Browse DevX
Sign up for e-mail newsletters from DevX


Harden Your Wireless Apps with MIDP 2.0 Protection Domains

Security has always been central to the MIDP specification, but the new MIDP 2.0 goes well beyond the first version's sandbox method. Find out how to use the new protection domains in 2.0.

ith MIDP applications streaming into the marketplace, security is becoming more of a concern. What assurance does a user of a MIDP-capable device have that what they download will not harm their device, steal personal information, or unknowingly cost them money? Before MIDP 2.0, application developers were rather restricted as to the potential damage they could do. MIDlets could not share RecordStore data, initiate phone calls, or automatically start in response to network activity. MIDP 2.0, on the other hand, can do all of these things and more.

In this article I'll discuss how MIDP 2.0 allows developers greater access to data and services on devices while providing security mechanisms to govern how this data is accessed.

Who's Interested in Security?
Because most MIDP 2.0 devices have some type of network connectivity and the applications can be downloaded over the network, the three parties interested in security are the manufacturer, the carrier, and the user.

The manufacturer is interested in, and responsible for, ensuring installed applications cannot harm the device or access sensitive resources without providing sufficient evidence that the application can be trusted. The carrier is interested in keeping the network secure. Often MIDP applications must go through some type of carrier-specific verification before they can be made available to the public. The user is interested in security because he may have sensitive personal, financial, or business information on the device. Also, because users pay for network data services, knowing when they will be charged money for using these services becomes important as well.

What You Need
You'll need the Wireless Toolkit 2.1. Download it at http://java.sun.com/products/j2mewtoolkit/download-2_1.html.

Version 1.0: Security by Isolation
Security has always been a primary focus of MIDP. In MIDP 1.0, however, security is mostly addressed by removing the ability to perform sensitive operations. This is often referred to as the sandbox security model. MIDP 2.0 comes with enhanced security features that open up more capabilities of devices to developers without compromising security. It's important to understand that writing an application using MIDP 1.0 doesn't necessarily mean it is less secure than writing the same application using MIDP 2.0. Rather, the difference has more to do with the fact that MIDP 2.0 offers access to a lot more features. Providing access to these features require the device to exercise more security precautions.

Thanks for your registration, follow us on our social networks to keep up-to-date