Who am I?
Thoughts on new mobile technologies and development areas.
P.S.
Use Nokia barcode reader to read the code ;-)
Calendar
Recently...
- Feel the power of USB OTG on Nokia Internet Tablets (and other mobile platforms)
- Thoughts on local connectivity, Nokia Internet Tablets and S60
- Java Runtime 2.0 for S60 in beta, improves usability and performance
- Widgets: One more step to simplicity...
- Java ME Platform SDK 3.0 (final) is out
- Java Runtime for S60 with Mobile Sensor API support, finally!
- DOS and Windows on S60... the true story!
- Location-aware browsing on mobiles
- NetBeans 6.5, Java ME inside
- S60 5th Edition: widgets and security
Categories
- Browsing [6]
- Business Opportunities/Services [6]
- CDMA [0]
- Connectivity [5]
- Enterprise [0]
- Entertainment [1]
- Event [1]
- Flash [0]
- Games [0]
- General [17]
- Java [12]
- Location Based Services [3]
- Messaging [1]
- Open C [1]
- Python [0]
- S60 [18]
- Series 40 [5]
- Series 80 [0]
- Symbian C++ [0]
- Testing [6]
- maemo [5]
- WRT widgets [3]
Jacek Wojciechowski's Forum Nokia Blog
S60 5th Edition: widgets and security
jack44 | 18 November, 2008 19:37
When I first heard about S60 Platform Services enabled widgets I started to ask myself about security. The first thought was, "I'll have to sign new widgets with something similar to Java Verified or Symbian Signed". Such solution wouldn't be great for many reasons (killing great ideas for widgets, web developers coming from desktop environment wouldn't like it too, signing costs, etc.). Therefore there's no "widget signing" at all. But, is it safe for the end-user?
The first thing to note is that S60 widgets access the network through the Web Browser for S60. In this respect, widgets are as safe as running web pages in the browser. WRT widgets also implement a sandbox security model (it makes me think of Java ME here), and they only have limited access to the S60 Platform Services. Widgets are always considered untrusted by the device. This means that access to platform services (such as user data, location) is controlled and that mobile device users must grant permission before a widget can access network services.
From developer's point of view, WRT 1.1 utilizes a common component called Runtime Security Manager to enable access control to platform services - it registers a widget when it is installed; when running, the security manager performs runtime access control to platform services (prompts the user) according to the access policy; finally, it unregisters a widget when it is uninstalled. Access policy is defined by a set of capabilities (ReadUserData, WriteUserData, Location, NetworkServices) that are allowed automatically or granted to the user via prompts, and by duration of access (one time or session based).
It's a pity that access policy for WRT 1.1 is not customizable by the widget developer (OK, I agree here!) or the user (Why not? Because of security policies! Thus, S60 5th edition Application Manager doesn't show 'Suite settings' for widgets).
BTW, I know that it will not happen, but... wouldn't it be great to have all this goods based on WRT 1.1 running also on S60 3rd FP2 devices (via firmware upgrade)?
Browsing, S60, WRT widgets |
Permalink |
Comments (3) |
Trackbacks (0)
