How Nokia can takes away your freedom
Here is another one on how Nokia incapacitates the customers.J2ME and the security context
Excerpt from an eMail which I sent to Nokia (this is in German):
Aus der Hilfe im Telefon:
Programm-Manager / Java-Sicherheitseinstellungen "Wählen Sie Menü > Installat. > Programm-Manager. Um die Sicherheintseinstellungen für ein Java-Programm festzulegen, wählen Sie Optionen > Einstellungen" Jetzt die Frage dazu: Wo genau finde ich das?
Explained in English what the above is about:
Programm-Manager / Java-Sicherheitseinstellungen "Wählen Sie Menü > Installat. > Programm-Manager. Um die Sicherheintseinstellungen für ein Java-Programm festzulegen, wählen Sie Optionen > Einstellungen" Jetzt die Frage dazu: Wo genau finde ich das?
The phone's help file says, I can set the security settings. How do I do this as I cannot find this.
The Answer I got is as follows (German, again):
Die Anwendungen von Java sind mit dem NOKIA E51 Mobiltelefon kompatibel, bzw. können Sie solche auf Ihrem Telefon installieren. Bezüglich Zugriffsrechte der J2ME-Anwendungen können wir keine Aussagen treffen, da dies direkt auf die Eigenschaften des Programms zurückzuführen ist.
Here is explained in English what they said:
The access rights of the application are controlled by the application alone.
So what?
Is this now a direct downfall into the 80's with the C64 or is Nokia simply not getting what they are telling there? It simply can't be true that Nokia is taking away all the achievements with Java in the security area by handing over all responsibility of security to the programmer again! This is why I contacted SUN and posted following text:
Hello,
this is a legal question and a complaint about how Nokia implements J2ME.
I have a Nokia Phone E51. This comes with J2ME (dunno the version). However Nokia changed J2ME such, that I have no control whatsoever over the security settings of J2ME.
I always thought a central and critical part of Java is the security concept, to enable the user to control the application running under security control.
However Nokia completely reversed this. The only one who controls the settings of a J2ME application is the install certificate (and thus the developer of the application) which comes with the J2ME application. I cannot change this by any means.
For example, if I install a J2ME chat program and this program wants full access to the phone, and it gets this rights in the certificate, I cannot restrict the chat application to only use the Internet connection and not to access my contact list. So the chat can freely upload any personal data to the Internet. And the "best" thing:
I cannot even see which rights the installed application has!
Normally one should be able to control the security settings of a J2ME applications, to restrict what it can do, such that you can even run applications you do not trust fully. But Nokia removed this possibility from the phone and replaced it with some questionable signature process (see symbiansigned.com).
I asked Nokia, but apparently they do not understand the issue. But I think, SUN will understand it, as I think this is a license issue between SUN and Nokia.
Is any licensed party allowed to take away critical parts from the J2ME infrastructure, like endangering Java users by not allowing them to restrict the application's security settings?
I am just puzzled. Perhaps this is not a bug but a feature, as in modern world is is a normal thing to take freedom away from your customers and perhaps SUN supports such an evil behavior nowadays.
However I doubt it. This is why I ask.
Any help is welcome. Thanks!
-Tino
I do not expect any answer, though. If I get any, I will present it here.
-Tino, 2008-05-02