Skip to main content

PIM SecurityException in Nokia N72

3 replies [Last post]
Anonymous

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
terrencebarr
Offline
Joined: 2004-03-04
Points: 0

Robert,

Catching up with this late ... sorry. Yeah, this is everyone's favorite topic, isn't it? ;-)

First, yes, the S60 application security settings are really hidden away in an obscure corner. It's one of the fairly many gripes I have with S60 usability.

As for permissions for MIDlets - the problem is two-fold: first, there is little consistency across the ecosystem which root cert is installed. UTI/JV is fairly common but not universal. BUT, the BIGGER problem is that there is no consistency between a particular root cert and the security domain it is associated with - that is, which permissions applications actually have when they are signed with that particular root cert.

Unfortunately, this has nothing to do with Java as a technology and everything with the device manufacturer and operator security decisions. Java just gets the bad rap. Note that some manufacturers and operators are pretty good here while others don't seem to understand or care about the implications on the developer.

This topic is being worked from multiple angles but there is no easy solution without the buy-in of the manufacturers and operators.

-- Terrence

Robert Virkus

Hi all,

this is really a frightening development lately with all those
security "improvements" of the MSA. Everything is even more restricted
than before. Mind you, I think signing is a good thing so in theory we
can all just sign the application and that's sorted. Unfortunately the
real world out there just does not allow to sign application in a
sensible manner: some operators remove root certificates (like
Verisign, Thawte etc). Not all devices support root certificates. So
there is no certificate that can be used everywhere with the notable
exception of Java Verified, which is almost (!) ubiquitous. However,
using Java Verified is very, very cost intensive, especially when you
have different variants of your application for different handsets
(which is some cases is required due to the fragmentation). No every
company can afford to pay around 300$ for each version update and for
each application variant. I've seen a lot of gaming companies
releasing around 300 different variants of their application - taken
the margins into account you have no chance to finance Java Verified
in those circumstances.

So my personal wish list for the next MSA release is: either use
sensible security recommendations or provide a mandatory way how we
all can sign applications, e.g. by mandating the same unremovable root
certificate for all MSA compliant handsets. Additionally I'd like to
see that Third Party certification such as Thawte should suffice for
getting all requested permissions (possibly by asking the user at the
first usage of a specific permission after the installation).

Another side note regarding the Series 60 Application Manager: please
allow to set security in the Options menu for the application - in
that way at least advanced users will be able to find those settings;
normal users will never, ever find out how they can change security
settings on Series 60 (it took me about half an hour until I found
this myself - and I was knowing what I was looking for).

Now I can stop my rant ;-)

Take care,
Robert

On Aug 20, 2008, at 15:39 , Daniel Rocha wrote:

> You should configure your midlet in Application Manager to "Always
> ask"
> permission setting for "Edit user data". Go to Menu / Applications /
> App. Mgr. / Highlight your midlet, choose "open" from the menu and
> configure this setting.=20
>
> Alternatively, you can sign the midlet so the security prompts aren't
> shown.
>
> Daniel
>
> -----Original Message-----
> From: A mailing list for KVM discussion
> [mailto:KVM-INTEREST@JAVA.SUN.COM] On Behalf Of ext
> meinterest@MOBILEANDEMBEDDED.ORG
> Sent: Wednesday, August 20, 2008 9:42 AM
> To: KVM-INTEREST@JAVA.SUN.COM
> Subject: PIM SecurityException in Nokia N72
>
> hi plz help me
> i am storing phone number and name from j2me application into
> addressBook.it is working prfectly on sun emulator but when i
> install on
> My Nokia N72.it retrive all contact but at the time of storing it
> throws
> SecurityException.
> plz help me to solve this problem.
> or there is any other way to store contact in addressBook.
> [Message sent by forum member 'ajay_kumar' (ajay_kumar)]
>
> http://forums.java.net/jive/thread.jspa?messageID=3D294361
>
> =
> 3D
> =
> 3D
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =
> 3D
> =
> 3D
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =3D=3D=3D
> To unsubscribe, send email to listserv@java.sun.com and include in the
> body of the message "signoff KVM-INTEREST". For general help, send
> email to listserv@java.sun.com and include in the body of the message
> "help".
>
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To unsubscribe, send email to listserv@java.sun.com and include in
> the body
> of the message "signoff KVM-INTEREST". For general help, send email
> to
> listserv@java.sun.com and include in the body of the message "help".

--
Robert Virkus
CEO Enough Software
Sögestr. 70
28195 Bremen
Germany

Email: Robert.Virkus@enough.de
Phone: +49 - (0)421 - 8409 938
Fax: +49 - (0)421 - 9889 132
Mobile: +49 - (0)160 - 7788 203
ICQ: 194752667

===========================================================================
To unsubscribe, send email to listserv@java.sun.com and include in the body
of the message "signoff KVM-INTEREST". For general help, send email to
listserv@java.sun.com and include in the body of the message "help".

Ken Walker

Nice rant.

