Microsoft App signing webchat - could be interesting...

[Guest HelloDave]

Just seen this on Microsoft's MSDN site

Smartphone Application Security

Here is your opportunity to chat with the folks that know all about Smartphone application security, Mobile2Market, and what should be kept in mind when developing applications for the Smartphone platform. Come with your questions to ask the experts to get your applications out into the marketplace.  

December 10, 2002

4:00 – 5:00 P.M. Pacific time

7:00 – 8:00 P.M. Eastern time

24:00 – 25:00 GMT/London

Find it at http://msdn.microsoft.com/chats/

Nothing to do with Orange, but could be interesting for anyone thinking about Smartphone development to "air their views" so to speak...

[Guest Paul [MVP]]

Well I plan to be there for sure!

P

[Guest DJHope]

My take on certification, ill try and put my point across if im not busy!

Ok now i am in disagreement with certification mainly because i believe

that their were other ways orange could have protected their network yet i

don't believe they even considered it!

Firstly MS why didn't you allow unsigned applications to run as long as

radio is switched to off, surely then it would be impossible for the

application to interact with the network and cause the havoc which you are

so keen to suggest will happen when we have yet to observe this from ANY

pocketpc or xda device.

Secondly im sure their could have been another way of protecting the

network and allowing application signing. Everyone goes through a credit

check when we join the mobile network, all our details are stored and

everything is secured for payment of the contract, so that if we for

example try to skip the country we cannot get away from our legal

obligations and this can even lead to arrest. Why then cant anyone who

joins the orange network have their applications signed without testing

obviously if the program is malicious the perpetrator can be caught, after

all orange have all their details, OR if this still costs money charge an

extra nominal fee per month. Obviously this may not be viable but i

personally believe that the whole "protecting the network" issue could

have been done in another way.

Thirdly i like the way Microsoft give the network operator the CHOICE of

using signing or not but i bet a conversation something along the lines of

this went ahead:

MS: This phone can be locked using application signing which will

ultimately protect your network.

ORANGE: So if we don't lock it our network could be compromised.

MS: Yes quite possibly.

ORANGE: Well i think we might have to-do that then.

If the above (made up) conversation went ahead then think Microsoft are

not completely blameless as they are so keen to suggest. Obviously this is

all COMPLETELY hypothetical.

[Guest PolarBear]

My take on certification, ill try and put my point across if im not busy!

I was in one of these chats not long ago. You get a bunch of MS people answering the Q's they like (and the rest are dropped), if you try to flame you get ignored, and then punted out.

Ok now i am in disagreement with certification mainly because i believe

that their were other ways orange could have protected their network yet i

don't believe they even considered it!

If you go to Microsoft seminars they promote code signing for desktop Windows. You can beleive what you like but there is no other game in town ...

Firstly MS why didn't you allow unsigned applications to run as long as

radio is switched to off,

Because the radio is under software control. And would you want the OS to kill apps when you turned the Radio on

surely then it would be impossible for the

application to interact with the network

Like queuing a ton of messages ....

we have yet to observe this from ANY pocketpc or xda device.

The operative word being YET.

Why then cant anyone who joins the orange network have their applications signed

They can. Orange can download a cert to every phone on the network. But the app has to be signed with the private key that goes with the Cert. If everybody who had a phone could sign, it would only be for their own phone. I had to build a demo code signing for my boss so I know what's involved, signing their own code is beyond the wit of most people. Orange sure don't want to sign code for each individual phone. Code you sign won't run on my phone of course ...

Actually I bet things were explained along those lines. Here's how it goes, MS have code signing in Windows XP, and they've put in Smartphone (and possibly in Pocket PC). Either you require code to be signed, or you don't. Period. But there can be as many or as few certs on the phone as you need. Your conversation would have gone on.

ORANGE: But what about corporate customers.

MS: They sign their own code, and you put their cert on their phones.

ORANGE: And we charge them ?

MS: Your call.

ORANGE: And developers ?

MS: You sign their code for them, or send their cert to the phones they want ?

ORANGE: And we charge them ?

MS: Your call again ...

[Guest xmob]

A transcript of this chat is available at:

http://www.xmob.co.uk/phpBB/viewtopic.php?...pic=44&forum=12

Doesn't seem as bad as it could have been.

[Guest spacemonkey]

I think one of the most interesting things in the chat is that the phone has a two tier security model. Ie, priveleged apps use the radio and unprivileged ones don't.

Orange has chosen to require app signing for both. This is an Orange choice and they could have easily left unprivileged open to unsigned apps. This is the worst choice Orange has made. I don't mind them protecting their network but the dubious risk of unsigned apps in unprivileged mode is irrelevant. Malicious code would never do much unprivileged as it would have no means to replicate like a Virus.

Also, they talked about developers being allowed to unlock their code through some sort of sign up. This may well be the answer for all of the technically literate users who won't be ringing Orange Customer services whenever they wreck their phone. The important question is what hoops you have to jump through to get your phone unlocked through this process.

Interesting anyway.

My 2 cents, unlock the unpriveleged end of the phone is a must and it's disgusting that Orange is attempting to control this end of the market.