Complete Guide To Symbian Signed
From Symbian Developer Community
Contents |
About Symbian Signed
About this Article
Previously, a PDF document called "A Complete Guide to Symbian Signed" was produced. This article is a replacement for that guide, and provides an overall view of the Symbian Signed process. This guide contains links to many other articles on particular Symbian Signed topics. If you want more detailed information on any given topic, please follow the links. Anyone is free to contribute to this guide, and include in it links to any additional information sources you find for Symbian Signed information.
Signing in Context
"Symbian Signed" is the process of encoding a tamper-proof digital certificate into an application. The certificate identifies the origin of the application by including information on the Publisher ID used during the signing process. Because the application origin is known, once an application is signed, it can use more sensitive features of the platform. An application whose origin is unknown - ie. one which has not been signed - will not be able to access this sensitive functionality and may not even install on the device depending on the security settings installed by the manufacturer. Sensitive APIs with the Symbian Platform are protected with capabilities and the capabilities required by your application will determine which signing option is right for you. If you are writing a straight-forward application, then you should be able to avoid using APIs protected by capabilities. This will simplify what you need to do to install an application, since it will only need to be self signed to be installed. You may wish to use Symbian Signed for self-signed applications - or for those designed for version of Symbian OS pre-v9, as putting the application through the Symbian Signed process will remove the warnings given during installation.
www.symbiansigned.com
The Symbian Signed online portal currently resides at http://www.symbiansigned.com/ If you are developing a Symbian application, then you should register here, as UIDs for Symbian applications are obtained from this site. Signing up to this site is free - payment is only required when you actually come to sign an application.
The Symbian Signed Team at The Symbian Foundation
The Symbian Signed Team manage the ongoing signing process and run the ongoing improvement programme. Whilst all requests for support should be raised in the usual way on the support forums, the team can be contacted to discuss ideas about the process and future improvements at symbiansigned@symbian.org
Things To Do Before You Submit
Get the right tools
You will need some tools in order to sign your SIS file and to make your submission.
Work out which capabilities you need
There are 20 capabilities protecting the sensitive functionality of the platform. Before you submit your application you will need to know which capabilities you require.
Get your UIDs right
UIDs for your application must be obtained correctly from either the protect or unprotected range. A UID identifies the application to the system and ensures that is does not interfere with other applications. There are other, less commonly used, types of UIDs which affect signing such as the Vendor ID functionality. More details on this are contained in the full article on UIDs.
Symbian Signed Testing
The Symbian Signed Test Criteria
The test criteria define the tests which every Symbian Signed application must pass - whether you are using Express Signed or Certified Signed.
In order to help you running the Symbian Signed Test Criteria yourself, and to understand what each of the tests is for, there is a guide which we've put together which provides some discussion and advice for each of the test cases, and a little more information on the testing itself.
When do you need to run the tests?
Whether you are submitting via Express Signed or Certified Signed, your submission must pass the tests defined in the test criteria. ForExpress Signed submissions, you must run the tests yourself and record the results in your submission. If you submit your application for Certified Signed, then the tests will be run by the test house.
If your application is submitted via Express Signed and is selected for audit, then your application will be tested against the Symbian Signed Test Criteria. It is therefore vital that you ensure your application complies with the Symbian Signed Test Criteria prior to submission as failing an audit can have serious consequences.
Even though the test house will run the tests when you submit for Certified Signed, you should run the tests yourself first. If your application fails, then you will be liable for another testing fee if you resubmit, and you can avoid this by catching any failures yourself before you submit.
You don't need to run the tests before you sign your application using Open Signed Online or Open Signed Offline although it's still a good idea to understand the Symbian Signed Test Criteria and design your application with them in mind as your application will be required to pass them before it can be widely deployed on Symbian devices.
Waivers
Although it is possible to be granted a waiver if your application does not comply with any given test, this is only possible in exception circumstances and you should not rely on waivers to pass the tests.
Options for Signing
How to Choose Between the Signing Options
The available signing options are different depending whether you wish to install onto a limited set of devices (or just one device) to test your application or whether you wish to sign your finished application for deployment.
Signing Your Application For Testing
The two signing options in this section are primarily to be used to sign an application for testing purpose, although Open Signed Online is also used to install an unsigned application onto your device for personal use.
A full article describing how you should sign your application for testing can be found here.
Open Signed - Online
This signing option allows you to quickly and easily sign an application for you to install onto your device. The signed application will be limited by IMEI number and will only install on the one device. However, this signing requires neither a www.symbiansigned.com login nor a Publisher ID and is free to use.
More details of what you need to do in order to use this signing option can be found here at the full article.
Open Signed - Offline
This signing option will allow you to create a Developer Certificate which you can then use to sign multiple applications multiple times - though in case the distribution of the application will be limited by IMEI number to the device pool specified when you create the DevCert.
More details of this signing option can be found here.
Signing Your Application For Distribution
You can distribute an unsigned application, and rely on the end user using Open Signed Online to sign the application before installing it onto their device. However, you can remove this burden from the user by signing your application in such a way that it's not limited by IMEI number.
The two signing options in this section are used to sign your application so that it can be installed without restriction on the IMEI number of the device(s). A full article presenting the two options side-by-side and allowing you to see which one is right for you can be found here.
Express Signed
This option provides a quick and easy way to sign your application without restriction by IMEI number to a particular pool of devices. You will need to test that your application complies with the Symbian Signed Test Criteria prior to submission as your application may be subject to a random audit and should it fail the audit, this will have consequences for your future projects.
Not all Capabilities are available to you using this signing option, however.
More details of this signing option can be found in the full article here.
Certified Signed
This is the most comprehensive signing option, and entails your application being sent to an independent Test House for signing. Through this option, you have access to the fullest range of Capabilities and are not subject to future audit of your application.
More details of this signing option can be found in the full article here.
Where to Find Out More...
Symbian Signed Forums
- Symbian Signed Support - for support queries needing an official response
- Symbian Signed - for general discussion & questions
Other Information Sources
More in-depth information can be found by following the links on this page. A questions and answers page also contains a lot of information you may find useful.
Comments
Espen said…
Stichbury said…
@Epen: I agree. I've modified the #Signing in Context section - see what you think.
Please could you fill out your user page? It would be great to be able to put your future contributions to this wiki in context by having some background information.
Thanks! Jo
--Stichbury 14:48, 4 November 2009 (UTC)
Supriyaakg said…
Hi, I have created a self signed package of my app, with Adobe Mobile Packager 1.1, that contains a .pkg, a metadata file, an SIS, a png of the logo and its SVG. I have tested the app on my E71 and it works fine. I also need to avail a Publisher ID, a Certified Signed certificate and then submit my app to https://www.symbiansigned.com/app/page/isvApplicationSubmissionWizard.do. What are the subsequent steps needed to submit the app to Nokia for testing and publishing to the Ovi Store? But I dont understand how should I proceed. Please help.
--Supriyaakg 05:38, 15 February 2010 (UTC)
Sign in to comment…
"If you are writing a straight-forward application, then you should be able to avoid the signing process by not using APIs protected by capabilities. "
For S60 at least you HAVE to sign to get anything on the devices, self-signed being the easiest I guess. I think the comment above is misleading.
--Espen 10:56, 4 November 2009 (UTC)