Jump to content


Photo

Certification issue.

- - - - -

  • Please log in to reply
24 replies to this topic

#1
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
Im slightly irritated by certification, and i agree with many other people that simple measures can be used to stop malicious code from working, such as requiring a YES/NO box before sending email/sms/mms. also i cannot understand why orange dont allow you to take on the resposiblity of screwing up you own phone, i havnt herd of any really nasty stuff shutting down entire networks etc from the batch of xdas that have been out for ages.

The new versions of the handgo programs are coming out soon (or are out) could you not compare the old versions with the new versions and prehaps work out how certification works? Im sure someone will have worked it out by the end of the year, which could be much more dangerious than orange allowing us access.

I also understand from the side of the operator, but at the end of the day, security may well bring about the death of our freedom of speech.

  • 0

#2
dodgybob

dodgybob

    Regular

  • Members
  • PipPip
  • 83 posts
  • Location:London, UK
  • Interests:Techy Geeky stuff
quite right there...!

My opinion on this is that they are trying to make more money... its a revenue generator...

They don't make money from the actual sales of the software... that usually goes straight to the developers... They will most likely be making revenue from the Certifiaction/App Siging thing that developers are being forced to do!

Thats their sole source of revenue... Orange are practically giving the phones away!!! So theres not much to be earned on handset sales... its all about the additionl stuff...

  • 0
Dodgybob
blah...blah...blah...

"Ok. So whats the speed of dark?"

#3
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
Yep aint that the truth, corporate money grabbing b**st*rd' s! Its a shame tho, i am in total agreement i really dont think its a security issue, their are many ways round that, im sure you could screw wiv the phone to you hearts content using ya pc, and u dont need application signing to run nasty progs on here!! not yet any way :D

i dont have my spv yet, still waiting for mine from avrmobiles, but i am assured im in the que. I love the idea that i might be able to play doom on it, but reading this certification stuff, my heart was suddely filled with sadness! M keep telling us "wait for a couple of weeks, exciting announcements" if this isnt to eathier 1) make the certification process inexpensive and easy, 2) provide devlopment phones, for a fee and then certification free or 3) remove the whole thing completely, i might just stamp on my fone!

DJ Hope

  • 0

#4
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,216 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
The certification process is basically signing applications with the Orange digital signature.

This is going to be very well guarded at Orange, and I can't imagine there being a workaround in the foreseeable future.

Quite a few people have kicked up a stink about this, so hopefully Orange will issue a root certificate patch so we can write and install our own software on the SPV...

P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#5
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
yeh hopefully, but ive only seen ms people on these forumns, are orange even listening! havnt herd a word from them.

  • 0

#6
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,216 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
If we can get enough SPV users on this forum, maybe Orange will listen to our collective voice...

P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#7
Gaf

Gaf

    Newbie

  • Members
  • Pip
  • 38 posts
If the SDK wont work with the SPV then id say the MS site http://www.microsoft...one/default.asp seems pretty misleading.

Im starting to wonder if orange can be had for making out this phone is something its not.

  • 0
Modshack hardware hacking forum
dailychat.co.uk make sure you turn up for your dailychat..

#8
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,216 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
Watch this space... This is all gonna kick off pretty soon I think!

:twisted:

P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#9
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
Read below!

  • 0

#10
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
God my sentance structure grammar and spelling sucked in that previous post, it should read:

Erm... just seen ya site gaf, nice, im sure people on those forumns are already in the process of hacking the spv! Quick ms sort it out! Btw, modaco, i agree that orange will keep certification a closely guarded secret but where there’s a will there's a way. Windows xp activation is full proof isnt it and lemme see you can’t copy xbox games, damn Microsoft are good!

  • 0

#11
Third_of_Five

Third_of_Five

    Newbie

  • Members
  • Pip
  • 38 posts
  • Location:Lancashire, England

If the SDK wont work with the SPV then id say the MS site http://www.microsoft...one/default.asp seems pretty misleading.


Didn't see the bit "Develop cool apps with the Smartphone SDK" first time around.

Yes, this is misleading.

But it's MS not Orange, so Orange can't be blamed :D Also, it says develop cool apps, doesn't say you can run them on your phone.

