[RFC] phonebook support

Eric Johnson eric at ebj.us
Wed Mar 28 15:57:39 CEST 2007 

Harald Welte wrote:
> Those kinds of things are really hard to test... even if we put the
> respective code in place, it's almost imposible to provoke such action
> to happe in the network.  Even sophisticated GSM simulators are probably
> not capable of doing this, unless they come with a matching SIM...
>   
Agreed, but here in the US T-Mobile lets you update ADNs using their web 
site. This sends an OTA to the SIM which basically contains a SEEK and 
UPDATE RECORD on the ADN file - and hopefully a REFRESH (I should check 
if they do this properly). Cingular used to offer such a service too. I 
don't know how well used they are.
> to us, all the silent, undocumented [not indicated to the user or the AP
> software] and magic interaction between the operator and the sim is
> frightening.
>
> Ideally, we would have all this under user [or rather user
> software/policy] control.
>
> I don't want my telephone to do magic things such as silent SMS or the
> like.  It's my telephone, after all.  So if an operator intends to make
> my phone do something, the phone should at least ask me if I really
> wanted this to happen.
>
>   
I understand your concern - everyone is worried about this especially 
when associated with GPS location information being sent out.
However, in regard to the SIM at least, most of the time the Network 
Operators do these things to help by managing the roaming or call 
control etc and I think it would not be advisable to let the user stop this.

The Operators are clearly not so trustworthy when they start disabling 
features on the handset such as Bluetooth file transfers.

> Anyway, all this is something that requires further investigation.  We
> now have the ability to alter the firmware of the GSM chipset, so if
> we'd decide that more user control needs to happen in this area, we
> could at least come up with a technical solution to it.
>
>   
That sounds really great but I expect that this will be locked down 
under a TI NDA.


Speaking of silent SMS etc, has the issue of trojans on the device which 
dial overseas numbers or send SMSs to "premium" services been 
considered. I feel we need to worry about this a little and it was these 
concerns that lead to J2ME applications being so restricted and needing 
signatures from the operator to be able to access certain phone features.
Maybe this is just the cost of freedom and is fine for savvy users but 
mass market is something else.

More information about the gsmd-devel mailing list