Hi,
I wonder if you guys could help me clear something up. I am new to the compact framework and indeed Windows Mobile in general - I have been reading up extensively recently but there is a couple of things I'm not totally sure of.
I have read conflicting information on MS.com / msdn / blogs
First i read that smart phone apps MUST be signed.
"CAB files for Smartphone solutions must be digitally signed before they are deployed to an end-user's device. or use certain APIs".
Then I read this
"How you get "trust" is determined by the OEM or operator selling the device. For some devices, all apps are trusted. For others, you get trust after the user agrees to a prompt. For a large number of devices, however, to be trusted your application must be digitally signed with a "privileged" certificate that the device trusts".
I'm confused!
The smart phone I have, doesn't appear to require an application to be signed (though I have only installed via active sync and its a test handset) - it just asks the user if they want to trust it.
Is this typical behaviour, or is it really necessary to get smart phone applications signed
Similarly, I have read that Smartphone apps have to compressed, whilst PocketPC apps cannot be. This doesn't seem to be the case in my experience as I have installed non-compressed apps on my smart phone
If it were the case I would have to prepare different builds for both SmartPhone and PocketPC - I suppose when compressed and signed (maybe) and the other not.
Btw I'm interested in 2003/SE mainly - I know you can sign and compress 5.0 PPC apps.
Any thoughts would be appreciated, cheers.
Signing and compression questions
Hot Topic
- Can't Start New Smart Device Projects
- Using PocketPC serial port
- Can not get the e.url in the navigating event in the webbrowser control on PPC 2003
- File Version Info On Windows Mobile 5.0 for PocketPC...
- Saving Pushpin into database
- How can I import or export outlook contact information to vCard information.
- Live Alerts & Visual Basic 2005
- Object Store
- Messenger Command Line
- WinCE 4.2 CF2 Maximized forms (full screen)
Signing and compression questions
Boris Zakharin
SameerNSameer
What if the CAB contains a CE Setup file. Does this require special trust of any kind
HMCSharon
The Smartphone security model is a little more complex and so saying that the CAB must be signed is a little misleading. Different OEMS and Operators can decided on the security policy to use, a common approach is to prompt the user for all unsigned apps, so long as the app uses no privileged APIs it will run normally once the user has given their permission. To use the privileged APIs your app must be signed with a trusted certificate either from Mobile2Market (http://blogs.msdn.com/windowsmobile/archive/2004/11/02/251298.aspx) or from the Operator for which the device is branded.
This article discusses the topic of signing:-
http://msdn.microsoft.com/library/default.asp url=/library/en-us/dnppcgen/html/smartphone_security.asp
Compression is supported on Smartphone and on the Windows Mobile 5.0 Pocket PC, older Pocket PC devices don't support compressed CAB files.
Peter
Kevin Rodgers
Peter,
do you mean that CAB compression is not supported on Windows CE 5 (with Compact Framework 2.0 installed) devices
Thanx.