<div class='os_post_top_link'><a href='http://dnjonline.com/articles/mobility/apr03_security.asp' target='_blank'>http://dnjonline.com/articles/mobility/apr03_security.asp</a><br /><br /></div>This article at DNJ was published back in April but it's still worth checking out today if you're looking for a better understanding of the security model in Smartphone 2002 and the application signing requirements that some carriers are enabling.<br /><br />"Nobody has more concerns over security than mobile operators. On one hand they need to convince users to move billable data across their networks if they are to survive financially. On the other hand their networks lack the resilience of the Internet and, as mobile devices become more powerful, the potential for badly written or even malicious programs to wreak havoc increases.<br /><br />To date there have been remarkably few problems with phone applications. However, two years ago a program was released onto the Internet that targeted Spain’s Telefonica network with SMS messages disparaging the company. More seriously, a program released onto Japan’s NTT DoCoMo i-Mode network recently caused hundreds of phones to repeatedly dial police emergency services, <br />and DoCoMo was forced to close its network altogether in order to flush the rogue application.<br /><br />With its Smartphone 2002 platform, Microsoft has had to walk a fine line between providing an open development environment that will encourage software developers to write exciting applications, and providing a secure environment that mobile network operators are happy to work with. After all, the Telefonica and DoCoMo incidents are trivial compared to what a determined hacker could do with a platform this powerful.<br /><br />Microsoft has also had to deal with the fact that operators, hardware manufacturers and Microsoft itself all need to be able to manage and update different parts of the operating system without interfering with the operation of the device itself or its applications. This division of responsibilities has to be managed carefully, especially with regards to security patches and hardware driver support. <br /><br />The involvement of not only Microsoft, but also the network operator and the equipment manufacturer, in the Smartphone security model has caused some confusion within the developer community. However the security model is not actually that complicated."<br /><br />Read the <a href="http://dnjonline.com/articles/mobility/apr03_security.asp">full article</a> at DNJ Online.