Documentation regarding the security policy applied to Location API (JSR 179) is pretty vague. If I want to run a location tracking application, is it feasible with unsigned midlets, that is, can permissions be granted for whole session at runtime? What if GPS device goes offline/out of range during tracking and reappears later? And how this compares with third party signed midlets?
(It's interesting to note that user can permit midlet to always use Bluetooth, which is more awkward but essentially the same service when we're talking about GPS-based location tracking... quick look at some of the phone manuals suggested that there's no separate security setting for the location API on phones that support the API.)