belonging to the MIDlet suite we wish to sign. The MIDlet suite is now
ready for deployment on the target device.
The WTK also offers additional functionality to test out signed MIDlet
suites. There is a default trusted key pair (and an associated root certificate)
that can be used to install and bind a signed MIDlet suite to a trusted
protection domain within the emulator environment. This then allows
MIDlets in the signed suite to run within the WTK environment as trusted
without obtaining and importing a certificate from a CA. This feature is
particularly useful for ensuring that the appropriate permissions to access
protected APIs have been requested in the JAD file. It is important to
remember that this feature of the WTK only works in the test environment.
For real devices, you must sign your MIDlet suite with a valid certificate
received from a Trusted CA.
2.5.8 Untrusted MIDlets
An untrusted MIDlet suite is an unsigned MIDlet suite. It is, there-
fore, installed and bound to the untrusted protection domain. Untrusted
MIDlets execute within a restricted environment where access to pro-
tected APIs or functions may be prohibited or allowed only with explicit
user permission, depending on the security policy in force on the device.
To ensure compatibility with MIDlets developed according to the MIDP
1.0 specification, the MIDP specification demands that the untrusted
domain must allow unrestricted access to the following APIs:
Furthermore, the specification requires that the following APIs can be
accessed with explicit permission of the user:
The full list of permissions for the untrusted domain is device-specific,
however the MIDP specification does provide a Recommended Security
Policy Document for GSM/UMTS Compliant Devices as an addendum
(with some clarifications added in the JTWI Final Release Policy for