Skip to main content

Security Api J2ME

4 replies [Last post]
tonino
Offline
Joined: 2008-12-22
Points: 0

Good morning ... I want to help me solve a small problem that occurs with an untrusted midlet ...
I installed on the an untrusted midlet and I want it to be this, I do not want to sign it.
This mididlet simply asks the user to send a message to prove the safety rules in J2ME.
How right that is, pressing the connect button of my application, the system notifies me that the untrusted application wants to send a message and that this has a cost ... and puts the user in front of the choice of granting and denial.
If I deny, I can choose to deny forever (and therefore not to bring up the warning message) or the next time the application tries a new connection.

The problem and that if I deny forever (for example if I am wrong to press) I haven't opportunity to make a new connection (I can do it if I do the reboot my midlet ).... then I want to write code in J2ME that makes me somehow reset the decisions taken.

Thank you

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
sfitzjava
Offline
Joined: 2003-06-15
Points: 0

The security APIs in JavaME are for cryptography and not for the security of the app.
To my knowledge there is no way in MIDP2 to achieve what you are looking to do, however
on the Blackberry devices there is the RIM extensions and there you can retry and even determine the state of the applications permissions. Here is an example for RIM:

ApplicationPermissionsManager pMgr = ApplicationPermissionsManager.getInstance();
ApplicationPermissions ap= pMgr.getApplicationPermissions();
if( ap.getPermission(ApplicationPermissions.PERMISSION_EXTERNAL_CONNECTIONS) != ApplicationPermissions.VALUE_ALLOW )
{
ap = new ApplicationPermissions();
ap.addPermission(ApplicationPermissions.PERMISSION_EXTERNAL_CONNECTIONS);
pMgr.invokePermissionsRequest(aperms);
}

-Shawn

tonino
Offline
Joined: 2008-12-22
Points: 0

.....then there is no possibility to store and edit the choices of a user?

sfitzjava
Offline
Joined: 2003-06-15
Points: 0

not in javaME midp. It would be a violation of security constraints.

Yes it's not easy being safety conscious, why else would so many phone makers be dropping support for it.

Notice the new Palm webOS... no java. :(

Just like the real world being good means being last and having no fun.

-Shawn

josefg
Offline
Joined: 2006-04-20
Points: 0

I'm not sure enforcing digital signatures is about being good. Feels more like market control to me... Honestly speaking, it is good to guide users, but when the certificate system on for instance a Nokia phone means a user can't even tick "ask once" on the security questions, but must receive a prompt for every single read and write operation, then some policy is wrong. People should have the freedom to run whatever apps they want on their phones, just as on their desktop computers, if they wish. At least if you've paid for an "unlocked" phone.