The version of Java available for wireless devices today, a subset of J2ME (Java 2 Micro Edition) known as the Mobile Internet Device Profile, or MIDP, depends largely on a "sandbox" method to secure devices against viruses and other malicious code. Downloaded programs run in a quarantined area from which access to other software on a device is restricted. 

That's not an adequate system, according to Mike Walker, director of worldwide research and development at Vodafone Group PLC, who recommended improvements at JavaOne here this week. Walker is also the chairman of a security committee set up by the 3rd Generation Partnership Project, a wireless industry group.

"This sandbox approach to security is no security at all. It's a joke, so just forget it," Walker said during a presentation on Java and wireless security here.

That the first release of a new technical specification may be lacking in security features won't surprise many developers, and an update to MIDP that attempts to fix the holes is expected to be approved by the Java Community Process in the coming months. But the call for tighter security highlights challenges that still face the delivery of wireless Java applets, which is being feted here as the industry's next big money-maker.

What's needed, Walker said, is a domain-based security framework that can ensure that Java applets delivered to a mobile device come from a legitimate source, and that they haven't been modified in any way as they travel over a network.

The public key encryption system could address part of the problem, he said. A developer writing a Java applet, such as a game or a currency converter, would add a digital signature using a unique, private encryption key. When the applet arrives at the device, the private key would be matched with its corresponding public key to ensure it arrived from a trusted source.

In the execution environment, additional technologies can be implemented to manage which functions on a device an applet is allowed to invoke, he said.

A proposed upgrade to MIDP, with the working title MIDP NG, for Next Generation, was submitted last year to the Java Community Process. It is available now for public review and could be approved as early as May, Walker said. The upgrade, backed by leading handset makers and operators, includes many of the features he proposed.

Sun Microsystems Inc., Java's creator, denied any shortcomings in MIDP 1.0. The specification is "perfectly adequate" for the types of devices in use today, said Eric Chu, a group marketing manager with Sun. More than 18 million Java handsets are already in use worldwide, he noted. Japan's NTT DoCoMo Inc., an early leader in wireless data services, added only a layer of SSL (secure socket layer) encryption for its Java-based services, he said.

"You have to balance security with usability," Chu said. "Right now we treat all applications as untrusted. Once the market starts to grow and mature and we get a better understanding of the usage model, then we can start to beef it up."

Walker had a different view. Without improvements to MIDP's security features, the potential for breaches is great, he said. Among other problems, malicious applets could be used to gather personal information about users stored on a phone, such as a credit card number. They could also be programmed to invoke fee-based services without a user's permission.

Operators can add their own security technologies for running Java applets, but having a standard implementation is important to ensure that applets can run on handsets from a variety of vendors and across multiple networks, he said. Part of the onus falls on wireless operators, who together are hammering out a way to implement the standard once it's available, he added.

Most importantly, nothing taxing should be required of customers, Walker said. PC users are accustomed to loading security patches and upgrading their software, but phone users expect everything to be done on their behalf, he said. The most that users want to see is a prompt warning them that they're about to launch a service for which they'll have to pay extra.

Walker's remarks were geared mainly toward cell phones, but he said the same principles apply to Java applets delivered to handheld computers and other gadgets. The industry needs to deal with the issue quickly and effectively, because users are unforgiving and will shun wireless data services if they don't work well the first time around.

"If any one of these things goes wrong, we will destroy confidence, and the opportunity mobile code offers will vanish," he said. "It will vaporize in no time at all."