Symbian OS 9 What is it All About?

Published by at

Ewan discusses some of the features and the implications of Symbian OS 9. The security model is based on golden tickets, bouncers and rooms...

Symbian 9 - What's it All About?

So the next version of Symbian OS (version 9) is here, and there have been mixed reactions ranging from it is a really really good thing, to it being a bad thing for Enterprise markets, and the greatest danger to the Developer Community since sliced bread. Let’s say that all of those viewpoints are equally wrong and right.

Here’s something that is definitely true. Symbian OS has lots of nice new things that Symbian are very excited about in a good way. A lot of the changes that I suspect they’ve been thinking about for some time are now in the Operating System. Let’s start with the version number. There’s been a certain amount of mystique in mobile circles to see a major version number (such as 8.x to 9.x) as a fundamental change in the Operating System, something that only happens every two to three years. And while there are some major changes in OS 9, Symbian are now going to settle down to constantly improving the OS and we should see minor and incremental releases only a few months apart. This makes sense when you consider how fast the phone models change and go out of date.

The technical details have been talked about in great depth elsewhere, but one thing to point out is that the switch to using the ARM ABI (Application Binary Interface) means that planned updates in the ARM core architecture will allow Symbian OS to take on board the speed advantages offered in newer ARM chips.

Probably the biggest change in the eye of the consumer is the break in binary compatibility. This means that programs written in C++ for previous versions of Symbian OS will not run on OS 9 without the original authors making a few changes to the source code and recompiling. So your Series 60 version 3 device (which will use Symbian OS 9) won’t run current Series 60 version 2 applications. The good news is that altering applications isn’t a huge amount of work – the bad news is that you’re going to have to be very careful which version of an application that you download. Expect every website to have a number of pictures of your phone, rather than a huge list of acronyms and numbers that you’ll need to match up – something the larger stores such as Handango and Motricity can cope with, but an area the part time developer will have to watch out for.

I think this is an area Symbian should be able to do a bit more in to help the end-user (even though the end-user was never mentioned in their press release for OS 9!). The SIS format can handle storing multiple versions of an application, and run small macro-like applications when installed to determine which version to use. There’s space here for an enterprising author to work out an auto delivery SIS file, which determines which platform it is installing to and installs the correct core modules either from inside the SIS, or goes back online to grab just the correct version. If Palm OS can do this when they updated the .prc format to .psi (Palm Software Install), why can’t Symbian? That should get round what could be a confusing problem. Anything raising the barrier of entry to third party software is not good.

But beyond that, there are a huge number of changes under the hood that should allow the handset manufacturers to deliver better phones. The IMAP changes to the underlying email support are long overdue, and should help those accessing corporate email boxes. There is more support for multimedia files (audio and video) and Symbian have made explicit the support for the OMA DRM. Now I’m not a fan at all of DRM in any format (we’d never have guessed – Rafe), but it’s now up to the networks and content delivery sites to decide if locked down DRM content or open and transferable content will have a greater appeal in the marketplace. And while the original N-Gage had a form of USB connectivity written by Nokia, Symbian OS devices will now support being seen as a USB Mass Storage device. If this is used as an alternative option to the PC Suites bundled with the phones, so much the better.

Probably the biggest change is at the security level. Previously, once an application was installed on your phone, it had full access to all the API’s in the OS (an API is like an index of functions a program can call. Sending an SMS would involve making an SMS API call for example). Now, applications do not have automatic access to all the API’s. Those involving critical functions (or which could run up your mobile bill) will now be restricted.

If your application is Symbian Signed, then the application will have full access to the API’s. If it is not signed, then the application on its own will not be able to call these API’s. Instead, the user will receive a prompt along the lines of “This Application Would Like to send an SMS. Give it permission to do so… Yes / No.” So the worry of a trojan dialler of Premium SMS application sneaking into your phone and running up your bill will only be possible if you give it permission to do so, and after you’ve also given permission for an ‘unsigned’ application to be installed. For applications you do trust that are unsigned, you can give them permission ahead of time in the new Applications Manager, and you won’t be pestered by the permission requests. This is much like the current security model for Java MIDP on some Symbian powered phones.

Of course all this assumes that the end-user is sensible enough to say no when something suspicious happens and permission is asked for a program called ‘Make.Money.A’ to send twenty SMS messages. Given that the malware (such as Caribe) currently making headlines can only spread with the explicit permission of the user, I’m not sure whether this will be enough. Hopefully though, there will come a point when networks realise that the protection offered by Symbian OS 9.0 has probably struck the correct balance between paranoia and practicality.

