ne topic you really need to understand when deploying Windows Mobile applications is security. Often, developers spend a lot of time developing and testing their applications on emulators. However, applications that are working perfectly on emulators often break mysteriously on real devices. A large part of this can be attributed to the lack of understanding of the security policies implemented on Windows Mobile devices.
In this article, you will learn about the security provisioning of Windows Mobile devices and how you can provision your own Windows Mobile device using the Device Security Manager (included with Visual Studio 2008). In addition, you'll learn how to sign your application using a test certificate shipped with the Windows Mobile 6 SDKs.
Creating a Simple Application
Instead of explaining the various security tiers employed by Windows Mobile devices, this article will walk you through the creation of a simple application, deployment of the app on an emulator, and then explain the behaviors exhibited by the application.
First, launch Visual Studio 2008 and create a new Windows Mobile 6 Standard application project. Name it SecureApp. Populate the default Form1 with the controls shown in Figure 1.
|Figure 1. Form1: A very simple application with a single menu item control.|
Switch to the code-behind of Form1 and import the following namespace:
Code the Write Registry menu item as follows:
private void menuItem1_Click(object sender, EventArgs e)
RegistryKey masterkey =
if (masterkey == null)
MessageBox.Show("Key not created!");
catch (Exception ex)
Essentially, you are trying to create a new key in the Registry of the target Windows Mobile device, in particular, in HKEY_LOCAL_MACHINE\SYSTEM
. However, the following registry root keys and their sub keys are protected from normal applications:
|Figure 2. Access Denied: Access is denied when attempting to create a new registry sub key in HKEY_LOCAL_MACHINE\SYSTEM.|
To be able to write to the above registry keys, your application must be signed with a privileged certificate (this will be explained later).
The above code will attempt to create the registry key. If it fails, an exception will be caught and the error message displayed.
Press F5 to debug the application on a Windows Mobile 6 Standard Emulator. When you click the Write Registry menu item, you will realize that access is denied (see Figure 2).