Developers guidelines Signing applications

Introduction

Symbian OS version 9.x is specifically intended for mid-range phones to be produced in large numbers of units. The open development platform, featuring many new key technologies, offers large opportunities for ISVs (Independent Software Vendors) to find markets for their products.

Introduction of new functionality, such as DRM (Digital Rights Management), Device Management and enhanced networking functionality, has required changing of the Symbian OS core to support vital secu- rity concepts such as data protection or “caging” and restricting usage of some “sensitive” APIs.

Symbian OS v9 Platform Security (PlatSec) has been enhanced to provide a high degree of protection against malicious or badly implemented programs, which means that such programs are efficiently detected and prevented from executing on the platform. On the other hand, applications that have been tested and found “trustworthy”, can gain authorization to be installed and executed on the platform, with- out further security confirmations on the user level. This authorization is done via the Symbian Signed pro- gramme which include procedures for signing of applications using certificates, both in the development phase and when the application is to be packaged and distributed to the market.

This document is primarily intended to guide Symbian OS v9 application developers in the process of cre- ating applications to be authorized via the Symbian Signed programme.

Capabilities

The term “capability” has been introduced with Symbian OS v9 Platform Security. A capability can be assigned to a program, guaranteeing that the process started by the program uses the associated Symbian OS v9 functionality (for example an API) in a safe way. Thus, a capability can be regarded as a granted protection of its associated APIs. The protection is granted either by a digital signature, or by a user permission given for an unsigned application at installation.

An application can be signed at different levels of trust. The higher level of trust, the more sensitive capa- bilities can be granted access. Capabilities are therefore grouped into four different sets, each applicable for a certain level of trust. For more information, see “Capability mapping” on page 11.

Restricted and unrestricted APIs

A majority of Symbian APIs are classified as “unrestricted”, which means that they require no authoriza- tion, since they have no harmful security implications on the device or network integrity. Unrestricted APIs are not associated with capabilities, since no protection is needed.

APIs with potential security implications are referred to as “restricted”. Restricted APIs are grouped into capabilities based on their functionality. Applications are granted access to capabilities rather than to APIs in order to simplify the process of authorization.

8

October 2006

Page 8
Image 8
Sony Ericsson UIQ 3 manual Introduction, Capabilities, Restricted and unrestricted APIs