Think back to Harry Potter and the Philosophers Stone – for most of the book, you’re convinced that Snape is evil, and out to kill Harry. Lo and behold it turns out that he’s been protecting Harry from falling out the sky. Rowling has just pulled a similar trick in the last book to make the characters think that Snape actually is evil after all (and leaving the readers discussing his true motives since it was published).
And we here at All About Symbian think that the ground has been set for one of Symbian’s ‘evil’ components to become a whiteish knight and ride into the rescue of third party developers in the war against warez. Step forward Symbian Signed.
We recently reviewed a game, Oval Racer, from Great Ape Software. It’s a cracking piece of software. It also picked up a great review on Nokia’s S60 Software blog (among others). What’ shocking is when I went back to the author to ask how the sales were going. The short answer was that they weren’t.
What was going well though was the number of pirated copies that had arrived. Cracked and put up on a warez site within 24 hours. Code that had been worked on for close on a year as a hobby, was being passed around freely. Put yourself in the shoes of the author and how that feels. Forget all your "I’ve no money, I can’t afford it, so he wouldn’t get it anyway", and ask yourself if you’d work for a year for free.
The ironic thing is that when Symbian was in its absolute infancy (before the OS was even called Symbian), on the Psion Series 3 and Series 5 range of machines, with a significantly smaller pool of users (maybe tens of thousands active users rather than millions) you could write shareware, and if you had a good quality app, then you could easily see five hundred registrations. The wheel has turned. If Symbian want a solid third party software scene in 2006, then they need to have some sort of protection against this sort of thing.
Which they do. Step forward the oft-maligned Symbian Signed program. In the latest version of Symbian OS, there are reserved functions. These are functions that could potentially damage data, incur a charge to the user, or other features that need treated with care. Now some applications (around 35%) need access to these functions to make them work – and that means that they need to be Symbian Signed to give seamless access. So what happens when a program that isn’t Symbian Signed tries to access these functions? The program doesn’t work – simple as that.
Okay so there are more technical details – and be aware that there are a few levels of access, and many functions (such as making an Internet connection) simply ask the user's permission before going ahead – but the point is this: If your program makes use of these functions then, without being installed via the signed package, you won’t have the Symbian Signed certificate portion of the install file, and the app simply won’t run.
Now this might not help simple applications or games (such as the aforementioned Oval Racer) directly. If they were to add in a ‘restricted function’ check (i.e. deliberately use one of the restricted functions), then this would still be the weak point for a 'warez hax0r' to attack. Neutralise that check and you could (potentially) just install the .app and .aif files (i.e. create a new installer). But, and here's the big BUT, Symbian or rather its partners could close off this avenue as well with a single decision.
By turning off the ability to install applications that haven't been Symbian Signed. Altogether. For all devices. This is something that Symbian Signed already supports. This is done with Nokia's phones in the Japanese market. Symbian has actually left the decision on how 'open' devices should be to the licensees.
Because then the loophole of a simple .app hack is closed, and while it might take one or two product cycles to have everyone on the ‘locked down’ phones, this, in conjunction with some good marketing to authors and end users could terminate the flow of super fast, cracked applications.
One stumbling block remains – well, two if you count the amount of management inertia that would need to be overcome. The cost of the Symbian Signed program itself. There are costs involved in both admin of the program, and testing, and while the idea of allowing competition to drive down prices from a capitalistic viewpoint has worked, it's still very high when you consider the number of version/builds a programmer can go through for localisation, bug fixes and improvements.
I’m still of the opinion that if Symbian Signed is such a core part of the security ecosystem it should never have been farmed out to the test houses. Taking what should be a fundamental service and handing it to the private sector to make a profit felt then like Symbian washing their hands of something that was going to come back and bite them.
For the above idea on Symbian Signed to aid the fight against warez to work, either the signing process needs brought back in house and the cost significantly reduced – which means either Symbian takes a hit somewhere, or the process needs to be streamlined. So how about extending the self-signing program to instigate a clear and simple minimal ‘Symbian Signed’ level for authors that identifies them as the actual author (and requiring from them the usual multiple proofs of address and other credentials), but offers no guarantees to the functionality.
This way, when the phones are 'locked down' to certificate installs only, the authors can still recieve a certificate and be installed with little hassle, and the admin cost to Symbian is only the processing of a few lines for whoever issues the UID numbers. Symbian Signed as a full service still exists, but a certain legitimacy (and the ability to revoke apps) would now be inherent on everything installed.
Strong third party software appears to be on life support at the moment. Let’s do something about it.
Ewan Spence, 23rd November 2006