I'm developing a client application which uses the REST API of the corresponding server application, which is build by our company.

We are targeting devices with system software 4.5 and up, although we may drop support for 4.5 in the near future and making 4.6 the new lower limit. Currently, dropping support for anything below 5.0 altogether is not an opption for us as we are urged to support devices which are actually in use.

Therefore, I'm building with the SDK version 4.5.0.28, but I also tried with 4.6.0.23 and got the same results.

The current REST API of our server application uses GET, POST and DELETE requests, so I had to use SocketConnection and build my own HTTP handling code to implement the DELETE method.

There are different instances of the server application (testing, staging, productive) with different hostnames, but for the standard use case from the end user point of view the app would stick with one host. Therefore I designed the code, which handles the application permissions related with network access, to just ask for the permission to access the currently configured host (-> getPermission(permission, domainname)).

Upto now, I used mostly just one host for the tests. I switched once the host when I had to use a host with a newer version of the server application software. Despite of carrier/network related issues I had never any problems to access the hosts.

But now, while testing the new code I suddenly ran into unexpected trouble.

At one point, I changed the hostname to use another server host and since then, I get a SecurityException whenever Connector.open() for a https-URL is called. I even get it after changing back to the previous hostname. The reason string is just "Permission denied".

I checked so far:

• This is not a ControlledAccessException. I checked both, but only SecurityException got catched.
• The ApplicationPermission API returns true when I check the permissions. The permissions are checked at startup and the permission request dialog is shown if they are not appropriate. They are also checked before trying network access via a specific transport.
• The firewall seems not to be related: this Exception is thrown even than the firewall is disabled.
• I'm currently testing with a Bold 9000 and software version 4.6 and a Torch 9800 with software version 6.0. The Bold is connected with a BES and the IT Policies don't allow me to disable the firewall. The Torch is "standalone" and the firewall is disabled by default.
• I tried this with a Torch Simulator and found that it will work when I disable "device security". The Exception is also thrown in the simulator when I enable it (and running the signed app).
• I compared the *.csl files of earlier builds with the current build and found no missing entries.
• I changed my code to ask for network access permissions without limiting it to some specific domain.
• I deleted the app on the devices and installed it again - and still get the same result.

I find it rather suspicious, that I don't get the usual "application requests to establish a https connection" dialog when I use the https-URL.

I actually get the similar dialog when I change the code to use the SocketConnection for GET using a ssl-URL. The network access even works in this case, but my HTTP implementation is still too rudimentary to be useful for this case.

So, my question is: What may trigger this SecurityException? Which component actually does "deny the permission"?

And may be related: Is the permission to access a specific server via http/https or socket/ssl stored somewhere on the device in a way that it will even survive the de-installation of the corresponding app?

Am I looking in the wrong direction and there is something other going on here?

I would appreciate any help to get this case solved.

Thanks in advance,

webbasan.