App Signing

[stevejanko]

Hi All

App signing is becoming more of a problem than ever.

I recently read that when a signed app is installed on a device you cannot set networking and positioning to always allowed at the same time in an app (If one is set to always allowed, the other automatically changes to ask first time).

So now I have a tracking app(GPS) so that people can find their kids, spouses, staff .... that can be autostarted with an SMS but the person on the other side has to confirm that the GPS connectivity or internet connection is allowed.

This can not be an invasion of privacy, because you own the device the app is running on. Otherwise how did the app get loaded on the device (By Magic???). Obviously the person carrying the device is informed of the app and what it does.

What I intend to use the application for is security. I live in South Africa where crime is rife, phones get stolen, people get abducted/kidnapped.

Scenario: I can not reach my sales rep on the phone, it is getting late and I am getting worried. So I start up the application. Now my employee is tied up in the boot of her car and she can not get to the phone to press yes to the STUPID questions being asked by a device that may help save her life.

I have successfully managed to trace a stolen phone, the app was already running, so the scenario is real.

My problems with signing (and I have gone on about this many times in the past) are as follows:

1. Signing stops software that works well from working (device specific certificates)
2. Signing Is costly (I do not mind paying for something that helps, but I am reluctant to pay for something that hinders)
3. Having an app signed does not gaurantee anything really (networks also get a say in what your device can and can't do)
4. Gives you no extra security (always allowed is never flagged by default on a signed app, you have to go and change it yourself)

So based on point 4 above why don't device manufactures/networks create a certificate that allows everything (even sms) to be always allowed if the user so wishes or even better get rid of the whole process.

As far as I am concerned the whole process is nothing more than a money making racket when it comes to J2ME.

I am very happy to see that Android will be making the whole thing a lot easier (but I have not seen it and seeing is believing)

If anyone anywhere has a "workaround" I would aprreciate seeing what it is (there is one self signing certificate available for devices such as the 6680)

Regards
Steve

[grahamhughes]

To give you a contrast, consider developers who target the BREW platform (mainly used on handsets on US operator Verizon). Since BREW is a native platform supporting low-end devices, a BREW application can essentially do anything. To protect users from malicious applications, an application can only be installed on a handset if:

1. It is signed with a developer test signature and the device is "developer enabled". Developer-enabled handsets are available through a mystical process. You must be a registered developer (costing around $500 per year) even to begin this process.

2. The application is signed by an authorized test house (NSTL), having passed the True BREW Testing process. If I remember correctly, a TBT pass costs about $1000 for the first device, $250 to test the same (already passed) build on subsequent devices.

Apple make you pay $99 before you can install anything on your own phone. To distribute it, you have to get it on the app-store. That's easy enough - but they have a safeguard. If I understand correctly, they can retrospectively invalidate your signature, even for copies of your application that are already installed, thus disabling it on users' handsets. Also, getting your application on the app-store is not subject merely to certification, but also to Apple deciding your application is "suitable", by whatever criteria they chose to apply. That said, they currently reject almost nothing.

In comparison, mobile Java offers us quite a degree of freedom, without spending much money, and without having to ask anyone for permission.

What is unfortunate is: even if you have your application certified through JavaVerified, your application is still subject to all the same limitations as if you signed it yourself. JV is a lot cheaper than TBT (around $150 per test), but there is no "higher-level" of certification to unlock more features for you.

Of course, a MIDP application can get the access you want... it just has to be signed by the manufacturer or operator and, as a rule, they have no "signing programme". It is purely available to their in-house projects.

Unfortunately, for your application, developing a native Symbian application is the way forward.

Cheers,
Graham.

[mikemoore]

What I intend to use the application for is security. I live in South Africa where crime is rife, phones get stolen, people get abducted/kidnapped.

In such a situation, the obvious thing to do is call the police. They will be able to ask the network operator to trace the location of the phone regardless of whether or not any application is installed, running, given permission, or even if it doesn't have a GPS chip.

If you need to know the location of a person for any reason that you would not call the police for, then the other person is entitled to deny you that information. Yes, it is an invasion of privacy.

If you absolutely must be able to do this, then run the application in background mode... then the owner of the phone can answer all the privacy questions when they first start the phone and initially run the application, and the phone is then always reporting the last known position.

Incidentally, if the person being kidnapped is in the boot of a car, you won't be able to find out where they are anyway... GPS signals are so weak they are highly unlikely to be received in such a circumstance.

- Mike
NAVTEQ Network for Developers
The community for developing innovative location-based applications
http://NN4D.com

[stevejanko]

Hi

Thanks for your responses. However I believe both of you are missing my point.

The device running the app will belong to a company (staff will sign a document stating they are aware of the application and the terms of use) or a parent / spouse in both of these cases the kid / spouse will be aware of the application. This rules out privacy violation.

Unfortunately people do forget to start programs (that is why using an SMS to autostart it is so important)

Dealing with the South African Police is a problem all on its own, 2 years ago my parents were held up in their home and cell phones were stolen. I managed to get one of the devices tracked by the service providor, and pass it on to the officer in charge, but nothing was done.

For the exact reasons mentioned I have tested a N95 using GPS from the boot of a car and I can get signal (Not at every request, but enough to get where the vehicle is heading).

My main point is if I own a device surely it is up to me as to how and what it can run not a signing authority or the network providor.

Regards
Steve

[grahamhughes]

I don't think anyone's missing your point. It's just a more complex issue.

For example, no girl wants to discover that her weirdo ex-boyfriend had access to her phone for five minutes, and that he's now able to engage in some kind of cyber-stalking.

Java for mobile devices is intended to protect users from pernicious software, and some limitations are the side-effect of this.

Since you're working with Symbian devices, you have the option of developing a native application instead.

Out of interest... if you got the cell location from the operator and passed it to the police, and they did nothing, what would you do with a GPS location?

Cheers,
Graham.

[arpit2agrawal]

If anyone anywhere has a "workaround" I would aprreciate seeing what it is (there is one self signing certificate available for devices such as the 6680)

I think there is workaround for mutually exclusive permissions.
Develop 2 MIDlets and assign networking permission to one while positioning permission to another. Do inter MIDlet communication.
There are several ways of inter MIDlet communication but some might not apply to your case because of mutually exclusive permissions:

Networking Sockets
Title is self explanatory.

SMS
Send SMS from one MIDlet to own number on some port which would be received by another MIDlet.

JSR 75 File Connection API
One MIDlet will poll some file at regular interval while another will write to it.

JSR 75 PIM API - Contact / Event / To Do List
Same as above except for file is now replaced by Contact / Event / To Do List

Shared RecordStore
Same as above except for file is now replaced by RecordStore

There might be more but right now I thought of only above examples

[stevejanko]

Hi

Arpit thanks for the suggestion. I'll look into it.

Graham, Your comment on cyber stalking is very valid. But the same as on a PC you should take care of what is running.

I see that series 40 device are supporting jsr179 therefore Symbian would limit the app. The main reason I develop in J2ME is portability, a decision I made years ago.

Bad Police service - Private security companies can take care of this.

Regards
Steve

[arpit2agrawal]

I see that series 40 device are supporting jsr179 therefore Symbian would limit the app. The main reason I develop in J2ME is portability, a decision I made years ago.

Since how many years are you developing this application?

[stevejanko]

Hi arpit2agrawal

I developed the app towards the end of last year. I did not get into J2ME just for this particular app, this app is just something I thought would be useful.

Regards
Steve

[traud]

Steve, once againg, it is possible to hack your own phone, even a Series 40 one. It is just a matter of time you invest. Could we please continue in your original thread …