I'm sick and tired of network operators and handset manufacturers blocking applications from access to certain phone features in the name of "security".
This may not be an issue for the majority of mobile users who never install programs on their phones. But for someone like me interested in pushing the limits of what can be done with these little computers the limitations are very frustrating. I install every native and Java application I find just to see what it does and if it's useful. Many don't work simply because the APIs they use are only available to signed applications. I can be pretty sure that anything that needs to interact with the phone's browser, camera, saved photographs, contacts or calendar won't work unless I buy it from my carrier.
Mobile application signing is something that I've never heard a user or developer ask for or say anything good about and yet we are stuck with it. Worse yet, I see a disturbing trend where mobile network providers and phone manufacturers are requiring applications to be signed in order to even make an http connection. Which is a crying shame as most apps outside of the those for sale on the carrier portal are unsigned. Consumers are finding that using unsigned software on many of the newest handsets subjects them to a barrage of annoying and repetitive prompts to allow the app to connect to the network - if the application even works at all.
At least my phones still let me grant http connection permission to unsigned applications. Until recently almost all phones let the user chose "always allow" for network connections on an application by application basis. But the latest devices from ATT/Cingular and T-mobile (USA) have taken even this option away. The support forums of Opera Mini, Google Maps and Gmail are rife with users complaining of the applications either not working at all or constantly and repetitively prompting for permission to access the network.
At his Forum Nokia Blog, Nokia Java ME champion, Hartti Suomela has a series of posts describing how carriers are restricting the APIs that unsigned applications, which run in the "Un-trusted 3rd Party Domain", are allowed to use. The latest Cingular phones prompt the user to grant permission every single time an unsigned app like Opera Mini, Gmail or Google Maps accesses the network. Unsigned apps on Cingular are totally prohibited from accessing the user's phone book, calendar or location, making bluetooth connections or sending and receiving SMS or MMS messages. T-Mobile USA goes even further totally blocking unsigned apps from any network access at all which is why Google will tell you that Gmail and Google Maps are not supported on T-Mobile.
To me this is completely wrong. As a user I'm typically paying my carrier a minimum of $600 a year for a voice plan plus an unlimited data plan. Sure the handset price is subsidized, but the user is paying that subsidy back over the life of the contract. As the customer and owner of the hardware and of my personal data, I should be the sole arbiter of what the applications I install on my phone should be allowed to do. To be sure, I'd like the phone to warn me when an app is unsigned or is about to do something potentially dangerous to my pocketbook or privacy, but having been warned it should be my call as to whether to allow the access. I should also be able to give permission to "always allow" on an app by app basis if I want to. That's how security is handled on PCs and the Web. Microsoft and my ISP don't dictate that applications have to be signed to access the network, bluetooth or a GPS unit. If they were to try they'd lose a lot of customers to unrestricted OSs or ISPs.
Signing is supposed to help
Pages: 1 2
posted by Dennis Bournique
February 14, 2007 @ 8:59 pm
7 View Comments
