Removing Application Lock on Windows Mobile Standard Devices

Now that we know about Application Lock and the general principles behind it, we need to look at how to remove it from our phone so that you can install any application and make more customizations to your device.

Using an XML Provisioning file, you can load and change a number of settings, more commonly referred to as Configuration Service Providers, on your Windows Mobile device. You can find a really good list of the different Configuration Service Providers that can be changed here on MSDN. Depending on the configuration service you want to set, there are different delivery options available to use. When it comes to Application Lock, we’re interested in 4 specific settings.

Security Policy 4102 – This policy decides if the device can run unsigned applications. A value of zero (0) means that it’s locked and that no 3rd party signed applications, like Mobile2Market will be allowed. A value of one (1) means that the setting is unlocked and that 3rd party signed applications should be allowed to run. This policy is related to the following registry location: HKLM\Security\Policies\Policies\00001006. We need to set this to the unlocked state of 1.

Security Policy 4122 – This policy determines if a user should be prompted when an unsigned application attempts to run. The settings are reverse of 4102. A value of zero (0) means that there are no prompts. A value of one (1) means that the security is turned on and that you will be prompted when a unsigned application attempts to run. This policy is related to the following registry location: HKLM\Security\Policies\Policies\0000101a. We need to set this value to the unlocked state of 1. However, that means that we will be prompted when unsigned applications attempt to run.

Security Policy 4123 – This policy decides if the device should act as a two-tier or one-tier security. A value of zero (0) means that the device will act in the two-tier security profile. A value of one (1) means that it would act in the one-tier security profile. This policy is related to the following registry location: HKML\Security\Policies\Policies\0000101b. By default, Windows Mobile Standard devices have this value set to 0 – two-tier security. We need to set this to a value of 1.

Security Policy 4097 – This policy determines what level or rights a desktop computer has when making calls over the ActiveSync (RAPI) channel. A value of zero (0) means disabled and that an application running on the desktop computer has no rights on the mobile device. A value of one (1) means allowed and that an application running on the desktop computer has access and rights on the mobile device. a third value of two (2) means restricted and that an application on the desktop computer has the same level of permissions as the user on the device. This policy is related to the following registry location: HKLM\Security\Policies\Policies\00001001. We need to set this value to 1.

Now that we know what security policies we want to change and what registry settings they reflect, we can just change those registry values and be done, right? Unfortunately, it’s not that easy. Remember, the device is still application locked at this point. So we need an application that is considered to be trusted to be installed on the device to make changes to those values. In the past, there has been hacks that allowed you to application unlock your device. They typically involved a number of steps like; changing a registry value or two, then rebooting, then running a desktop tool, and then rebooting, and then maybe, just maybe, you might be able to change the rest of the registry and have an unlocked device.

Now that we know the security policies we need to work with, we can put them together into an XML format that can be run on the device. Here’s the resulting XML:

<wap-provisioningdoc>
<characteristic type=”SecurityPolicy”>
<parm name=”4102″ value=”1″ />
<parm name=”4122″ value=”1″ />
<parm name=”4123″ value=”1″ />
<parm name=”4097″ value=”1″ />
</characteristic>
</wap-provisioningdoc>

Now we need an application that has privileged access on the device so that we can use it to change the security policies. Unfortunately, applications that are privileged signed are not easy to come by. Typically, the privileged access is reserved applications that are aimed at enterprise users and not the average consumer. SOTI, the makers of Pocket Controller Pro, have just such a product – MobiControl. MobiControl is a full featured device management tool that is privileged signed, allowing you to have full control over every aspect of your fleet of mobile devices.

Once you’ve downloaded and installed MobiControl, you simply build an agent for your device, install it onto said device and then you can use that agent to run the XML Provisioning document outlined above. SOTI offers a full featured 30 day trial version. Which means you don’t have to pay anything to do this.

But that seems like a lot of work just to disable the application lock on your device. So I’ve gone ahead and built an agent that will automatically disable Application Lock on Windows Mobile Standard devices during the agent install. Simply download MobileJaw-ClearSecurity-MobiControl and run it on your device. After the install is complete, open the Start menu / Settings / Remove Programs and be sure to uninstall SOTI MobiControl from your device. If you leave this agent on your device it will have an adverse effect on your battery life as the agent will continually try and connect back to the device management server. I used a non-routable internal IP Address (192.168.1.128). So there’s no worry about it actually connecting back to some backend server and uploading all your data.

That’s all there is to it. Just install and remove this agent and then Application Lock will be disabled on your device. This works on any Windows Mobile Standard device running Windows Mobile 5, 6, or 6.1. So it doesn’t matter if you have a BlackJack, Ozone, Jack, Snap, Matrix Pro, or Moto Q. It even works on upcoming 6.5 devices from HTC, LG, Samsung, Motorola, and other manufacturers. It’s a little early to say if it will work on Windows Mobile 7 devices. But we’ll cross that bridge when the time comes.

UPDATE (24-Oct-2009) – With the release of Windows Mobile 6.5, application lock can now be found on touch screen devices. This was never the case before. If you have a touch screen device (Windows Mobile Professional), please use this CAB file – MobileJaw-ClearSecurity-MobiControl-TouchScreen – to remove application lock on your device.

Anyone with non-touch screen devices (Windows Mobile Standard) should continue to use this CAB file – MobileJaw-ClearSecurity-MobiControl – to remove their application lock.

About Mike Temporale

Mike Temporale has written 520 posts on Mobile Jaw..

Mike Temporale grew up fascinated by computers since an early age. His first hands on with a computer came when he was 7 years old and a travelling lab of Commodore PET computers made a stop at his school. Hooked on the new world these devices offered, he took any chance possible to get in front of a computer. When Compaq launched the iPaq 3600, he was hooked again. This time on a whole new world of mobile computing. Today, Mike spends his day helping clients deploy and manage their mobile device around the world. From installing custom software, to locking and securing data, and everything in between. He is also the Editor in Chief at Mobile Jaw - a site focused on today's mobile world.

• View all posts by Mike Temporale
• Blog
• Twitter