<div class='os_post_top_link'><a href='http://msdn.microsoft.com/mobility/default.aspx?pull=/library/en-us/dnppcgen/html/wmsecurity.asp' target='_blank'>http://msdn.microsoft.com/mobility/.../wmsecurity.asp</a><br /><br /></div><i>"Every Windows Mobile–based device implements a set of security policies that determine whether an application is allowed to run and, if allowed, with what level of trust. To develop an application for a Windows Mobile–based device, you need to know what the security configuration of your device is. You also need to know how to sign your application with the appropriate certificate to allow the application to run (and to run with the needed level of trust)."</i><br /><br />With increasing mobility comes the need for an increasing amount of security. This MSDN article outlines some of the fundamental changes to security in Windows Mobile 5.0. Any developers looking to implement security policies in their Windows Mobile 5-compatible applications should give this a thorough readthrough.

Well, that's the "pain-in-the-a..." system already implemented in the SmartPhone edition of the current OS. And if you look around the web using google for "Application Lock" you will find 1000s of post from people looking for a way to go around it and install what ever they want in their phones. The implementation of that kind of security is something good for MS and partners making money with the business of "Digital Signing" applications. It's 1000s of times better if each user could implement the level of security he needs, at least from the point of view of consumers it seems to me better than have some companies deciding what is better (secure) for us.

In another hand, these security imposed policies make the prices go up because a developer who pay 1000 dollars just to sign one application for one year will pass that cost to us users. 0X

Agreed - this does seem to be for the benefit of suppliers not customers. "I'm sorry, that's not a T-Mobile approved application"

And it really sticks a knife in the back of the large number of small scale developers for the Windows Mobile platform. $1000 is quite a big startup tax, and as ctitanic says, it has to be paid by someone.

Agreed - this does seem to be for the benefit of suppliers not customers. "I'm sorry, that's not a T-Mobile approved application"

And it really sticks a knife in the back of the large number of small scale developers for the Windows Mobile platform. $1000 is quite a big startup tax, and as ctitanic says, it has to be paid by someone.

It can be more if you take in consideration that any freelance developer always has more than one application, I would say that at least 4000 dollars have to be paid under this concept per year. And 4000 dollars for a freelance developer is a lot of money.

People dont let be fooled by these "security" claims from Microsoft and their partners. All this is about money nothing about security. The system it self may be was designed thinking about the security of our devices but in the reallity it has became a big bussiness sucking money from developers.

I'm unclear as to what this means for WM5 users.
Will they be able to choose to run unsigned apps and will those apps run without a certificate?

What would be interesting is if some PPC developers could post here about whether they expect their apps to require certification in order to run on "off the shelf" devices.

For example, if the developers of Pocket Breeze, Pocket Informant, TomeRaider or &lt;insert your favourite app here> chose not to pay for certification, would end-users still be able to run their apps?

If the answer is mostly "no", then future looks bleak for hobbyist coders, and users who enjoy having masses of freeware apps (www.freewareppc.com) to play with.

/\

There are several levels of security and according to these levels the application wont be able to run, will run but wont be able to access some part of the registry and some OS APIs and there is another level where still exist some restrictions in the registry and in some APIs but less than in the second level.

To give you an idea of what I'm talking. In any Cingular USA phone, user wont be able to Set ON the cleartype font changing the registry (this option is not available as an option for users).

An application like Tweaks2k2 can go around the 3rd level and in some cases of the second level but it wont be able to work at all in the 1st level above mentioned.

Users will receive a warning message everytime that they install an application saying that the application is coming from an untrust source if the application is not signed, that scare potential customers.

I believe that even to access the contact database the application needs to be signed but I have not tested this.

Today (Home screen plugins) are affected and even Home Screen Themes, to give you an idea.

Does the system protect your Phone? Yes, up to certain point. There are always ways to go around any security system and if somebody wants to create a virus they will use these workarouds. It protects by not letting users to install unsigned applications which are the majority of the application that you can find in the market today.

One more example, the other day I found a addin for the SmartPhone inbox to check hotmail. Well, that addin was or is not signed and the developer had to put a warning at SmartPhone.net asking users to try it first just to be sure that it can be installed because to change in any way the inbox configuration the application has to be signed. ;)

A device that is one-tier is one where any process that runs, runs trusted. A device that is two-tier is one where a process runs either trusted or normal. On a two-tier device, only privileged applications run trusted.

