From Forum Nokia Wiki

T-Mobile U.S. has implemented their own version of the Java security domain policy, which contains both changes in the available domains as well as API access rights for each domain.

The security domains for T-Mobile devices are as follows:

• untrusted 3rd party
• semi-trusted T-Mobile
• trusted T-Mobile

Note that there is no trusted 3rd party domain, so any MIDlet signed with for example Java Verified certificate (or with Verisign or Thawte certicates) cannot be installed on T-Mobile U.S. devices!

The API access rights for untrusted and semi-trusted T-Mobile domains are listed on the following page:

• T-Mobile U.S. API access rights