Jump to content

Certification issue.

Guest DJHope

By Guest DJHope
in Smartphone General Discussion

 Share

Recommended Posts

Guest DJHope

Guest DJHope

Posted
Posted

Im slightly irritated by certification, and i agree with many other people that simple measures can be used to stop malicious code from working, such as requiring a YES/NO box before sending email/sms/mms. also i cannot understand why orange dont allow you to take on the resposiblity of screwing up you own phone, i havnt herd of any really nasty stuff shutting down entire networks etc from the batch of xdas that have been out for ages.

The new versions of the handgo programs are coming out soon (or are out) could you not compare the old versions with the new versions and prehaps work out how certification works? Im sure someone will have worked it out by the end of the year, which could be much more dangerious than orange allowing us access.

I also understand from the side of the operator, but at the end of the day, security may well bring about the death of our freedom of speech.

Link to comment
Share on other sites
Guest dodgybob

Guest dodgybob

Posted
Posted

quite right there...!

My opinion on this is that they are trying to make more money... its a revenue generator...

They don't make money from the actual sales of the software... that usually goes straight to the developers... They will most likely be making revenue from the Certifiaction/App Siging thing that developers are being forced to do!

Thats their sole source of revenue... Orange are practically giving the phones away!!! So theres not much to be earned on handset sales... its all about the additionl stuff...

Link to comment
Share on other sites
Guest DJHope

Guest DJHope

Posted
Posted

Yep aint that the truth, corporate money grabbing b**st*rd' s! Its a shame tho, i am in total agreement i really dont think its a security issue, their are many ways round that, im sure you could screw wiv the phone to you hearts content using ya pc, and u dont need application signing to run nasty progs on here!! not yet any way :D

i dont have my spv yet, still waiting for mine from avrmobiles, but i am assured im in the que. I love the idea that i might be able to play doom on it, but reading this certification stuff, my heart was suddely filled with sadness! M keep telling us "wait for a couple of weeks, exciting announcements" if this isnt to eathier 1) make the certification process inexpensive and easy, 2) provide devlopment phones, for a fee and then certification free or 3) remove the whole thing completely, i might just stamp on my fone!

DJ Hope

Link to comment
Share on other sites
Guest Paul [MVP]

Guest Paul [MVP]

Posted
Posted

The certification process is basically signing applications with the Orange digital signature.

This is going to be very well guarded at Orange, and I can't imagine there being a workaround in the foreseeable future.

Quite a few people have kicked up a stink about this, so hopefully Orange will issue a root certificate patch so we can write and install our own software on the SPV...

P

Link to comment
Share on other sites
Guest DJHope

Guest DJHope

Posted
Posted

God my sentance structure grammar and spelling sucked in that previous post, it should read:

Erm... just seen ya site gaf, nice, im sure people on those forumns are already in the process of hacking the spv! Quick ms sort it out! Btw, modaco, i agree that orange will keep certification a closely guarded secret but where there’s a will there's a way. Windows xp activation is full proof isnt it and lemme see you can’t copy xbox games, damn Microsoft are good!

Link to comment
Share on other sites
Guest Third_of_Five

Guest Third_of_Five

Posted
Posted
If the SDK wont work with the SPV then id say the MS site http://www.microsoft.com/mobile/smartphone/default.asp seems pretty misleading.

Didn't see the bit "Develop cool apps with the Smartphone SDK" first time around.

Yes, this is misleading.

But it's MS not Orange, so Orange can't be blamed :D Also, it says develop cool apps, doesn't say you can run them on your phone.

Link to comment
Share on other sites
Guest MarsBar

Guest MarsBar

Posted
Posted

from the SM2002 SDK

------------------------------------------------------

Setting Security Policies

Policy settings are a part of the mobile device security scheme. Smartphone 2002 provides a secure configuration by default, out of the box. The user cannot modify security policies through the UI. However, we recommend that mobile operators modify the default security configuration by pushing their own security policy documents.

This section discusses how to modify the Smartphone 2002 default security policy and create a new security policy document. The settings are defined in XML files that are pushed to Smartphone 2002 and are then processed by the Push Router.

The following XML example is the default security policy document:

--------------------------------------

So even if you manage to "hack" the security, when you restart the phone it will download the standard policy again????

Mmmmm

Link to comment
Share on other sites
Guest rcraswell

Guest rcraswell

Posted
Posted

Changes you make to the security policy are not stored in the Windows directory so any changes will persist through a reboot.

The problem is that your app has to have sufficient permission to change the security policy in the first place. (Think of it as having to be an administrator on the phone to make administrative changes.)

Any developer program will likely take the form of a mechanism to change this security policy on specific phones.

Link to comment
Share on other sites
Guest DJHope

Guest DJHope

Posted
Posted

Erm..intresting. Ive heard alot of people say that all applications will have to be signed by orange. Surely that cant be the case check out all the inbuilt windows programs, they still RUN in the same method as the others and i doubt microsoft would have crippled themselves they wouldnt make a software product they themselves couldnt add software too! That must mean microsoft can certifiy products and their must be a way of signing applications through microsoft instead of orange. I could be wrong here but dosnt that make sense?

Link to comment
Share on other sites
Guest Third_of_Five

Guest Third_of_Five

Posted
Posted

Also this post:

http://www.smartphonedn.com/forums/viewtop...c.php?p=993#993

Just to clarify (again) -- this is not a Microsoft issue at all. This has to do with the security model and set of root certificates that Orange installed on the SPV.  

I know that there are people in Orange right now working frantically to provide a solution to this problem. The technical solution exists but it's a matter of figuring out how to administer it.  

Orange did not set up this particular security model out of any motivation to gather additional revenue -- they merely took the most conservative route and kept everything as locked down as the OS would let them.  

Please remember that Orange is a phone company -- they're not really used to shipping little computers yet. This is a learning process for them and I think they were quite surprised about this whole thing.

So things are looking up for developers perhaps?

Link to comment
Share on other sites
  • 5 months later...
Guest Martin@Home

Guest Martin@Home

Posted
Posted
"]Watch this space...  This is all gonna kick off pretty soon I think!

:twisted:  

P

You weren't wrong there mate !!!!!

Makes interesting reading this post !

I may only have newbie ststus but I have been following this forum from the beginning of december last year when I first got my smartphone.... My how things have changed ! :) :(

Link to comment
Share on other sites
Guest Monolithix [MVP]

Guest Monolithix [MVP]

Posted
Posted

Of course it will be. That's the decision they have made, and they'll no doubt stick by it for the duration of SP2002 at the very least...

Link to comment
Share on other sites
  • 2 years later...

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept