Operators locking handsets to Symbian Signed
Published by Rafe Blandford at 13:09 UTC, August 15th 2006
Simon Judge is reporting on his blog that some operators (Vodafone Japan) are locking down S60 3rd Edition handsets so that only Symbian Signed applications can be installed. This means that self-signed applications can not be installed.
With the introduction of Symbian OS 9 Symbian introduced a new platform security model. This associates phone functions (such as writing files to the phone's memory, use of Bluetooth, access to certain APIs etc.) as capabilities. Signing an application allows it to use given capabilities on the phone.
All applications and install files for Symbian OS 9 must be signed in some way. The two main ways to do this are through Symbian Signed and via self-signing. Symbian Signed costs between £75 and £200 per signing instances (and additional set up costs of around £400). Self-signing is free.
Symbian Signed allows access to all but the seven most resticted capabilities on the phone (these capabilities can only be accessed with an extra level of manufacturer approval). Self-signing allows application access to a more limited set of capabilities than Symbian Signed. General capabilities that are not considered a major security risk can be access via self signed applications. Where there is a small security risk (such as the use of Bluetooth or use of the Network to retrieve data) self signed application must gain user permission to access these capabilities (in the form of a dialog that asks user the grant these capabilities to an application).
If a user attempts to install a self signed application and the phone security permissions are set to not allow self signed application install the phone will throw the error message: 'certificate error, contact application provider'. In most cases it is possible to change the security settings of the phone to allow such applications to be installed. In App Manager -> Options -> Settings, Software Installation should be set to All (from Signed). This will allow self-signed applications to be installed.
However Symbian does allow operators to lock this down. Theoretically operators could lock things down so that no application (even Symbian Signed) could be installed. Many operator operators choose to not allow self-signed application by default, but DO allow user to change this setting. However in the case of Vodafone Japan this is NOT allowed. The Software Installation option in App Manager settings is not present and therefore is not possible to allow self-signed application to be installed (see screenshots on Simon's blog).
Self-signed application are mainly freeware or application and games from smaller developers. Nearly all third party themes are also self signed. However it is worth noting that self-signed application are quite safe, especially when compared to other platforms and previous versions of the Symbian OS. Because of both the restricted set of capabilities and the requirement to gain user permission before using basic capabilities self-signed applications are much safer than their equivalents on other platforms. They are much safer than self signed applications on previous versions of Symbian OS and are arguable safer that Symbian Signed applications from pervious versions of the OS (prior to Symbian OS 8 Symbian Signed only guaranteed identity).
Locking out self-signed application reduces the number of applications available to users and raises the cost of development for niche products. Although signing costs are relatively small the investment is required before application sales can begin and therefore may make development economically impossible for applications with a small target audience.
If your operator has restricted your handset we are interested in hearing from you. Please leave a note in the comment thread or contact us directly.
Summary of Symbian OS 9 Phones Security Levels:
- Open Phone - can install both Symbian Signed and self-signed install files by default.
- Open 'Locked' Phone, self-signed restricted - Symbian Signed by deafult only, self-signed via settings change.
- Closed 'Locked' Phone - Symbian Signed install files only.
Currently most SIM free and some operator phones fall into category 1. Some SIM free phones and many operator phones fall into category 2. Category 2 is less desirable because of unclear error messages and user intervention required to allow self -signed applications to be installed. Branded phones from Vodafone Japan (N71) fall into category 3. Category 3 phones are the least desirable because they restrict the number of applications that can be installed.
Update
As one of our commentators correctly points out this limitation was also present in the Nokia 6630 variant that shipped on the Vodafone Japan network. Japan does have a different approach to mobile platforms and software than the rest of the world. The two major phone platforms in Japan (Symbian MOAP and Linux) similarly do not allow the installation on uncertified third party software.
Categories: Hardware, Developer, Editorial Thoughts
Platforms: General, S60 3rd Edition, UIQ 3, MOAP
News Discussion
N/A
Not a new thing in Japan; it was already done by Vodafone for the 6630 (a Symbian OS 8.0a/S60 2nd Edition Feature Pack 2 device).
Rafe
Ah N/A thanks for that. I never saw it come up with the 6630. I imagine it actually better this time round since so much software is being Symbian Signed.
viipottaja
So now even the Japanese have the chance to enjoy the first taste of the N-series :)
N/A
One thing that might be worth noting is that the signing check on pre-Symbian 9 was only done at the installation time for the .sis file. Easy to circumvent; unpack the .sis on a PC, or install on some device without this restriction and just copy the individual files.
With Symbian 9 and its Platform Security in place this approach will not work (which should make sw piracy a bit more difficult for the cases where the application depends on protected capabilities that actually require Symbian Signing).
Though, I think operators should still allow permit unsigned or at least self-signed apps.
rbrunner
I guess that Symbian is on a very delicate walk: Do not offer enough security, and some carriers threaten to jump ship and look for other OS that they can lock down as of their liking. Offer too much or too expensive security, and you angry the developers and ultimately power users that do not get enough choice of third-party software...
If only the "normal" smartphone users, all those millions of owners of S60 phones, would be a stronger voice in this concert, on the side of the developers of course :)
krisse
If you are a "power user" though, surely you'd be able to buy a smartphone sim-free instead of using a network-provided one?
I'm a bit confused though, I didn't think they had any S60 models in Japan, just their own UI for Symbian (called SOAD or something).