Symbian were using a lovely metaphor at 3GSM to describe the security changes. If you imagine your phone as a house (bear with me here) then the previous security was akin to a bouncer on a door, who simply shouted “someone wants in, shall I let them?” Once they’re in, though, they have full access to every room of the house (ie every API and call and system function). Symbian Signed’s purpose, of identifying where apps come from, means the bouncer can now say “Steve Litchfield wants in, shall I let him?”

What the new OS does is put a Bouncer on the front door, and every other door in the house that leads to a room/API. If an application is Symbian Signed, then it’s like a golden ticket. They still need to be invited through the front door, but by showing the Symbian Signed certificate at each API, they can have access. What happens when a program isn’t Symbian Signed is actually up to the handset manufacturers and networks. There is a facility for each Bouncer to ask the user if a program can get access to an API whenever it tries to use it (eg “Can this app send an SMS”), or the Bouncer could say “Network says No” and reject access to the network for example.

Symbian OS 9 offers the manufacturers and operators various options to put in the new handsets, so effectively it’s not actually their decision, even though they’ve programmed the tool. When the first OS 9 based handsets come out (and that’s likely to be the 6680 and variants in Q2-Q3 2005) we’ll be able to see the stance that everyone will be taking on this rather hot issue.

In summary though, getting excited over a new version of the Operating System is all well and good, but it’s going to come down to what phones are made that OS 9 will run on, and how they perform in the wild. That’s the true test…

Rafe's comment

The reaction to Symbian OS 9 has been something of a storm in a teacup. Within the small circle of Symbian and mobile media watchers there have been a few rasied eyebrows, but there were no major suprises. Symbian 9.1, together with Series 60 version 3 and UIQ 3, represent the biggest mobile OS milestone of the last few years. Among the wider IT media there has been only limited interest, and some misguided commentary. When you consider that this is a major revision to the market leading mobile device OS and it's user interfaces this might be something of a suprise. However it is more a reflection of the philsophy that the OS doesn't matter to the end user. Those that need to know about are aware of the changes and leading developers are already working with Symbian 9, Series 60 version 3 and UIQ version 3. That doesn't mean there is no interest for end user, what it does mean is that this is not about the end user. It is about the device manufacturers, the developers and the networks.

The fact that OS 9.1 got announced along with version 3 of the two biggest Symbian UI's is obvisouly no coincidence. Speaking to all three camps it is clear there was an element of common strategy and the consensus was that if it was going to be necessary to put the developers through extra work it should happen all at once and this is precisely what has happened. That in itself is an important commentary on the Symbian ecosystem and the way it operates. By having all three changes happen at once there are many millions saved in software development and support costs.

The new security models have received the most attention and the most criticism. There is a natural reaction from end users to not want anything limiting, but this is what it comes down to. If this model (essentially securing sensitive parts of the OS by a challenge response system) is not implemented the smart mobile device market will cease to exist. Why? Partly it is a question of the networks - they simply will not let insecure devices onto their networks. Networks have a far greater level of control over access to their network than say an ISP does to your access to the Internet. The networks are concerned that they're infrastructure could be pulled down by traffics surges (think SMS delivery on New Years Eve), or that customers might get upset by unexpected charges. But it is more than that, as one commentator put it to me:

"These devices are as powerful as 5 year old computers and often more sophisticated. They have an always on connection. Look at the problems on the 'desktop' Internet [with mal traffic, fraud, spam etc.]. The thought of that within the context of mobile infrastructure is scary. We might not see the threat now, but we have to plan for it now."

It is no secret that each of the major mobile OS are looking to do exactly the same thing, and for some of them it is a big headache. Speaking to an anti-virus vendor he commented that he felt Symbian was relatively secure:

"Symbian OS is more secure. It is receiving the attention because there are more Symbian devices [in the market]. We had a lot of trouble creating a hook into the OS [for the anti virus engine], we had to ask Symbian for help. Contrasting that with other platforms we had several choices of how to hook in, there are more holes. The problem is overhyped on Symbian, you want to watching the other platforms in my opinion."

Symbian, as market leader in numbers and technology, are unsurpisingly the first to market with a stronger security model tightly integrated into the OS. In essence there is an inevitablity about these changes, and rather than greeting them with reluctance we should be celebrating the foresight.

Clearly though it is important to realise that the chnage has implications. The smaller and hobbyist developers may not be able to afford to get their programs Symbian Signed. Even the larger developers admit Symbian signed is a "colossal pain". The price of signing is coming down all the time and that should be encouraged, but Symbian and its licensees need to look at ways to facillitate the smooth implementation of the new reigeme as much as possible. A big part of that is going to be communication, something which thus far has been handled fairly poorly.

Related Links

 Symbian: Symbian OS v9 Technology Page, Symbian OS 9.1 - 2 Page Product Description, Symbian OS 9.1 - deatiled functional description
SymbianOne: New Opportunities, New Challenges
TheFeature: When is your phone no longer yours?