Monday's post regarding the Merogo SMS worm noted its use of signed installation files and that the Symbian Foundation promptly revoked the publisher ID that was used.
So, the worm's files were signed but the certification has been revoked. Problem solved, right?
Unfortunately, not quite yet. One more step is required. Typically, S60 phones aren't configured to check for certification revocation by default.
This is very understandable. If hardware vendors shipped phones configured to make data connections by default, it could potentially cause very big customer service headaches for telephone operators. The hardware vendor cannot assume that the customer will buy a data plan, so the certification check is turned off by default.
If you have an S60 phone, and have a data plan, we suggest adjusting your Application Manager settings.