Happy Birthday Symbian Signed!
Posted by Craig H on 18 May 2009
Symbian Signed launched publicly on 18th May 2004, which makes it five years old today🙂
Although I can’t claim the credit (or blame!) for it, I have been somewhat involved with it for all that time, so I thought it might be useful to record some of the background and rationale. Symbian Signed now has an opportunity to develop in new directions, but it’s always good to be informed by the lessons of history.
The initial push to create Symbian Signed came from Symbian’s shareholder companies around the end of 2002. Nokia had their own certification scheme, Nokia OK, which covered third-party software as well as hardware accessories such as headsets. Sony Ericsson was looking at setting up a similar scheme, and the two companies decided it would be better for developers and for them to have a common scheme administered by an independent party. The other shareholder companies (Motorola, Panasonic, Psion, and Siemens) agreed.
It’s important to note that, at this stage, security wasn’t a primary goal. Nokia OK and similar schemes were quality marks, and the point of passing the certification criteria was to allow an application vendor to use the trademarked logo for marketing purposes. The security aspect was there only to ensure that uncertified applications couldn’t pretend to be certified ones. Malware wasn’t an issue (the first malware on Symbian OS didn’t appear until June 2004).
The brief for Symbian Signed was therefore to provide something that could replace Nokia OK as a quality mark and not be tied to a single phone manufacturer (it was referred to as “Symbian OK” for quite some time during its development). Before the launch Symbian, Nokia and Sony Ericsson had a lot of email, phone and face-to-face meetings. The main areas of discussion were:
- What was the most effective way to provide the infrastructure (registration, testing and signing)?
- Who would pay for this infrastructure?
- What should the test criteria be?
On the infrastructure, my predecessor as Symbian OS security product manager (I’m avoiding names here in case anyone doesn’t want to be associated with it, but please own up in the comments if you’d like to be identified ;-)) shopped around for a Symbian-branded, but outsourced, managed Public Key Infrastructure (PKI). Those quotes had far too many zeroes on them for the board to approve, so my contribution was to persuade VeriSign that this was actually a business opportunity for them, and they should add Symbian to the list of platforms for which they provided commercial code signing services (Microsoft Authenticode and Marimba Castanet were the other two, if memory serves).
That fitted in with the general principle of how we would fund things. Symbian wasn’t making a profit in 2002/2003 (we didn’t turn our first profit until 2006) so there were no spare funds we could draw upon. Nokia were understandably reluctant to fund a majority share of a service that would benefit other phone manufacturers, and Sony Ericsson (who didn’t have their own certification scheme up and running) couldn’t commit to funding either. The decision was made that Symbian Signed would have to be self-supporting; developers using the services would pay the cost of the signing and testing services they used, no more and no less. In effect, fees for PKI services (publisher IDs, signing events) went directly to VeriSign, and fees for testing services went directly to Capgemini. Symbian provided the staff and managed and funded the submission portal (run by Cidercone).
The last contentious area was the test criteria. Nokia OK criteria included conformance to a Nokia style guide. Some people wanted to introduce subjective criteria, including rejection of potentially offensive content (sex, religion, etc.) Network operators wanted assurances that an application wouldn’t crash their networks. Symbian’s main concern was to make sure that we were independent and objective. The end result of months of discussion was that the test criteria were limited to verifiable, objective tests that would focus on whether an application could damage the user’s experience of other applications and services on the phone. Even if the submitted application was useless, confusing and rude, we would still sign it.
That’s the way it was launched 5 years ago, and at the time it was received quite positively (with predictable grumbling from some application vendors who thought it should be subsidised by somebody and they really didn’t care who :-))
I’m going to pause here, otherwise I won’t get this post out actually on its birthday! I’ll follow up with the next chapters – a free(ish) market for services, and then the introduction of platform security – later this week🙂