Code signing is already a requirement for any program written for the .NET environment, kernel mode, Adobe AIR, Android, and other mobile platform certifications such as Microsoft Windows Apps Marketplace and Symbian Signed.® These platforms will generate warning messages or refuse to install an application unless its code is signed by a recognized Certificate Authority (CA). For instance, every application running on the Android platform must be signed by the developer. Applications that attempt to install without being signed will be rejected either by Google Play or by the package installer on the Android device. Windows platforms such as Azure, Vista, and Server 2008 also require code signing for the Windows Logo program certification. Trends in the industry indicate that soon all operating systems, application development platforms, and mobile devices will only run signed code.
Network providers are especially wary of buggy or malicious applications and many of them will not run unsigned code. In a network environment, the potential consequences of downloading malicious code include destruction of the mobile device, service interruption, spread of the malicious application, identity theft, and financial damage. The cost of this damage could run into the billions of dollars within minutes. Not only do network providers fear disruption to service, they also fear any kind of negative experience that might drive away customers. Retaining customers is essential to network providers’ business models for sustaining and increasing profitability.