Ihmeiden aika ei ole ohi. Forum Nokian foorumissa kysellään kehittäjiltä mitä API-funkkareita pitäisi höllentää jotta niitä voisi käyttää ilman testausta/devcertiä. Kiva. Toivottavasti oikeasti jotain tehdäänkin.
Itse olen ehdottanut jo useasti ihan uutta lähestymistapaa koko kapoihin, joka laittaisi käyttäjän päättämään eikä testitaloa, joka ei tiedä yhtään mitä softa oikeasti tekee. Tässä kommenttini foorumille.
I have made this suggestion before and will make it again: make most of the caps user grantable runtime.
What I mean is this:
When an application wants to determine the location of the user, it will use Location API. The user is presented a query "Do you allow the SW to find out your location?" and selections: No, This time, Through this SW use, Always.
This way the USER is in control. THEY will decide if they want to allow the SW to get the information.
And naturally this woul be extended to all areas: reading/writing SMS's, contact information, email, network, camera etc etc etc.
Platform security is a good idea, but the security should come fom the user. Not from some third party testing house that doesn't really know what the SW will do after a month, year, 100 executions etc. And this way you wouldn't have hundreds of disgusted developers screaming at you.
This has already been done for JVM's in many phones and it is not a hard thing to implement.
Also another thing: it is stupid that we must declare the caps in the MMP file when compiling. Think about this:
I compile a SW. I want to test it with a devcert in my device but I also want to give it out. I use e.g. Location API. Now I must compile two versions: one that has one set of caps in the MMP, sign it with devcert, then another version that has another set of caps and sign it with another cert.
Since the functions can already have return values that say "no no, you are not allowed to do this", why should we tell the caps in MMP? Just so that the user can be presented with the list in application install? Not if you did it the way I described above.
Also, it's not nice to see the list when installing. The SW can "make calls or use network." So, which is it going to do? I want to allow it to use network, but not make calls naturally. The user is quite unsure at this point. Also other caps are too broad for the user to grasp, this is why more fine separation and runtime querying would be nice.
But if you're only going to relax APIs, I too vote for at least Location and Cell ID queries to be allowed without devcert/symbian signed testing.