A MIDlet is an application that uses the Mobile Information Device Profile (MIDP) of the Connected Limited Device Configuration (CLDC) for the Java ME environment. Typical applications include games running on mobile devices and cell phones which have small graphical displays, simple numeric keypad interfaces and limited network access over HTTP.
The .jad
file describing a MIDlet suite is used to deploy the applications in one of two ways. Over the air (OTA) deployment involves uploading the .jad
and .jar
files to a Web server which is accessible by the device over HTTP. The user downloads the .jad
file and installs the MIDlets they require. Local deployment requires that the MIDlet files be transferred to the device over a non-network connection (such as through Bluetooth or IrDa, and may involve device-specific software). Phones that support microSD cards can sometimes install .jar or .jad files that have been transferred to the memory card.
MIDP 2.0 (JSR 118) includes a comprehensive security model based on protection domains. MIDlet suites are installed into a protection domain that determines access to protected functions. The MIDP 2.0 specification also includes a recommended practice for using public key cryptography to verify and authenticate MIDlet suites.
For definitive information, consult the MIDP 2.0 specification. For an overview of MIDlet signing using the Sun JavaTM Wireless Toolkit for CLDC, read the article Understanding MIDP 2.0's Security Architecture.
If you need more background on public key cryptography, try the article MIDP Application Security 1: Design Concerns and Cryptography.
The MIDP 1.0 specification constrained each MIDlet suite to operate in a sandbox wherein all of the APIs available to the MIDlets would prevent access to sensitive APIs or functions of the device. That sandbox concept is used in this specification and all untrusted MIDlet suites are subject to its limitations. Every implementation of this specification MUST support running untrusted MIDlet suites.