> Of course they are doing this to "protect the user", and their "network", which is total b.s.
I'm no more a fan of the vetting process that mobile apps have to go through than anyone else, but this particular piece of FUD actually bothers me quite a lot.
Imagine if J2ME-equipped handsets were subject to the same sort of malware ecosystem that, say, Windows boxes are. Now, add to that the fact that an 0wned mobile device is an automatic money-maker for the black hats, (think 1-900 numbers) and I think there's a very good reason for carriers to be nervous.
Imagine if J2ME-equipped handsets were subject to the same sort of malware ecosystem ... I think there's a very good reason for carriers to be nervous.
Now, that's true for something like Symbian (or iPhone) native applications, which pretty much get the run of the house.
However, J2ME was explicitly designed to make this kind of thing impossible. The user can just kill the JVM at any time, easily (too easily - all good J2ME apps should autosave!). The program itself is trapped in a sandbox which asks for explicit permission to do things that can cost money (data access, phone calls, etc). Hit up java.sun.com for a full explanation of the security model.
The smoking gun is, once again, the European carriers - well, and the Asian ones, and generally everyone not in North America - who allow arbitrary downloads and arbitrary IP access...and strangely enough, nobody's phone's been 0wned yet via J2ME.
I'm afraid this is really is just the American carriers being tight-fisted.
I'm no more a fan of the vetting process that mobile apps have to go through than anyone else, but this particular piece of FUD actually bothers me quite a lot.
Imagine if J2ME-equipped handsets were subject to the same sort of malware ecosystem that, say, Windows boxes are. Now, add to that the fact that an 0wned mobile device is an automatic money-maker for the black hats, (think 1-900 numbers) and I think there's a very good reason for carriers to be nervous.