Start Windows Mobile Johan Huss jhuss microsoft com Mobility

Start Windows Mobile Johan Huss jhuss@microsoft. com Mobility Day, May 27 Phone Contacts

Agenda Overview of Windows Mobile What’s new in Windows Mobile 5. 0 Application Security on Windows Mobile

Windows Mobile Device Categories PDA’s and converged devices Messaging devices Touch Screen QWERTY keyboards Vertical, LOB applications Platform extensibility Great phone first Keypad and joystick input Optimized for one handed navigation Platform extensibility Dedicated for media Highly optimized user interface Non touch, dedicated button navigation Video out capability

Windows Mobile & Win. CE Smartphone Pocket PC Portable Media Center Common Elements (e. g. Cellcore, WMP) Windows CE Operating System

CHANGE Platform Creation Model Magneto SPEC Oz. Up CODE DEBUG STABILIZE MDD Core Development Team Project start Oz 2002 SP/PPC 2002 SUSTAIN OORT AKU TIME Adaptation Kit release Releases

Windows Mobile Releases 2000 2001 2002 2003 2004 2005 Pocket. PC 2000 Pocket. PC 2002 ”Merlin” Pocket. PC 2002 Phone Edition ”Merlin Phone” Smartphone 2002 ”Stinger” Windows Mobile 2003 ”Ozone” Windows Mobile 2003 2 nd Edition ”Oz. Up” Windows Mobile 5. 0 ”Magneto”. netcf included

What’s on the device? ISV OEM ISV Microsoft Platform releases AK & AKUs Same for all manufacturers OEM/ODM Platform integration Drivers and device specific features MS ISV Can ship applications in ROM usually via OEM/ODM. E. g. MMS Client ISV

Windows Mobile 5. 0 Device Trends More Messaging Devices Faster Phones Optimized for e-mail 10+ QWERTY 1+ Smartphone CDMA1 xrtt & GSMGPRS Edge in CY 05 17+ devices 7 Smartphones UMTS/EVDO in CY 05 12+ devices 7 Smartphones Targeted Devices 4 devices with hard drives Integrated GPS Media Centric Smartphone with Wi. Fi

Windows Mobile 5. 0 Development Platform New In ROM Install . NET CF 1. 0 SP 3 . NET CF 2. 0 MFC 3. 0/ATL 4. 0 Windows Media 10 OCX Managed Telephony State and Notification Broker Direct. Show (raw camera access) Direct 3 D Mobile Managed Outlook Mobile Managed Messaging (SMS, Mail) Managed Config Mgr MFC 8. 0/ATL 8. 0 Direct Draw GPS API Picture Picker Get Device ID (unpriv) Contact Picker Query Policy SQL Mobile 2005

Developer Platform Notes Pocket PC Soft keys Smartphone-like hardware navigation for app menus Create a 2 button menu Not compulsory, >2 button menu gets existing menu bar Orientation and landscape support Windows Mobile 5. 0 apps (CESubsystem=5. 0) must be orientation and resolution aware Pre-Windows Mobile 5. 0 apps still get pixel doubling and scroll bars New Font! Windows Mobile 5. 0 uses Segoe rather than Nina/Tahoma Segoe slightly smaller in height and width

Development Tools for Windows Mobile 5. 0 Visual Studio 2005 is the single development tool for Magneto development Supports build, deploy, debug across NET CF 1. 0, 2. 0 and native code for 2003 devices upward Integrates device development completely to Visual Studio development environment Managed and native development in one place Intellisense Remote Tools e. VC 3, e. VC 4 and VS. NET 2003 Apps still run Cannot debug or deploy direct to Magneto

New features of Visual Studio 2005 True ARM emulator with higher fidelity experience Same executable/CAB for device and emulator Realistic device performance Direct 3 D and GAPI support New debugger Brand new architecture rewritten from line 0 Optimized for USB 2. 0 performance New designers Improved UI designers (docking and anchoring) Data designers (drag, drop and bind SQL to forms) Improved CAB designer support (new project type)

What’s new in 5. 0?

