Saturday, July 21, 2007

A platform security design miss

Designing software is difficult, which is why the waterfall model is such a joke. You don't get the design right the first time. If you ever get it right, it's after it's been used for real, and you've corrected the worst mistakes. (There are exceptions, where the original design happens to be so good that it lasts. Despite what some people think about the standard C library (and the language itself) nowadays, it was created around 1970, and it still makes sense. You don't see that kind of stuff often. The details that have changed aren't really important.)

I've been quite impressed with the design of Symbian platform security. It works. It's pretty sane. It's conceptually quite simple. Of course, it's horribly complicated to learn how to live with it in practice, but on a technical level, it's good. (The infrastructure around it isn't very good, but we'll ignore that for now.) However, there are some mistakes in it. One is the one making hacks such as this one necessary. When you install an app on the external memory card, a checksum of the executables are stored on the internal one, as that one is more safe (it can't be removed and edited outside the phone, at least not easily). This leads to an interesting problem, which was probably very hard to foresee: if you format the internal memory card, you can't run the apps installed on the memory card anymore, as the checksums are gone.

You might argue that you shouldn't have to format the memory card on a working system. Sure, but it's not a good idea to design around the assumption that every system will be perfect. Smartphones are far from perfect. The software on them is very complex, and there will be bugs. I have to format the internal memory card on my phone now and then, because there's some sort of leak which means that it'll be filled up, and there's not much I can do about that, as I can't clean stuff up manually, as platform security prevents me from tampering with most of the contents. However, the same problem would occur if a badly behaved app was installed on the phone and started filling up the memory card, so it could happen on a perfectly working system as well.

No comments: