• Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.
Sign in to follow this  
Followers 0

Certification issue.

25 posts in this topic

Posted

Im slightly irritated by certification, and i agree with many other people that simple measures can be used to stop malicious code from working, such as requiring a YES/NO box before sending email/sms/mms. also i cannot understand why orange dont allow you to take on the resposiblity of screwing up you own phone, i havnt herd of any really nasty stuff shutting down entire networks etc from the batch of xdas that have been out for ages.

The new versions of the handgo programs are coming out soon (or are out) could you not compare the old versions with the new versions and prehaps work out how certification works? Im sure someone will have worked it out by the end of the year, which could be much more dangerious than orange allowing us access.

I also understand from the side of the operator, but at the end of the day, security may well bring about the death of our freedom of speech.

0

Share this post


Link to post
Share on other sites

Posted

quite right there...!

My opinion on this is that they are trying to make more money... its a revenue generator...

They don't make money from the actual sales of the software... that usually goes straight to the developers... They will most likely be making revenue from the Certifiaction/App Siging thing that developers are being forced to do!

Thats their sole source of revenue... Orange are practically giving the phones away!!! So theres not much to be earned on handset sales... its all about the additionl stuff...

0

Share this post


Link to post
Share on other sites

Posted

Yep aint that the truth, corporate money grabbing b**st*rd' s! Its a shame tho, i am in total agreement i really dont think its a security issue, their are many ways round that, im sure you could screw wiv the phone to you hearts content using ya pc, and u dont need application signing to run nasty progs on here!! not yet any way :D

i dont have my spv yet, still waiting for mine from avrmobiles, but i am assured im in the que. I love the idea that i might be able to play doom on it, but reading this certification stuff, my heart was suddely filled with sadness! M keep telling us "wait for a couple of weeks, exciting announcements" if this isnt to eathier 1) make the certification process inexpensive and easy, 2) provide devlopment phones, for a fee and then certification free or 3) remove the whole thing completely, i might just stamp on my fone!

DJ Hope

0

Share this post


Link to post
Share on other sites

Posted

The certification process is basically signing applications with the Orange digital signature.

This is going to be very well guarded at Orange, and I can't imagine there being a workaround in the foreseeable future.

Quite a few people have kicked up a stink about this, so hopefully Orange will issue a root certificate patch so we can write and install our own software on the SPV...

P

0

Share this post


Link to post
Share on other sites

Posted

yeh hopefully, but ive only seen ms people on these forumns, are orange even listening! havnt herd a word from them.

0

Share this post


Link to post
Share on other sites

Posted

If we can get enough SPV users on this forum, maybe Orange will listen to our collective voice...

P

0

Share this post


Link to post
Share on other sites

Posted

If the SDK wont work with the SPV then id say the MS site http://www.microsoft.com/mobile/smartphone/default.asp seems pretty misleading.

Im starting to wonder if orange can be had for making out this phone is something its not.

0

Share this post


Link to post
Share on other sites

Posted

Watch this space... This is all gonna kick off pretty soon I think!

:twisted:

P

0

Share this post


Link to post
Share on other sites

Posted

Read below!

0

Share this post


Link to post
Share on other sites

Posted

God my sentance structure grammar and spelling sucked in that previous post, it should read:

Erm... just seen ya site gaf, nice, im sure people on those forumns are already in the process of hacking the spv! Quick ms sort it out! Btw, modaco, i agree that orange will keep certification a closely guarded secret but where there’s a will there's a way. Windows xp activation is full proof isnt it and lemme see you can’t copy xbox games, damn Microsoft are good!

0

Share this post


Link to post
Share on other sites

Posted

If the SDK wont work with the SPV then id say the MS site http://www.microsoft.com/mobile/smartphone/default.asp seems pretty misleading.

Didn't see the bit "Develop cool apps with the Smartphone SDK" first time around.

Yes, this is misleading.

