On Twitter, Jason Delport of Paxmodept (who I happen to have met a few times) gave the following observation…

"Android Market is over 6 months old and we have yet to see any disasters from self certification. The network operators were wrong again!"

If Jason is correct, this really brings into question Symbian Signed and Java signing. As I have previously mentioned, I don’t think much of Symbian Signed. It doesn’t adequately test for rogue applications and I don’t think it ever could.

I always thought the rationale for Symbian Signed was flawed. Prior to Symbian 9.1 applications didn’t need to be signed and operators didn’t have problems then. So why was Symbian Signed introduced? Well, as a pre-emptive strike in case operators ended up having their own multiple signing schemes or maybe even boycotting Symbian OS altogether should a rogue-app induced disaster occur.

It seems the pre-emptive strike didn’t pay off. Android (and to a much lesser extent iPhone) is showing that applications can be released without lots of detailed tests. Yes, Apple approves applications but I doubt it does detailed testing along the lines of Symbian Signed otherwise far more would be rejected.

Instead, Symbian OS underwent a huge and complex change to add platform security. Development became more complex and many developers didn’t bother upgrading their older existing applications. Today, Symbian Signed is still complex - yet, in my opinion, doesn’t test enough to fulfil it’s promise of protecting network operators.

If I were Symbian, I’d think about removing the need for Symbian Signed testing and instead rely on self-certification. This might even be applied to older phones via firmware updates. Likewise, in future phones turning off the requirement for apps, using protected Java APIs, to be manufacturer, operator or 3rd party signed, might even give Java ME a last chance for success.

Related Articles:

• Not Easy to Publish to Ovi
• Application Signing
• New Open Signed Online Anguish
• Symbian Dev Certs without Publisher ID
• Symbian Signed Evolution
• The Java ME Market
• Symbian DevCerts and Validity Periods
• Symbian Signed Applications
• Symbian Signed and Piracy
• Consumer View of Symbian Binary Break
• Symbian Signed AllFiles and TCB
• Symbian OS 9.1 Implications
• Nokia Series 60 3rd Edition Platform Security
• Symbian OS 9 Platform Security
• Signing and Certification
• Symbian Break in Binary Compatibility

This entry was posted on Friday, May 15th, 2009 at 12:56 pm and is filed under Symbian, Series 60, Mobile, J2ME. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.