Resources | developer.brewmp.com Resources | developer.brewmp.com

Developer

resources

Content Authorization

Brew Mobile Platform is engineered with proactive defenses against viruses and malware, the cornerstone of which is explicitly authorizing, or white listing, the code that may execute on the device. This inserts into the software release process an opportunity and a mechanism for device manufacturers or mobile network operators to understand, vet, and even verify the code, its origin, and the developer. Code authorization through white listing means knowing where the code came from before you run it. Effective white listing avoids the introduction of anonymous code, which is more likely to be malware.

In short, to authorize dynamic code to install and execute on a Brew MP device, it must be signed under a code authorization root configured on the device. Signing authorities may deploy their own signing operations for code they have vetted by:

  • generating a root certificate to be configured in the device image
  • generating signing keys with signing certificates issued under their root
  • leveraging these signing keys and certificates with the Brew MP Code Signing Kit to generate Brew MP-style signatures for the code to be authorized

Code signing operations and the private keys upon which they are based must be deployed and managed securely. A compromise to either could lead to unauthorized and potentially ill-behaved code running on the mobile device.

More detail on this can be found in the BrewMP Technology Paper Code Authorization on Brew MP through Digital Signing.