Smartphones are rapidly becoming the indispensable tool for business, entertainment, and life. Nokia predicts that by 2008, the annual shipment of these devices will have grown to more than 250 million units.

The central role smartphones play in daily communication -- making calls, sending messages and e-mail, exchanging instant messages (IMs), and browsing the Web -- means that they need to be reliable. In addition, smartphones are being used increasingly by enterprises to deliver critical business information to today's mobile workforce, which means device and data security is vital.

The S60 platform has always provided reliability and security as core features. However, experience has taught many users that malware can easily disrupt the reliability of their PCs. To prevent similar problems on S60 devices, S60 3rd Edition is based on Symbian OS v9, which introduced major enhancements in device and application security.

Platform security builds strong security principles into the core of Symbian OS. Built on a Trusted Computing Base (TCB), platform security has two key features: data caging and capabilities.

Data caging offers each application installed on an S60 device its own private folder -- which the application alone can access -- allowing data to be stored securely. Capabilities define features that offer developers access to device functions and data that could be misused. To prevent misuse, an application needs to be trusted before it can use the APIs in certain capabilities.

More than 60 percent of the APIs within S60 3rd Edition are open to all applications. These APIs, such as those for creating a dialog box in the UI or for reading and writing application-specific data, offer developers the ability to create rich and appealing applications. However, these applications cannot access user data or certain device features.

Access to the remaining 40 percent of the platform's APIs has to be granted to an application. Access is granted three ways: by the user when the application is installed, through Symbian Signed, or after approval by a device or platform manufacturer. The capabilities to which a user can grant access allow applications to use features such as reading and writing user data in the contacts and calendar database, or accessing wide or local area connectivity. Symbian Signed applications automatically receive access to the user-granted capabilities. Additionally, Symbian Signed applications can be granted access to APIs for obtaining location information and using device data and control features. Finally, device manufacturers can grant access to capabilities such as access to multimedia or communication device drivers, which may be needed to accomplish very specific functions.

For most developers, Symbian Signed will provide them with access to all the APIs they need to create rich applications that interact with user data and key device control features.

Symbian Signed is gained by submitting an application to one of a number of approved test houses. The application is then subjected to a number of tests. In consultation with device managers and operators, Symbian Ltd. has defined these tests to ensure they address the mobile industry's requirements for trusted applications. Once the application has passed the tests, it is signed with a certificate trusted by the Symbian root certificate included on every S60 3rd Edition device.

While many applications will not need Symbian Signed to fulfill their users' requirements, Symbian Signed offers developers advantages that go beyond providing access to APIs within certain capabilities. Applications that are Symbian Signed are more likely to be installed and trialed by a user; applications will be accepted into a wider range of market channels -- including those that offer applications for sale through on-device portals; and much greater protection is offered to the developers' intellectual property.

Easier application installation
Symbian Signed applications offer device users a much simplified installation process. When an application is not Symbian Signed, the S60 application installer issues a warning message to the user stating, "Security Warning: Application is untrusted and may be harmful to your phone." Further, if the application makes use of the user-grantable capabilities, the user will receive an additional message stating, "Application Access: Allow the application to:" followed by a list of capabilities the application needs to access.

A user who heeds the security warning will not install the trial application and will never find out if it suits his or her needs. Therefore, a potential future sale of the application will be lost. The application access message may also discourage the user from installing an application. In addition, for users who trust the source of the application, the access message often results in support queries. These queries can be costly to address, and the response may not be sufficient to encourage the user to install and try the application.

By contrast, a Symbian Signed application issues neither of these warnings, thereby simplifying the installation process.


The elimination of the security and access messages makes it more likely that users will install an application. They will not need to ask what the application may be doing with their data or wide area or local connectivity. As a result, S60 device users are much more likely to purchase applications that are Symbian Signed.

Greater channel acceptance
Application sales through manufacturer or operator channels offer developers significant opportunities. Device users who trust their device manufacturer and their operator also tend to trust the applications available through these channels. In addition, through their marketing efforts, device manufacturers and operators raise user awareness of these channels as a convenient way to find, try, and buy applications and content.

