Cingular's highly-restrictive Java security policies make using even popular applications like the Google Maps Java plug-in very tedious on Cingular branded phones. The policies are far more restrictive than the defaults for manufacturers of the phones. What this policy means is that we developers of applications must have a special relationship with Cingular, and get our applications signed by Cingular (who don't even trust us to get our own certificate; we must send our application to them), in order to even test our applications on our own phones.
Even Google's own Google Maps application is rendered more or less useless because the user is prompted over and over to make a connection to the web during casual use of the Google Maps Java plug-in. Granted Google could probably get their applications signed, but note that signing an application with a Cingular Preferred certificate will make it not install on non-Cingular phones. I assume this practice is similar amongst the other carriers, and so you would have to make numerous versions of your application to make it work, creating a different kind of problem for both users and developers.
Contrast with (better) more open policies
The manufacturers default firmware makes the phones far less restrictive. For example, Sony Ericsson will allow you to connect through bluetooth even from an unsigned application, but it will require prompting the user when the applictaion trys to connect. It will allow you to choose permissions on an app-by-app basis, and if you are silly enough to trust someone like Google, you can set a blanket permission on the app or at least an ask-once-per-session permission. Not the case if the phone is branded by Cingular; it is impossible to make such a connection without a Cingular Preferred certificate. The process for obtaining such a certificate is quite opaque; their website simply states that they are only handing out certificates to those with whom they already have a buisness relationship.
See these threads on their developer forums for several discussions between developers and Cingular representatives (free registration may be required). As outlined in this post from ArsTechnica a couple of days ago, this could result in legal trouble for the monopoly carriers once attention is paid to the problem. Perhaps we can stir up some attention by digging this post.
Currently, the only option open to an end-user (since we can't control what Google or Cingular do) is to go to sites such as Davinci Team or Wotan Server and get your phone debranded. This process is different from (and more risky than) unlocking the phone. It involves putting a new firmware on the phone, which causes you to lose all manufaturer-placed applications and features, along with any information you have stored on the phone. Aternately, you can get an unbranded, unlocked phone like this one.
Friday, February 16, 2007