Jump to the content

On this page:

My biggest gripe with Symbian OS is the unpleasing security system, which denies you control over your own device.

Page navigation:

Tools


What's the matter?

At the moment (July 2009), I've about 1.5 years experience with my Nokia N95, using the Symbian S60 v3 OS for smartphones. The N95 is my first Symbian device. And it will probably my last. Why? Because even after I paid a handsome amount of money for my mobile phone, the manufacturer (Nokia / Symbian foundation) limits the control I have over my own phone.

I'm by no means a security expert, nor am I an expert on Symbian OS. But here's what I think I know, and why this is probably my last Symbian device:

Symbian Certificate Hell

Normally, I'll do some investigation before I buy something. And so I did with the N95. The reviews were good. Lots of features, with nice software. It is a smartphone, with a mature operating system, so you can install third-party software, freeware and commercial. Just like the PalmOS which I've used before. But what the reviews didn't say was the appalling security enforced by Symbian.

The good: Symbian security

Applications for Symbian must ask for permission to do "scary stuff" on the device. "Scary stuff" is just about everything that can harm you privacy, e.g. read you contacts, and/or costs money, e.g. sending a SMS. Before installation, the Symbian OS asks the user "Program X, made by Y, can do scary stuff Z. Are you sure you want to install this program?" That is a nice feature!

To prevent tampering and fraud, all software that wants to do "scary stuff" must be digitally signed, using certificates. These certificates are matched against a list of known and trusted (by Symbian) "certicate authorities"pre-installed on the device. Malware (viruses, worms, spyware, etc) cannot disguise itself as a friendly application from a well known publisher. That is a nice feature!

And that's where the good part ends.

The bad: you're not in charge

The problem is that Symbian, not you, is in full control of the list of certificate authorities on your device. That means that you can only install software (indirectly) approved by Symbian. And as a software developer, getting approval is a costly and time consuming procedure.

There's a lot of freeware for Symbian available, many of which is really great and useful. Quite a lot of it is even open source. But even if you fully trust this software, your own device tells you that you are not allowed to install it. And that is ridiculous.

Symbian Signed

Symbian has a "solution" for this: Symbian Open Signed. Whenever you want to install a unsigned piece of software on your device, you an upload it to their website. You also must enter the unique IMEI number of your phone, and your e-mail address. Then you must wait for a confirmation e-mail. By clicking a link in this link you confirm the order. Then, you have to wait for an e-mail that gives you a link where you can download the application you've uploaded. This is now signed, and you can install it. However, this signed version is linked to your mobile only - of course. And you must do this for every unsigned application you want to install. Always.

Another problem is that you can't assign enough rights to an application using Open Signed to do the "really scary stuff". For example: I want to remove unwanted crap from the stand-by-screen of my mobile, so there's more room available for the agenda widget. To do this, you'll have to edit a system file. But whatever you do, you can't sign an application with enough security rights to edit this system file.

J2ME

Unfortunatly, not only native Symbian applications are affected.  J2ME applications also require signatures. The "good" thing is that the user still can allow the "scary stuff", even with unsigned apps. But for some stuff, the user must approve the same thing every time.

For example: I've written a viewer for my own photo album system in J2ME. Every time the software starts, the user must give permission for it to make contact to the internet. Every time.

So, in fact, my own phone does not trust my own software, nor can I tell it to trust my software.

Hacks

As with just about any operating system, Symbian has holes in its security. This allowed hackers to disable the draconian security measurements. Afterwards, you can install unsigned software, and you are allowed to do whatever you want (and can) on your own device. Hallelujah. Unfortunately, these hacks are not easy to install, and certainly can't be done remotely. So, all in all the platform is pretty safe, even with these hacks. But of course, Symbian plugs the holes. Often, you'll end up having to choose: use an older, bug-infested, but hackable firmware, or update to the newest firmware, with new features, better stability etc, but lose the ability to fully control your own device.

