Runtime security
The availability of the root certificate is checked at application launch, if application to be launched is digitally signed. The validity of the application signature is also checked. It means that the application deployment package (JAR) stored in device has not been tampered.
The following table defines possible error cases encountered during application launch and respective error notes.
Case |
User note |
|---|---|
Root certificate not available at launch |
Certificate not on phone or SIM |
Application signature not valid anymore |
Invalid application |
Series 40 and Nokia Asha software platform devices implement their security policy in “User defined mode” meaning that the platform does not intervene to optimise the security prompts to the minimum. Instead, the user is in full control. Detailed Java security settings for the applications are visible and prompting behaves fully according to the settings.
Security prompt
The format of the security prompt is as follows:
The main text describes the operation that the MIDlet is attempting
to perform and the user is offered a choice to select Yes(to accept the operation) or No (to reject the
operation) to the prompt. On certain devices, the user can also select Details and view additional details about the operation
and the MIDlet (for example to view if it is trusted and list certificate
details). The actual security prompt text and the result of answering Yes and No depends on the Application
Access settings (Ask first time or Ask every time, or Always allowed). If the Application Access setting is Ask every time the prompt is very specific and if the
user accepts the prompt they will be asked again the next time the
MIDlet attempts that operation. If the Application Access setting
is Ask first time, the prompt is more general,
and if the user accepts the operation, the prompt is not shown until
the MIDlet is stopped and restarted. Note that if the Application
Access setting is set to Always allowed then there will no security prompts (for that particular operation).
Figure: Run time security prompt on Series 40
Figure: Runtime security prompt on Nokia Asha software platform devices
Changing the setting to Always allowed is generally only possible for trusted third party MIDlets. This
is dependent on the security policy of the product.
Note that
the actual name of the Application Access sub
menu varies on a product to product basis ( App. Permissions or App. Access or Application Access). For more information on how to modify the Application Access for
an installed MIDlet, see Managing security
settings.
Checking permission status at runtime
Java applications can query
status of permissions with the method javax.microedition.midlet.MIDlet.checkPermission(java.lang.String).
For example, querying a permission which belongs to
a function group of type User with interaction
mode Session returns one of the following values
depending on the time of the query:
-1 if user was not prompted yet to allow access to that particular function group
0 if the user was prompted already to allow access to that particular function group but the user denied access
1 if the user was prompted already to allow access to that particular function group and the user allowed access