<div class='os_post_top_link'><a href='http://x51v.blogspot.com/2005/11/microsoft-security-initiatives.html' target='_blank'>http://x51v.blogspot.com/2005/11/microsoft-security-initiatives.html</a><br /><br /></div><i>"A few weeks ago I wrote an article called “Windows Mobile 5 Snafu” published originally at WM5fixsite.com and later at this site under the name of “Houston, We have a problem”. In that article I was talking about how Windows Mobile 5 did not “see” MUI files if the “Security Prompt” feature of the OS was activated. At that moment I did not have enough information about what Microsoft did in WM5 so I assumed that it was a bug."</i><br /><br />The brunt of this is a bit technical but the message is important and worth the read. It basically talks about application locked phones and application signing. Having owned a Verizon i600 I know too well the frustration of such a setup. Personally I don't like this signing business one bit. From a pure user perspective it is up to me what I want to install on my phone, not my carrier! We have all survived installing software on our PC's all these years. Do we really need Big Brother?

I voted that I am against it....but there will be malicious apps one day that will take advantage of the huge amount of data that are on our devices. Making calls. Sending Text messages on it's own. Tracking you via GPS. Stealing data and forwarding it on over the net.

One day. But for now....I'll just unlock my
SP5m
and load whatever I want!

application lock falls under the same catagory as DRM in my opinion. it does nothing to protect the average user but instead only limits what they can do with a device that they bought. last time i checked i didnt go out and work 60 hour weeks only to be told what i can do and not do with something i dished out my hard earned cash for. any real tech savy computer user that really wanted to bypass those 'protection' schemes could do so.

its like going out and buying an awesome brand new HDTV and being told you can only use it to watch analog quality channels.

not only that getting your application signed is expensive from what i hear from several WM developers that i know, what about average joe blow that writes his own app and wants to use it, is he suppose to be told 'sorry joe, cant do it unless you want to pay a hefty price to get your app signed.'

it angers me.

im done ranting.

-opti-

Your last point is the most disturbing perhaps. I can't write my own application and run it.

I also think the fear and caution of the networks and phone manufacturers is evident by the presence of AntiVirus apps that are included with new devices like the KJAM, SP5's and other new devices.

I think this is very strange since I'm not aware of any viruses that exist for PPCs and Smartphones....so how do they know it works?

They'll probably start writing their own viruses to sell some copies of their software to put a scare into everyone.

I think the security on the phone should act something like the typical firewall "prompt me" feature.

In essence, whenever an app tries to:

- Install
- Make a call
- Delete a file
- Create a file
- Modify a file (i.e. even a shortcut)
- Modify important sections of the registry
- Modify the startup folder
- Access your data (contacts, apps)
- Send an SMS

The OS will prompt the user:

- "Allow This On Time Only" (will prompt again)
- "Allow This from now on for just this app"

This way:

1) Apps that you know you just installed or know are "good" apps, you can grant them continuous access to what they need so you're not bothered with continuous prompts.
2) A sudden prompt could alert you to some malware trying to do something it shouldn't be doing.
3) By having the prompt, the network operator's risk of liability is drastically reduced because it was you the end user that approved the action that the app performed (i.e. no unauthorized 900 calls, etc).
4) There could also be an optional "admin" feature built into the phone (via a password setup by the IT department) for corporate users, so that the IT dept could set the phone into a "Run apps with digital certificates only" mode, so corporate users would be restricted by the IT department's policies of what they can install on their phones - but end users would also be free of any restrictions by not setting up the admin password. Maybe this optional "Admin" feature would also include an "Allowed App List" in which the IT dept could make certain exceptions and approve certain non-signed apps that the cooperate user could install and use.

Basically, the power of what I can install on my own device should not be in the hands of the network operator. If they are so concerned over liability of malware (the reason for app locking phones), then they need to remember that there is such a thing as an EULA, that I would be happy to sign to waive the networks liability, and allow me to install whatever I want.

This is nothing compared to the Sony CD Virus.

This is nothing compared to the Sony CD Virus.

Sony is just plain stupid. Their actions clearly show a lack of understanding of the customers needs and wants. I'm glad I haven't purchased anything Sony in the last decade. And at this rate, it will be even longer before I do!

On the Smartphone, I think Microsoft's model is pretty good. I can understand why some carriers are locking things down. Right now, it might seem crazy, but wait until we start seeing some viri for Windows Mobile. Then, the decision these carriers have made will pay off ten-fold.

With that said, I would expect a 3rd party phone - like the i-mate SP5m, would be fully unlocked and open for the user to do as they please. :?

The OS will prompt the user:

- "Allow This On Time Only" (will prompt again)
- "Allow This from now on for just this app"

I like this approach myself. Anyone out there who uses Zone Alarm as a firewall is used to this. It works just fine and gives the user complete control.

With that said, I would expect a 3rd party phone - like the i-mate SP5m, would be fully unlocked and open for the user to do as they please. :?
Unfortunately, that is not the case. My new i-Mate SP5m is application locked. You need to find a signed reg editor to unlock it. The one I found over on HOFO doesn't load: Either I don't know how to load it or it is not signed properly.

As more WM5 devices hit the enterprise this will be a huge issue. For example, I can't even load a SSL certificate because the phone is "locked". MS will probably react when the Premier customers go crazy.

I posted a link that shows where to download the signed reg editor to then unlock the phone. I think it's in the tips and tricks forum.

The simple fact is we paid for the device and the expectations are that we can load and run any app that is designed for it. I do not, will not tolerate locked equipment period. I paid for it and I want it to work properly. The carriers have no right to control content on my phone. Their subsidized pricing locks me to that carrier for a certain period of time in exchange for the discount it does not allow them to control what I use.

Verizon was sued over the V710 BT issues and I see lawsuits in the future regarding the app lock issue. I had the I600 as well and the app lock is what made me return it. It was not disclosed at time of purchase just like the V710 BT crippling wasn't mentioned.

So the carriers should focus on delivering quality of service (QOS) on the voice and data side, and offer services we can purchase but stay out of our way on the app side. I purchase with the intent of using my device to its limits and not to be limited in its use.

I posted a link that shows where to download the signed reg editor to then unlock the phone. I think it's in the tips and tricks forum.

It is here (http://www.smartphonethoughts.com/forums/viewtopic.php?t=9616) :)

I posted a link that shows where to download the signed reg editor to then unlock the phone. I think it's in the tips and tricks forum.
Thanks Encece!!! The link I got off of Hofo specifically said to extract the file on the PC and then "drag and drop" it to the mini SD card. Your explaination was spot on. My phone is now unlocked, and I installed a new root certificate so AUTD is rocking.

Again, THANKS. :D

I think the security on the phone should act something like the typical firewall "prompt me" feature.

I like the idea. I always believed that application signing was a necessary evil. May not be important now. But down the road when virus and trojans become popular, then signing will help a bit.

But your idea is better than Microsoft's application signing. It puts the user in command [ :) ] instead of the carrier AND manufacturer AND Microsoft. :evil:

With that said, I would expect a 3rd party phone - like the i-mate SP5m, would be fully unlocked and open for the user to do as they please. :?
Unfortunately, that is not the case. My new i-Mate SP5m is application locked. You need to find a signed reg editor to unlock it.

I realize that. My SP5m is the same. :wink: I didn't mean to give the impression that it is that way. As we know, unfortunately, it is not that way. :(