I know two reasons: Because you did not want to check the set of capabilities your application actually needs you selected all 13 that you can get through Express Signed. AND you have a DLL which you load to a system process so your applications needs All-TCB (all except TCB capability).

But which are the true reasons? Which are the APIs/features that you use and require PowerMgmt and/or TrustedUI?

There are two major problems with Java ME and application signing:

1. Why does my application not install after I have signed it?

2. How do I get rid of the pop-ups in my application?

The first one I answered through Java Verified some time ago, with a presentation highlighting the problems encountered with Java ME applications not installing after they have gone through Java Verified. See here, through the front page of Java Verified, if you want to read the presentation. Same presentation can also be accessed through the recourses and dowloads section of the site when I'm taken off from the main page.

The second, about the pop ups, is also quite straight forward thing to answer. Maybe I will do an other presentation and place it to Java Verified as well at some point. But in the mean while this blog will have to do. Unfortunately a short story becomes quite long when you dig into details, here I feel it is necessary to go a bit deeper.

In Java ME there are four domains in which the application can belong to. The number and the nature of pop-ups which the application presents depends on the domain and how the domain has been configured in the device. The access to different domain depends on if the application is signed or not and if signed, who signed it. Complicated? Not really.

Four domains:

1. Manufacturer domain - for manufacturer signed applications - no pop ups.

2. Operator domain - for operator signed applications - no pop ups.

3. Identified 3rd party protection domain (same as Trusted Third Party domain) - for Java Verified signed + Thawte and VeriSign code signing certificate signed applications - pop ups (same amount, no difference between Java Verified or Thawte or VeriSign)

4. Unindentified 3rd party protection domain (same as untrusted third party domain) - when the application is not signed - pop ups.

General rule is that Nokia signs only applications which Nokia owns and is liable of. In many cases same applies to Operators as well. For getting your application signed by Java Verified, there is a clear set of requirements which can be found from the Java Verified web site. Same applies to the code signing certificates from Thawte and VeriSign, information can be found from their web sites. For leaving the application unsigned is your choice.

The main difference between the three is that Java Verified is a testing and signing process after which your application is signed. Thawte and VeriSign offer certificates which can be used to sign content and the creator of the content has to test the applications by them selves. I see two big benefits to using Java Verified. First is that if you are not 100% of your own internal QA (Quality Assurance) process', then Java Verified offers impartial testing. The other is that the signature is valid for ten years. The signature with the code signing certificates is only valid as long as the signing certificate is. Which means maximum of three years.

Just to take on example about the code signing certificates, if you buy a two year code signing certificate and sign something six months after you have received the certificate, the signature is valid for a year and a half. If you sign something 20 months after you received the certificate the signature is valid for four months. This is important to understand especially if you sell something. Since after the application's signature grows old, the application will not install. Most likely you will not get that problem with Java Verified signing your applications?

Then the pop ups. Generally you should get less pop up with signed applications. Like according to the MIDP 2 specification, unsigned applications ask for permission to make a HTTP connection every time it is established while running the application. Applications signed to the Identified Third Party domain only ask it once while running the application.

There are also application settings which are different between the two. In S60 devices when going to the App. manager and opening a Java ME application reveals a list of settings which can be made. A signed application can have "Allways allowed" status for a certain features.

The settings which can be made are determined by the settings of the device. If you work with nonoperator variant devices, then settings generally follow the specifications. With operator variants there may be differencies. Our Wiki tells more. Please have a look.

The time of Java One.

This year I feel things are bit different than in the past. Java Verified has released a new version of the criteria which cuts down the cost of getting an application title signed by 50%. That is out there and has been for a little while.

But that is not all. There are new services coming out. I will be talking about them and Java application signing in a BOF at Java One (BOF-3990, Signing Java™ Platform, Micro Edition Applications and the Renewed Java Verified Program). Its Tue the second of June, 20:30.