  • 0
Regards
Third_of_Five
http://www.smartphone-2002.info/

#12
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
Yeh but MS arnt responsible for the certification issue, the PROVIDER has the choice of activating certification or not, in our case Orange!

  • 0

#13
MarsBar

MarsBar

    Newbie

  • Members
  • Pip
  • 30 posts
  • Location:London
from the SM2002 SDK
------------------------------------------------------
Setting Security Policies
Policy settings are a part of the mobile device security scheme. Smartphone 2002 provides a secure configuration by default, out of the box. The user cannot modify security policies through the UI. However, we recommend that mobile operators modify the default security configuration by pushing their own security policy documents.

This section discusses how to modify the Smartphone 2002 default security policy and create a new security policy document. The settings are defined in XML files that are pushed to Smartphone 2002 and are then processed by the Push Router.

The following XML example is the default security policy document:





























--------------------------------------
So even if you manage to "hack" the security, when you restart the phone it will download the standard policy again????
Mmmmm

  • 0

#14
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
Yeh any change you make to any part of the windows directory isnt saved, so when you restart phone its back again!

  • 0

#15
rcraswell

rcraswell

    Regular

  • MoDaCo Gold
  • PipPip
  • 106 posts
  • Location:Redmond, WA USA
  • Devices:iMate SP5m
Changes you make to the security policy are not stored in the Windows directory so any changes will persist through a reboot.

The problem is that your app has to have sufficient permission to change the security policy in the first place. (Think of it as having to be an administrator on the phone to make administrative changes.)

Any developer program will likely take the form of a mechanism to change this security policy on specific phones.

  • 0

#16
xmob

xmob

    Regular

  • Members
  • PipPip
  • 83 posts
  • Devices:Touch Diamond

  • 0

#17
DJHope

DJHope

    Addict

  • Members
  • PipPipPipPipPip
  • 771 posts
  • Location:A DJ Booth in Ibiza
  • Interests:Anything fun
Erm..intresting. Ive heard alot of people say that all applications will have to be signed by orange. Surely that cant be the case check out all the inbuilt windows programs, they still RUN in the same method as the others and i doubt microsoft would have crippled themselves they wouldnt make a software product they themselves couldnt add software too! That must mean microsoft can certifiy products and their must be a way of signing applications through microsoft instead of orange. I could be wrong here but dosnt that make sense?

  • 0

#18
Third_of_Five

Third_of_Five

    Newbie

  • Members
  • Pip
  • 38 posts
  • Location:Lancashire, England
I got this reply to a post on a developer forum regarding this issue from someone who works for a company who develops software for mobiles.

http://www.smartphon...c.php?p=989#989

Orange are going to have many holes in their feet at this rate!

  • 0
Regards
Third_of_Five
http://www.smartphone-2002.info/

#19
Third_of_Five

Third_of_Five

    Newbie

  • Members
  • Pip
  • 38 posts
  • Location:Lancashire, England
Also this post:
http://www.smartphon...c.php?p=993#993

Just to clarify (again) -- this is not a Microsoft issue at all. This has to do with the security model and set of root certificates that Orange installed on the SPV.  

I know that there are people in Orange right now working frantically to provide a solution to this problem. The technical solution exists but it's a matter of figuring out how to administer it.  

Orange did not set up this particular security model out of any motivation to gather additional revenue -- they merely took the most conservative route and kept everything as locked down as the OS would let them.  

Please remember that Orange is a phone company -- they're not really used to shipping little computers yet. This is a learning process for them and I think they were quite surprised about this whole thing.


So things are looking up for developers perhaps?

  • 0
Regards
Third_of_Five
http://www.smartphone-2002.info/

#20
Martin@Home

Martin@Home

    Diehard

  • Members
  • PipPipPipPip
  • 442 posts
  • Location:Isle of Wight
  • Interests:Breasts

"]Watch this space...  This is all gonna kick off pretty soon I think!

:twisted:  

P


You weren't wrong there mate !!!!!
Makes interesting reading this post !
I may only have newbie ststus but I have been following this forum from the beginning of december last year when I first got my smartphone.... My how things have changed ! :) :(

  • 0
(F)inancial (T)roubles (O)verlooked




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users