Subscribe to News

Security policies on windows mobile devices

Author : Ester Artieda

From TechnologicalWiki

Jump to: navigation, search

Contents

[edit] Introduction

Windows Mobile devices implements a set of security polices which allow to run applications or not depending on the parametres of the registry. Developers should know the level of security to provide its own applications of certificates if it is necessary. This is to say, depending on our security policies configuration we will need certificates or not or we will have to accept prompt messages before to run an application or to get some data from a special API.

I love raednig these articles because they're short but informative.

[edit] Security configuration

Different combinations of above registry keys give the device different security levels, where we can find the follower ones.

You're the greatset! JMHO

This makes everything so cmopleetly painless.

[edit] One tier

A device has this configuration when registry values are on 4102=1, 4122=0, 4123=1 and 4097=2.

One tier devices need to respond affirmatively to the prompt message which appears when a program is run to go well, but the main difference with two-tier devices is that user can install certificates running SdkCerts.cab which are on the tools directory of the SDK if they want to sign applications.

[edit] Security off

A device has this configuration when registry values are on 4102=1, 4122=1, 4123=1 and 4097=1. It isn't a recomended configuration because it is allowed to call every API without notifications, so it's possible to have a virus on our phone and don't know its existence.

[edit] Sign your application with Visual Studio

As we have shown, sometimes developers need to sign their applications to have the rights to run its own program depending of the level of security. Visual Studio provides a tool developers can use to sign their own applications as part of the build process. These are the steps we have to follow to sign programs: 

  1. On the Project menu, click Properties.
  2. Click Authenticode Signing.
  3. For the Authenticode Signature property, click Yes.
  4. For the Certificate property, click the Ellipses (…) button.
  5. In the Select Certificate dialog box, do one of the following:
         * If the certificate you want appears in the list, select it, and then click OK.
         * If the certificate you want does not appear in the list, click Manage Certificates to open the Manage Certificates dialog box. Use this dialog box to import one of the SDK certificates (or import the certificate an OEM or mobile operator gave you as part of its developer program).
         Note   Be sure to use the *.pfx file, not the *.cer file.
  6. On the Authenticode Signing page, click OK.


[edit] References

http://msdn.microsoft.com/en-us/library/ms839681.aspx#wmsecurity_topic7 http://blogs.msdn.com/hegenderfer/archive/2007/05/23/a-windows-mobile-security-primer-for-developers.aspx

Retrieved from "http://www.thewiki4opentech.org/index.php/Security_policies_on_windows_mobile_devices"
Main Collaborators