Removing Application Lock on Windows Mobile Standard Devices

MobileJaw-ApplicationLock Now that we know about Application Lock and the general principles behind it, we need to look at how to remove it from our phone so that you can install any application and make more customizations to your device.

Using an XML Provisioning file, you can load and change a number of settings, more commonly referred to as Configuration Service Providers, on your Windows Mobile device. You can find a really good list of the different Configuration Service Providers that can be changed here on MSDN. Depending on the configuration service you want to set, there are different delivery options available to use. When it comes to Application Lock, we’re interested in 4 specific settings.

Security Policy 4102 – This policy decides if the device can run unsigned applications. A value of zero (0) means that it’s locked and that no 3rd party signed applications, like Mobile2Market will be allowed. A value of one (1) means that the setting is unlocked and that 3rd party signed applications should be allowed to run. This policy is related to the following registry location: HKLM\Security\Policies\Policies\00001006. We need to set this to the unlocked state of 1.

Security Policy 4122 – This policy determines if a user should be prompted when an unsigned application attempts to run. The settings are reverse of 4102. A value of zero (0) means that there are no prompts. A value of one (1) means that the security is turned on and that you will be prompted when a unsigned application attempts to run. This policy is related to the following registry location: HKLM\Security\Policies\Policies\0000101a. We need to set this value to the unlocked state of 1. However, that means that we will be prompted when unsigned applications attempt to run.

Security Policy 4123 – This policy decides if the device should act as a two-tier or one-tier security. A value of zero (0) means that the device will act in the two-tier security profile. A value of one (1) means that it would act in the one-tier security profile. This policy is related to the following registry location: HKML\Security\Policies\Policies\0000101b. By default, Windows Mobile Standard devices have this value set to 0 – two-tier security. We need to set this to a value of 1.

Security Policy 4097 – This policy determines what level or rights a desktop computer has when making calls over the ActiveSync (RAPI) channel. A value of zero (0) means disabled and that an application running on the desktop computer has no rights on the mobile device. A value of one (1) means allowed and that an application running on the desktop computer has access and rights on the mobile device. a third value of two (2) means restricted and that an application on the desktop computer has the same level of permissions as the user on the device. This policy is related to the following registry location: HKLM\Security\Policies\Policies\00001001. We need to set this value to 1.

Now that we know what security policies we want to change and what registry settings they reflect, we can just change those registry values and be done, right? Unfortunately, it’s not that easy. Remember, the device is still application locked at this point. So we need an application that is considered to be trusted to be installed on the device to make changes to those values. In the past, there has been hacks that allowed you to application unlock your device. They typically involved a number of steps like; changing a registry value or two, then rebooting, then running a desktop tool, and then rebooting, and then maybe, just maybe, you might be able to change the rest of the registry and have an unlocked device.

Now that we know the security policies we need to work with, we can put them together into an XML format that can be run on the device. Here’s the resulting XML:

<wap-provisioningdoc>
<characteristic type=”SecurityPolicy”>
<parm name=”4102″ value=”1″ />
<parm name=”4122″ value=”1″ />
<parm name=”4123″ value=”1″ />
<parm name=”4097″ value=”1″ />
</characteristic>
</wap-provisioningdoc>

Now we need an application that has privileged access on the device so that we can use it to change the security policies. Unfortunately, applications that are privileged signed are not easy to come by. Typically, the privileged access is reserved applications that are aimed at enterprise users and not the average consumer. SOTI, the makers of Pocket Controller Pro, have just such a product – MobiControl. MobiControl is a full featured device management tool that is privileged signed, allowing you to have full control over every aspect of your fleet of mobile devices.

Once you’ve downloaded and installed MobiControl, you simply build an agent for your device, install it onto said device and then you can use that agent to run the XML Provisioning document outlined above. SOTI offers a full featured 30 day trial version. Which means you don’t have to pay anything to do this.

But that seems like a lot of work just to disable the application lock on your device. So I’ve gone ahead and built an agent that will automatically disable Application Lock on Windows Mobile Standard devices during the agent install. Simply download MobileJaw-ClearSecurity-MobiControl and run it on your device. After the install is complete, open the Start menu / Settings / Remove Programs and be sure to uninstall SOTI MobiControl from your device. If you leave this agent on your device it will have an adverse effect on your battery life as the agent will continually try and connect back to the device management server. I used a non-routable internal IP Address (192.168.1.128). So there’s no worry about it actually connecting back to some backend server and uploading all your data.

