Richard: Simon what has been the greatest challenge in creating Symbian Signed?

Simon: The challenge with any signing program is to get the balance right between providing confidence in the market and not unduly burdening the software developer community. So we revisited the principals and came to the view that software quality comes as much from commercial relationships as from engineering tasks. Essentially you can test software all you like but if someone wants to do something malicious it’s difficult to prevent that from happening without incurring considerable costs. This applies to software in general, not just mobile or Symbian software.

So the principal realization we had is that we needed a scheme where we use a commercial relationship with the software vendor as the main means of managing the software. Then support it with mechanisms to deal with anyone who does not play-the-game appropriately.

Symbian Signed therefore defines a set of characteristics and criteria for applications, which we worked on closely with the whole industry, operators, handset vendors, developers and portals. We looked specifically at the particular aspects of software which could lead to the user having an unexpected experience, as that is what we are trying to avoid. We then asked how we could put these measures into a scheme which is affordable. A number of schemes in the past have involved having software tested by a test house for a fee, typically around seven hundred dollars..While Symbian Signed offers a similar option - with a reduced price point and further developments are underway to use test automation tools to further reduce costs which we expect to announce in the forth quarter – we are offering an alternative approach. This is to sign a contract which says a company will create applications which are compliant with the criteria and in return they can then self certify their application. This reduces the cost from hundreds to tens of dollars allowing signing to be incorporated into the developers build and release process. As a result we hope that signed applications will become the norm.

Richard: Does that approach work for all developers?

Simon: No, while this approach can cover larger companies there is a group of smaller organizations that still want to deliver software but are not fully commercial, shareware writers and hobby developers for example. To address their needs we came up with a system called Publisher Signing. This is really just a special case of self-signing, a case where the software was not written by the signer. Clearly the signing publisher still needs some commercial arrangement with the developer to provide confidence that the developer has done all the things they are supposed to do as the publisher is putting their stamp of approval, and name, on the piece of software. The third party test house route is open to any software developers who wish to keep control and doesn’t want to enter into such a commercial agreement.

Richard: So what does signing an application achieve?

Simon: Signing an application achieves four things. It identifies the application as having been create by a particular developer and that that developer has built an application that meets a set of industry defined quality criteria.

It then provides tamper proofing to the application so the user can be sure the application has not been altered since it was signed.

Finally it allows for the principal of revocation. This means if something goes wrong– and we are not talking simply about the odd bug, rather if someone was deliberately trying to put in malicious code - unlike PC software - we have a mechanism to automatically stop that software being loading.

Richard: How will the revocation process work?

Simon: At present the majority of Symbian OS phones ship with a root certificate and as an application is installed, its certificate is validated against the root certificate. In the near future, all new Symbian OS phones will ship with a root certificate. In addition to this the phone manufacturer can implement one of the standard ways of checking certificates, such as the Online Certificate Service, to check the validity of the application certificate. This would typically be at install time, but in principal it can also be done as the application is run. So when a user comes to install an application the phone can check that the applications certificate is still valid and if it has been revoked the installation is prevented.

Richard: Who do you see ultimately benefiting from Symbian Signed?

Simon: I believe everyone wins. No one benefits from software that does not make the phones owner feel comfortable. The attraction of the scheme we believe is that it is light weight enough not to commercially hamper anyone but robust enough to benefit the carries, handset makers and developers because people have confidence in the software being sold. It also benefits the portal operators as they don’t have to do lots of additional checks and it benefits Symbian by providing a single consistent signing scheme across all application and not a range of separate scheme for handset makers and operators.

Richard: Do you think the scheme will encourage more locked devices that are only able to load signed software?

Simon: There are a number of innovations coming into the market in then next 12 months which means locking devices down becomes less important. We have the evolution of the security model in Symbian OS which will provide a much finer grained control over what an application can and cannot do. This means that in future, unsigned application will be more controlled. We believe the market will move towards a point where all legitimate applications get signed by default anyway and so the question of what happens to unsigned application becomes a non-issue. And as such the signing process is an integral part of the whole platform security model.

Richard: There have been many certification schemes in the past and they have often been of mixed success. Why do you think Symbian Signed will succeed where other have failed?

Simon: Regardless of how technically good a scheme is if it only gets a handful of applications in the market then it is not really a fix to the problem. For a certification scheme to have any value it needs to be something everybody does. Fundamentally Symbian Signed is straight forward and we believe balances the need for control with maintaining a vibrant, open industry for applications. Ultimately I think the real achievement has been carrying the whole industry, carrier, handset vendors, developers and portals, with the program which is particularly encouraging for its success.

Symbian claims that over 300 C++ and Visual Basic applications and their associated content have been signed during the schemes pilot (see the press release), which may be a much as 10 percent of the currently available applications for Symbian OS devices. Symbianone believes the structure of the program will encourage application signing however the implementation of revocation methods in Symbian OS handsets will be key to the long term success of the program, as this sanction is fundamental to it being viewed as trustworthy.

Symbian have opened a dedicated Symbian Signed site with a number of white papers to explain how the program works.

Web: www.symbiansigned.com