N/A
NTT DoCoMo has their "MOAP" platform in their "FOMA" range. Those are Symbian 6.1 based with Fujitsu doing the sw for various manufacturers providing phones.
However, Japanese operators have also Nokia S60 models starting with the 6630, then 6680. Latest is the N71 introduced as the Vodafone 804NK.
nj7
Itīs because a things like taht, that mine phones are all network free. I donīt like the stuff they install, it occupies precious RAM space and some times even they remove thinga like bluetooth. May be a little cheap, but we never know what kind of device we have.
zero3son
Hello! I got the nokia N71 (804NK here in Japan) Well as we all know, it cannot install third party applications or themes (unless symbian signed). How about the ring tones? I' ve converted some ring tones to aac format using the pc suite. I can play them on the phone but whe I try set them as ringtone it says "Unable to set as ring tone unprotected format". Is there a work around for that? Do the tones need to be DRM protected or some thing? I've got the sony DRM packager, Nokia mobile internet toolkit. Can anybody give me tips on this one? Your help is very appreciated. Thanks!
kirre
In Italy, TIM has locked the phone to accept "only signed" applications
Unregistered
I've got N73(Softbank 705NK) in Japan and still it's locked.
Only Symbian Signed application allow to install.
Is there a way to install application without sign such as extracting a
sis file?
badmigraine
I have a Nokia N73 from Softbank here in Tokyo. "NK705" is their designation for this model. It is indeed sadly crippled. In addition to the install lock described in the article above, there are also other restrictions. For example, .mp4 video files copied to the phone do not play on the bundled RealPlayer. The first frame is visible, then when "play" is pushed, the phone launches RealPlayer, then stops with the following error message: "unable to play media clip". This seems a bald-faced lie for "won't play unless you buy it from us". There is no alternate Symbian-signed vid player for this phone, so it can't be used to play back home vids, converted DVD files, mp4 clips emailed from home, etc. I have yet to put in one of my mp3 files and see if it plays, but I doubt it would. I had the Softbank (then Voda Japan) Nokia 6630, and it simply would not play any music files not purchased thru the provider. I was able to use HalWin to un-sis an Ogg Player and play my music that way, but it seems the unsis-then-copy-to-phone approach to installs does not reliably work on Softbank's version of the N73. In addition, the new version of Symbian OS .sis files is no longer compatible with HalWin or other unsis tools. There are newer versions out there, but they are command-line Python apps which are beyond my current capability. And, reading the above, it sounds like they may not work anyway. How incredibly irritating that I have to pay for this phone, but it is crippled.
Unregistered
my dutch vodafone e50 s60 v3 is also locled to signed applications..
unhappy
My Nokia N73 / Softbank 705NK also is locked. I get "certificate error" for nearly every application and theme I try to install.
Even worse, it does not play my mp3 tunes. Only m4a.
Why impose such hard restricition at the point of this high end phone looses its best capabilties??? Besides the camera, because of this restrictions It is meaningless for me to spend extra money for this phone.
I am wandering if I can change the firmeware of the phone, turning it into a normal N73. Does anybody knows if it is possible?
Unregistered
well that about says it all for japan
I am living here hand have the same problem.
The Japanese (or should I say japanese organisations) have always been like, If there is nothing in it for me well why should I help.
This is not just moblie phones but anything. Even if there is 10 times easier way to do things Japanese wont do it because it means not behaving like the rest of the sheep. How annoying, It wil be the fall of their country. Get paid and get out before it happens lol
medienheinz
The N73 can be debranded now but I don't know if that works for the softbank Japan version.
http://nokias60.seesaa.net/article/4...3.html#comment
Nokia Japan told me that they have no influence on the crippled software and Softbank says if i debrand the phone it will not work on their network, I doubt both information.
The system and private folder on the 705NK/N73 and memory card can be accessed through the data storage mode or like that:
http://www.allaboutsymbian.com/forum...ad.php?t=56289
But even I unpack a sis file in halwin and place it manually in the apropiate folders it won't accept or register them, not even symple themes.
Pretty annoying to have such a nice phone, but to be unable to use its features.
Unregistered
Symbian signing is absulutely the most un-user freindly concept imaginable. I bet less than 1% of phone users can get applications to install that require the so called "self-signing" and that is when the system works.
www.symbiansigned.com is not working as I write.
Previously I have installed apps on my 6630 and E61, but I dont known anyone else in my family who could have done this, and most of them are very computer litterate by UK standards.
I tried to install Python for symbian on my p1i, and I get a message about "required capability is not signed for". As an error message for a phone user, this is on the level of "Syntax error at or near line 1" that BASIC gave us in 1975.
My guess is that the games developers don't want new entrants to the market, and Symbian have sold their souls to the games developers. Why else would anyone kick their customers in the teeth on this scale?
Unless users can install apps, there won't be any, and if there arn't any, then Symbian will soon be a dead duck. There are very few considering the power of the OS - and most of those that do exist are pretty pathetic - developers like me can't jump the threshold.
Remshad
Sofbank user
i have softbank nokia 705nk (n73), i changed the product code in nokia to european code, then updated through nokia soft. updater, now i have normal n73 me which continues to work in softbank (mp3 as ringtone, can install any application), Only one minus - i can not recieve and send mms, but this is not the problem for me.
Full thread: 18 Comments / Post New Comment