If you are working in the Symbian device-creation community you may be interested to know I now have a version of SExplorer that has been built (but not signed) with AllFiles capability. The idea is that if you are working on another project that requires an AllFiles devcert then this can also be used with SExplorer to allow browsing to private and sys directories. Just email me if you need it.
Looking around, it seems that more and more developers are starting to rely on end users signing using devcerts in order to gain capabilities. Devcerts, as opposed to Symbian Signed testing, allow access to capabilities for development purposes and are tied to a phone IMEI for six months. I am not sure Symbian intended devcerts to be used in this way. At least the kind of people who are creating their devcerts know what they are doing and are knowingly permitting specific applications to do more on their phone. This make me wonder if there should be some kind of ‘enduser’ cert for this kind of thing maybe with a easier web based front end for signing the sis. This might even validate the sis in some way with revocation for known rogue applications (don’t worry there aren’t any yet!).
Incidentally, if you have created a self signed application then check the validity period. If you relied on createsis to create its own certificate then the validity period will only be one year. This means the application won’t install after one year. You must explicitly create a new certificate with a long validity. For more on this please see the Nokia Forum Blogs.
If you find all the devcert vs self-signed vs Symbian signed stuff confusing then try googling for symbian platform security. A more concise and pragmatic view of it all will be provided in my tutorial next month for Sony Ericsson Developer World.