Franklin Heath Ltd

Master Your Information Assets

  • Categories

  • Meta

The Symbian Signed Story, Part 2

Posted by Craig H on 26 May 2009

Previously on The Symbian Signed Story:

  • Public launch on 18th May 2004
    A quality mark to replace “Nokia OK” and other manufacturer certifications
  • Self-supporting (neither subsidised nor profit-making)
    Fees for signing go to third-party Certificate Authority, fees for testing go to third-party test house
  • Security was not a primary goal
    Symbian OS didn’t have platform security until 2 years later

The next phase in the evolution of Symbian Signed focused on reducing the cost to developers of getting their apps certified. As we have noted, the fees paid by developers were divided between fees for signing (mainly for issuing publisher certificates) going to VeriSign and fees for testing going to Capgemini. Symbian therefore resolved to bring the benefits of an open market for signing and testing services to bear.

At launch, there was only one test house available (Capgemini) but Symbian was already in discussions with other test houses. Test houses set their own prices, and two new options (MphasiS and NSTL) that launched on 5th October 2004 were significantly cheaper (at €195 and €250 respectively) than Capgemini. Developers submitting their applications for certification had a free choice of which test house to use, and many (but by no means all) did choose a lower cost option.

It turned out to be more of a challenge to bring the same open-market benefits to the signing side of the service. VeriSign’s ACS Publisher IDs cost $350, a figure which I think was originally established to match the fees for their Microsoft Authenticode service. Especially considering the reduction in testing fees, this was now a significant proportion of the cost to developers, so Symbian tried engaging with several alternative CAs in order to promote some competition. We did get as far as having alternative root certificates issued by GeoTrust, but then they were taken over by VeriSign in 2006 which rather defeated the objective! The strategy finally bore fruit on 18th June 2007 when it was announced that TC TrustCenter would being offering publisher ID certificates for $200.

Meanwhile, the Symbian OS product development engineers and Symbian Signed staff were working together on the introduction of Symbian OS platform security. The development project was already well into the design phase when I joined Symbian at the start of 2002, but as I recall the bulk of the implementation work was done from 2003 to 2005. The first phones incorporating the platform security architecture shipped to customers in March 2006.

This post is already getting quite long, so platform security will be addressed in a Part 3 later this week (I know, I said that last time, sorry! :-))

3 Responses to “The Symbian Signed Story, Part 2”

  1. […] The Symbian Signed Story, Part 3 By Craig H Previously on The Symbian Signed Story: […]

  2. Mark Wilcox said

    Nice post. I just wanted to point out that open markets only really work when people have the choice of not purchasing the service at all if the available offerings don’t provide them with good value. In this case that means they don’t bother developing an application at all in the first place, since once PlatSec and security is mixed up with the quality stuff, they can’t distribute it at all, rather than just not via the mass market channels.

  3. […] 02 Jul 2010 3:50 pm It really is time that I brought my very occasional series of posts on the history of Symbian Signed up to date. We have some future changes in the […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: