From Symbian OS v7.0, new method for plug-ins to connect to the system has been evolved, called the EPOC Component Object Model (ECOM). ECOM is based on client/server architecture and provides services to instantiate, resolve, and destroy instances of plug-ins at run time. Earlier it was common to use polymorphic DLLs to extend the functionality of applications. Both methods have similar features, but ECOM is more flexible and easier to use. However, newer Symbian OS frameworks such as the SyncML client and Transport Architecture require plug-ins to be written using ECOM, rather than polymorphic DLLs.

Verify all plug-ins before loading them into the application is important, because a hostile or malfunctioning plug-in may cause crashes or security leaks, even on otherwise well-tested applications. Platform Security takes care of the plug-in verification by using the capability model; processes cannot load plug-ins that are less trusted than the process itself, that is, have less capabilities.

Communication plug-ins

It is possible to use plug-ins to implement additional functionality to Serial, Socket, and Messaging frameworks. These kinds of plug-ins are especially important for security because they act in the vicinity of communication facilities.

• For serial communication there are communications modules (CSY), which are DLL plug-ins to the Comms Server and need to be loaded before data can be transferred.
• For socket-based communication there are protocol modules (PRT) and an affiliated capability file (.esk). Generally, PRTs work in the same way as CSYs in serial communications.
• For messaging there are Message Type Module (MTM) plug-ins. The main difference when compared to serial and socket plug-ins is that MTMs are a suite of DLLs rather than a single DLL. Also, MTMs include both client and server components.