I've been trying to find out how Symbian 9 will affect freeware and open source developers. There's the new security model in Symbian 9 that seems to require certificates for native Symbian (SIS) applications, if they're distributed to consumers. There's also a developer certificate, but it doesn't seem to allow installing into many devices (based on IMEI codes).
There's a document on the Symbian Signed web site ( https://www.symbiansigned.com/Developer_Certificate_Request_Process_v1.1.pdf ) which I understand so that if developer wants to be distribute the application and for example access multimedia, file system and network connection APIs, one needs to get a sertificate worth of at least US$350.
I must get this wrong somehow?! This would mean Symbian 9 would basically kill the freeeware and open source scene, or would it not? Applications like FExplorer won't work, if you they can't access for example the file system and other system level APIs. And I don't know if even developers of most shareware apps (worth of US$2-10 or something like that) can afford getting these certificates from VeriSign for each SIS package they want to distribute.
I've also understood there would be some separate certificate system for open source applications, supported for example by Nokia. So basically, you could still distribute fully working Symbian applications, if you distribute then as open source and get them verified as high quality applications.
I'd appreciate if someone has insight how Symbian 9 will affect freeware developers.
The first Symbian 9 phones will be for example Nokia Eseries / N71 / N80 / N91 and Sony Ericsson P990.
Tero
Edit: typos
Alright, I hadn't made my homework. I just found all the discussion and news about Symbian Signed Freeware Route to Market:
http://www.allaboutsymbian.com/news/item/Symbian_announces_multiple.php
https://www.symbiansigned.com/app/page/freewareFaq
So I guess this means freeware and open source scene will be ok, if the freeware and open source certificate will allow accessing for example file system, multimedia and network APIs?
Tero
Yes thats right.
Essentially what signing does is allow you to be approved by the security model. The security model restricts the more security sensitive APIs. Not every application will necessary access these, though clearly many will.
To get signed you have to either:
a) Get a Verisign Certificate ($350 - companies only) and then get each sis file signed (cost ~ $100).
b) Get a publisher certifier to do the whole lot (Handango / OpenBit etc.) (cost ~$200 per sis file). Disadvantage of this it will be the publisher / certifer name on the certoficate (and hence shown at the install stage).
You DO NOT have to be signed if you are not accessing the restrictive APIs, though if you are a commerical developer it makes sense to do so since operators / ESD portals will start to accept only Symbian signed applications.
Freeware/Opensource can go the Freeware Route to Market which is effectively option b above via Cellmania which is being sponsored by Nokia, Sony Ericsson and Symbian.
Symbian Signed really only does on job - it identifies who the application author is and imposes some (limited) standards. It does not certify that an application is a good one.
As ebo mentioned there's a lot more information at http://www.symbiansigned.com
Rafe wrote:Freeware/Opensource can go the Freeware Route to Market which is effectively option b above via Cellmania which is being sponsored by Nokia, Sony Ericsson and Symbian.
And just to be sure, does this certificate give the application access to all open APIs, such as multimedia (camera etc), network (Bluetooth and UMTS/GPRS) and file system (phone memory and memory cards) features?
On Symbian Signed web site I found a table that listed different capabilities depending on whether or not the application has just ACS Publisher ID, or "Phone Manufacturer Approval" too.
Tero
Ah thats right some things are further restricted and can not be access without manufacturer approval (I'm not sure how this happens). Its my understanding that these are the particularly sensitive system capabilities (e.g. handling of DRM implementations, thought not accessing DRM files). I've been told the number of existing applications falling into this category is less than 1%.
However I believe in most instances developers will be able to use alternative 'safer' mechanisms / calls.
Note there's also something called Dev Certificates which help / facillitate the development process - https://www.symbiansigned.com/app/page/devcertgeneral
The manufacturer signed apps will only be the built-in apps, or apps released by the manufacturer. Manufacturer signing will not be done for any, so called, 3rd party apps.