Windows Mobile application development
of applications for Windows Mobile supposes also their assembling and creation of installation package. For this purpose there is such concept as ?abinet (.cab) file in Windows Mobile. It is a common archive but it is a installation package also (a sort of MSI package). It is assembled by means of Cab Wizard (cabwiz.exe) from MS VisualStudio (or from a command line). This utility creates processor dependent «.cab» file. WinCEApplicationManager transmits and starts CAB on a device, so user can install the application using instructions appearing on device screen. It is also possible to create the project of MSI Installation which includes CAB file by means of Visual Studio. This built package will be started on user computer and then transmit ?AB installation on a device to continue installation process.
There is special Uninstall Manager on the device side. One should attach configuration INI-file to CAB file. This INI file includes settings to manage installation process such as path, shortcut name to create, minimal OS version to install the application and others written in special syntax. It is also possible to include your own DLL into CAB-file to widen installation options. This DLL contains such functions as «Installer_AfterInstall», «Installer_BeforeInstall», «Installer_AfterUnInstall», «Installer_BeforeUnInstall», code in these functions will be executed on the device side in the certain moments of installation or uninstallation process.
When developing CAB installation it is possible to attach files, different resources, built units, add information to the registry. They are designated as «Project Output. That’s why there is no need to reset anything after CAB-file creation: it will collect all included projects and files and assemble in an archive.
4. Security Model for Windows Mobile 5 and Windows Mobile 6
Devices based on Windows Mobile receive, send and analyze potentially important information which should be protected from unsafe applications. To protect device the starting of unknown applications is disabled, the access to some API is restricted and some registry parts changing is forbidden. Units can be marked as Trusted and Untrusted and system uses this information to prevent starting of unauthorized applications and limit their access to the system. Also the access to the system by means of RAPI (Remote API) through ActiveSync can be restricted. Security Certificates Security Rights are used for the executable units (EXE, DLL) and for CAB-files.
Protection Against Threats and Risks
The followings options help to protect devices:
Strict password protection. PIN code protection. Devices corrupt deleted information to prevent access to it (WM 6). Devices corrupt deleted information on memory cards to prevent access to it (WM 6). Storages encryption and Advanced Encryption Standard for SSL (WM 6). Own certificates usage. Detecting a device via Bluetooth can be protected (WM 6 Smartphone). 2 layer system of application starting (One-tier and Two-tier access). No support of macros, therefore viruses can make much harm.
The start of applications is based on Permissions. Windows Mobile devices use such models:
Privileged Normal Blocked
Privileged applications have the widest access. They can access any API, write in the protected areas of registry and have the complete access to the system.
Most applications have Normal model. They do not have access to the trusted API and do not have the complete control of the system.
Application can not be started at all if it has “Blocked” status. It means that it’s not signed with the proper certificate or user forbade the start by the proper warning of the system.
Analogical situation is with Cab-files. The executable units with Normal status can start Privileged DLL but then they will work as Normal. However Privileged executable units can not start the units having Normal status.
Written by Eugene Kordin, Apriorit specialist.
Learn more about development process of Apriorit here.