default security settings for UK operator devices

[tomhodder]

Hi,

I undertstand that the UK operator set the default level of security capabilities for the MIDlets on their devices. For example my N90 seems to be setting "Ask every time" for WriteUserData, even though I have installed the certificate for the signed midlet on the device.

This suggests that even if I sign the midlet with a verisign cert, and the device considers the application a trusted app. It is still going to ask the user to confirm writing to the PIM, if the app is signed.

I was wondered whether anyone has discovered any reference to the UK operator default security settings, or can give me any advice on this matter.

(the app uses JSR-75 PIM API to write to the phone calendar, and I was hoping to sign the app to reduce the number of user prompts to at least "Ask First Time")

Thanks in advance for any help,

Tom

[hartti]

tomhodder, The default setting for trusted (signed) 3rd party midlets for write data is "Ask every time" as recommended in the MIDP 2.0 security addendum. There should be however a couple of settings (Ask once, Always allow) available, so the user could change the settings if he or she will.

Is this true in your case?

In the recomended policy it is also stated that only midlets signed in the manufacturer or operator domain will have "always allowed" for restricted API access by default.

Hartti

[tomhodder]

Do you have a link to that document with the default settings in;
My google skills have not picked that up. is it in the MIDP 2.0 specifications doc?

[hartti]

It used to be a separate document (addendum) for MIDP 2 spec. Now it is included in the MIDP spec document
Check the Chapter 15 starting on page 491 in this MIDP 2.1 document available through this page
http://jcp.org/aboutJava/communitypr...118/index.html

Hartti