MobileJaw-ClearSecurity-Confirmation.png

That’s all there is to it. Just install and remove this agent and then Application Lock will be disabled on your device. This works on any Windows Mobile Standard device running Windows Mobile 5, 6, or 6.1. So it doesn’t matter if you have a BlackJack, Ozone, Jack, Snap, Matrix Pro, or Moto Q. It even works on upcoming 6.5 devices from HTC, LG, Samsung, Motorola, and other manufacturers. It’s a little early to say if it will work on Windows Mobile 7 devices. But we’ll cross that bridge when the time comes.

UPDATE (24-Oct-2009) – With the release of Windows Mobile 6.5, application lock can now be found on touch screen devices. This was never the case before. If you have a touch screen device (Windows Mobile Professional), please use this CAB file – MobileJaw-ClearSecurity-MobiControl-TouchScreen – to remove application lock on your device.

Anyone with non-touch screen devices (Windows Mobile Standard) should continue to use this CAB file – MobileJaw-ClearSecurity-MobiControl – to remove their application lock.

About Mike Temporale

Mike Temporale has written 614 posts on Mobile Jaw..

Mike Temporale grew up fascinated by computers since an early age. His first hands on with a computer came when he was 7 years old and a travelling lab of Commodore PET computers made a stop at his school. Hooked on the new world these devices offered, he took any chance possible to get in front of a computer. When Compaq launched the iPaq 3600, he was hooked again. This time on a whole new world of mobile computing. Today, Mike spends his day helping clients deploy and manage their mobile device around the world. From installing custom software, to locking and securing data, and everything in between. He is also the Editor in Chief at Mobile Jaw - a site focused on today's mobile world.

  • Rui

    Is there a way of getting back the default certificates?
    Thank you.

  • George

    Hi Mike – like emanuel I have a Samsung Omnia Pro B7330 6.5 standard and when I run the cab I get “Installation was unsuccessful. The program or setting cannot be installed because it is not digitally signed with a trusted certificate”

    I also tried on/off.

    Appreciate your help, thank you !

  • logos

    i can find the mobilejaw file on my storage card, i hit open. nothing happens. i have samsung jack i 637. it seems i am a little behind the class here. any ideas why nothing happens?

  • http://www.MobileJaw.com Mike Temporale

    @logos – you need to browse to the file using the file explorer on your mobile device. Then highlight the file and click on it to run it.

    If it’s not running, then you might have downloaded the wrong file or something.

  • Bryce

    I copied the files over to my Propel Pro device and ran the _setup.xml and it looks like it ran through the code but now nothing has happened. What are the next steps? Any suggestions? Also, I looked in the remove programs folder and there wasn’t any programs to remove. Thank you for the help.

  • http://www.MobileJaw.com Mike Temporale

    @Bryce – By the sounds of it, you’ve unpacked the CAB file and placed the contents on your phone. You need to copy the CAB file itself to your phone. Using your phone, browse to the CAB file and run it.

  • Bryce

    Thank you. For some reason my computer saw the file as a zip file so I extracted it without even hesitating. Let that be a lesson to others using this download. Thank you very much again.

  • Bryce

    Does this unlock the phone so that I can use the Wifi without using data? I have been searching all over the internet and can’t find a work around to get the wifi to work on my Samsung propel pro.

  • http://www.MobileJaw.com Mike Temporale

    @Bryce – Good point. Some versions of Windows will automatically handle the CAB file as a zip file and then you’ll have some problems. You’ll need to keep the file in the original CAB format.

  • jinxxx

    propel pro….everytime i click on the links to download instead of offering for me to download i get a bunch of coding alsortas or letters symbols etc…can anyone help

  • http://twitter.com/rimf/status/14130261849 Raul Monroy
  • http://www.MobileJaw.com Mike Temporale

    @jinxxx – Are you doing this on your phone or on your computer? Can you try with a different browser?

    It’s working just fine here for me on Chrome and IE.

  • matt

    opening it on ie on my device still all the code can someone send it packed in email

  • http://www.MobileJaw.com Mike Temporale

    @Matt – I just sent you a copy – and an update on that; the email address you used is not valid. So…. no luck.

  • matt

    oops thought i put it in right its there now darthjinxxx thanks mike

  • Rev

    I was so frustrated to find that my new Samsung Jack could not install games that came as bonus with the appliance. Know I can do anything I want as with my old HTC Vox. Install Nodata, made hacks, the works….Thanks Mr Temporale

  • http://none Sean

    Hi there,

    I just got my hands on one of these things and I’m trying to get rid of this applock but seems like the link to the .cab file for the none touch screen phone is dead well for both. any chance of updating this link?

