Security Overview
Windows Mobile-based devices are shipped by OEMs and ODMs with default security settings. These default settings may have been specified by the Mobile Operator before production. However, the flexibility of the Windows Mobile-based device security model enables Mobile Operators to freely make post-production changes to security settings.
Mobile device security consists of the following features:
| Security Feature | Purpose |
|---|---|
| Application Security | Provide levels of protection against unauthorized application installation, application execution, and other threats at the operating system level. |
| Authentication Protocols | Provide communication and data access security. |
| Certificates | Verify authenticity and integrity of files and applications. |
| Cryptography | Provide cryptographic algorithm support. |
| Perimeter Security | Provide protection against access by unauthorized users and against unauthorized installation of applications. |
| Security Policies | Configure security settings. |
| Security Roles | Provide the ability to assign and identify levels of access for users, applications and messages. |
Device Specific Security Features
The following table shows the security features supported by Windows Mobile Smartphone and Pocket PC.
| Pocket PC | Smartphone | |
|---|---|---|
| Certificates | Microsoft® Windows® Mobile-based Pocket PC manages certificates through the Certificate stores and CertificateStore Configuration Service Provider (add, delete, and query). No Privileged or SPC store. | Windows Mobile-based Smartphone manages certificates through the Certificate stores and CertificateStore Configuration Service Provider (add, delete, and query). |
| Certificates | Pocket PC has no default Certification Authority root certificates in the ROOT certificate store. | Smartphone is delivered with default Certification Authority root certificates in the ROOT certificate store. |
| Certificate Revocation | Smartphone supports certificate revocation based on the hash of a certificate. | |
| Security Policies | Pocket PC does not check signatures for application installation or execution. | Security policies determine if signed files are required for installation and execution. For information about individual security policies, see Security Policies Configuration Settings. |
| Security Policies | Pocket PC does not check signatures for application installation or execution. | The UnsignedPrompt policy allows application certificate checking to be bypassed. |
| Security Policies | A one-tier security model is used. Applications on the device have access to the entire system. | The PrivilegedApps policy setting determines whether the One-Tier or Two-Tier security model is used and enables you to switch from one security model to the other. |
| Security Roles | Applications on the device have access to the entire system. | Roles are assigned by Configuration Manager. The assigned role determines access rights on the system. |
| Application Installation and Application Execution | Pocket PC does not check signatures for application installation or execution. | Smartphone verifies certificates and signatures for application installation and execution. |
| Device Lock | provides support for locking the device and requiring user authentication through a password.
Pocket PC does not support the DeviceLock Configuration Service Provider. |
Smartphone provides support for locking the device and requiring user authentication through a password.
Smartphone supports the DeviceLock Configuration Service Provider. |
See Also
Security for Windows Mobile Devices | Security Policies
Send feedback on this topic to the authors.
© 2005 Microsoft Corporation. All rights reserved.