Signing Smartphone apps with a privileged certificate

The security infrastructure on Smartphone requires that an application be "trusted" in order to write to certain files, write to certain registry keys, or use certain APIs.  How you get "trust" is determined by the OEM or operator selling the device.  For some devices, all apps are trusted.  For others, you get trust after the user agrees to a prompt.  For a large number of devices, however, to be trusted your application must be digitally signed with a "privileged" certificate that the device trusts.  Until recently, this meant going to each mobile operator and convincing them to sign your app (not exactly an easy task). 

Well, now we have something better: the Mobile2Market Privileged Certificate program.  The goal of this is to enable ISVs to get their app signed with a single privileged certificate that all devices trust.  This is mostly a manual process on our end but it's a huge step forward and I'm really excited that our Mobile2Market and security folks were able to pull this together. 

If this is something you need, read the requirements.  Once your app meets the requirements, send a mail to M2M@microsoft.com to get the rest of the details (process, costs, etc).

[Author: Robert Levy]