Chapter 14. Security Models

The organization cannot trust the individual; the individual must trust the organization.

Ray Kroc

The Symbian platform supports the development of native (C and C++) code by third parties, such as network operators and independent software vendors. Such code may be packaged up in an installation file called a SIS file, and then installed on the phone by the end user.

Before the introduction of platform security, the code could call any of the APIs exposed by the operating system, even those not explicitly published in the SDK.[217] So the user had to trust an application completely if they installed it. Anything they installed could potentially spend their money (by making premium-rate phone calls, for example), access personally or commercially sensitive data (calendar information and email messages may be commercially sensitive or simply personally private), or affect the behavior of other applications (for example, by changing system settings).

'Platform security' is the collective name for a group of technologies in the Symbian platform whose primary function is to control application access to data and system services. Platform security gives the user more control by allowing them to install applications which they trust in a limited way: the user can install an application and be confident that it only does the things it claims it needs to do. For example, a simple game may be refused network access or access to a user's personal data.

We can distinguish ...

Get Porting to the Symbian Platform: Open Mobile Development in C/C++ now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.