Security warning after express signing
This is new:
I've signed my sis using Symbian Signed (Express signing), and after installing the signed sis (N97, 5800) I get the "user data" security warning, as if it is self signed sis.
Here are some details:
1. It is a flash lite app, signed using Kunerlite (as all my previous apps - never had this issue)
2. It uses accelerometer sensors (as some of my previous apps - never had this issue)
3. I'm installing the application in \private\<UID>\ (this is the first time)
4. The application includes inner-active ads. (as one of my previous apps - had no such issue)
5. I'm calling: System.security.allowDomain("*.inner-active.com") and publishing for local files (otherwise I can't have sensors + ads working together)
I've tried signing using the free OVI signing and got the same issue (see [URL="http://discussion.forum.nokia.com/forum/showthread.php?223132-Serious-issue-with-new-Nokia-Ovi-signing-of-flash-apps"]here[/URL]), so I switched to good old Symbian signed, but got same problem...
Please advise - I have no idea what my next steps should be...
Thanks in advance,
Ranco,
MobilityCraft
Re: Security warning after express signing
Let's clarify: you're getting these warnings [B]after[/B] the installation (i.e. at run time) or [B]during[/B] the installation (i.e. as in the case of self-signed apps the user must accept this and that type of behavior).
In the first case, it has nothing to do with Symbian Signed, the problem is runtime specific and you have to verify if anything changed in Flash's security model.
In the later, I'd like to see the sis file since what you describe is indeed very odd.
Re: Security warning after express signing
[QUOTE=ltomuta;837840]Let's clarify: you're getting these warnings [B]after[/B] the installation (i.e. at run time) or [B]during[/B] the installation (i.e. as in the case of self-signed apps the user must accept this and that type of behavior).
In the first case, it has nothing to do with Symbian Signed, the problem is runtime specific and you have to verify if anything changed in Flash's security model.
In the later, I'd like to see the sis file since what you describe is indeed very odd.[/QUOTE]
Only after installation.
Re: Security warning after express signing
The signature applied to a SIS file (be that self-signed, Express Signed or Certified Signed - Ovi Publish used Express Signed by the way, so it changes nothing) is checked at install time, when the install succeeds or not, depending on what the package contains and what the signature allows.
Everything that you see happening after that is defined by the Flash Run-Time, so check again the content of the PKG file, the location where files are installed and all the other details which are relevant for a Flash application (I'm not an expert in Flash, so I can't comment much about these details).
Re: Security warning after express signing
[QUOTE=ltomuta;837843]The signature applied to a SIS file (be that self-signed, Express Signed or Certified Signed - Ovi Publish used Express Signed by the way, so it changes nothing) is checked at install time, when the install succeeds or not, depending on what the package contains and what the signature allows.
Everything that you see happening after that is defined by the Flash Run-Time, so check again the content of the PKG file, the location where files are installed and all the other details which are relevant for a Flash application (I'm not an expert in Flash, so I can't comment much about these details).[/QUOTE]
I can send you the express_signed file - please advise how.
Ranco
Re: Security warning after express signing
[QUOTE=ltomuta;837843]The signature applied to a SIS file (be that self-signed, Express Signed or Certified Signed - Ovi Publish used Express Signed by the way, so it changes nothing) is checked at install time, when the install succeeds or not, depending on what the package contains and what the signature allows.
Everything that you see happening after that is defined by the Flash Run-Time, so check again the content of the PKG file, the location where files are installed and all the other details which are relevant for a Flash application (I'm not an expert in Flash, so I can't comment much about these details).[/QUOTE]
Well, you were right. The problem wasn't the signing!
There are two ways to wrap flash lite app into .sis. I've used the Flash Lite Stub method. When I use the other way (Flash Launcher) it works fine. I don't get this warning anymore !
Thanks again,
Ranco
Re: Security warning after express signing
I guess the packaging tool may need an update ... But good to hear that you have found a way to make it work.
