Share via


Location Framework Security

Other versions of this page are also available for the following:

Windows Mobile Not SupportedWindows Embedded CE Supported

8/28/2008

Care must be taken to protect a user’s location in order to safeguard their privacy. Devices that ship the Location Framework need to have a mechanism that will only allow them to install only trusted 3rd party applications or to not install 3rd party applications at all.

The Location Framework and all the plugins run in services.exe. Therefore, they must be native code. Services.exe does not support loading managed code. This makes malicious plugin code as one of the major security issues in the implementation of Location Framework service, as it will run in native code in services.exe. This threat is mitigated to an extent as long as the plugin Provider or Resolver DLL is from a trusted source before services.exe can load it. In particular, this means that a trusted certificate from either the OEM or carrier should be used to sign the plugin DLL.

See Also

Reference

Location Framework Reference

Concepts

Location Framework OS Design Development
Location Framework Registry Settings

Other Resources

Location Framework
Location Framework Application Development
Location Framework Samples