So I've read up on all the security docs Sprint has published wrt developing and deploying on the Instinct. Anyone can develop apps for the Instinct, but not anyone can deploy, the midlet needs to be signed by one of two root certs that are shipped with the phone:
1) Sprint's root certificate (activated by default)
2) Sprint's developer certificate (inactive by default)
So as I understand it gives three choices for deployment:
1) Develop your app, have sprint use their private key to sign your midlet = probably need to work for Sprint or be some business partner for this to happen (i.e. this is what Sprint uses to sign their apps for Instinct).
2) Buy your own developer Digital ID (basically your own cert) from Verisign (a $400+ expense) and sign your own midlets. Then you need to have the end user "activate" the developer cert that was shipped with the phone.
3) Use the "testing" cert that Sprint shipped with the WTK3.3, this is good for 3 years and requires activation of the developer cert on the end user's phone. It looks like Sprint is considering limiting the distribution of apps signed with the "testing" cert to a few hundred per developer.
Activating the developer cert on the phone is an online process done with the web browser on the phone, and currently requires information from Sprint's developer program (so you may have to be registered with their ADP program, etc).
So far that's what I know about deploying on Instinct. Not the best situation, but probably a good compromise for security purposes - after all some folks keep their life in their phone
