigned applications.

Note that the Symbian Platform Security is still slightly ambiguous. This is intentional. Nokia, Sony Ericsson etc are left some flexibility as to what capabilities (i.e. their API calls) need what kind of permission and whether all applications will have to be signed. This has yet to be made public. Also, Symbian and the phone OEM are not the only people who have a say on what needs what. Network operators will have the final say on how platform security is configured for their networks.

As part of the changes, UID allocation becomes automatic. This will allow cross-checking of developer UIDs vs signed applications. Note that older ‘Legacy UID allocations’ will be in the ‘protected range’ which means all older applications will have to be signed under OS9 (or have their UIDs changed to ones in the unprotected range).

Developers also have to use ‘Developer Certificates‘ to allow testing of restricted APIs on devices prior to signing. 

David Wood of Symbian has hinted there’s something else yet to be announced… "Follow another (new) system, details of which will be made public at the Smartphone Show…"

Update: 21 September: View the Platform Security Chapter from the book Symbian OS Internals.

This entry was posted on Tuesday, September 13th, 2005 at 9:15 am and is filed under Symbian, UIQ, Mobile. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.