Normally, I'll do some investigation before I buy something. And so I did with the N95. The reviews were good. Lots of features, with nice software. It is a smartphone, with a mature operating system, so you can install third-party software, freeware and commercial. Just like the PalmOS which I've used before. But what the reviews didn't say was the appalling security enforced by Symbian.
The good: Symbian security
Applications for Symbian must ask for permission to do "scary stuff" on the device. "Scary stuff" is just about everything that can harm you privacy, e.g. read you contacts, and/or costs money, e.g. sending a SMS. Before installation, the Symbian OS asks the user "Program X, made by Y, can do scary stuff Z. Are you sure you want to install this program?" That is a nice feature!
To prevent tampering and fraud, all software that wants to do "scary stuff" must be digitally signed, using certificates. These certificates are matched against a list of known and trusted (by Symbian) "certicate authorities"pre-installed on the device. Malware (viruses, worms, spyware, etc) cannot disguise itself as a friendly application from a well known publisher. That is a nice feature!
And that's where the good part ends.
The bad: you're not in charge
The problem is that Symbian, not you, is in full control of the list of certificate authorities on your device. That means that you can only install software (indirectly) approved by Symbian. And as a software developer, getting approval is a costly and time consuming procedure.
There's a lot of freeware for Symbian available, many of which is really great and useful. Quite a lot of it is even open source. But even if you fully trust this software, your own device tells you that you are not allowed to install it. And that is ridiculous.
Symbian Signed
Symbian has a "solution" for this: Symbian Open Signed. Whenever you want to install a unsigned piece of software on your device, you an upload it to their website. You also must enter the unique IMEI number of your phone, and your e-mail address. Then you must wait for a confirmation e-mail. By clicking a link in this link you confirm the order. Then, you have to wait for an e-mail that gives you a link where you can download the application you've uploaded. This is now signed, and you can install it. However, this signed version is linked to your mobile only - of course. And you must do this for every unsigned application you want to install. Always.
Another problem is that you can't assign enough rights to an application using Open Signed to do the "really scary stuff". For example: I want to remove unwanted crap from the stand-by-screen of my mobile, so there's more room available for the agenda widget. To do this, you'll have to edit a system file. But whatever you do, you can't sign an application with enough security rights to edit this system file.
J2ME
Unfortunatly, not only native Symbian applications are affected. J2ME applications also require signatures. The "good" thing is that the user still can allow the "scary stuff", even with unsigned apps. But for some stuff, the user must approve the same thing every time.
For example: I've written a viewer for my own photo album system in J2ME. Every time the software starts, the user must give permission for it to make contact to the internet. Every time.
So, in fact, my own phone does not trust my own software, nor can I tell it to trust my software.
Hacks
As with just about any operating system, Symbian has holes in its security. This allowed hackers to disable the draconian security measurements. Afterwards, you can install unsigned software, and you are allowed to do whatever you want (and can) on your own device. Hallelujah. Unfortunately, these hacks are not easy to install, and certainly can't be done remotely. So, all in all the platform is pretty safe, even with these hacks. But of course, Symbian plugs the holes. Often, you'll end up having to choose: use an older, bug-infested, but hackable firmware, or update to the newest firmware, with new features, better stability etc, but lose the ability to fully control your own device.
The ugly: explicitly locked out
Strange as it seems, I actually applaud the use of certificates and signed applications. Your desktop operating system, and the webbrowser you're using right now actually support more or less the same type of security. But the difference is that you can install extra certificates into your OS and webbrowser, but not in Symbian (that is: certificates for code signing) And that makes just about all the difference.
You see, the whole "digital signatures" and "certificates"-thing are an open standard. That's good. There's free software available to generate your own certificates, and sign applications with it. So, a developer X could generate a certificate and put it on his website. A user can then download and install this certificate on his mobile. By installing the certificate, the user actually tells his mobile that applications signed by developer X are to be trusted, and may do "scary stuff".
The user can also remove a certificate from his device, for example, the certificate of developer X. Thereby, he revokes his trust in developer X, and software signed by X cannot be installed anymore.
Tadaa! So, the user is in complete control of his devices, by installing or removing certificates! But the really stupid thing is: Symbian made it explicitly impossible to install code signing certificates.