Working with the Windows Mobile Security Model
4/19/2010
When developing applications for Windows Mobile devices, you will soon encounter the Windows Mobile Security Model. As Windows Mobile devices became more sophisticated, and began to include phone and other networking capabilities, it became necessary to protect users - and telephone networks - from malicious software. In most situations, before your application can be deployed to a general audience, you must confirm your identity, or your company's identity, by having your application code-signed.
The code signing process adds encrypted information that the Windows Mobile device uses to decide whether to "trust" the application. When an application is trusted, it can be installed without issuing warning statements. In some situations, depending on the supplier of the device, the device simply cannot install un-trusted applications.
To sign an application for public release, you need an account with one of several companies that provide this service. Microsoft does not own or manage the code signing process.
You do not need to repeatedly sign an application during its development However, you may need to contact the OEM or supplier of your development device to ensure that the device will permit installation of applications that have been signed with the default certificates from the Windows Mobile Professional SDK and Windows Mobile Standard SDK. Determine this before buying a development device.
Related Sections
- Signing an Application or Cabinet File for Release to the Public
Provides information about code signing applications, and links to code sign partners.
- Testing How an Application Will Behave Under Different Security Configurations
Describes the restrictions enforced by the security model, and how to test your application accordingly.