Writing Mobile Code Essential Software Engineering for Building Mobile Applications [Electronic resources]

Ivo Salmre

نسخه متنی -صفحه : 159/ 116
نمايش فراداده

Does Your Mobile Application Need to Be Signed?

Mobile devices can be placed into three categories:

Fixed-purpose devices These are devices that ship with all the software on them that they are going to allow their users to access. There is no facility for adding additional software after device deployment. The original mobile phones of not too many years ago were such systems. Today the main reason for having a fixed-purpose device is to guarantee reliability and security. A closed system can be tested exhaustively. The only way to get your software onto a fixed-purpose system is to have it included in the device's ROM image either when the device is first manufactured or when its ROM is flash upgraded. Most interesting mobile device platforms today are not fixed-purpose systems.

Open devices These are devices that have no restrictions on what software can be installed on them. The user is free to place any software they want on the device and does not need permission from anyone to do so. Most PDA/Pocket PC types of devices are open systems, and some smart phone devices are open systems.

Restricted-extensibility devices These are devices that allow only approved applications to be installed on them. Any application that wants to run on a restricted-access device needs the consent of the third party that controls access to the device. In the case of mobile phones, this is typically the mobile network operator that issued the device. Applications deployed to restricted-access devices must be cryptographically signed before deployment.Appendix A).

Why Do Some Device Issuers Require Applications to Be Signed?

Mobile network operators are the main distributors of mobile devices that require application signatures to install and run new software. This is primarily done for one of three reasons:

To control the business model for applications running on devices they have issued Mobile network operators often subsidize the costs of the phones they issue users. Because of this, they need a model to recoup their handset subsidies. Some mobile network operators want to ensure that they receive a share of mobile application revenue for applications running on their devices. Some mobile network operators want to ensure that only applications that they deem useful to their business are deployed on their devices. Some mobile network operators may want to ensure the quality and content of applications deployed to their devices.

To control support costs for devices they have issued A mobile network operator that offers a large number of phones to their users is going to worry about support costs. Any time users have a handset problem and call their mobile network operator, the provider incurs support costs. This is particularly problematic if a mobile application on a device aberrantly or maliciously causes unauthorized network usage or prevents use of the mobile phone for normal operations. A mobile network operator may want to ensure that only an approved set of high-quality and supported applications can be run on devices they offer to large numbers of users.

To safeguard their networks Mobile network operators worry about aberrant or malicious applications running on their devices causing disruptions to their valuable communications networks. Their niare scenario is a virus spreading to mass numbers of mobile phones and initiating a denial-of-service attack onto the mobile network that prevents the network from being commercially used.