Application Laundering

[Guest DJHope]

Dont supose if we rasied enough money someone with a legitamate company would buy the baltimore singing package and sign our applications for us, maybe a long shot but who knows?

75 apps signed for about 400 quid i rekon someone must be up for donating!

DJ Hope

[Guest Kallisti]

As I understand it, this signing package won't enable us to run on the SVP anyway as they need to be signed by Orange, a process which doesn't exist yet.

[Guest DJHope]

NOT TRUE...the batimore singature IS on the SPV. Baltimore are even responsible for making the orange certificate, this is what i have herd investigation work would be required. I dont understand how baltimore expect to sell any certs otherwise since no other smartphone exsist.

[Guest spacemonkey]

One problem is that the signer is taking on some repsonsability... if someone sent them a dodgy app and they signed it then it'd come back to them....

But, yes I agree with the idea...

In fact I have a limited company etc so could potentially do this. Probably need to do some research to check on baltimores terms and conditions to make sure this wouldn't in some way breach them.

Also, 75 signings is good for 75 finished apps but you need to get an app onto a smartphone (or several) and test it and fix bugs etc and unless we can get unlocked developer phones (might just be an update to our existing phones) you'd have to waste signatures just to get the software testable... Yes you can test on the emulator but there's bugs you won't find until it's on a real world phone.

So as yet not the perfect solution, but if Orange can help us solve the development end of things and people were keen to donate this could definitely be a proposition. 6.60 or so per signed app doesn't seem too bad at all.

[Guest DJHope]

I agree with that totally spacemonkey and this was my thinking!

I admit that sending a dodgy app might be a problem but not if this imaginary company was to test it properly first and they could even charge a small fee for this, i rekon if i was a developer id spend 10-15quid getting my app signed especially if the comunity was willing to make contributions to my cause, i rekon the future is looking much brighter for signing!

[Guest Monolithix [MVP]]

that still doesnt get over the problem of development, i think spacemonkey has pointed out before that ur likely to use up those 75 signatures on getting just one or two applications running properly, after signing each pre-reslease to test it. orange were "working on a solution for developers", i've not heard of any more details though...

[Guest DJHope]

yeh i understand the problems, but if this imaginary company had a development phone they could test the app more hassle though i supose. Maybe if we wait orange will do something they said their would be "EXCITING ANNOUNCEMENTS" this month, but then well probably be dead before orange do something.

[Guest Monolithix [MVP]]

heheh, which will come first, the uk update or a developer option for the spv? now taking bets...

[Guest Emad]

Are any of those applications we keep hearing about being in the 'process of being signed' actually getting signed? Its been a lil while since any new software has come out..

[Guest DJHope]

ill bet we see loads of software when orange "get their act together" we need the update and an application singing procedure BOTH due this month.

[Guest spacemonkey]

I just got the whole embedded C and Smartphone SDK thing up and running on my PC... now I just need to remember how to write proper C code (been doing too much lazy javascript)...

However I was having a read through the help files (oh my life is interesting) and came across how Microsoft see developer phones working on networks that are locked down such as Orange.

What they see is that Orange can create a digital certificate and then deploy it remotely to any phone they like. So you'll apply to be an Orange developer (bet they try and get some money....) and they'll generate a new certificate just for you, pass that certificate to your phone and then mail you the certificate so you can use it to sign files.

What this means in usage. Once you have your own certificate you will be able to sign any app you find on the web and load it onto your personal phone. Anything you sign however will not be able to be loaded onto any other phone even another developer phone. So good for the developer but then you'll need Baltimore for the next stage. Also if you just want to get some mates to do a bit of testing pre paying for signing, they'd need to be developers registered with Orange and sign your app themselves to test it.

So, that's my guess of what Orange will offer us... as long as it's free I'll be happy, if they try to sting me for 100s of pounds then I'll be mighty pissed.

[Guest Gorskar]

Although if orange were willing to provide a developer certificate to anyone, then anyone could get a certificate, and hence sign any application to run on their phone. Problem solved. No need to get orange or baltimore to sign it as anyone can sign it for their own phone!

[Guest Emad]

I'm sure you're gonna have to be a limited company or something to get the developer certification.. Doesn't Palm do something similar for their developer program? You need to sign up to it to get the Palm OS ROM images if I recall (good luck developing without them).

Ah, to downloading the sdk I go..

[Guest spacemonkey]

Although if orange were willing to provide a developer certificate to anyone, then anyone could get a certificate, and hence sign any application to run on their phone. Problem solved. No need to get orange or baltimore to sign it as anyone can sign it for their own phone!

Yeah, their gonna try and keep the program limited, also, as every individual who gets a developer certificate has a unique certificate tied to their phone, we'd all need to sign stuff ourselves.

That's fine for technically savvy users but for the general public not really a practical option (which is why it's the path microsoft have set out). And you're not gonna get a huge freeware/shareware community starting up if registered "developers" with Orange are the only potential customers.

[Guest Croccy22]

OK I am fairly new to cetificate stuff so if I am speaking out of my ass then please tell me. But would it not be possible to copy a different root certificate to the spv phone. Where I work we use the novell operating system and with this we can create out own certificates and digitally sign e-mails, appz and stuff like that. surely if you could put the root certificate on the spv then you could use novell to sign the apps???

I am probably wrong. anyone have any ideas??

Matt

[Guest Bazz]

OK I am fairly new to cetificate stuff so if I am speaking out of my ass then please tell me. But would it not be possible to copy a different root certificate to the spv phone. Where I work we use the novell operating system and with this we can create out own certificates and digitally sign e-mails, appz and stuff like that. surely if you could put the root certificate on the spv then you could use novell to sign the apps???

And how would you get that root certificate on the phone?

[Guest Paul [MVP]]

And how do you propose you are going to put the new root cert on the SPV?

P

[Guest Monolithix [MVP]]

Not knowing what form a certificate comes in, i may also be talking bull :D. But if it is a type, you'd need to know which file to overwrite. Although the certificate may be "hard wried" into the phone? IO dont have much experiencec with software certificates. In fact other than server security certificates this is the only other time i've encountered them :(. I would assume Orange or MS built in measures to prevent this from happening though...

Oh and apparently developer phones are available for software development, see this post: http://www.modaco.com/viewtopic.php?t=1859.

No info on how to get one though...

[Guest DJHope]

that could be a possiblity but how exactly would you install root certs on the spv, standard cert files dont work :D