Hacker News new | ask | show | jobs
by JetSpiegel 4251 days ago
This is a lie, I have a Nokia with the S40 OS and Java apps can't just do anything they want, particularly sensitive thing like accessing contacts and making internet connections.

In fact, if your app isn't signed by Nokia, you can't let an app make a request without nagging you for permission. This totally kills homebrew.
1 comments
DannyBee 4251 days ago
This was the "pretty much" part. But even that permission model is really really simple.

MIDP 2.0 had permission domains. In practice, the permission domains were basically "want this app to let you do anything on your phone Y/N?" for a lot of phones.

In the specific case of S40, Nokia's security policy came into play in 6th edition feature pack 1, or so Nokia claims.

For fun, look at the deviations different carriers (and editions) have at http://developer.nokia.com/community/wiki/Java_Security_Doma...

link
ptx 4251 days ago
The permission domains govern what the defaults are and what permissions you are able to request, but the permissions themselves are more finegrained. And none of them defaulted to "allow" – see table linked from the page you linked to: http://developer.nokia.com/community/wiki/MIDP_2.0_API_acces...

"Trusted 3rd party domain" is everyone who gave heaps of money to Verisign. They get no permissions by default, but they can request, for example, network access and the user can then grant it once, per-session or always.

"Untrusted 3rd party domain" is the rest of us, and basically any app I ever installed, in which case the user is prevented from selecting "always allow" for network access and is prompted once per session, which was highly annoying.

So if anything, it was too secure! Sun sank their own standard by requiring expensive certificates for normal functionality. If they had used self-signed certificates they way Android does (checking on upgrade that it's the same certificate) it would have been great.

"Operator protection domain" and "Manufacturer protection domain" mighty work differently, but that's no different from the stuff that comes pre-installed on Android phones having access to everything without asking.

link