But it's MS not Orange, so Orange can't be blamed :D Also, it says develop cool apps, doesn't say you can run them on your phone.

0

Share this post


Link to post
Share on other sites

Posted

Yeh but MS arnt responsible for the certification issue, the PROVIDER has the choice of activating certification or not, in our case Orange!

0

Share this post


Link to post
Share on other sites

Posted

from the SM2002 SDK

------------------------------------------------------

Setting Security Policies

Policy settings are a part of the mobile device security scheme. Smartphone 2002 provides a secure configuration by default, out of the box. The user cannot modify security policies through the UI. However, we recommend that mobile operators modify the default security configuration by pushing their own security policy documents.

This section discusses how to modify the Smartphone 2002 default security policy and create a new security policy document. The settings are defined in XML files that are pushed to Smartphone 2002 and are then processed by the Push Router.

The following XML example is the default security policy document:

--------------------------------------

So even if you manage to "hack" the security, when you restart the phone it will download the standard policy again????

Mmmmm

0

Share this post


Link to post
Share on other sites

Posted

Yeh any change you make to any part of the windows directory isnt saved, so when you restart phone its back again!

0

Share this post


Link to post
Share on other sites

Posted

Changes you make to the security policy are not stored in the Windows directory so any changes will persist through a reboot.

The problem is that your app has to have sufficient permission to change the security policy in the first place. (Think of it as having to be an administrator on the phone to make administrative changes.)

Any developer program will likely take the form of a mechanism to change this security policy on specific phones.

0

Share this post


Link to post
Share on other sites

Posted

Erm..intresting. Ive heard alot of people say that all applications will have to be signed by orange. Surely that cant be the case check out all the inbuilt windows programs, they still RUN in the same method as the others and i doubt microsoft would have crippled themselves they wouldnt make a software product they themselves couldnt add software too! That must mean microsoft can certifiy products and their must be a way of signing applications through microsoft instead of orange. I could be wrong here but dosnt that make sense?

0

Share this post


Link to post
Share on other sites

Posted

I got this reply to a post on a developer forum regarding this issue from someone who works for a company who develops software for mobiles.

http://www.smartphonedn.com/forums/viewtop...c.php?p=989#989

Orange are going to have many holes in their feet at this rate!

0

Share this post


Link to post
Share on other sites

Posted

Also this post:

http://www.smartphonedn.com/forums/viewtop...c.php?p=993#993

Just to clarify (again) -- this is not a Microsoft issue at all. This has to do with the security model and set of root certificates that Orange installed on the SPV.  

I know that there are people in Orange right now working frantically to provide a solution to this problem. The technical solution exists but it's a matter of figuring out how to administer it.  

Orange did not set up this particular security model out of any motivation to gather additional revenue -- they merely took the most conservative route and kept everything as locked down as the OS would let them.  

Please remember that Orange is a phone company -- they're not really used to shipping little computers yet. This is a learning process for them and I think they were quite surprised about this whole thing.

So things are looking up for developers perhaps?

0

Share this post


Link to post
Share on other sites

Posted

"]Watch this space...  This is all gonna kick off pretty soon I think!

:twisted:  

P

You weren't wrong there mate !!!!!

Makes interesting reading this post !

I may only have newbie ststus but I have been following this forum from the beginning of december last year when I first got my smartphone.... My how things have changed ! :) :(

0

Share this post


Link to post
Share on other sites

Posted

Sorry... "Post" should read "Thread" :oops:

0

Share this post


Link to post
Share on other sites

Posted

What would everybody think the chances are of the next Orange update being uncertified??

0

Share this post


Link to post
Share on other sites

Posted

Of course it will be. That's the decision they have made, and they'll no doubt stick by it for the duration of SP2002 at the very least...

0

Share this post


Link to post
Share on other sites

Posted

As in Palm OS phones, like the Treo 650 I assume you mean?

Good call...

P

0

Share this post


Link to post
Share on other sites

Posted

It is done :)

P

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.