Legal Issues - General Topics

I am curious as to what legal issues surround upgrading Pocket PC firmware.

Well, the companies that write it don't like the developers (ie here) modifying it for their own ends. Trademark, Copyright, Infringments and all that.
As a start anyway, as you chose to post at 0231AM

But isn't Windows CE open source?

Nope, it's owned by a company called Microsoft.
aka Microsoft Windows CE

i believe it's "shared Source" with the hardware developers from hp/htc and such

It ain't a shared or open source. It is completely owned by Microsoft and hTC and other companies just have license to use it on the devices they make.
But who cares about it? You paid and bought the device. Simply make it however you want it to work for you
Regards,
Carty..

some of it is "shared source"
http://www.microsoft.com/resources/sharedsource/Licensing/WindowsCE.mspx

Rudegar said:
some of it is "shared source"
http://www.microsoft.com/resources/sharedsource/Licensing/WindowsCE.mspx
Click to expand...
Click to collapse
• The Public / Sample Shared Source Code is automatically installed with the Windows Embedded CE Toolkit (Platform Builder) once you accept the license terms in the Windows Embedded CE Toolkit EULA.
• The Private Shared Source Code is an optional component of the Windows Embedded CE Toolkit that can be installed during the setup process. You must electronically accept the terms and conditions of the Windows Embedded CE 6.0 Shared Source license agreement before you can install the source code.
Click to expand...
Click to collapse
You will also want to read Microsofts Terms and Conditions for this.

yes thats why i put "" around the shared source when i wrote it

Related

Universal WM6 ROM and Enterprise Policies

Hi all,
I would like to discuss about the use of Universal with Windows Mobile 6 in professional life...
Could be the base system compliant with general security policy for firms?
Let me know what's your point of view...
mamiware said:
Hi all,
I would like to discuss about the use of Universal with Windows Mobile 6 in professional life...
Could be the base system compliant with general security policy for firms?
Let me know what's your point of view...
Click to expand...
Click to collapse
All of the Windows Mobile 6 ROM's I have used fully support the security policy stuff that is enforced by Exchange when using the device for "Direct Push" email (for what its worth).
I have also found that if you add Blackberry software it works well enough with there policy software if that is your enterprises ‘thing’.
As for your unique company policy, only you and your IT guys can judge that. Just about EVERY company has a different view on what is important.
Support for Exchange policies, a few custom CABs and support for our device management tool mean that using Mobile 6 (or 5) in our enterprise is a non issue. Our only issue with the Universal is the fact that strictly speaking Mobile 6 is a licence violation on the device . Not the case with the Vox’s, TyTN2’s and other native Mobile 6 devices we have.
Your biggest hurdle is that most IT departments in any sizeable company are not going to let non company kit onto there networks, and for a lot of company’s that will extend to non approved software/ROM images etc. being banned.
I guess security enhancements with WM6 are not so... "strong".
As IT Security Integrator, i'm very waiting for Exchange 2007 SP1, that should enforce AS Policies even more than non-sp1 release.
I advise you and your IT Admin (i think they already did, though) to have a look to Exchange SP1 release notes.
There are literally hundreds of enterprise applications out there for management of mobile devices that support everything from symbian phones, to pda's, to windows mobile phone devices.
Some of the better ones are SOTI, Afaria, and Pointsec.
They give remote access to handle remote package management, as well as locking the device and access to applications by user, or user group too.
I thought he was talking about Activesync security policy.
Thank you for all replies...
But does Exchange 2003 store any information about your device? I'm thinking about Windows Mobile 6 Universal issue... And what about contacting Microsoft to buy a license upgrade (without any software delivery from them)?
I'm confused: what do you mean with "But does Exchange 2003 store any information about your device? I'm thinking about Windows Mobile 6 Universal issue... "
If you're talking about ROM Upgrades to Crossbow and license issue, well it's just a lack of support from Manufacturers. Afaik microsoft is providing WM6 license upgrade for free, but providing customers with WM6 rom on old devices would mean no market for new devices. Microsoft ships upgrades to OEM only however.. Not to final customers.
However Exchange 2003/2007 should not store any information regarding devices. I mean, any information relevant. It recognize the device assigning it a unique Idetifier at first synch (SID). I could have a deep look about that with exchange 2007, though. Just tell me what you're looking for.
Ok... If Microsoft is providing WM6 license upgrade for free... why cooked ROM are not so... "legal"?
My problem is: I would like to use my device in my professional life... and I would like to use it the best way I can! This means I need WM6... The problem is that HTC does not provide an official upgrade, but we know that we can develop our ROM... So... How can I legally install my WM6 cooked ROM on Universal? Should I buy some license from someone? Or I can simply flash my device with my ROM and run it without caring about Microsoft license because the upgrade is free?
What about the SD-card encoding "thing"? It should be compliant with any security policy, provided you only lose the card, not the whole device, since in that case, the card can't be read, right?
Yeah... The SD encoding it's fine for policies but... the question is... the encryption key is store in the device (and is deleted with an hardreset) or is created from some device hardcode data? To answer this question we can only try to encode-hardreset-access data... and see if we can still read sd files... (i'll try next weekend)
Anyway... another issue is... how encrypt all data store in device memory? is there any good (light and clean) plugin (driver or application) that can encrypt all the contacts and calendar and, above all, exchange login details?
new symantec mobile suite 5 should do that and make device super-compliat to most (all?) enterprise policy... i'd like to buy it but I do not find any way to place order through the internet!
mamiware said:
Yeah... The SD encoding it's fine for policies but... the question is... the encryption key is store in the device (and is deleted with an hardreset) or is created from some device hardcode data? To answer this question we can only try to encode-hardreset-access data... and see if we can still read sd files... (i'll try next weekend)
Anyway... another issue is... how encrypt all data store in device memory? is there any good (light and clean) plugin (driver or application) that can encrypt all the contacts and calendar and, above all, exchange login details?
new symantec mobile suite 5 should do that and make device super-compliat to most (all?) enterprise policy... i'd like to buy it but I do not find any way to place order through the internet!
Click to expand...
Click to collapse
Hi,
You could change shell paths so that all user data is stored on the SD.
Although I have not tried it, I believe it's simple enough to move all databases to the SD Card.
Cheers,
Beasty

