What Does It Mean When A Symbian or Nokia App is Signed?

As we all know, viruses have trickled through to mobile phones as they have become more complex and have more applications. Because of the very nature of mobile phones – their communication and integration into a network – they are particularly vulnerable access points for someone’s data security.

So Symbian has introduced a system to whet the multitudes of software that is available, which affords a certain level of security and protection.

Symbian Signed has a list of criteria which a software application must fulfil for it to be signed. The criteria is not intended to provide software that will work on every Symbian device, nor does it have any pointers on the actual content. It tests applications on exactly what the developer wants the application to do.

For example, if the software application is an e-book reader designed for a specific model, taking into consideration the keyboard layout and other features on the phone, the test cases that the software will be subjected to are specifically designed to test those listed capabilities. These are known as the Capability Related Tests.

The universal tests test the other more generic capabilities that are common among all good applications, like successful installation procedures, lack of any malicious software, and reliability of the application. Each .SIS file must be signed individually before they can be incorporated into one main outer .SIS file.

Each software needs to have a series of mandatory inclusions, out of which a valid Publisher ID is an additional layer of protection for a user. A valid Publisher ID translates to having some idea as to who has created the application, and therefore there is a means of reprisal even if something were to actually go wrong.

Another option is to get the application signed at a Trust Centre, which, as the name implies, is a trusted entity.

Applications that are signed by the Symbian Signed certification program can carry the Symbian Signed logo. However, the actual signature is in the form of a digital one. The digital signature is read by the Symbian operating system, and when the application is installed the information that appears on the screen will inform the user accordingly. This feature is provided by the Symbian Root Certificate, usually inherently present in the operating system. It is possible that phones that were produced before the beginning of 2004 may not have this Root Certificate. Generally, it is advisable to download the certificate to be able to inspect the Symbian Signed digital certification. Most phone manufacturers will have the Root Certificate for specific phone models available on their website.

Symbian Signed applies to applications that are made using C++ that is .SIS files. Java, as of now, cannot be Symbian Signed, however there is another certification system that handles Java applications known as Java Verified released by Sun. Although this is not the same as a Symbian digital signature, it is still reliable.