Please explain Application Locking/Unlocking AGAIN

[Guest nickcornaglia]

I thought I understood this but now I am no longer sure.

Orange and others choose to Application Lock their phones to prevent funky problems happening when Uncertified applications are loaded.

So then why does SmartphoneNotes only work on Orange phones? Is this another level of certification that requires your phone to be not only locked but locked under Orange? Someone please explain...as something smells fishy. Because if this is true, networks can create software that only works on their phones.

Here is the quote from the developer of SmartphoneNotes again.

"The possibility of having it working on other phones is related to the well known code signing issue. There is a common misconception about so called unlocked phones: it is not true that they can run all unsigned software. In fact, applications requiring privileged access must be signed with a certificate trusted by the phone, even if the phone is unlocked. Since the synchronization part of SmartphoneNotes has access to the communication components of the phone operating system, it is considered privileged and requires this specific signature. Orange tested my software and accepted to sign it; therefore SmartphoneNotes only works with Orange phones at this time. The issuer of the privileged certificate of each Smartphone should accept to do the same in order to have SmartphoneNotes working on their product."

[Guest squall]

What is application decertification?

The spv/ spv E100 are delivered in a 'application lcoked' state, basically this means that only programs specially signed can run on the phone, and since you have to pay for signing this virtually eliminates freeware.

Orange have since changed there policy, now 'developers' can application decertification there spv's, meaning the phone can run programs, but still have no access to the network part of the phone. This allows games, etc to be run on the phone.

Smartphone notes has been signed by orange, hence can run on the network part of the phone. there are no cracks to make files run in this area, and standard file signed apps dont have access either. its an extra part of the signing process costing extra money.

smartphone notes will have to be signed be each network individually to work on that network.

Ive extracted the blue text section from the faq, hope thats ok will?

[Guest nickcornaglia]

Is SmartphoneNotes the first program to be signed specifically by Orange, or any other Network for that matter? This is the first I've heard of it.

In any case it shouldn't be allowed. I'll give them the phone certification as Network providers may not want any unauthorized software messing up their phones and causing replacements or extra Customer Service calls. (even though the warranty is void for such problems).

But the specific network certification is going to cause problems in the future in that there will be less developers willing to fork out the extra cash for certification for EACH NETWORK.

Orange apparently gains money from this. Not alot from the fees but in saved support time & replacement hardware. But what does Microsoft gain from this? Why would they allow Networks to put the future of the Smartphone platform in jeopardy? Can't anyone put a stop to this?

I'm a big fan of SmartphoneNotes but I may not buy it for this very reason alone. As I don't plan on having an ORANGE SPV Smartphone forever here in the US.

I don't curse much but this forces me to say...DARN CAPITALISTS! :)

[Guest squall]

its the first corrercal program ive heard of.

as far as signing, i disagree with app signing but can understand the case for network signing. when the phone first came out the app signing was justified by saying it stopped viruses getting onto the network- it doesnt.

the network part of app signing does.

microsoft only provide the option, its up to the network if they take it or not.

anyway who is to say that once more networks bring out spartphones they wont get together and share program certifications?!

[Guest nickcornaglia]

But it's the cases of the many small developers who create little tweaks or bug fixes or useful little programs or games, that wont be able to get their program out there because they can't afford to pay to have their freeware's certified.

Or a case where someone like O2, as an example...where they have a similar notes program they would like to push...not allowing the option to choose for the end-users.

It doesn't exist in the PC or PPC world and I wish it didn't here. Why do politics always have to mess up a good thing?

:?: BTW...what does CORRERCAL mean?

[Guest squall]

im not arguing with you, i agree. at least theres an area for development in non network phone areas, which is the equivelent part of the pc.

imagine when the phone first out and we though no unsigned apps at all could be run, im thankfull for what we have. things may change (better or worse) when other networks bring out smartphones.

[Guest nickcornaglia]

I dint take what you said as argumentative...I'm just banging my chest. I'm in a bad mood today! :)

[Guest Gorskar]

SP2002 restricts some APIs to only be accessible to applications signed with a privaleged certificate. These are typically the "dangerous" ones, which could allow unauthorised phone calls etc.

The networks decide what certificates are installed on their phones, and which of those are going to be privaleged.

Given this information, there is no basis at all to force app signatures for apps that do not require access to privaleged APIs, as they cannot cause any harm.

Via the old method of decertification it would be possible for you to make your own certificate, and install it to the phone and give it privaleged status. Then you could have an app which would have full access to everything, but of course it still couldnt spread (virus like) as your signature would only be on your phone.

Using this method you could sign smartphonenotes with your own privalged certificate and run it on a different network, except of course the hole was closed several months ago...

[Guest nickcornaglia]

Wouldn't it be nice on 2003 for the PROMPT method to always be available for situations like this...even if there was a disclaimer:

You have chosen to install a program not certified by your Network Provider. The program could damage your phone, cause unwanted phone calls, and therefor voiding your warranty. By choosing OK you understand these ramifications and deem the Network provider NOT responsible for and physical or financial problems incurred.

[ OK ] [Cancel]