Symbian Signed is a combination of design,
testing, certification and digital signatures that are
applied to files that contain installable Symbian
applications (called SIS files).
Symbian Signed is run by Symbian, and is endorsed and supported by network operators and Symbian OS licensees. The program aims to:
Establish traceability of applications; the producer of any installation SIS file can always be determined.
Provide verifiability of SIS files; a signed SIS file can't be tampered with or altered without breaking the signature.
Provide a measure of quality assurance for signed applications; before signing, an application must pass a set of standard, stringent test criteria.
Traceability
Any software developer who produces Symbian Signed applications needs an ACS Publisher Id. This is a digital certificate issued by Verisign, who also issue certificates used for many other tasks, including securing commercial transactions on the Internet. Verisign carry out authentication and verification to check that the applicant is really who they claim to be, and then issue the Publisher Id certificate. This is a file containing the developer's own, unique digital signature, and it must be carefully guarded.
When a software developer submits a SIS file for signing, it is first signed using the ACS Publisher Id. This marks the SIS file as having been produced by that developer. Thus:
Only that developer can produce SIS files with their signature.
No-one else can masquerade as that developer and produce counterfeit SIS files.
It's therefore always possible to establish who produced any SIS file; if an application misbehaves or attempts any malicious action, the developer can be identified. This is very different to the situation with PC software downloaded from the WorldWide Web, where it may be impossible to establish the actual source.
Quality Assurance
Once the developer has signed their SIS file, it's submitted (via the Symbian Signed website) to an accredited Symbian Signed test house. The test house charges the developer for each SIS file tested; the cost is several hundred Euros, so it's important that the application is completely ready and well-tested before submission. Software development companies can also apply to become self-certifier; passing a set of accreditation tests means that they can test and sign their own SIS files. Becoming a self-signing organisation is not a trivial undertaking, since Symbian need to establish trust in the organisation's processes and testing capabilities.
The tests are aimed at assuring correct behaviour of the application, especially with regard to how it interacts with the phone and other installed software. The testing doesn't address issues such as appearance, translation into different languages. In brief, the tests cover:
Correct installation and uninstallation; the application doesn't install files where it shouldn't, and when removed, all files are cleaned up.
Reasonable operation; the application starts up and runs in a reasonable amount of time, behaves properly if the phone runs low on memory, doesn't create files where it shouldn't, doesn't interfere with other applications or the phone software.
The application warns the user before carrying out any operation that might incur a charge (making a call or accessing the network).
Thus an application that passes Symbian Signed testing can be trusted (to a degree) by anyone who installs it. Again, this is very different to the PC world, where there is no central organization that imposes a standard of testing for software. Symbian Signed is run by Symbian, and is endorsed and supported by network operators and Symbian OS licensees.
Verifiability
Once the application has passed testing, the SIS file is counter-signed, by Symbian, using a special Publisher ID certificate. This certificate can be verified by the software installed on any Symbian phone. The final, doubly-signed SIS file is sent back to the software developer who can then make it available for installation.
A SIS file, once signed, can't be tampered with or altered without “breaking” the digital signature. This ensures that the SIS file that undergoes Symbian Signed testing is the one supplied by the developer, and that the final SIS file is the one that passed testing. There is no way for a third party to intercept and modify the file.
Capabilities
From version 9 onwards, the Symbian operating system controls what operations an application may perform on the phone. This is done by software capabilities. A capability is, essentially, permission to perform a certain set of operations. The application's installation SIS file contains full details of which capabilities the application needs, and the testing process checks the code to make sure that there is no way the application can perform any operations for which it hasn't requested the capability.
Some of the capabilities, typically those operations that potentially allow an application to cause damage, incur charges or violate privacy, are reserved by the handset manufacturers. Software developers who need to give their application any of these capabilities must specifically request them from the manufacturer and explain why they're needed. Only with manufacturer approval can these reserved capabilities be added to a SIS file.
Once a SIS file is signed, there is no way for any extra capabilities to be added. Therefore both the handset manufacturer and SIS file purchaser can be assured that the application is constrained on what it can do; that it won't be able to violate the set of capabilities allowed to it. This is in complete contrast to PC software, where any installed application can perform more-or-less any operation and have access to any data.
From version 9 of the Symbian OS (Series 60 version 3 and above, UIQ version 3 and above), SIS files that require capabilities must be signed, or they can't be installed. An application with no capabilities can only perform very limited operations.
Conclusion
The Symbian Signed process provides developers with the assurance that their applications can be delivered to customers without interference or tampering. It assures handset manufacturers and operators that new software installed on their products won't negatively affect their performance. It gives end-users a degree of quality assurance; that signed applications have been checked and tested and come from a verifiable source.
Starting with the current set of Series 60 and UIQ products, most handsets will no longer install unsigned applications that require any capabilities. Since all software developed will now have to go through the Symbian Signed process, the benefits of traceability, verifiability and quality assurance will become the standard throughout the world of mobile phone applications.
About EMCC Software
EMCC Software is a leading provider of mobile solutions and development services. With comprehensive experience in open mobile OS development and enterprise solutions, EMCC Software has been working within the Symbian, Linux, Java and Windows Mobile communities since 1998. Our wide-ranging expertise includes platform development, communications, messaging and UI creation. Our clients include mobile industry leaders. EMCC Software specialises in consulting, development and training services and has developed a portfolio of leading-edge smartphone software solutions.
Further information about EMCC Software Ltd can be found at www.emccsoft.com.
