Symbian signed...code or death warrant.?...

Steve Litchfield in his article about "Symbian Signed" code-signing thinks that this is the thin end edge of a wedge that will stifle software innovation.

The article quite rightly, and helpfully, points out the dangers of locking down platforms with code-signing. The disadvantage is that it makes the small developer's job cumbersome and, in some cases, impossible. Shareware - forget it! All this makes for an environment unsupportive of software creativity and collaboration.

However, the author of the article makes too little of the underlying reasons for code-signing, which will not help the "freedom for developers" tribe.

I generally support the tribe, but it often suffers from poor and fallacious thinking.

The greatest fallacy is still the notion that the mobile device market ought to be like the PC/Internet market, or environment.

Actually, from one very important perspective - i.e. the users - it is a great thing that it isn't. The reason is that mobile phones are mass consumer devices that everyone owns, from 7 year olds to 100 year olds. MOST of these users are NOT IT-enthusiasts, or fiddle-with-the-settings types. A mobile phone works out-of-the-box, usually 100% of the time (minus the network variability).

Within that environment, there are two issues that increased device sophistication brings, which operators - quite justifiably - want to avoid.

The first is support. The second is malignant behaviour, such as viruses might exhibit.

Giving software programs greater access to the underlying mobile features increases the threat that these two issues pose. This has been well understood by all the mobile community, which is why the latest releases of Java MIDP and Symbian (and already Microsoft WinCE) have in-built measures to limit the threat.

My own experience with operators is that generally they don't want to be involved with code-signing, or even DRM management processes, as it is an extra overhead for them. Therefore, they are pushing the responsibility back to the handset vendors, or the OS vendors.

My view is that as the smart-phone features penetrate further down the device price range, the more likely we will see an enforced code-signing policy for these mass consumption devices.

The alternative, which is also possible with these new OSes, is to limit the features that the software can access if it isn't signed. For example, it is possible to implement a policy to prevent access to the address book for an unsigned program.

Higher priced, more obviously "smart phone" devices (in terms of form factor) will probably not have such stringent controls in place. The assumption here is that these devices will probably have more IT-competent users, either directly or through enterprise support.

On the flip side of the argument, the notion of code-signing stifling innovation has credence. It is probably understood by the likes of Symbian, but most operators are still in no-mans land when it comes to applications. They kind of see the need, but don't do much to promote it, whilst simultaneously wondering where are the "killer apps".

In any case, the whole issue of code-signing for mobiles is not as simple as the author makes out. One last point is that his assertion that "we paid for the devices" is usually incorrect. About the only thing that operators do give away for "free" is the device, or a substantial subsidy.