It is commonly practised to digitally sign program installation files with a valid signing certificate in order to secure that these files (and consequently—the programme) contain genuine code, which has not been altered in any way, and that the contents of these files can be tracked back to the party responsible for it. In case of files containing small applications (for example Java MIDlets run on mobile phones etc.) the digital signature is also used to grant the programme extended execution rights (such as access to sensitive capabilities of the device, like sending SMS or reading the user's address book). Certificates for digitally signing files are available commercially from specialized vendors, whose responsibility is to ensure, that parties receiving certificates from them can be authenticated and traced. One of the methods used for this purpose by vendors is to offer certificates only to registered companies and not to private parties.
Such method presents a considerable organizational and financial obstacle in using digital signatures by a long tail of software developers, dorm-room innovators, garage startups etc., who would like to be able to start developing, testing and spreading their digitally signed applications without having to start a company and investing time and money into procedures they are really not interested in.
Moreover, in view of rapidly expanding exploitation of small programs (e.g. MIDlets) on personal mobile terminals, such as mobile phones, there is a practical need of controlling the privileges given initially to such programmes in time, in case if for example their code would prove to be malicious in any way.