Understanding Windows Mobile Application Security Policies
Execution of programs on Windows Mobile devices depends on the application signatures and their permission levels. Devices can be configured to the following security settings.
- Security off
- One-tier prompt
- Two-tier prompt
- Mobile2Market locked
Unsigned applications are allowed to run without any prompt and they can access privileged APIs, or protected areas of the registry and file system.
The device prompts the user before executing unsigned applications. Once the user allows the execution, application has no restriction on permissions. This is usually safe if you trust the application developer or vendor.
The device prompts the user before executing unsigned applications. If the user allows an unsigned application to execute, the application executes with normal permissions but cannot access privileged APIs, or protected areas of the registry and file system. Even the signed applications cannot access the privileged resources unless they are signed with a certificate in the privileged certificate store.
Only signed applications are allowed to execute. Unsigned applications don't prompt the user when executed. Permissions given to signed applications depend on the certificate with which they were signed i.e. signed with certificate from the privileged certificate store or the normal certificate store.
42Gears has recently released SureCop, an Anti-theft software for Windows Mobile phones.To learn more about SureCop for Windows Mobile and how it can help you secure your mobile phone, please visit the product website http://www.surecop.com.
WMExperts.com reviews SureCop
WMExperts.com has done a complete review of SureCop. Here is the link:
http://www.wmexperts.com/review-surecop
To learn more about SureCop for Windows Mobile and how it can protect your mobile phone, please visit http://www.surecop.com.
Find your phone with SureCop’s Shout Aloud feature
Shout Aloud is a neat little feature in SureCop that you can use to play a loud ringer on your lost phone. This is very useful if you have misplaced your phone in the house or somewhere else.
Shout Aloud works even if the lost phone is in silent or vibrate mode.
To learn more about SureCop for Windows Mobile and how it can help you secure your mobile phone, please visit the product website http://www.surecop.com.
Share your location with your phone contacts
SureCop has a neat little feature that Windows Mobile phone users can use to share their location with anyone in their contact list. Tap on Actions -> Send My Location. You will see your phone address list. Select a contact from the list. SureCop will then calculate your GPS location, prepare a special google maps URL and send it to your contact as a SMS message.
Share you location on a map with your phone contacts
Once your contact receives the SMS, he or she can tap on the map URL which will launch the browser where they can view your location.
Why SureCop is better than other online phone tracking solutions?
SureCop uses SMS as communication medium. That's why it works on phones with no internet connectivity. The person who finds your phone can replace the SIM card that does not have a data plan. In such situations the online phone tracking solutions will not work as they cannot reach the phone.
Besides some online phone trackers requires use of desktop PC to issue remote commands to lost or stolen phones. This might not be possible all the time as you might be on the road or watching a movie in the theatre etc.
Our new product: SureCop Anti-Theft Security and Location Tracking Software for Windows Mobile phones
42Gears has released SureCop 1.0, a new anti-theft security and location tracking solution for Windows Mobile phones. SureCop provides three useful features to safeguard your lost or stolen phone: Remote Lock, Remote Wipe and Location tracking on map. SureCop also has features for everyday personal use, such as sharing personal location with friends and family members.
Smartphones have made life easy and productive. But these benefit comes with the risk of putting our personal and sensitive data vulnerable to phone loss.
Studies have shown that a mobile phone is 15 times more likely to get stolen or lost than a laptop computer. With SureCopsmartphone owners can take proactive actions which can help in recovering the lost/stolen phone or at-least safeguard the private data from falling into wrong hands.
Remote Lock feature of SureCop can be activated by sending a simple SMS message from a partner phone. Phone can then be unlocked only by entering the correct password. Lock also gets activated automatically if someone changes the SIM card. New phone number and IMSI details are sent to the partner phone which can be used to identify the thief.
Remote Wipe feature protects owner's privacy by erasing all data on the mobile phone's main memory and external SD card. Everything including pictures, emails, text messages, contacts and other user data is wiped and the phone goes back to factory default state.
Remote Location tracking SMS command can help in locating the lost/stolen phone on Google maps. It works even on Smartphones without built-in GPS.
