Application Security
Windows Mobile supports an open security model for Pocket PC devices. Applications running on Pocket PC have access to all system resources.
Two security models are supported on Windows Mobile based Smartphone devices: a one-tier security model and a two-tier security model.
The One-tier Security Model
The One-Tier security model distinguishes between signed and unsigned applications. All applications signed with a certificate, in either the Privileged Execution Trust Authorities or Unprivileged Execution Trust Authorities certificate store, run with trust level OEM_CERTIFY_TRUST with privileged access to the device.
For unsigned applications the following security policies are checked to determine whether an application can run on the device:
- The Unsigned Applications policy SECPOLICY_UNSIGNEDAPPS, is checked to determine whether unsigned applications are allowed to run on the device.
- If unsigned applications are allowed to run on the device (SECPOLICY_UNSIGNEDAPPS=1), then the Unsigned Prompt policy is checked. If the Unsigned Prompt policy is non-zero then the user is not prompted and the application is allowed to run with trust OEM_CERTIFY_TRUST. If the Unsigned Prompt policy is zero (SECPOLICY_UNSIGNEDPROMPT = 0), then the user is prompted to specify whether to allow the unsigned application to run.
- For applications allowed to run, the PrivilegedApps policy is checked to determine whether the allowed application runs in Privileged or Unprivileged Mode on the device.
Two-tier Security Model
The Smartphone Two-Tier security model (SECPOLICY_PRIVELEGEDAPPS=0) provides greater flexibility in how applications are allowed to run on the device. In the One-Tier security model, applications are either allowed to run or not allowed to run. In the Smartphone Two-Tier security model there is a distinction between privileged and unprivileged applications. Applications can run as privileged with full access to the device or unprivileged with limited access to the device.
The Two-Tier security model (SECPOLICY_PRIVELEGEDAPPS=0) uses the application's signature to determine whether the application runs in Privileged or Unprivileged Mode. The Unprivileged Mode has limited access to the system and APIs.
Signed applications with a certificate chain that maps to a root in the privileged store run in Privileged Mode.
Signed applications with a certificate chain that maps to a root in the unprivileged store run in Unprivileged Mode.
In This Section
- Application Trust Levels
Describes the application trust levels: privileged and unprivileged. - Binary Files
Describes how application security configuration determines whether you must sign the binary files to run applications, and lists the common application security configurations that Windows Mobile software for Smartphone supports.
Related Sections
- Security Policies and Roles
Describes security policies and roles. Security policies enable you to configure security settings. Security roles identify levels of access.
CertificateStore Configuration Service Provider Examples
Explains how to add certificates to certificate stores on Windows Mobile-based devices by using provisioning XML.
Send feedback on this topic to the authors.
© 2005 Microsoft Corporation. All rights reserved.