Tuesday, February 9, 2010

Understanding Application Lock on Windows Mobile Standard Devices

Articles Written by: Mike Temporale on Monday, August 31, 2009 9:00am

MobileJaw-ApplicationLock Touch screen or no touch screen. There’s more differences between Windows Mobile Standard and Professional than the touch capability of the screen. Application security is one of the major differences. When you install software on Professional based devices, the most you are asked is if you trust this unsigned application. If you say yes, then that application has full access to the device and any API’s that it would like to interact with. That’s not the case with Windows Mobile Standard based devices. When installing an application on Standard, you will still be asked if you trust this unsigned application.

Beyond that, if the application is signed with a certificate that is in the privileged store, then it will run as a privileged application. If it’s signed with a certificate that is in the unprivileged store, then the application does not have privileged access. What’s all that mean? Well, unless the application is privileged signed, then it won’t be able to access restricted parts of the device. There are a couple good articles over on MSDN that outline the security model on Standard devices. I recommend reading “Windows Mobile Powered Device Security Model” and “Application Security”.

So what actions are considered privileged? Without turning this article into a developers focus, I’ll just say; typically this is anything that interacts with the core functionality of Windows Mobile. If you are looking for more details on exactly what APIs, and registry settings are effected, then check out this article on MSDN.

This is all great, but how do you turn off privileged mode so that your favorite application can run without any problems. You can change the security values on your device using the codes outlined on this MSDN page. You need to define what security policies you want to change and build an XML provisioning file with those inside. Then using a privileged application, run this settings file on the device. And that is the tricky part of this whole process. Finding just the right application that is signed with the correct level of privilege to allow you to change the two-tier security level on your phone is not an easy task. Stay tuned for part II of this article entitled “Removing Application Lock on Windows Mobile Standard Devices”, where I will provide the answer to that very question.

   Comments (3)
\ \ \


Comments

3 Responses to “Understanding Application Lock on Windows Mobile Standard Devices”

  1. Pony99CA on September 1st, 2009 9:08 pm
    Pony99CA

    When I was using a Motorola Q, you could disable application locking with a registry hack. Personally, I never found a program that I couldn’t run on my Verizon Q or Q9m, but maybe people on other carriers had issues.

    Steve

  2. Mike Temporale on September 1st, 2009 10:04 pm
    Mike Temporale

    That’s right. Typically the application lock can be removed by hacking around in the registry. However, every device was a little different in the procedure.

    Stay tuned for the follow up post on this. I’ll be detailing how to successfully remove the application lock on ALL Windows Mobile Standard devices without messing around in the registry. :)

  3. Remo Knops on September 2nd, 2009 10:25 am
    Remo Knops

    Looking forward to the follow-up !

Leave a Reply




Additional comments powered by BackType