From Forum Nokia Wiki

Moderators note:- There is a need for cross reference and citation for example to the article How to get IMEI in Java ME and therefore this text could have been better by being added to the original article.

Author's note: A large number of people ask questions about this in the Java forum, because they want access to the cell ID or IMEI number on Series 40 devices. The phrase "signed to either operator or manufacturer domain" is used in the wiki articles on these subjects, but is never explained. It is a source of great confusion. In one case, a developer bought a Thawte certificate, because he was unaware of the difference between "trusted third party domain" and "manufacturer domain". He wasted his money.

The information herein is based on five years' experience of deploying Java application through manufacturers and over 100 network operators globally, and is not speculation. If anyone is able to assert that any information in here is wrong, out of date or inaccurate, please correct it.

What Does This Mean?

Signing a Java application is not simply a matter of "signed" or "unsigned". Different signatures give the application access to different security "domains".

Normally, a signed application has access to the "trusted third party domain". This is usually the case for applications signed with Thawte, Verisign or Java Verified certificates (assuming the root certificate is on the phone).

The "operator domain" is available only to applications signed by the network operator (the one who issued the SIM card in the phone). An operator-signature will be accepted only by phones with that operator's SIM card, so a Vodafone signed application will not work in a device with an Orange SIM card.

The "manufacturer domain" is available only to applications signed by the manufacturer of the device. An application signed by Nokia will be rejected by a Motorola device.

How Do I Get My App Signed?

You might not be able to. Often, this level of access to the device is reserved for pre-installed applications, or applications that are part of some value-added service offered by the network operator. This is the highest level of trust, and give an application the highest level of access to the device, including the ability to bypass some of the normal security measures. At the very least, you will need a close business relationship with the manufacturer or operator. If you're working on a contract for the manufacturer or operator, or you're a well established company with a few million dollars of professional indemnity insurance, then you're off to good start.

If you're a student or an independent developer, you might be wise to consider an alternative solution.