Monday, October 29, 2007

The insecure S60 firmware updater

It's nice to see that someone with an interest in practical security issues is doing stuff with Symbian platform security. Nokia's firmware update program for S60 handsets lets you install modified ROM images on (at least) some handsets. It seems the weakest link in this security system is very, very weak. Of course, hacking doesn't get really interesting until you can hack other people's devices, but there's a quite obvious attack vector here: what if you could get users to download your modified ROM images, instead of Nokia's? I'm no security expert, but thinking about this gives me a few ideas, that I might try out. I think Nokia should be happy that their devices aren't as popular with hackers as eg. the iPhone.

Saturday, October 20, 2007

Insanely huge

Being from Sweden, I found the fact that a British smartphone site uses the Swedish tabloid Aftonbladet's site as a test site because it's "insanely huge", quite comical. Sure. Too bad the contents of the paper are even worse than their web design.

Tuesday, October 16, 2007

UIQ + Motorola

So Motorola bought 50% of UIQ from Sony Ericsson. I guess all we can say for certain is that Motorola is showing its dedication to the platform.

And of course, some people start speculating about a possible move of UIQ from Symbian to some other OS (like Linux). It's interesting how these speculations keep popping up again and again, even though the whole thing wouldn't just be (almost) impossible, but also completely pointless. You couldn't port UIQ or S60 to run on another OS, because Symbian is quite different from all other systems, and the UIQ and S60 code is filled with excentric Symbian idioms. Sure, you could spend a few years reimplementing the Symbian API:s on top of some other system, but the most important reason for moving away from Symbian would be to get rid of those API:s. The main problem with using Symbian isn't licensing fees, but that developing for it is such a nightmare.

Friday, October 5, 2007

Operators and applications

"Operators tend to have a very specific vision of the image they want to project through the third-party applications they sell, if they choose to sell applications at all. Most operators are still in a content 'stone age', offering mostly ring tones and games." (Here's a link to the interesting article.)

Yes, well, I think part of the problem is that it's a much more complex situation with applications than with games or ringtones. Games and ringtones are obvious customization items: we all have different tastes, so we want different ringtones. It's not a deficiency in the device that it's lacking the perfect ringtone for me, or a game to keep me occupied while I'm on the bus. Applications, however, is a different story. If you have to buy Handy Weather for your phone, the lack of a built-in weather app is quite obvious. It's even more obvious if the application you want to sell is a better replacement for an embedded app. Why wasn't the better app already installed when I bought my phone? Right, because the operator is only there to make money. It's all about appearance.

On a more technical level, applications feel more scary. A ringtone doesn't have any functionality, it's just a sound file. A game just draws stuff to the screen. At least that's what you'd believe if you're not an engineer. An application extends and alters the phone's behaviour. Who knows what it might do? Who knows how the users might react to these changes?

And then there's the infrastructure. That an application is Symbian Signed and can be installed without warnings on a phone doesn't mean that it's actually been tested on it. It's been tested on a compatible phone, but how compatible is compatible? How much testing does our operator have to do to feel confident enough about an app to start pushing it to their users?