    Thanks in advance

  • http://www.MobileJaw.com Mike Temporale

    @Sean – I just tested both links and they work fine for me. Could your browser or firewall be blocking them? Can you try from another computer?

  • letty

    no podia instalar youtube…mil gracias, me soluciono mi problema!!

  • http://none Sean

    You’re right the link works. Instead of right clicking it I was clicking the the link. Got the file and I’m gonna give it a go. Thx again for putting this together.

    Cheers,

  • http://mobilejaw Jason

    Hi! so i have a samsung jack w/ 6.5 and the clear security file worked like a charm but i still cant install 3rd party software. it gives me the “trusted certificate” alert. is there something else i should have done?

  • xyz

    thanks dude ,, nice work

  • Ken

    I just want to move some AT&T bloatware to my storage card to free up space. If I install the MooseJaw-ClearSecurity cab to my device and run it will that allow me to move those \read only\ files? Thanks for your help!!

  • Rouli

    Thx Mike. Done on a WM 6.1 Samsung I637 Jack.
    A lot cleaner than ClearSecurty.cab method which also uses SOTI.

    I’m sure I got a lot q’s like: I put on BJII tweaks for faster graphics/ system cache, Opera, MS GPSid, TCPMP, and Modaco Nodata and installation was flawless; shut down Medianet, ISP, and IMS, changed GPSid settings, and Opera connects to the net, but now ActiveSync refuses to work on cable connect until I turn Medianet (first one I tried) back on. I’ll play with it a bit and give you a shoutback. I’m thinking it’s probably ForceCellConnection (in the ClearSecurity method). Still working on the GPS.

    Oh yes, Skyfire installs but refuses to connect to the net through my home WiFi complaining about TCP port 443 and UDP connects through firewalls. Could be my firewall or . . . ibid above.

    QQ: is 6.5 worth it on a Samsung Jack (and Epix)?
    Newest (updated) official Jack ROM (2/2010) and Epix ROM (7/2010) on Samsung’s site.

    -Rouli.

  • http://www.MobileJaw.com Mike Temporale

    @Ken – if those files are in the ROM, then you can’t move them. Your best option is to install your applications to the storage card and leave the AT&T crap alone.

  • http://www.MobileJaw.com Mike Temporale

    @Rouli – Ok, to clear things up a little, the other ClearSecurity.cab that uses SOTI and is floating around the Internet, is my creation. It does pretty much the exact same thing as this one. It was my beta test so it doesn’t have the pretty little prompts telling you that things are done. Basically, I passed it to a friend to test, they passed it to someone else and they posted it online. The problem is that they posted a crap load of steps to do before installing ClearSecurity.cab. NONE of those steps are required. That’s the problem you get when people that don’t know what they’re doing try to help others.

    Your problem with ActiveSync is interesting – I haven’t heard of that issue before, although I haven’t played with killing MediaNet. I can assure you that the problem is nothing to do with the settings in the CAB file. If you were to hard reset the device, install the ClearSecurity and then attempt ActiveSync before any of the other changes you listed, it will work just fine.

    The nasty secret that AT&T doesn’t tell anyone is that they have screwed around with some of the files on the device. If you change or try and remove them, the device will stop working. For example, the startup animation is typically just a small animation file and is loaded from the registry setting. You can remove the shutdown one, but the startup actually hooks in and does something with the video of the device. If you try and remove this the video won’t load and you can’t see anything on the screen. So, I wouldn’t be surprised if they did the same thing with MediaNet and ActiveSync.

  • Rouli

    I kinda figured clearsecurity was your beta. 7zipped it and noticed size and structure was close to what you have here. I used MS Device Security Manager just to look at the security and it was all unlocked. I removed the ForceCellConnection registry entry as per instructions though not really knowing what it does.

    Yes, you’re right about the ActiveSync. Skyfire is also ok now.

    Tracked down the GPS problem to using an older version (that’s all there is) of MS GPSID. I Just don’t use it and GPS works. Gotta use newer versions of whatever GPS mapping software that knows how to use GPSID though; no more com4:

    Again, many thanks.

    -Rouli.

  • http://www.MobileJaw.com Mike Temporale

    @Rouli – Excellent news. Glad to help. :)

  • b

    worked great, thanks.

  • http://twitter.com/miketemporale/status/21401156518 MikeTemporale

    Glad to help! ( http://ow.ly/2qGhH ) RT @cesarfong: ClearSecurity for Samsung Jack saves my day

  • http://twitter.com/cesarfong/status/21401268468 Cesar Fong

    :O :O you rock man! RT @MikeTemporale: Glad to help! ( http://ow.ly/2qGhH ) RT @cesarfong: ClearSecurity for Samsung Jack saves my day

  • http://music-atmosphear.com Deaq

    Hello, I tried to install your CAB files that you provided, however I cant seem to install any CAB files anymore or open any .EXE files.

    it only worked when I tried the Android program for Windows mobile however after some failing attempts to run Android. The phone prevented me from running any Execution files.

    Please help Asap.

    -Deaq

  • wael

    Hi Mike.
    I have 2 questions:
    – Can’t we use registery editors to changes the security settings on our windows mobile devices?
    – For applications that can be downloaded for a trial period, does your cab help in keeping these applicaations finctional after the trial period?

    Thank you

  • Sikander Cassim

    Just want to discuss and request a solution of the problem which I saw very common on this forum. I have just bought Samsung Omnia B 7320 pro. I am trying to install Photo Contact V 6 and other software and receive standard prompt/msg. “installation unsuccessful”.
    While I have already successfully installed Google Map and “Dont Forget” also having *.cab extension. What I understand from ongoing exchange of message that by installing and mere running of applications such as “Security Clear” I may be able to install and run software of my choice.
    Again my question is there must be some logic behind having put those mobile into “security lock mode” at first place by manufacturers (like Samsung/Microsoft).
    If I remove that security layer; am I not inviting other malware and spyware get automatically installed in my device while surfing or through other common medium of file exchange/transfers.
    Or the expert on this forum suggest that installing Security Clear and running it quite safe and hassle free?

    Since I am not an expert I belive Security Clear will do all the necessry changes in the registry/system on its own without requiring user interference.

    Sikander

  • Adam G

    This did not work for me actually caused more issues after i removed it i couldn’t loate my sd card Very disapointed!!!!!!

  • MBProductionz

    Thankyou your a Legend!

  • Roberyto

    I’ve just get installation was unsuccessful, i dont know what to do my new phone only let me install opera mobile, anything else, i have WM 6.5 Pro, any advise????

  • Pingback: Carlos Rivera()

  • http://www.zetacyber.com Kurian James

    I copied the touchscreen version onto my HTC HD2 phone’s memory. When I try to run the cab, it says that the app is unsigned. Please help.

    Thanks

  • nate

    thanks alot, totally worked thanks man

  • mik babs

    the installation is unsuccessful. i am using an htc hd2… any help please? thanks in advance!

  • Rayz

    Tried the touch 1 and its stil saying unsignd. Help needd urgently.. Iv gt htc viva

  • Pingback: Chio Rios()

  • Abdullah

    >>>Thank you alot Mike Temporale for ur Great Idea>>>

    i have a problem in my LG GR500FD when i try to open the .cab file in my mobile to install it. it saying me that (Unsupported file format). So is there any solution for that please do something for that i want to remove the application lock from my LG.

    Thanks
    Abdullah

  • Rocco

    hey,i have just bought samsung omnia pro gt-b7610 , but the downloaded games doesn’t work it says…”there is no application associated with ………..Run the application first, then open this file from within the application”…please guys…help me.

  • http://profile.yahoo.com/MMYOYIN5H2WL47VPPVVR7DOMNQ For

    Thank you so much!!! I had an iPhone, just upgraded to a Samsung Galaxy S3, but I’ve found that neither emulate old consoles better than Windows Mobile; I knew this b/c my device before the iPhone was a Windows Mobile phone. I just bought a Samsung Jack on eBay, imo the most powerful all-around qwerty non-touchscreen windows mobile smartphone – 500+ MHz and 256MB RAM.

    I used your file and app-unlocked my Samsung Jack and it is playing emulated games perfectly. To my surprise SNES is playing near-flawlessly WITH sound enabled. Thank you so much. The Jack (WM6.5) will be a fun device to have along with me in my business trips. Once again, thank you for imparting your knowledge [2+ years ago]

  • Ivan

    Can somebody HELP !!!
    I have locked my B7330 with device password and FORGOT password. Is it possible to unlock device without device reset and loosing data (contact book, …etc)
    Please HELP if it is possible

  • akos

    Hello, VERY usefull article, but how did you make your own agent? how could you make the security changes in the agent itself? could you give some hints about this?