S60 Multimedia Blog

June 09, 2006 Signing applications for S60 3rd Edition Posted by Jukka Eklund at 11:08 AM | Categories: General

(aka. there is a difference between signed and Symbian Signed)

Today's subject is not really multimedia, but general Symbian 9.x stuff. Nor is it sexy or cool, but rather controversial.

S60 3rd Edition requires all Symbian applications to be signed, that's one of the bigger changes that came with Symbian 9.1 operating system. This has led to some confusion among developers, who think they need to apply for a certificate (which costs money and takes time) even to be able to show a 'Hello world' on the screen. This was very confusing for me too for some time, but now I got it. Hope this helps somebody out there.

Self signing with own certificate

To sign an application you can create your own private certificate, with the tools and instructions that come with S60 SDK. For step-by-step instructions, look for "How to Sign .sis files" on SDK docs folder (no online link, sorry). The catch is that even though your application will be installable, it's still treated as 'untrusted' and has some limitations applied by the platform security. One limitation is that the application cannot get any capabilities other than those which are user grantable (ie. ReadUserData, WriteUserData, NetworkServices, LocalServices and UserEnvironment). I don't really know how limiting those 5 capabilities are for real-life applications. What I do know is that our Internet Radio for S60 packages are signed with a self-created certificate, and that application does stuff like read files and access network.

There are also some usability issues with self signed applications. The user will get an intrusive security warning (pictured below).

If he chooses to take the risk and Continue, he will be asked to confirm the capabilities that the application wants to use (pictured below). To me this dialog is not really understandable. Its purpose is to ask from the user, but I guess on the sake of usability there is no question but just Continue/Cancel choice. I don't think an average user will understand what he just did after pressing Continue.

This was the default case for self signed applications. On some S60 devices (at least Eseries) there might be one additional step to make. There is a setting on Application manager that controls whether untrusted applications can be installed at all. If this setting is 'Signed only', there will be an error dialog shown and application won't install (see below). The user needs to change the setting to 'All' to allow self signed apps to install. This was also posted on S60Tips.com recently.

That's it about self-created certificate and signing. To make the picture full, I'll mention the other options that lead to a 'trusted' application that can have more capabilities, and doesn't ask anything from the user.

Freeware certification

Special route for freeware applications, that doesn't cost anything but can take some time. More at Symbian Signed.

Symbian Signed certification

The "default" way of signing a commercial application. See more here. Cost is $350 /year for ACS Publisher ID and testing cost starting from 185€/round.

Self certification

The heaviest option for bigger developers, cost $10000 /year.

Please send your questions and comments! This is not my strong area, but our experts are following.

Update 18.6.2006:
Antony has written great post about the various error messages related to signing, check it out at Forum Nokia Blogs.

Links (updated July 31, 2006 by Oren):
Platform Security FAQ at Forum Nokia
S60 Platform: Symbian Platform Security FAQ v2.0
Signing Tips from Symbian

-Jukka

Permalink |

Comments

What I really like to see is something like the "Freeware certification" for Java midlets. (Useful even if it's "only" for Nokia devices.)

Great post, Jukka! Very clearly written and illustrated!

And as soon as the Python team get a 3rd edition port ready, I'll be in the 3rd Edition scene with a vengeance too.... 8-)

Steve Litchfield

Ciao Jukka,

great post, very informative. I think Self Signed is good choice for most developers especially Flash Lite ones!

Alessandro

Alessandro, good point. I don't know are you able to "package" FL presentation inside a .sis. Do you know?

Symbian Signed confused me too for quite some time. After reading a lot of documentation and playing with certificate/signing for a while, then I got the idea.
I like the idea of signing, i.e. to protect end users from malicous software, although it makes Symbian developers' life more difficult.
I appreciate the idea of Freeware Route to Symbian Signed too. It allows freeware and open source developers to get signing service for free. Unfortunately (as you said, it takes about 2-3 weeks to get an application signed).
Another concern from me is "small developers". Investing 350 EUR/year + 180 EUR/testing may be quite costly for them.

Ciao Jukka,

yes, me other developers are working on that. We were able to package swf into sis by self signing them. We are trying to figure out how to create an icon for the apps. If anyone can help up it would be great. I think the solution to have a stub symbian app that launches the swd Flash Lite file and has a associated icon.

Alessandro

Thanks Steve, I'm sure it won't be long..

Hi, I found this post really useful. I was confused also about signing and this post was plain and direct to the point.
I made a translation to spanish at my blog:
http://www.paniccode.com/?p=93

Thanks again, very useful info!

Hi guys, about packaging Flash Lite content to a SIS file for 3rd edition: we were faced with this exact challenge a few weeks ago. What we after some different approaches had and were happy with was pretty much what Alessandro speculated: a small symbian app that installs with an icon and simply starts the Flash Lite document. As far as I know currently this is the only way to start a Flash Lite app from a menu icon under 3rd edition.

We ended up doing a simple (and self-signed, if I remember correctly) launcher SIS app and having the SWF file separately installed, since this suited our purposes better, but the SWF definitely can also be packaged inside the SIS file. I'm sorry I can't share the Symbian app code, but it should be a no-brainer for a symbian programmer.

Also I'd like to add another thing we ran into: the changed menu icon format 3rd. ed uses. No more bitmap with masks of certain fixed size, but SVG-T vector based ones. I'm not going to prolong this post anymore with details, but if someone feels like it, I'm happy to go more into detail about this.

Nice post Jukka! And comments are at least that much beneficial. I was thinking about SWF installation, now I have many ideas. I also posted this tutorial some months ago. It may help and I would like to recieve comments if any corrections or additions are needed.

cheers,

uur.-

Ciao,

from what I understand this is pretty much what we need to do to launch a Flash Lite file;
http://forum.newlc.com/index.php/topic,13099.0.html

Now how to integrate the icon?
The seld signing is not a problem: just use createsis utility from the SDK.

Alessandro

> I don't really know how limiting those
> 5 capabilities are for real-life applications.

One important limiting thing is the (harmless) retrieval of the IMEI number of the phone. It requires a capability called 'Read Device Data'.

This means that any software which has copy protection based on the IMEI number of the phone must be Symbian Signed. This is not good.

Well, I think copy-protection based on IMEI number is bad anyway. PC apps are not restricted to a particular physical unit, why should S60 apps be?

Hi Sampo,
Getting the IMEI by using the CTelephony API does not require any capability, even if the SDK help states otherwise.
Hope this helps...

Hi,
I wrote a tutorial about how to write a Symbian application that wraps FlashLite files.

I hope this could help Flashers :-)

Thanks for the info. This is a great info :)

Hi!
I would be grateful if anyone could send me the full version of any voice recording software for use with Nokia 5500 Sport (Symbian S60 3rd Edition)

A problem is that the hotkeys might not work, and so now there's another option, Best Screen Snap. This gives you a plethora of options.

Dear Friends,
I notice a lot of people here have issues signing apps.
Hence i decided to put up an article online, with a step by step instruction on HOw to sign any nokia application.
All you\’ll to do is read this article, and you wont have problems.

http://www.ehow.com/how_2183872_sign-sis-nokia-application-file.html

Hope it helps..

why symbiansigned is not active? Pls. help me get my own certificate for my phone. I can't sign any of my application. Just email me for assistance and for those who want to help.thank you

sis Applications not supported on my Nokia E62 mobile.

S60 Open to new features

Comments

Post a comment


» Subscribe » Favorite Links » What is S60? » Freeware & Trials » S60 devices » Hints and tips » About this blog	» Application development (24) » Applications (36) » Devices (21) » Games (7) » General (40) » Imaging (9) » Music (17) » Python (3) » Video (40)