Many people may consider media capture as a potential security risk. Unsigned MIDP 2.0 MIDlets exist in an untrusted security domain, in which the MIDlet has restricted security access. By signing the MIDlet with a valid code signing certificate, the MIDlet can obtain a trusted third-party security domain access level.
The following methods are MMAPI access points in which a platform checks whether a security prompt is needed. Those prompts are shown to users and they may accept or deny the action. The table below shows the API access points in which access checks are performed.
|
Class |
Method |
|---|---|
|
javax.microedition.media.control.RecordControl |
setRecordLocation(java.lang.String locator) |
|
javax.microedition.media.control.VideoControl |
getSnapshot(java.lang.String imageType) |
|
javax.microedition.media.control.RecordControl |
setRecordStream(java.io.OutputStream stream) |
For more information about security issues in S60 and Series 40 with the MM API, see the Mobile Media API (JSR-135): Implementation Notes.
Note: Other methods in the Mobile Media API may be used to play protected content, such as network-stored content. In that case security permissions may also apply.
A signed MIDlet may request higher access rights for specific actions
by asking for them in the MIDlet-Permissions attribute
of the MIDlet's application descriptor.
The permission name for audio / video recording is:
javax.microedition.media.control.RecordControl
The permission name for camera snapshot is:
javax.microedition.media.control.VideoControl.getSnapshot
For more information about MIDlet signing, see Signed MIDlets tutorial.