Comments on: How MIDlet Signing is Killing J2ME

By: good_kid

good_kid — Wed, 24 Feb 2010 07:25:20 +0000

You are right!I hate the security domain.Last week we paid for a midlet sign by the third trusted domain.But It’s still not working becuase it needs our providing the operator signature.Horrible! I could not test my application when I was coding and using my own phone.It’s totally bad things for J2ME.

By: HaqMan

HaqMan — Fri, 22 Jan 2010 20:00:01 +0000

I wish if I read this article earlier, after spending hours and hours on a j2me app, I’ve learnt that I cannot distribute it, only by paying hefty price, so my development is kind of useless!!! Well, this is what you get if you don’t research before starting development There must be a way around this, maybe getting a copy of Sun’s cert?!?

By: Adam

Adam — Wed, 30 Dec 2009 01:52:30 +0000

Nice article.

My first mobile app and I run right into this crap. Can't read the file system without a warning every time. Can self-sign the jar, but can't install the certificate on the phone. Am not willing to pay $$$: I bought MY phone and want to run MY stuff on it. Its mine. But apparrently I'm not allowed. What a load of crap. Its all over for me and mobile apps - at least as far as J2ME is concerned.

By: Po co nowe platformy programowe na komórki? « Przem Kalicki – zapiski

Po co nowe platformy programowe na komórki? « Przem Kalicki – zapiski — Wed, 21 Oct 2009 05:03:07 +0000

[…] Szukając materiałów na temat znalazłem wpis na pewnym blogu o bardzo wymownym tytule: “How MIDlet Signing is Killing J2ME” […]

By: Michael

Michael — Thu, 15 Oct 2009 23:47:12 +0000

Yes, Android can be good thing. But it is new platform, not enviroment (like .Net Framework for PC) so only new (that means: high-cost) devices will support it. Of course, after couple of years the situation can be another. But yet there are a lot of devices, which requires JeME support, in the world. So J2ME still alive..

By: Vasily

Vasily — Sun, 04 Oct 2009 14:03:39 +0000

Thank you for your post! Even if it dated two years ago, the same crap happens today.

Luckily, we have Android now! I suppose that 90% of application developers will switch to Android because Google ever supports developers, while Sun and carriers are trying to make money. It seems that Android takes all the problems of mobile applicaiton development and solves them at one time!

Special thanks to "j2mesecrets" site author.

J2ME is dying. Long life, Android!

By: Serge

Serge — Thu, 24 Sep 2009 09:51:24 +0000

While midlet signing has a valid reasoning behind it (to prevent ill-meant midlets from stealing valuable personal data), even developers themselves cannot get rid of the unnecessary checks even on their own phones!

Yes, I guess that’s Sun’s fault that it did a lousy job of checking the MIDP implementations of specific phone manufacturers - how would they ever get the “Java Powered” logo then?

Look at Android: http://developer.android.com/guide/publishing/app-signing.html “The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.” - It could be that simple for MIDP as well but the phone manufacturers decided they knew better…

In fact, I’m about to start developing for Android now. The MIDP, as is, is just not up to the task of serious development.

As for CA certificate costs - yes, I also think the price is just insulting for typical midlet developers…

By: Peter B.

Peter B. — Sun, 23 Aug 2009 14:49:35 +0000

@Sam

Oke, I only used it for my own HTC. At first I tried to use OpenSSL, but kept getting an error when installing my Midlet on the PPC. It said something like 'unable to verify the digital signature .... '. So for me the $30 saved a lot of time.

By: Sam

Sam — Sun, 23 Aug 2009 14:40:05 +0000

@Peter B.

It is not possible to install a root certificate on all devices, a Motorola RAZR for example. The service offered by xs2us.eu is to provide you with a private/public SSL certificate pair... you can generate these yourself using the OpenSSL open source software. If you are impatient or confused by the OpenSSL documentation, $30 might be an option, but I personally recommend producing your own keys if your handset allows it.

By: Peter B.

Peter B. — Sun, 23 Aug 2009 14:06:20 +0000

Hello everybody,

I don't know very much about Midlet signing and am a pure hobby programmer. So I have had problems with restricted access for many months. But some time ago I bought a HTC touch diamond with windows mobile. When trying again I stumbled on a site (xs2us.eu) where I found the solution that works for me!