All these remote commands can be invoked by sending a simple SMS from a partner phone.
Apart from the above anti-theft security features, SureCop also has interesting features for everyday personal use. e.g. Users can conveniently send their GPS location to their family and friends. With Send My Location feature, a SMS message with map url is sent to the recipients which they view on their phone's browser.
SureCop is completely unobtrusive with very small memory footprint. SureCop doesn’t drain battery as it runs only when certain events occur.
SureCop Manager is a free tool which helps easily manage multiple smartphones. SureCop Manager is particularly useful for enterprise users who need to manage large number of phones.
Trial version of SureCop for Windows Mobile is available at http://www.surecop.com.
Getting rid of annoying prepaid balance notification on windows mobile phones
USSD (Unstructured Supplementary Service Data) protocol is used by GSM network to send data to a phone over a real time connection. One of the most common usage is network provider sending back prepaid account balance notification after every call, SMS and data connection. On windows mobile phones, this notification comes up in a balloon at top of screen with a loud and annoying notification sound.
In case you dont bother for these notifications and want to get rid of the annoying sound after every call, set the following registry
[HKEY_LOCAL_MACHINE\ControlPanel\Phone]
"SuppressUSSD"=dword:00000001
This will disable all USSD messages popping up on screen. Some network specific commands (mostly starting with # or *) which brings back a notification or a menu will also not work after this change.
Another alternative is to just disable the notification sound associated with USSD messages. This can be done using registry
[HKEY_CURRENT_USER\ControlPanel\Sounds\USSDBuzz]
"Sound"="*none*"
This will allow the USSD messages coming up on the screen, but no sound.
Both the above changes might require (depending on OEM implementation) a reboot.
PS: In case you dont have any clue how to edit registry on your phone, there are quite a few registry editors for windows mobile available. This is one of them.
How to change file extensions in Windows Mobile?
Ever wondered how to change file extensions on your Windows Mobile phone? One thing is for sure: you cannot use the builtin file explorer program. It does not even show the file extensions let alone change them.
Well. there are two solutions:
- ActiveSync: Connect the device to the PC over ActiveSync and browse to the file and folder of your choice. Right-click on the file name and select Rename to modify the filename or its extension.
- Use third-party freeware tool such as Total Commander. You can do much more than what the builtin file explorer provides. Other than changing file extensions, you can change file attributes (Readonly, Hidden, Archive, System) and file associations as well.
How to disable “Unsigned Prompt Policy” on Windows Mobile?
Many Windows Mobile (Pocket PC) devices ship with one-tier security configuration enabled. That means if an unsigned application is started, then the user is prompted whether to allow the unsigned application to run or not. If the user based on his/her judgment allows the application to run, the application runs in privileged mode whereby it can access all system APIs and protected registry keys.
Now this feature can be very annoying during development. So rather than signing the executable the developer can temporarily disable the Unsigned Prompt Policy by making some registry changes.
Steps to disable Unsigned Prompt Policy on Windows Mobile:
- Use Remote Registry Editor or a third-party tool such as PHM Registry Editor.
- Set the following registry value to 1 to disable Unsigned Prompt Policy. (Default value is 0).
; Unsigned Prompt Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000101a"=dword:1Note: Create the above registry entry if it does not already exist.
How to get process id and thread id from a Window Handle in .NET CF?
Specify the namespace for doing P/Invoke stuff i.e. calling Win32 API functions from managed code.
using System.Runtime.InteropServices;
GetWindowThreadProcessId Win32 function retrieves the identifiers of the process and thread that created the specified window.
Here is how we declare GetWindowThreadProcessId for use in managed code (c#).
[DllImport("coredll.dll")]
private static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId);
Description:
- hWnd is the window handle
- lpdwProcessId stores the process identifier after the method returns
- return value of the function is the id of the thread that created the window
Calling GetWindowThreadProcessId via P/Invoke:
// Set the hWnd value below with window handle of your interest
IntPtr hWnd = this.Handle;
uint processid = 0;
uint threadid = GetWindowThreadProcessId((IntPtr)hWnd, out processid);
And there you go....