Major Platform Updates Performance and Stability Windows CE 5. 0 Persistent Storage New “Image Update” updating flexibility p. Watson support for radio data during trials Device Innovation New Softkeys and improved keyboard support New flexibility in the phone application for branding and functionality Landscape and keyboard support for Smartphone* Including keyboard navigation improvements for both platforms Native Wi-Fi support for Smartphone Extended storage and USB 2. 0 support Improved secondary display support Native SDIO support Bluetooth keyboard driver Security Full Security Review (FSR) FIPS 140 -2 certification Operator Multiple APN support Simultaneous connections over RAS/PPP radio interface OMA Device Management support – provision settings & certs

Application Security

Windows Mobile Security Model Execution Security: Applies to code execution Control whose apps can run on the device Control what those apps can do Device Management Security: Applies to device configuration. E. g. : Installing applications. changing security settings, OTA provisioning… Control who can access which device settings at what level Remote Access Security: RAPI (Remote API) Access via Active Sync connection Control what connected desktop applications can do on the device

Security Services Security Roles Security Policies Digital Certificates

What are the fundamentals? Roles Have certain privileges like ACL Users, Applications and Messages get one or more roles assigned Policies Sets level of security for Applications and OTA provisioning messages Controls Port of Entry Certificates Provides means of authentication for Applications and Packages

Code Groups What can an app do? Two-tier: {Trusted, Prompt/Normal, Run/Normal, Blocked} One-tier: {Trusted, Prompt/Trusted, Blocked} Ø Trusted: Access to all registries, APIs, hardware interfaces Ø Normal: Exists only on two-tier devices Some APIs restricted, parts of Registry are read-only >95% of device accessible, adequate for almost all apps Intended as a way to improve reliability of apps, not a primary defense against damage from malicious code Ø Blocked: Code cannot run

WM Security Model Availability

Architecture. net CF Security Policy exe dll CE kernel Decision: 0: Block 1: Run Normal 2: Run Trusted Policy Engine ID Evidence Generator UNPRIV Exec. Trust Authorities CAPI ID PRIV Exec. Trust Authorities

Code Identity Who is responsible for this app? X 509 Certificate for Code signing Certificate represents the ISV, publisher Signing attaches the Code ID to executable Built-in Code IDs: Ø Unsigned: Can be allowed to run, with or without prompt No recognized signature Ø Bad Signature: Signature/file is corrupted, or certificate misused Hardcoded policy: Always blocked Ø Revoked: Blacklisted App, Code ID Certificate, or CA Certificate Hardcoded policy: Always blocked

Device Security Trade-off Application Compatibility More app variety Richer device experience More appealing to users Device Security Stronger protections Defense against rogue code Increased manageability

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.

Objects Requiring Trust Registry Keys Component APIs HKEY_LOCAL_MACHINEComm Public Set. Interrupt. Event HKEY_LOCAL_MACHINEDrivers Set. System. Memory. Division HKEY_LOCAL_MACHINEHARDWARE CESet. Thread. Priority HKEY_LOCAL_MACHINESYSTEM Ce. Set. Thread. Quantum HKEY_LOCAL_MACHINEInit Force. Pageout HKEY_LOCAL_MACHINESecurity Virtual. Copy HKEY_LOCAL_MACHINEWDMDrivers Lock. Pages HKEY_LOCAL_MACHINEServices Unlock. Pages HKEY CLASSES_ROOT (device specific) Set. Proc. Permissions Set. KMode Read. Process. Memory Write. Process. Memory Applications using these objects must run as TRUSTED applications on the device Set. Clean. Reboot. Flag Power. Off. System Debug. Active. Process Create. Process (only the debug flags DEBUG_ONLY_THIS_PR OCESS and DEBUG_PROCESS) Kernel. IOControl

Objects Requiring Trust (2) Extended Telephony Application Program Interface (Ex. TAPI) line. Register SIM Manager (cont) line. Set. Call. Barring. Passwo rd sim. Change. Locking. Passw ord sim. Read. Message line. Set. Call. Barring. State sim. Write. Message line. Unregister sim. Delete. Message line. Set. Preferred. Operator sim. Read. Record line. Set. Equipment. State sim. Write. Record line. Get. General. Info sim. Get. Record. Info line. Manage. Calls line. Set. Gprs. Class Short Message Service Sms. Set. Message. Notificati on Sms. Clear. Message. Notific ation line. Get. Number. Calls line. Set. HSCSDState line. Get. USSD Sms. Receive. All. Messages From. SIM line. Send. USSD Sms. Set. SMSC line. Set. Send. Caller. IDState Connection Manager Conn. Mgr. Provider. Messag e Critical Process Monitor (CPM) CPMRegister (Reboot) line. Set. Call. Waiting. State SIM Manager sim. Unlock. Phone sim. Set. Locking. Status CPMShutdown CPMStatus sim. Get. Sms. Storage. Status CPMRegister. Test Radio Interface Layer All RIL APIs