Then we have a mobile Jam session at Java One. First you can try to stump the experts in a quiz and win some tee's. Following we'll have an unpanel session and some pitstops allowing you, our dear developers, to get your voice herd and get the discussion started.

I'll see you there!

I was told that it is fashionable to use the abbreviation UX in stead of UE. Fashionable or not, I'm now referring to User Experience and using the abbreviation UE. 

What does that mean to you?

For me personally, as an end user, it means that I do not need to read a manual or help to use an application on my mobile. So "intuitive to use" comes to mind. Also "for my device" is an other phrase to use. It might be interesting to use an application intended for a touch screen device on a device without a touch screen. Or vice versa.

I've herd the term WOW also related to user experience. "WOW this looks cool!" I seldom get that. Maybe its my basic engineering character to get more exited on features than the looks. Well, the Nokia E71 did get me all exited and provided me with a WOW to the power of 10...

User Experience for me is also "working as expected". I don't want the application or my device (the E71) to crash or freeze. I want to use the features which the application is supposed to have, no more no less.

The last thing is naturally the usage security. No malicious features, my data is safe. That is partially related to the number of features.

Are you with me? Do you as application developers see something differently?

We had an event in Barcelona. You might have seen the "Forum Nokia goes Barcelona" banners.

In the event there was a slot reserved for me and Lucian to talk about application quality under a title: Quality Afternoon. I'm happy to say that the audience was very active and we got some good discussion going. The problem was that we were not able to distribute the material in a centralised way, 080527 Quality Afternoon.pdf. 

I'm sad to say that I try to create slides which are for presenting and not for reading, but I hope you can grasp the idea.

The webinar about the latest on Symbian Signed "Symbian Signed and its new services" has been made available via the Forum Nokia webinar page.

I hope it will clear out open questions.

I herd from Symbian that there were challenges in getting the applications to run on the 208 x 208 resolution, so we added one to Remote Device Access (www.forum.nokia.com/rda) to allow testing on that device. Naturally the target is to have all screen resolutions available, but at the same time offer new goodies. Now we have SIMs in place and WLAN in devices which support it. You can even fool around with a GPS emulator if you will. 

What else can we do to support you with RDA?

Have you noticed? The Open Signed Online service is available as a beta! You can find it from "My Symbian Signed" section when you have logged in.

I'm talking about a simple way to get your application signed for one IMEI and the 13 capabilities for testing purposes. Might be worth checking out. "The Complete Guide to Symbian Signed" gives you the full story about how and what for bedtime reading. Definetly worth checking out.

Open C, Posix libraries, P.I.P.S, etc. so names for easily porting stuff from an other environment to S60. Cool idea, has anyone used it? What did you think, usefull, mindblowing technology?

I got an internal action item to tell what do you have to consider when submitting an Open C application to Symbian Signed. Well, nothing much. Just do the same as with any application: confirm that when the end user takes the application the application will work as expected in the device.

So at the submission confirm that you submit everything there is to need to run the application on a device. 

I trust that you are all aware of the changes in Symbian Signed?

Symbian has created a good document related to the new services which I recommend you go through to get familiar on what has happened. You can get it from the front page of the Symbian Signed web site. I did also a webinar related to this and there should the webinar held a week or so ago also coming to Forum Nokia.

I trust you have all seen and herd about the changes coming to Symbian Signed? No need to wait, at least some of them are available now. Please the see Symbian Signed web site.

You can find some information about the renewed stuff at Symbian Developer Network and the webinar I held some time back, for further reference.

Some discussion rose in a meeting where I was at. Now it is time to ask you, my dear readers, two questions:

Which test tools do you use in your application development?

Do you automate the testing process or is testing done manually? 

Have you noticed? One of the N95s and one N95 8GB version have a special firmware in them which includes the Web run-time for Widgets. This would be ideal beta testing opportunity. 

Example video of how to install your Widget and play around with RDA is in MOSH. 

There are also few SIMs added to help with GPRS connectivity... More to come.