Currently, Pocket PC only supports one-tier. Smartphone supports either one-tier or two-tier, but the vast majority of Smartphones are two-tier.
If you notice, PocketPC developers are going to remain relatively unaffected here, for now. What happens right now is that if an application is unsigned, you get a prompt asking you if you trust this application. If you say yes, then you can run the program and you don't get prompted about it again. This is precisely how XP SP2 works.

If I read this correctly, it's the SmartPhone developers who are going to be running into problems, not the PocketPC developers (unless the PPC Phone Edition comes under the SmartPhone category, which it doesn't seem very likely to).

The default configuration for Windows Mobile 5.0 Pocket PC is called "one tier prompt". That means that the user will be prompted whether they want to allow an application to install/run. The one tier means that once an application is running, it runs fully trusted. Fully trusted means it has access to 100% of the device resources.

The default for Windows MObile 5.0 Smartphone is two tier prompt. Here again, the user is prompted whether they want to install/run the application if it is unsigned. If they say yes, the application runs untrusted which means it has access to 95% of the registry entries and APIs in the system. These APIs and registry entries are those used by most of the applications on the market ... only apps which need very low level access (e.g. security applications which re-route file access) or system registry entries will not run.

If the app is signed with a cert, depending on whether the cert is in the privileged or unprivileged certificate store, it runs with the appropriate degree of trust. For most applications and most shipping handsets, being signed with the Mobile2Market unprivileged cert will mean your app will install and run.

In most cases, the user is completely in control of what is allowed to install and run on their handset.

Sorry but in Smart Phones the user is in control of NOTHING!

So help me understand your specific pain. Which handset/s are you referring to and what, specifically, is the user not in control of?

From a security standpoint it seems like a good idea. It does seem more for the benefit of OEMs than consumers.

What I as a consumer would like is an integrated security strategy for my data. Perhaps transparent password/encryption protection. Or how about a way to mount a memory card and have the OS encrypt it as well. That would be consumer oriented security.

But alas, M$ has to protect its pool of licensees and keep them re-assured that they can look forward to a lucrative profit margin. :roll:

You're thinking of this from the point of view as a capable, techno-literate phone/PDA user. The reality is that many users are not as capable of deciding what they should/shouldn't install on their device so these prompts exist to remind them to "think twice". That extra thought can be the difference between a device being compromised and not and hence the difference between lost data/functionality and a call to the OEM.

Of course, for a user such as yourself it does add an extra thing to click through on first use.

You're thinking of this from the point of view as a capable, techno-literate phone/PDA user. The reality is that many users are not as capable of deciding what they should/shouldn't install on their device so these prompts exist to remind them to "think twice". That extra thought can be the difference between a device being compromised and not and hence the difference between lost data/functionality and a call to the OEM.

Of course, for a user such as yourself it does add an extra thing to click through on first use.

I wasn't suggesting that this feature was a waste. (I assume you were addressing my post). I think that its partially a good thing because even if I know what to install and what not to that doesn't address malicious code that may get installed under the radar.

I was merely stating (or atleast thinking) that the solution is incomplete and more from an OEMs perspective than consumers. As a consumer/user I want to know that no one can pick up my pda or remove my memory card and access my personal information.

That speaks to me of more security on the PDA and for any memory card that I may have plugged in.

Gotcha ... that's good feedback. Thanks!

You're thinking of this from the point of view as a capable, techno-literate phone/PDA user. The reality is that many users are not as capable of deciding what they should/shouldn't install on their device so these prompts exist to remind them to "think twice". That extra thought can be the difference between a device being compromised and not and hence the difference between lost data/functionality and a call to the OEM.

Of course, for a user such as yourself it does add an extra thing to click through on first use.

so you are agree and happy to have a phone application locked where you don't have the right to install anything unless it's provided by the OEM or the service provider? and of course you are agree to pay more just for that?

Do you have specific examples of handsets which you are unable to do something you want to do?

Kind Regards

James

Do you have specific examples of handsets which you are unable to do something you want to do?

Kind Regards

James

yes, you can't install for example this application

http://www.smartphone.net/software_detail.asp?id=950

In any phone that is application locked, and application locked are phones from Orange, Cingular, etc, etc...

There are a couple of different levels of trust on Windows Mobile Smartphones:

1. Privileged trust
2. Unprivileged trust

Applications with unprivileged trust have access to about 95% of the system APIs and resources. These are the APIs and resources needed by most users and most applications. Applications with privileged trust have complete access to the system.

