T-Mobile U.S. and Java Security Domains

hartti | 23 January, 2007 04:28

Continuing the report on Java Security Domain exceptions by operators. I had a little harder time finding out information about the T-Mobile U.S. restrictions as their developer web site is nowhere to be found. Fortunately I was able to dig up a couple of documents providing light on this issue (I have to admit that I have not had a T-Mobile phone at hand to test this, all this is based on the documents I received... however I am planning to visit the T-Mobile store to check this out myself...)

 

The untrusted 3rd party domain has major restrictions. No access to networking, messaging, local connectivity, PushRegistry, multimedia recording, reading/editing user data, or location API.

 

The trusted 3rd party domain does not exist.

 

There are semi-trusted partner and trusted partner domains (operator domains). The semi-trusted partner domain has "ask once per session" settings for all of the APIs I listed above. In the trusted partner domain access to the APIs listed above is set to "always allowed". 

Java | Next | Previous | Comments (13) | Trackbacks (0)

RSSComments

Re: T-Mobile U.S. and Java Security Domains

tote_b5 | 23/01/2007, 10:29

tote_b5 Hmm, it's the second US operator that seriously restricts what 3rd party apps can do in their network. It seems to me that American carriers are much more paranoid than European operators, isn't it so? Especially, when I recall what Steve Jobs said during his keynote presentation: the main reason of not allowing 3rd party apps to be installed on iPhone is that "Cingular doesn't want to see their West Coast network go down because some application messed up."

On the contrary, fortunately such restrictions do not exist for Symbian (native) apps. Once an app is Symbian Signed, then it can do whatever it was programmed for. And no operators can have influence on what will be Symbian Signed and what will not. Hopefully. :-

Tote

Re: T-Mobile U.S. and Java Security Domains

hartti | 23/01/2007, 19:09

hartti To be fair to the U.S. carriers, there are some operators also on the other side of the pond limiting the Java MIDlet capabilities. Namely Hutchinson 3G and Orange Israel. Check the discussion boards for discussion about Orange for example.

Hartti

Re: T-Mobile U.S. and Java Security Domains

balagopalks | 23/01/2007, 11:10

balagopalks I have some doubts, (may be silly) Why does the operators make these restrictions? Do they make some profit by making these restrictions?
What all restrictions could operator make on a phone(may be its a long list)? Can they change supported ring tone formats? (say for eg: The actual device supports MP3 ring tones, but is it possible for the operator to change the phone firmware so that it does not support MP3 ring tones?)

Well, we can update firmware of all devices, so is it possible to update the operator branded firmware with a non operator branded firmware, so that there are no further restrictions.

Regards
Gopal

__________________
MobiQuil.com
An initiative by Developers for Developers.
http://www.mobiquil.com - Alpha - Launched.

Re: T-Mobile U.S. and Java Security Domains

hartti | 23/01/2007, 19:13

hartti To my understanding they want to protect their customers and networks against malicious applications. Hence the additional protections.

Updating the firmware is not a way aroudn this, the firmware is updated to a new version of that specific variant the phone already has installed.

Hartti

Re: T-Mobile U.S. and Java Security Domains

matrix241 | 24/01/2007, 20:35

Is there a way to fix ths situation on MIDP 3.0 specifications? I read your post about MIDP 3 but I don't know if it can be suggested the solution " no customization to identified third party domain": the domain must have the same features for all the operators. Could this be written on these specifications and so respected?

Re: T-Mobile U.S. and Java Security Domains

hartti | 29/01/2007, 23:17

hartti Suggesting this is of course possible. The hard part is to get it approved for the specification...

Re: T-Mobile U.S. and Java Security Domains

lunkwill | 29/01/2007, 15:10

"To my understanding they want to protect their customers and networks against malicious applications."

No users is going to install MIDlets by mistake and network access is by confirmation only with the standard MIDP network permissions. Also, how in earths name could a MIDlet running in the very restrictive Java ME sandbox bring down a network?

The reason is probably much simpler than that; economics. The user experiance of an unsigned MIDlet is severly hampered by these restrictions as compared to a signed MIDlet distributed and most likley _sold_ by the operator to the end user. As such they are creating a market for their own MIDlets by destroying their competition. As simple as that.

Re: T-Mobile U.S. and Java Security Domains

hartti | 29/01/2007, 23:24

hartti Christoffer

Bring down is a hard term. Slow down is enough to cause a lot of customer complaints.
And it is not a question of one MIDlet, but a MIDlet installed on many, many phones.

But, I do not work for an operator and I have not been involved in the discussions about security domains, so I do not know all the details. I am not saying that the points I raised are the only reasons for extra limitations, as your take has definitely a logic to it.

Hartti

Re: T-Mobile U.S. and Java Security Domains

dbournique | 15/02/2007, 07:12

Nice article. It inspired me to write my own (ranty) thoughts on signing at http://wapreview.com/blog/?p=259

"...At his Forum Nokia Blog, Nokia Java ME champion, Hartti Suomela has a series of posts describing how carriers are restricting the API's that unsigned applications, which run in the "Un-trusted 3rd Party Domain", are allowed to use..."

Re: T-Mobile U.S. and Java Security Domains

prajwol123 | 22/03/2007, 18:32

A heck of a valuable information atleast for me. As you said T-Mobile has only two domains "semi-trusted partner and trusted partner domains (operator domains)". How should my company be a partner so that our app will be either semi-trusted or trusted partner domain?

Please advice. Its been a week I am trying to solve this problem.

Thanks,
Praj

Re: T-Mobile U.S. and Java Security Domains

hartti | 23/03/2007, 00:41

hartti Unfortunately I do not have a direct contact to offer you at T-Mobile U.S. This is an issue I would like to have an answer to the developers, but unfortunately, as of now, I do not.
If you happen to be in CTIA in Orlando next week, you could probably be able to find some T-Mobile contacts there.
Also I do not have information what are the requirements for the developer and what kind of agreements need to be signed.
Sorry.

Hartti

PS To be exact there is also a untrusted domain in addition to these T-Mobile specific domains, so saying that there is only two domains is a little incorrect.

Re: T-Mobile U.S. and Java Security Domains

prajwol123 | 22/03/2007, 18:39

How should our company aproach T-Mobile to become some sort of partner so that our application will be in "Semi trusted partner or trusted partner" domains.

Thanks,
p..raj

T-Mobile U.S. and Java Security Domains

vijaypatidar | 24/06/2008, 07:30

I Think that T-mobile want to make a big Profit and they have blocked all the way to access the net from their handsets. i have tried very much to install my MIDlet on T-Mobile handsets using all the ways but did not success i have installed all the certificates now i think that we need operator level
certificates for that .

Thanks

You must login to post comments. Login
 
Featured links
Develop
Distribution
Blogs
Community
Resources
Site Map
Terms & Conditions
Privacy Policy
Nokia Developer aims to help you create apps and publish them so you can connect with users around the world.

京ICP备05048969号  © Copyright Nokia 2013 All rights reserved