Understanding Windows Mobile Application Security Policies

Execution of programs on Windows Mobile devices depends on the application signatures and their permission levels. Devices can be configured to the following security settings.

  • Security off
  • Unsigned applications are allowed to run without any prompt and they can access privileged APIs, or protected areas of the registry and file system.

  • One-tier prompt
  • The device prompts the user before executing unsigned applications. Once the user allows the execution, application has no restriction on permissions. This is usually safe if you trust the application developer or vendor.

  • Two-tier prompt
  • The device prompts the user before executing unsigned applications. If the user allows an unsigned application to execute, the application executes with normal permissions but cannot access privileged APIs, or protected areas of the registry and file system. Even the signed applications cannot access the privileged resources unless they are signed with a certificate in the privileged certificate store.

  • Mobile2Market locked
  • Only signed applications are allowed to execute. Unsigned applications don’t prompt the user when executed. Permissions given to signed applications depend on the certificate with which they were signed i.e. signed with certificate from the privileged certificate store or the normal certificate store.

42Gears has recently released SureCop, an Anti-theft software for Windows Mobile phones.To learn more about SureCop for Windows Mobile and how it can help you secure your mobile phone, please visit the product website http://www.surecop.com.

Leave a Comment