In this case, the application needs privileged trust because it is a plugin that runs in the same security context as Inbox which is privileged. If it was allowed to be unprivileged it could be used to escalate privileges from unprivileged to privileged.

Microsoft provides a mechanism to get applications privileged signed so that they will work on "locked" handsets. See the Mobile2Market program (http://msdn.microsoft.com/mobility/windowsmobile/partners/mobile2market/participatevendors.aspx)

Applications which require privileged signing are very much in the minority.

Hope this helps.

James

There are a couple of different levels of trust on Windows Mobile Smartphones:

1. Privileged trust
2. Unprivileged trust

Applications with unprivileged trust have access to about 95% of the system APIs and resources. These are the APIs and resources needed by most users and most applications. Applications with privileged trust have complete access to the system.

In this case, the application needs privileged trust because it is a plugin that runs in the same security context as Inbox which is privileged. If it was allowed to be unprivileged it could be used to escalate privileges from unprivileged to privileged.

Microsoft provides a mechanism to get applications privileged signed so that they will work on "locked" handsets. See the Mobile2Market program (http://msdn.microsoft.com/mobility/windowsmobile/partners/mobile2market/participatevendors.aspx)

Applications which require privileged signing are very much in the minority.

Hope this helps.

James

How much does it cost?

Privilieged signing costs the same as unprivileged signing and is vendor dependent and starts at $295. Code signing costs about the same between platform vendors since it is a 3rd party defined price.

There are a couple of different levels of trust on Windows Mobile Smartphones:

1. Privileged trust
2. Unprivileged trust

Applications with unprivileged trust have access to about 95% of the system APIs and resources. These are the APIs and resources needed by most users and most applications. Applications with privileged trust have complete access to the system.

In this case, the application needs privileged trust because it is a plugin that runs in the same security context as Inbox which is privileged. If it was allowed to be unprivileged it could be used to escalate privileges from unprivileged to privileged.

Microsoft provides a mechanism to get applications privileged signed so that they will work on "locked" handsets. See the Mobile2Market program (http://msdn.microsoft.com/mobility/windowsmobile/partners/mobile2market/participatevendors.aspx)

Applications which require privileged signing are very much in the minority.

Hope this helps.

James

How much does it cost?

Exactly!

There is where they are making money in the so called security system.

About the 95 % of access... well, it seems to me that these applications wont have write access to almost the 95 % of the HKLM registry key, that's almost 30 % of the whole registry. So any registry editor kind of program is going to be very affected. ;)

If I have to get my two versions of Tweaks2k2 signed that is going to cost me more than 2000 dollars per year or so. if I want to have signed all my applications that could cost me per year around 10000 dollars or so. And who do you think is going to end paying for these 10000 dollars? Customers who will see the price of any simple program to be more than 20 dollars. :evil:

Privilieged signing costs the same as unprivileged signing and is vendor dependent and starts at $295. Code signing costs about the same between platform vendors since it is a 3rd party defined price.

295 dollars for 10 times that you can sign your application. I have released in 2 months 4 versions of Tweaks2k2 for Smartphones, to give you an idea.

My only question about this whole program is this, can I as a consumer deactivate or bypass this feature?

What if I want to write a program for myself to run on my device?

As a PC owner have the ability to bypass any security feature that I want to. Atleast as late as XP.

If I as a consumer don't have control over this feature, than this feature is not for me. I have to agree with ctitanic. Its a business venture at the expense of small developers and consumers.

If I as a consumer don't have control over this feature, than this feature is not for me. I have to agree with ctitanic. Its a business venture at the expense of small developers and consumers.

Well, I started around two month ago to port Tweaks2k2 for SmartPhone and I found very soon that in some phones from some Operators like Orange, no matter what you do you can't have full control of your SP unless they unlock the phone for you.

I think I see a pattern... :twisted:

First your number was locked for a given carrier. They lost that one.

Your phone is locked for a given carrier. Can't leave us without giving up your device.

Your operating system is locked. But don't worry, we've got plenty of value added services to sell you. At a price.

If this feature is truely for the consumers benefit, then give them control over it. Or is this justified as protecting consumers from themselves.

Competition is a double edged sword for a consumer. Sometimes it means choices and innovation, other times it means oppression. :roll:

My take is this. Leave the feature there for security and protection. But allow me to deactivate or override it. I should be able to install what I want on my device.