The short answer is yes, but not easily. Symbian OS devices can be hacked to remove the platform security, thus allowing users to install unsigned applications. The hack involves the modification of system files and access to previously locked areas of the OS. Hacked phones can allow any unsigned code to be executed. The user is no longer protected, which potentially increases the threat posed by mobile viruses. This type of hack is strongly criticized by Nokia as it can result in unstable phones that don’t function properly. This can lead to “bad press” for Nokia as users typically hit the forums, moaning that their Nokia devices are rubbish. However, they neglect to tell the full story!
Smartphone hacking is not for the feint hearted! If the process goes wrong, the phone may become bricked. This term describes a device that cannot function in any capacity. Hence, the device literally becomes as useful as a building brick. Hacking a Nokia N8 smartphone involves flashing the phone with modified firmware, thus replacing the factory installed version. If the firmware is damaged during the hacking process, the phone is bricked. If you download a modified firmware version off the Internet and intend to hack your N8, you might want to read this article first.
Another risk associated with phone hacking is that a Nokia Customer Care Center can refuse to accept your phone for repair. Additionally, phone hacking will void the phone’s warranty. The Nokia N8 costs around R4,800 to purchase in South Africa. For some, bricking an N8 can therefore be an expensive lesson.
There is another way of installing unsigned applications without having to flash the firmware. A developer can distribute an unsigned application, and rely on the end user to sign the application before installing it onto their device. The process for signing an application is relatively simple and is available online.
The end user visits the Symbian Signed website, provides the IMEI number (on the phone, type *#06#) of their smartphone and a valid e-mail adress. The unsigned application is uploaded to the Symbian Signed server where it is signed with a developer certificate and e-mailed back to the end user. The signed application can now be installed using PC Suite.
The IMEI (International Mobile Equipment Identity) is a unique 15 or 17 digit code used to identify an individual mobile device. The IMEI number provides an important function as it uniquely identifies a specific phone being used on a mobile network. Because the IMEI number is unique, the signed application received (via e-mail) from the Symbian Signed foundation will only install on the phone with the identical IMEI number. In other words, this signed application cannot be shared with other phone users.
Patrick Frei (Frei Software Development) is an example of a developer who relies on the end user to sign his application (PhoNetInfo) before installing it. Such applications are not trusted by devices and will display a warning message during installation. The only way a developer can remove this burden from the user of signing their application (that’s not limited by IMEI number) is to sign the SIS file with an express certificate. This process was explained in more detail in my previous post.
Another way that developers can sign applications before distribution involves using Qt. The Qt software development kit (SDK) is ideal for creating web-enabled applications. For example, the OVI Store application on the N8 was developed using Qt. The Qt SDK will sign the application automatically. The signing process allows the application to read and write data on the phone, access local and network services, the user environment as well as location. Users are prompted to allow usage of these capabilities when the application is installed.