Windows Mobile Application Execution Security Policies

There's a good description of the trust levels in Windows CE at this MSDN page, so for this post I'll discuss how the security policies in Windows Mobile 5 affect what trust level an application will get.

Privileged Applications policy (or two-tier policy) (4123)
If this policy is set to 0, applications can run untrusted or trusted, depending on their signature. (two tier) This is the default configuration for Smartphone. If it's set to 1, applications that run will always run as trusted. That is the default for Pocket PC devices.

Unsigned Applications policy (4102)
If this policy is set to 0, unsigned applications cannot run at all. If it is set to 1, then we have to look at the next policy

Unsigned Prompt policy (4122)
If the prompt policy is set to 0, then the user will get prompted when an unsigned binary is loaded. If the user says no, or the prompt times out, then the application will fail to load. If the user says yes, then the application will run at the lowest trust level that is possible on the device. That means that an unsigned app will run as untrusted on a two-tier Smartphone device, but will run trusted on a Pocket PC.

You can use the configuration XML files supplied with the emulator in Visual Studio 2005 to experiment with how your application will behave in the various policy configurations. Jason Fuller wrote a great white paper about this and it goes into much more detail than this post does.