Guest Paul [MVP] Posted November 3, 2004 Report Share Posted November 3, 2004 The Windows Mobile Tabloid-tastic MSMobiles are reporting on this article on the Windows Mobile Blog, which talks about M2M (Mobile 2 Market) Privileged certificates that are to be made available. Signing Smartphone apps with a privileged certificate The security infrastructure on Smartphone requires that an application be "trusted" in order to write to certain files, write to certain registry keys, or use certain APIs. How you get "trust" is determined by the OEM or operator selling the device. For some devices, all apps are trusted. For others, you get trust after the user agrees to a prompt. For a large number of devices, however, to be trusted your application must be digitally signed with a "privileged" certificate that the device trusts. Until recently, this meant going to each mobile operator and convincing them to sign your app (not exactly an easy task). Well, now we have something better: the Mobile2Market Privileged Certificate program. The goal of this is to enable ISVs to get their app signed with a single privileged certificate that all devices trust. This is mostly a manual process on our end but it's a huge step forward and I'm really excited that our Mobile2Market and security folks were able to pull this together. If this is something you need, read the requirements. Once your app meets the requirements, send a mail to [email protected] to get the rest of the details (process, costs, etc). An interesting point to note here is that this privileged certification will ONLY be effective if the operator in questions has chosen to implement the M2M root certificate on their device, which as I understand, some have not. Close... but no cigar? ^_^ P Link to comment Share on other sites More sharing options...
Guest Arisme Posted November 4, 2004 Report Share Posted November 4, 2004 Well, guess we can hope that everybody will include this certificate in its ROM once it's launched :wink: I'm more concerned by the restrictions regarding what someone can do with the privilegied certificate (mainly point 11 "Application code shall not Access any part of the device hardware through any means other than the APIs published in the Software Development SDK for the particular version of the MS Smartphone software"). Some parts of the undocumented-officially-but-fully-documented-in-the-patent RIL API can be pretty interesting and it'd be great to be able to use it in a more official way ... but it's pretty hard to find a contact at Microsoft to submit API evolution ideas :wink: Link to comment Share on other sites More sharing options...
Recommended Posts