Windows Mobile Security for Developers

Before I get into the talking about a tool that windows mobile developers will find useful I thought I’d start off with a tool for the end users who are worried about loosing their precious device.  Earlier this week I was sent a link to the Shadowmite Hacker Team which had an interesting utility for locating lost or stolen devices.  Like the look of SecurIt, which is available via XDA developers, as it is simple and has a single function:



Basically it watches your simcard’s IMSI at every boot to see that it’s the same, and if so, just play a “OK” chirp. But if the sim has been changed it locks the phone up while also sms’ing a preset number the new number and imsi right from the new numbers account.


Now for developers: One of the cool features of Visual Studio 2008 is the Device Security Manager (accessible from the Tools menu), which allows you to examine the security configuration of your device (or emulator) and to be able to reconfigure your device to a particular (or one of the predefined) security configuration.


image


If you are building mobile applications you don’t need to wait until Visual Studio 2008 to be able to change the security configuration of your device.  There is a tool called the Security Configuration Manager that ships with the Windows Mobile 6 SDK which has the same functionality, although arranged slightly differently. This tool is a little hidden as it is not installed by default.  After installing the Windows Mobile 6 SDK go to c:Program FilesWindows Mobile 6 SDKToolsSecuritySecurity Powertoy and run the installer SecCfgMgr.msi.  This will install the Security Configuration Manager so that it appears directly under All Programs in Start menu.


security configuration manager


One of the biggest annoyances of working with a real device, over an emulator, is that they are usually set to One-Tier Prompt security (for Pocket PC devices at least). When you build, deploy and run an application from within Visual Studio you will get prompted to confirm that each assembly is ok to run.  If your application has a number of assemblies this quite quickly gets very frustrating.  By changing your device security back to “Security Off” you can eliminate the prompts and hence get your work done quicker. 


There are strange parallels to the whole “developing as administrator” discussion as to whether this is a good idea in the long run, since most device you ship to will probably have security enabled.

Leave a comment