RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


New Platform Security Tweaks Nokia's Python for S60 Application Development : Page 3

Find out how the new platform security features affect Python for S60, what your development options will be, and how to perform native extending.

Python Application Signing and Distribution
To execute the scripts on an S60 3rd Edition target device, you need to sign your applications before installing them on a real device. The latest platform security restrictions implemented in the target devices require this step.

Symbian recently made some big changes to the Symbian signed policy. These changes greatly affect the Symbian signed process and application deployment. Detailed information can be found here).

Figure 1. Flowchart: The relation between S60 Capabilities and Symbian signed..

As shown in Figure 1, the Symbian capability has been categorized into four groups:

  1. User capabilities: LocalServices, ReadUserData, WriteUserdata, NetworkServices, UserEnvironment.
  2. System capability set 1: SwEvent, ProtServ, TrustedUI, PowerMgmt, SurroundingDD, ReadDeviceData, WriteDeviceData
  3. System capability set 2: CommDD, DiskAdmin, MultimediaDD, NetworkControl
  4. Manufacturer capabilities: AllFiles, DRM, TCB, needs approval from manufacturer of mobile phones
Depending on the capabilities you use, there are now six ways to sign a Python application:
  1. User grantable: This means the compatibilities used in your application are granted at installation time and the application UID is in the unprotected range (0x80000000-0xFFFFFFFF). You may use the SignSis command to sign a .sis file.
  2. Open signed without publisher ID: This means users have to log into www.symbiansigned.com to upload your application's .sis file. After successful uploading, you may immediately have the application signed by the web site and then download it. This is for testing purposes and you can only install your signed application onto one mobile device. When signing, you need to supply your email address together with the device IMEI (phone serial number) number.
  3. Open signed with publisher ID: This means you must purchase a publisher ID first from the TC TrustCenter. With the publisher ID, you may apply for a developer certificate from www.symbiansigned.com. Using the certificate, you may sign a .sis file with SignSis command. This is for testing purposes and the certificate is limited by the number of IMEI contained in the certificate.
  4. Express signed: This means you must have a publisher ID first. Then, you login at www.symbiansigned.com and upload the necessary files there. You can then sign your application immediately and download it. The signed application is for commercial sales.
  5. Certified signed: You must have a publisher ID first. When an application has been fully tested using either the "Open signed" or self-signed method, you may send the application to one of the four named test houses in the world for detailed testing. After the application has passed the test criteria from Symbian, you can sign the application for commercial use.
  6. Symbian signed for Nokia: Any of the applications needed for pre-installation must pass Nokia test criteria. It has stricter criteria than "Certified signed." Detailed information can be found at: www.symbiansigned.com. This is for commercial use.
For more detailed information on Symbian signed, take a look at www.symbiansigned.com.

The py2sis program allows you to package individual scripts to installable SISX packages. The packages generated by py2sis require you to install the PythonForS60-X_X_X_3rdEd.SIS in a real device.

The Python functions or modules affected by platform security are outlined below in Table 1:

Function or module 

Capabilities needed







contacts       appointments











Voice calls

Messaging (SMS, MMS) Internet services (access to services via HTTP)





Table 1. The Python Functions or Modules affected by New Platform Security.

Author's Note: In Table 1:
  • * = This gives false data if the executable is not signed with the specific capabilities.
  • + = Claimed by the S60 SDK, but in practice self-signing is sufficient.

If you use the following extensions, no capabilities are needed. Self-signing is sufficient:

  • camera
  • e32db
  • inbox
  • audio
  • socket
  • graphics
If your application needs more capabilities, you needs to change the Python DLL capabilities and sign the SISX package to one that provides a certificate with enough signing meta-capabilities.

As you've seen, the 3rd Edition of Series S60 introduces new security features which have an impact on the way you'll develop your applications and how it gets testes and deployed. Firstly, the script shell application has been separated from the main Python interpreter distribution and put in a new SISX file. These two SISX files can be signed each with a different set of capabilities. With Python for S60 in place on the S60 3rd Edition platform, you may now use the Python script language to quickly develop mobile applications.

Deng Haiqin is a Nokia employee.
Email AuthorEmail Author
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date