Most device and operator channels insist that an application be Symbian Signed before they will add it to their catalogs. Besides simplifying the installation process, Symbian Signed reassures device manufacturers and operators about the quality of the application and the identity of the application developer. Another advantage for device manufacturers and operators is that, when they choose Symbian Signed applications, they will not have to field support calls about the installation of the application or device problems caused by the operation of the application.

Application integrity
Once an application is packaged into an installation file and Symbian Signed, it is protected and cannot be tampered with. This offers two benefits: Users installing the application can be confident that they are installing the original software, and developers gain extra protection for their intellectual property rights.

Symbian Signed application installation packages are tamperproof because any change to the package's content breaks the digital signature. Once the signature is broken, the installation package will no longer install on an S60 device. This is achieved by the use of a protected UID.

Every Symbian application is identified by a UID. UIDs are supplied in two ranges -- one for applications that are signed with a self-signing certificate (created with a utility in the S60 SDK), and another for Symbian Signed applications.

The S60 application installer will only allow an application with a UID in the protected range to be installed if the digital signature provided by Symbian Signed is present. If the UID is from the protected range but no trusted Symbian signature is present, any S60 device will refuse to install the application and let the device user know this is why the installation has failed.


An additional benefit of the protected UID is that it prevents attempts to spoof a Symbian Signed application's UID. This is because the unique use of a protected UID is validated as part of the certification procedures.

There is one final element to Symbian Signed protection. If an application uses capabilities that require Symbian Signed, any attempt to alter the application is entirely useless. This is because such applications can only be installed if they are Symbian Signed.

Once an application is Symbian Signed, users are assured that what they are installing is the software as it was originally developed, not an altered version. For the developer, Symbian Signed provides protection against attempts to circumvent the application licensing mechanism, thus protecting their investment and intellectual property rights.

Case study
Mobile developers are realizing the benefits that gaining Symbian Signed offers, and none more so than mBounce Ltd. The company, based in Hong Kong, has more than 70 Symbian Signed applications and games for S60 3rd Edition, in addition to some 40 Symbian Signed products for S60 2nd Edition.

"We made a decision very early to gain Symbian Signed for all our S60 3rd Edition applications," says Richard Cheung, CEO of mBounce. "We had two strong motivators for taking this decision -- the added security Symbian Signed provided to our intellectual property rights and the increased market opportunities Symbian Signed would provide."

Because Symbian Signed application packages are tamperproof, third parties cannot create illegal copies of mBounce's applications.

"We often spend months developing an S60 application or game," says Cheung. "That is a huge investment. The last thing we need is to see illegal copies appearing on the Web. This has happened with some of our earlier applications, when we released them without Symbian Signed. Since we decided to certify all our S60 3rd Edition applications, we have not seen any illegal copies."

When it comes to business opportunities, Symbian Signed has helped increase mBounce's profile with operators. "Gaining Symbian Signed for an application requires us to meet certain quality standards," says Cheung. "This shows potential distributors and resellers of our products, such as operators, that we are a serious company, with a solid business, committed to delivering the best applications and games."

mBounce's business model is to work with operators and device manufacturers; it does not sell applications directly to consumers.

"We have seen much more interest from our operator customers in Symbian applications and games since the introduction of S60 3rd Edition," says Cheung. "They are realizing that Symbian Signed applications provide them with the security they need to profitably distribute Symbian products to their customers. As a result, we are seeing a lot more interest in our products."

The increased operator interest in Symbian applications has made mBounce's decision to have its portfolio of S60 3rd Edition applications Symbian Signed very timely. In addition, it has proved to be a real door opener. "It is getting much harder to sell Java™ games because there is so much competition in that market, so gaining an operator's interest in a new Java game has become very hard," says Cheung. "As operators are now looking for Symbian content, our early decision to use Symbian Signing is opening up these channels to us and making it a lot easier for us to get an operator's attention."

Early adoption of Symbian Signed for its S60 3rd Edition portfolio has been an important part of mBounce's strategy. It has positioned the company well to reap the benefits of the rapidly expanding market for S60 applications and games.

"The market for mobile applications and games is becoming more competitive," says Cheung. "Symbian Signed has offered us a significant way to differentiate mBounce from other developers and has given us a strong lead in the market."