Nokia symbian s60v3 certificate signing?

Posted by 70sfamily | 12:14:00 PM


Just got an N95 8GB but getting headaches looking for signed software. Unsigned SW just won't allow you to install.

Though I understand the security issue behind this signing certificate, this seems to prevent quick release of softwares for mobile phones. What is the difference in security anyway? Is Nokia compromising release date delays to security?

One way or another, virus or malware will find there way to s60v3 phones. So, the signing process is only a thin delaying door.

Vesselin Bontchev
These are several questions, actually. ;-) Let me address them in order.

1) Some Symbian S60 R3 phones can be configured to allow installation of unsigned software. However, this is not advisable, because it disables an important security component.

2) The reason why there is little signed software for this operating system (and practically no free signed software for it) is because the signing process is expensive and cumbersome.

3) The difference in security is HUGE. Since, by default, only applications signed by Symbian will install on such a phone, it makes the creation of viruses for it grossly impractical. Non-viral malware has better chances (and, indeed, there is one signed spyware program for these phones) - but even there the producer is trivial to trace.

4) Yes, Nokia has opted for higher security at the expense of less flexibility. The vast majority of users don't even know how to install additional software on their phones - so they won't care. Those producers who really matter (i.e., the ones who make commercial software) have a way around the new restriction. It might be a bit expensive and cumbersome, but if it means the difference between selling your product and not doing so, the producers will do it. The only ones who are really impacted are the freeware producers and the geeky users - and they don't impact significantly Nokia's bottom line. At the same time, the bad rap that the R2 phones were getting as being the most "virusable" phone model on the planet does impact Nokia's bottom line.

5) Making viruses for R3, although not impossible, is impractical enough to make them a non-problem for this environment. A virus author will have to get his virus signed by Symbian. While the guys at Symbian can be fooled (e.g., by a seemingly legitimate program that activates its viral capabilities after a certain date), the process is expensive, the author can be traced back, and parasitic infection is impossible. Again - the idea is not to make viruses impossible - the idea is to make them a non-problem. Pretty much like Microsoft made macro viruses a non-problem with the introduction of Office 2000 and higher, by allowing only macros signed with a key trusted by the user to run - except that Symbian's protection is even stronger, because it requires Simbian's signature, not just any signature trusted by the user. Apple is going pretty much the same way with the iPhone.

Give your answer to this question below!
Did you enjoy this post? Subscribe to our RSS Feed!

Orignal From: Nokia symbian s60v3 certificate signing?

0 comments