Quote:
Originally Posted by lePin
I think you misunderstood the signature meaning. Did you read this?
Code signing does not identify the developer - it just lets user be sure, that the code satisfies some security rules of RIM.
|
Hi lepin,
I totally understand what you mean. The code signing only allows the developer to use certain API. But it doesn't mean the developer have to follow any code of conduct. He can still clone the whole paypal application, steal the id and password or even credit card no., send it through an sms or upload to a server as he has access to the API, and get the cash. If the user report that application, its just too late. Even if they know who the developer is, it just take too long.
Blackberry has a very good history of security. You can even wipe off the whole phone remotely if it is lost. But for this case, I really hope something can be done. Attached below is the reply from Blackberry Support, enjoy:
-------------------------------------------------------------
1st email reply
Information on who signed a cod file is not publicly available, however RIM does have the ability to determine who signed a cod file.
--------------------------------------------------------------
2nd email reply
There isn't any other way to identify who signed an application.
Signing from a carrier can be used to control the security prompts shown to a user. This could also be used to identify the developer, however support for these items varies between carriers. There are libraries in the BlackBerry API set that are licensed from Certicom. In order to use those libraries, your application needs to be signed with a key from Certicom. It works similar to the signature keys issued from RIM.
There are 2 types of prompts you can received. Application Control prompts are shown based on the user's setting under Options, Advanced Options, Applications and then Edit Permissions from the menu. This can also be set by a BlackBerry Enterprise Server administrator. Your application can use the ApplicationPermissions class to request a change to these.
The second type of prompt applies to MIDlets only (not BlackBerry CLDC applications). These are based on the MIDP domains the carrier has configured. You would need to speak with the carrier to find out their settings and if they have a way of bypassing them (such as by signing your application).
Please note that further support will require the purchase of a development support incident.
-----------------------------------------------------------