Security

The MIDP 1.0 Specification had a sandbox model for security. A sandbox model provides a MIDlet with a restricted set of APIs. These APIs do not provide access to any native functionality, nor to any functionality that might be security-sensitive. The MIDP 2.0 Specification [19] introduces the concept of a trusted MIDlet suite: one or more MIDlets in a JAR file that has not been tampered with and was obtained from a trustworthy source. A trusted MIDlet suite can be given permission to use protected or security-sensitive APIs (APIs which might cost the user money or impact the user's privacy). In contrast, MIDlet suites that are untrusted (that is, MIDlet suites for which trust cannot be established) are either not permitted to access security-sensitive APIs, or are allowed only with explicit permission from the user. This chapter covers the security concepts introduced in MIDP 2.0 and their impact on the user experience.

app Developer Responsibilities

MIDP Implementor Responsibilities
  • Listing in the JAD file the MIDlet's required protected APIs
  • Listing in the JAD the MIDlet's requested (but not required) protected APIs
  • Meeting the manufacturer or service provider's requirements for trusting the MIDlet suite
  • Being cognizant of prompts that result from using protected APIs
  • Creating a security policy for the device, including protection domains, permissions, and so on
  • Protecting security policy and protection domain information on the device
  • Providing prompts to the user for authorizing MIDlet suites and MIDlets
  • Providing Help screens
  • Providing a way to update security settings
There are several places where the MIDP 2.0 security model impacts the user experience. Most of the impact is from untrusted MIDlet suites: Users must be informed when they are installing untrusted MIDlet suites; users must be prompted when a MIDlet tries to use a protected API for which it does not have permission (although even trusted MIDlet suites might require user permission for some behaviors); and users must be given a way to change the permissions on a MIDlet suite in an intuitive, easy-to-understand way. Creating a good user experience can be difficult because consumers frequently do not understand security. Without a well-designed user interface, they might stop using an app due to ignorance or confusion rather than because they no longer need or want it.Screenshot


   
Comments