I guess this question would apply to all Symbian versions, but I'm asking it here since I own an N8 (previous list - N82 N73 N91 6630 7250i).
Much has been made about Android asking for app permissions when installing them.
On Symbian, I only saw this feature for Java apps, never for native apps. (It was inexplicably missing on 3rd Edition, but is present again on S^3).
So how come when you install a native SIS/SISX app, you just get a notification informing you about what all the app can access - with no control over what it can or cannot do?
What's to prevent someone from writing an app that monitors your incoming SMSes or uses GPS to find your location without asking you, i.e. for an app that does not otherwise require or advertise using these features?
I thought that when I installed a few things (mainly to do with facebook etc) you should be able to deny the app certain things if you want. I hate the "all or nothing" approach.
You have that level of control for Java apps.
Symbian app permissions are determined by the certificate used to sign it - I think Nokia/Symbian control the process and you have to pay more to unlock more features.
At least that's how it used to be, for companies that sell software for Symbian.
Not sure how it would work if you're an independent developer though..
rexdude wrote:You have that level of control for Java apps.
Symbian app permissions are determined by the certificate used to sign it - I think Nokia/Symbian control the process and you have to pay more to unlock more features.
At least that's how it used to be, for companies that sell software for Symbian.
Not sure how it would work if you're an independent developer though..
Not quite like that. Unauthenticated self-signing can be used for most of the privileges (capabilities). For capabilities deemed "unsafe", you need to be authenticated, and then self-signing is not enough and that's when it costs something (to get a developer certificate that authenticates the developer, and then a bit for each signing via Symbian Signed).
If you wish to distribute the app through Nokia's Ovi Store, you can request Nokia to absorb the signing costs (and they will, but that signed item will then be valid only for distribution through Ovi Store; if you wish to use other sales channels, too, then you need to use Symbian Signed, if self-signed is not enough for those other channels).
N/A wrote:Not quite like that. Unauthenticated self-signing can be used for most of the privileges (capabilities). For capabilities deemed "unsafe", you need to be authenticated, and then self-signing is not enough and that's when it costs something (to get a developer certificate that authenticates the developer, and then a bit for each signing via Symbian Signed)
So how do they authenticate you? I hope it's not like the farce the whole SSL certificate system has become where anyone can buy any certificate from Verisign and others and use it, whether they be spammers or hackers or otherwise.
rexdude wrote:So how do they authenticate you? I hope it's not like the farce the whole SSL certificate system has become where anyone can buy any certificate from Verisign and others and use it, whether they be spammers or hackers or otherwise.
http://developer.symbian.org/wiki/Apps:Publisher_ID_%28Symbian_Signed%29#Purchase_your_Publisher_ID_certificate