The ugly: explicitly locked out 

Strange as it seems, I actually applaud the use of certificates and signed applications. Your desktop operating system, and the webbrowser you're using right now actually support more or less the same type of security. But the difference is that you can install extra certificates into your OS and webbrowser, but not in Symbian (that is: certificates for code signing) And that makes just about all the difference.

You see, the whole "digital signatures" and "certificates"-thing are an open standard. That's good. There's free software available to generate your own certificates, and sign applications with it. So, a developer X could generate a certificate and put it on his website. A user can then download and install this certificate on his mobile. By installing the certificate, the user actually tells his mobile that applications signed by developer X are to be trusted, and may do "scary stuff".

The user can also remove a certificate from his device, for example, the certificate of developer X. Thereby, he revokes his trust in developer X, and software signed by X cannot be installed anymore.

Tadaa! So, the user is in complete control of his devices, by installing or removing certificates! But the really stupid thing is: Symbian made it explicitly impossible to install code signing certificates.

Alternatives

If not Symbian, then what? I'll list some alternatives, from my viewpoint as developer.

  • Apple iPhone / iPhone OS. I can be short about this. Take the horror of Symbian. Then double it. You can't even install software that hasn't been approved by Apple, even if it doesn't do "scary stuff". Apple, and Apple alone is in full control.
  • Palm Pre / WebOS. I know nothing about its security. But actually, I'm not interested in WebOS, see below, "My next mobile".
  • Windows Mobile. Most WinMob phones have no restrictions on what to install. Just like your PC. (Almost) full freedom. However, Microsoft has the ability to remote-uninstall applications you bought ↑ from the Windows Marketplace for Mobile.
  • Android. From what I've understand, Android requires applications to be signed, just like Symbian. But it is possible to install your own certificates. I like that.

Final words

Is Symbian really that bad? It depends. Most people won't notice it, as most people use their smartphone as a normal phone; they just use the built-in software and that's it. And as mentioned above, I actually like the concept of signed applications. I just want to be in full control of the signatures I trust, and what software runs on my own phone, and what it can or can't do.

My next mobile

It's July 2009 now, and in the coming months, I'll be on the lookout for a new mobile phone. The operating system will be of real importance.

As a user, I like Symbian and the Nokia-additions. It's feature-rich, and often uses open standards, like the Atom Publishing Protocol →, SVG, SIP VoIP, SyncML, UPnP (Niiice!), etc. However, it lacks too: where's OGG Vorbis/Theora?

As a developer, I must say that Symbian has good J2ME-support. That's nice, but J2ME needs a real upgrade to be competitive with the other new platforms in terms of looks and features. Symbian itself is going to the Qt-platform. It's C++, and well, I've kinda had it with pointers and concerns about memory allocation and stuff.

iPhone OS: simply a NO DEAL, because of the dominance Apple has over the software. That, and they've more or less disabled multi tasking.

Windows Mobile... Neh. Just, neh. I'm no fan of Microsoft and it's trade practices. Yes, I run Windows. But still. Neh.

WebOS:  as a developer I'm not interested. Using the web platform for writing applications on a phone is an appalling thought to me. Javascript you say? No thanks. Next. And I say that as a web developer.

Android: the SDK sure looks nice. Java-based, but other languages are getting supported. And if must, you can write C for direct access to the Linux-OS underneath. But I'm weary of Google, actually. Their services might be nice and all, but it's a privacy-risk. They earn money by selling adds, and those advertisers really would like to have a peek at my e-mail, my contacts and my agenda, so they can "target" their advertisements better. And perhaps Google currently has a "do no evil"-policy, but what is "evil" is always open for debate, and influenced by money... Thus, I've no GMail, no Google Calendar, don't use Google Docs, and don't allow cookies from the Google-domain. So before I choose Android, I'll make sure it has good support for alternatives, as SyncML and IMAP without routing data through Google's servers.

Time will tell. Until then, I'll be happy with my hacked N95, running Symbian.

Site Information