S60 5th Widgets and Platform Security

s60.gif I have been taking a look at the latest Widget support in the S60 5th SDK. In particular, the new support for platform services such as location, calendar, contacts, messaging, logging, media and systeminfo.

Although the documentation (also available online) doesn’t mention the contacts and calendar APIs, they are in fact present. It’s possible to run the calendar and contact examples in the SDK and manipulate the phone’s appointments and contacts.

If you read my blog last year, you may remember I asked how Widgets would allow access to platform services that were (via c++) subject to Symbian platform security and application signing.

The answer is that the web runtime has implemented security prompts. For example, when you run the contacts example, you get…

wrt1.gif 

Selecting ‘More Info’ you get…

wrt2.gif
In addition to this, there are also two more prompts when you run a widget that uses messaging…wrtnetworkservices.gif

 

 

 

 

 

 

 

 

wrtnetworkservices2.gif 

This wouldn’t be so bad if it were a one off event. However, for a messaging widget that accesses contacts, the user will be prompted three times every time the widget is run which is going to be annoying. It would be better if all relevant prompts were in one dialog and even better if it were a one off event when the widget is first installed with some type of settings facility to allow the user to change permissions should they change their mind.

At first sight, it seems that widgets can gain access to platform features (contacts and location) that previously required Symbian Signing when used from c++. However, Nokia (quietly!) changed this for S60 3.2 so that the capabilities required can now be self signed by developers and user granted by end users.

As an aside, for c++ and Python developers, this also means that as of S60 3.2 (Nokia N78, N79, N85 and N96 and all later phones), applications can also use location and contacts without having to Symbian Sign applications. They just need to be self-signed by the developer and the user needs to perform a one off grant to access these features at time of installation.