I think most users would be happy with the Hit Once permission model. That
is to say, any request for access to PIM, Files, Network, Bluetooth, GPS,
etc. presents the dialog asking

"The application Blort would like to access your location information."

"Allow Once", "Allow Always", "Deny"

And a way to reset permission to default for any or all applications
(including the built in ones).

While there is an up front cost for being an independent iPhone developer
($99), the rest of the costs associated with testing and distribution are
included. Perhaps if there was a MIDlet store which would assume that role
we might have a better chance of getting apps tested and distributed.

/**
@author Ken Walker, J9 Embedded Java Class Library Manager, IBM Ottawa Lab
@see http://www.ibm.com/software/ca/en/ottawalab
@return ken_walker@ca.ibm.com
*/

|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Robert Virkus |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|KVM-INTEREST@JAVA.SUN.COM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|08/20/2008 10:15 AM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|Re: PIM SecurityException in Nokia N72 |
>--------------------------------------------------------------------------------------------------------------------------------------------------|

Hi all,

this is really a frightening development lately with all those
security "improvements" of the MSA. Everything is even more restricted
than before. Mind you, I think signing is a good thing so in theory we
can all just sign the application and that's sorted. Unfortunately the
real world out there just does not allow to sign application in a
sensible manner: some operators remove root certificates (like
Verisign, Thawte etc). Not all devices support root certificates. So
there is no certificate that can be used everywhere with the notable
exception of Java Verified, which is almost (!) ubiquitous. However,
using Java Verified is very, very cost intensive, especially when you
have different variants of your application for different handsets
(which is some cases is required due to the fragmentation). No every
company can afford to pay around 300$ for each version update and for
each application variant. I've seen a lot of gaming companies
releasing around 300 different variants of their application - taken
the margins into account you have no chance to finance Java Verified
in those circumstances.

So my personal wish list for the next MSA release is: either use
sensible security recommendations or provide a mandatory way how we
all can sign applications, e.g. by mandating the same unremovable root
certificate for all MSA compliant handsets. Additionally I'd like to
see that Third Party certification such as Thawte should suffice for
getting all requested permissions (possibly by asking the user at the
first usage of a specific permission after the installation).

Another side note regarding the Series 60 Application Manager: please
allow to set security in the Options menu for the application - in
that way at least advanced users will be able to find those settings;
normal users will never, ever find out how they can change security
settings on Series 60 (it took me about half an hour until I found
this myself - and I was knowing what I was looking for).

Now I can stop my rant ;-)

Take care,
Robert

On Aug 20, 2008, at 15:39 , Daniel Rocha wrote:

> You should configure your midlet in Application Manager to "Always
> ask"
> permission setting for "Edit user data". Go to Menu / Applications /
> App. Mgr. / Highlight your midlet, choose "open" from the menu and
> configure this setting.=20
>
> Alternatively, you can sign the midlet so the security prompts aren't
> shown.
>
> Daniel
>
> -----Original Message-----
> From: A mailing list for KVM discussion
> [mailto:KVM-INTEREST@JAVA.SUN.COM] On Behalf Of ext
> meinterest@MOBILEANDEMBEDDED.ORG
> Sent: Wednesday, August 20, 2008 9:42 AM
> To: KVM-INTEREST@JAVA.SUN.COM
> Subject: PIM SecurityException in Nokia N72
>
> hi plz help me
> i am storing phone number and name from j2me application into
> addressBook.it is working prfectly on sun emulator but when i
> install on
> My Nokia N72.it retrive all contact but at the time of storing it
> throws
> SecurityException.
> plz help me to solve this problem.
> or there is any other way to store contact in addressBook.
> [Message sent by forum member 'ajay_kumar' (ajay_kumar)]
>
> http://forums.java.net/jive/thread.jspa?messageID=3D294361
>
> =
> 3D
> =
> 3D
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =
> 3D
> =
> 3D
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =3D=3D=3D
> To unsubscribe, send email to listserv@java.sun.com and include in the
> body of the message "signoff KVM-INTEREST". For general help, send
> email to listserv@java.sun.com and include in the body of the message
> "help".
>
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =
> 3D
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To unsubscribe, send email to listserv@java.sun.com and include in
> the body
> of the message "signoff KVM-INTEREST". For general help, send email
> to
> listserv@java.sun.com and include in the body of the message "help".

--
Robert Virkus
CEO Enough Software
Sögestr. 70
28195 Bremen
Germany

Email: Robert.Virkus@enough.de
Phone: +49 - (0)421 - 8409 938
Fax: +49 - (0)421 - 9889 132
Mobile: +49 - (0)160 - 7788 203
ICQ: 194752667

===========================================================================
To unsubscribe, send email to listserv@java.sun.com and include in the body
of the message "signoff KVM-INTEREST". For general help, send email to
listserv@java.sun.com and include in the body of the message "help".

===========================================================================
To unsubscribe, send email to listserv@java.sun.com and include in the body
of the message "signoff KVM-INTEREST". For general help, send email to
listserv@java.sun.com and include in the body of the message "help".
[att1.html]