As telecommunication carriers continue to invest in location infrastructure, a proliferation of location-based services is developing ranging from consumer services such as local search and mobile social networking to enterprise services such as fleet management and asset tracking.
Java™ Micro Edition (Java ME™), the predominant execution environment for mobile devices in the market today, supports access to location technologies (including A-GPS) through the JSR 179 standard location application program interface. In most cases, the only option open to a mobile network operator for managing control to the JSR 179 API or other APIs which access potentially sensitive user information is through application signing (whereby the mobile operator attaches a cryptographically secure digital signature to the mobile application before deploying it to the mobile device.) Although digital signing is an important safeguard, it is not sufficient.
Once deployed in the field, the mobile network operator has very little control over the behavior of the mobile application. Access to sensitive APIs such as the JSR-179 API cannot be limited or managed. In many cases mobile applications cannot even be monitored. In a sense, the application is “thrown out into the wild”, and certification/validation begins and ends during the digital signing process. In view of the above, it would be desirable to provide a method for managing third party application program access to user information via a particular native application program interface (API).