Developers guidelines | Signing applications
11 October 2006
The following table lists allowed user granted permissions per capability for unsigned applications:
Note: An application that could be deployed as an unsigned - sandboxed application may as well be sub-
dued to the Symbian Signed process. When an application like this has been signed, no user interaction is
required at installation, and the mapped capabilities are automatically granted blanket permissions.
Note: Sony Ericsson strongly recommends users only to install signed applications in their phones and
only allows signed applications to be distributed through its official sales channels, thus encouraging
developers who want to market their applications for wide use with Sony Ericsson phones, always to
favour signed applications before unsigned.
Symbian Signed applications
The security enhancements of Symbian OS v9, have enforced a number of changes in the Symbian
Signed process. As a consequence, also developer procedures for having applications Symbian Signed
have changed considerably.
Capability mapping
Capabilities are categorized into three separate sets on different levels, depending on their potential
impact on the device, the network or the user. The more serious impact a capability might have, the higher
level of trust is required by an application to access it, and the more testing is needed in the Symbian
Signed process to make sure that the application makes use of the capability in a safe and secure man-
ner.
Note that unrestricted APIs have no capabilities associated with them. As mentioned above, they can be
included even in unsigned applications and are automatically given blanket permission at installation.
The three cabability sets are:
• Basic capabilities
Applications requiring basic capabilities can either be Symbian Signed or unsigned. When installing an
unsigned application requiring one or more of the basic capabilities, the user is prompted to grant
Capability User granted permission
NetworkServices One-shot
LocalServices Blanket
ReadUserData One-shot
WriteUserData One-shot
UserEnvironment Blanket
Location One-shot