Developers guidelines
|
Signing applications
8
October 2006
Introduction
Symbian OS version 9.x is specifically intended for mid-range phones to be produced in large numbers of
units. The open development platform, featuring many new key technologies, offers large opportunities for
ISVs (Independent Software Vendors) to find markets for their products.
Introduction of new functionality, such as DRM (Digital Rights Management), Device Management and
enhanced networking functionality, has required changing of the Symbian OS core to support vital secu-
rity concepts such as data protection or “caging” and restricting usage of some “sensitive” APIs.
Symbian OS v9 Platform Security (PlatSec) has been enhanced to provide a high degree of protection
against malicious or badly implemented programs, which means that such programs are efficiently
detected and prevented from executing on the platform. On the other hand, applications that have been
tested and found “trustworthy”, can gain authorization to be installed and executed on the platform, with-
out further security confirmations on the user level. This authorization is done via the Symbian Signed pro-
gramme which include procedures for signing of applications using certificates, both in the development
phase and when the application is to be packaged and distributed to the market.
This document is primarily intended to guide Symbian OS v9 application developers in the process of cre-
ating applications to be authorized via the Symbian Signed programme.
Capabilities
The term “capability” has been introduced with Symbian OS v9 Platform Security. A capability can be
assigned to a program, guaranteeing that the process started by the program uses the associated
Symbian OS v9 functionality (for example an API) in a safe way. Thus, a capability can be regarded as a
granted protection of its associated APIs. The protection is granted either by a digital signature, or by a
user permission given for an unsigned application at installation.
An application can be signed at different levels of trust. The higher level of trust, the more sensitive capa-
bilities can be granted access. Capabilities are therefore grouped into four different sets, each applicable
for a certain level of trust. For more information, see “Capability mapping” on page 11.
Restricted and unrestricted APIs
A majority of Symbian APIs are classified as “unrestricted”, which means that they require no authoriza-
tion, since they have no harmful security implications on the device or network integrity. Unrestricted APIs
are not associated with capabilities, since no protection is needed.
APIs with potential security implications are referred to as “restricted”. Restricted APIs are grouped into
capabilities based on their functionality. Applications are granted access to capabilities rather than to APIs
in order to simplify the process of authorization.