What Smartphone Priv APIs do you need to use?

In addition to Robert's post below I wrote an article called A Practical Guide to Smartphone Application Security that gives practical advice on signing applications, what needs to be signed, how to set up your tools. You may find this more digestible than the AMO document.

We may also have an opportunity to move some APIs from priv to unpriv or vice versa. I'm interested in your feedback on what APIs you would like to see become unprivileged that are currently privileged and why. What would having the API unprivileged enable your application to do that you can't do today without privileged signing? Why is that so important to your application? I know that the ability to get the unique device ID is important to many developers so perhap that's my start. What else?

[ Author : James P. ]

Comments

• Anonymous
  August 28, 2004
  I don't have a specific API to recommend. My suggestion is to remove the need of privileged trust for ActiveSync providers.
• Anonymous
  August 29, 2004
  It would be nice if there was a way of adding an translations into the FileNameLang database (used by SHGetFileInfo()), thereby allowing an app to have it's Start Menu items translated like the apps in ROM.
  
  riki
  
• Anonymous
  August 31, 2004
  I second Guiseppe's comments on making ActiveSync unpriv. While the priv signing process would appear to be the solution, it has turned out to be problematic. I'm sure you're aware of the complications. I'm not sure you're aware that the complications with having such a long lag between the 2003 launch and the M2M priv process is costing us real dollars in refunds when people find out they can't sync with their devices. We've been trying for months to get signing set up with one operator, and the beurocracy is unbelievable. The fact of the matter is that priv signing is a technical solution that has failed to deliver in the business world for ISV’s.