Device API access control gets easier with new MNO tool

GlobalPlatform has defined a specification that enables mobile network operators (MNOs) to access certain aspects of the mobile device operating system (OS), which are by default not accessible for security reasons. The specification has received input and support from MNO industry body GSMA and device manufacturers, who recognize that MNOs need this advanced access to ensure customers are receiving optimum network management connectivity.   

“MNOs want access to mobile device parameters to ensure customers are receiving the best possible service,” explains Gil Bernabeu, GlobalPlatform’s Technical Director. “These low-level services are used to adapt device parameters to the MNO network capabilities. At present, it is expensive and timely to customize each device OS to enable individual MNOs to access sensitive APIs.”

The GlobalPlatform Device API Access Control v1.0 defines a generic mechanism that enables MNOs to access sensitive APIs in a mobile device OS based on authorization rules pre-stored in a SIM card (Secure Element). Once inserted or active in the mobile device, the MNO applications are authorized to access specific sensitive APIs on the device.

This specification is intended primarily for SIM card manufacturers, handset manufacturers, and MNOs. This version supports device applications running in the rich execution environment, including Android environments.

Gil concludes: “Establishing a device trust architecture that is accessible to authorized parties is critical if the functionality of a mobile device is to achieve its potential. To realize this, collaboration across stakeholders is essential. The publication of this specification is just one example of the work GlobalPlatform is doing to promote collaboration and open ecosystems where digital services and devices can be managed securely, while bringing efficiencies to stakeholders.”