SECURE YOUR MOBILE APPLICATION

SECURE YOUR MOBILE APPLICATION

MIDP and Security

It may sometimes be essential to secure your mobile applications designed to protect users against prying. It is for the programmer to ensure that:

- That its program has the necessary permissions for its proper fonctionnemlent

- If the code was compiled to be decompiled it is "fuzzy", confused.

- Identify the application to the user.

To accomplish these tasks I will show you how Netbeans IDE life easier.

Obfuscation

Obfusquation may mean making dark, confused, blurred. Programmers use the term to designate a code hard to read and maintain. There are many free and paid obfuscator soft. The obfuscation as you will understand is used to make the source code difficult to understand and therefore to mitigate the existence of decompiler. an obfuscation only affects the files. class and not on the source files. After an obfuscation weight of the application can be reduce ... what appears to be a good advantage. The obfuscation is to be made before the prévérification in the sequence compilation of your application. Netbeans IDE includes a free obfuscation (Proguard) whose use is very simple.

You just go to the project properties - obfuscating - Obfuscation Level. Whenever you move the gauge you can read the description of the corresponding level of obfuscation. After you just say OK.

Remember that the Obfuscation is when you are in production phase of your program and not being debugging. Always test your application after obfusquer, there may be derangements for example relating to the level of obfuscation that you define.

API access to protected

For its proper functioning program will often use permissions. One example for a right of access to files, the mobile information (File Browser, PIM API) is also the case for a connection to the Internet. The programmer must provide such permissions. The MIDP 1.0 specification does not the permissions if you can say it like that. MIDP 2.0 is quite flexible against. Permissions set in the descriptor of the application (. Jad) through attributes MIDlet-Permissions for required permissions and MIDlet-Permissions-opt for the optional permissions. When the permissions problem is detected when launching an application that it produces an SecurityException.

With Netbeans IDE, adding a permission can be done by going to properties - Application Descriptor - API Permissions - Add - Select your permissions. Depending on whether you check or uncheck "required" or your permission is not considered optional. Netbeans will add the attributes in question. Jad (application descriptor)

-

Everything goes as before the application specified the rights (permissions) and it wishes to have clarified the identity of the user through the use of digital certificate.

Signature of the application

A certificate is like the card application identity, the link between the physical entity (author) and the virtual entity (the application). the standard most often used to produce the X509 certificates.

We will use Netbeans IDE for signing our application. To do this we find in the Properties - Signing - Keystore - Alias. There are several areas to protect, select the certificate for the domain that fits your goals:

- Minimum all permissions are denied (OTA is a result of a failure).

- Trusted: all are accepted without permissions of the user intervension

- Untrusted: permissions granted after agreement of the user

Then export the key to the emulator to test your application.

Choose the field and click OK. Now your application is signed. The certificate was exported to the emulator for your application to be tested. Indeed, if your device does not recognize the certificate there is no valid reason to achieving the installation. You can create your own certificates (where you put your personal information for the signature) to open keystores manager. Then follow the steps as presented in the diagram below. (Note: Step 7 is not required)



The award of this certificate produced a jad having the following attributes (color)

-------------------------------------------------- -------------------------------------------------- ---------------------------------

MIDlet-1: PIM Browser Example, / org / netbeans / desktop / resources / dir.png, pimbrowserexample.PIMBrowserExample

MIDlet-Certificate-1-1: MIICYTCCAcqgAwIBAgIESn8frjANBg .. [number!] ... etc.

MIDlet-Jar-RSA-SHA1: BLSTv7epKRxVrFCmAcBIBsXRXg .. [number!] ... etc.

MIDlet-Jar-Size: 73547

MIDlet-Jar-URL: VotreMIDlet.jar

MIDlet-Name: Visual Designer Custom Components

MIDlet-Permissions: javax.microedition.pim.ContactList.write, javax.microedition.pim.ContactList.read,

... etc.

-------------------------------------------------- -------------------------------------------------- ---------------------------------

If you have not export the certificate in the emulator, when running you get an error message like:

-------------------------------------------------- --------------------------

Starting emulator in execution mode

Installing result from: http://127.0.0.1:1254/VotreMIDlet.jad

[WARN] [rms] javacall_file_open: _wopen failed for C: \ Documents and Settings \ be \ javame-sdk \ 3.0 \ work \ 0 \ appdb \ _delete_notify.dat

*** Error ***

A problem occurred during application from deploying http://127.0.0.1:1254/VotreMIDlet.jad

Reason:

The content provider certificate issuer C = Cameroon; ST = State, L = Location, O = Greenspirit; univa1109 OR =, CN = benycertif is unknown.

-------------------------------------------------- --------------------------

This message tells you clearly that the certificate is not recognized, in other words your application has an identity card which does not permit. add your certificate through the wireless toolkit that it is recognized. just like you do with your browser. But the "_delete_notify.dat" WARNING can have another cause : Try to see here: http://greensspirit.blogspot.com/2011/05/warn-rms-javacallfileopen-wopen-failed.html

This post has quickly explained the possibilities of securing your MIDlets and showed you how to do it easily with Netbeans IDE.

that's that....