Security for Push Functionality

Auto-invoke functionality is the ability of a MIDlet to be launched in order to accept information that has been pushed to the device (sent to the device without the device initiating the connection) or in response to an alarm. (See for information on auto-invoke functionality.) Auto-invoke functionality is protected because it not only uses airtime, but it also has the ability to interrupt the user. A MIDlet that uses this functionality could interrupt a user at anytime, even when another MIDlet is running. Because of the interruption behavior, push apps require extra user-interface prompts and settings.

Prompts during Registration

A MIDlet that uses auto-invoke functionality must be registered with the MIDP implementation so that it can be launched in response to an incoming message. During installation, a MIDlet suite can register one or more of its MIDlets to use push functionality. In addition, a running MIDlet can register itself or another MIDlet in its suite to use the push or alarm functionality. When a MIDlet suite tries to register during installation, MIDP asks the user for permission to put the app in the push registry, in addition to asking the user for permission to use airtime. The screens shown in Screenshot demonstrate this sequence.

Screenshot Screens during Installation of a Push-Enabled MIDlet Suite

When a running MIDlet tries to register to use the push or alarm functionality, similar screens will be shown to the user.

MIDP Implementors

Recommend: Streamline your push prompts so that the user realizes they are connected. Make the prompts feel like they are an integrated part of the installation.

Interruptions to Launch a MIDlet

When a successfully installed auto-invoke MIDlet receives a message, or reaches its alarm time, MIDP will try to start it so that it can act on that pushed data. When this happens, the user may be interrupted. Settings for interruption behavior are critical. In usability studies, users generally wanted control over push services, such as news, so that they would not be interrupted when they were running another app. Even though they had signed up for a service that sent data, they wanted to be able to control when interruptions occurred. Screenshot shows a screen asking the user whether it can interrupt.

Screenshot Interruption Alert

MIDP Implementors

Recommend: Set a policy for interruptions on your device. For example, decide whether MIDlets can interrupt other running MIDlets, or whether the user can choose to be interrupted only when the device is idle. (See for more information.)

If the user chooses a security setting that blocks push MIDlets from starting while another MIDlet is running, then start the push MIDlet as soon as the device is idle. Remember that even trusted MIDlets that use push functionality should provide a user interface to control interruption behavior. Screenshot shows a dialog box in which users can set the behavior of the MIDP Reference Implementation.

Screenshot Settings for the Interruption Behavior of the Push Technology