Tuli tuossa katseltua Sampo Suvisaaren blogia Forum Nokiassa ja hänkin valitteli Symbian Signedistä. Kirjoittelin sitten omia valituksiani asiasta taas, joten laitetaan tännekin:
I really agree with Sampo. If there was a need for a more secure environment, this is and isn't it.
Restricting the application to only read/write files in certain places? Great! Telling the user what the software can/might do? Super! Letting a third party decide on behalf of the user what the SW can do? Crap!
I really don't understand how a third party "testing" house can determine what the software is up to without the source code (and lots of time). Now the users are told that this "testing" will ensure the quality of the software. How? Nokia demands only a couple of minutes of use for the SW to ensure it passes the tests. What about including a little piece of code that'll upload the user's phonebook and SMS's via network to me after two hours of using? After a week? A month? The software has been "tested" and is "of high quality" and "secure", surely this shouldn't be possible?
The right way would be to allow everyone to use all capabilities except the highest ones (including access to all files etc) without any "testing" and money making. Then at installation the user would be informed that the SW can do these things AND let the user RESTRICT the software! So the user could, e.g., say that "no, you will not have access to my messages even though you want to" and the SW would work otherwise and could detect that it doesn't have these rights.
Also, the user would be informed when the application is doing something. Then the user would have the choice to allow or disallow this, or to allow this action indefinitely/for this application use. Then it would really be security.
And yes, I know. The user is the weakest link. But the user should be educated and informed about these things, not kept in dark and let a third party decide for them!