ALERT: Windows CE Virus in the Wild!

US-CERT Warns of Microsoft Windows CE Trojan
By Ryan Naraine
2008-02-26
The WinCE/InfoJack Trojan hijacks the infected device's serial number, operating system and other information and uploads it to an attacker-controlled Web site.
The U.S. Computer Emergency Readiness Team has raised an alert for an in-the-wild malware attack against Microsoft Windows CE powered mobile devices.
According to the US-CERT warning, the Trojan horse program is capable of disabling Windows Mobile application installation security.
The Trojan, dubbed WinCE/InfoJack by anti-virus vendor McAfee, has been programmed to hijack the infected device's serial number, operating system and other information and upload it to a Web site controlled by the attacker.
"It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning," McAfee said in a post on its Avert Labs blog.
The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games, McAfee said.
Here are some characteristics of the Trojan:
Spreads via seemingly legitimate application installation files
Installs as an autorun program on the memory card
Installs itself to the device when an infected memory card is inserted
Protects itself from deletion by copying itself back to disk
Replaces the browser's homepage
Allows unsigned applications to install without warning
McAfee researcher Jimmy Shah said the ability to allow silent installations of unsigned applications can be used by the Trojan to auto update itself and open a backdoor on the mobile device for future malware installations.
The Web site associated with the Trojan is no longer accessible due in part to an investigation by law enforcement officials, Shah said.
The Trojan was first discovered in the wild in China.
The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.
Click to expand...
Click to collapse
Source
Check your phones, people.
There has been at least one other WinCE virus, so this is not necessarily new "news". Although it's a much smaller user base, Windows Mobile is a very, very easy platform to abuse maliciously (much like Windows generally, unfortunately).
In normal day to day use you're unlikely to encounter such malware. However, use of warez is going to massively increase your chance of running into this type of stuff, either on your PC or your PPC.
Drive by infections on this platform are still rare, so use good computer hygiene and you should be generally safe, but there is very little to stop programmers abusing your devices in any way they want to, so be wary, even when downloading random stuff from this and other sites!
V
Since this affects Windows CE (Windows Mobile in general?) I guess it affects not only PPC but Smartphones (WM Standard) aswell?

License not allowed in open source? Windows mobile compact framework sdk license

when i was reading the license that came with the windows mobile 6 compact framework, I noted this:
iii. Distribution Restrictions. You may not
• alter any copyright, trademark or patent notice in the Distributable Code;
• use Microsoft’s trademarks in your programs’ names or in a way that suggests your programs come from or are endorsed by Microsoft;
• distribute Distributable Code to run on a platform other than the Windows Mobile platform;
• include Distributable Code in malicious, deceptive or unlawful programs; or
• modify or distribute the source code of any Distributable Code so that any part of it becomes subject to an Excluded License. An Excluded License is one that requires, as a condition of use, modification or distribution, that
• the code be disclosed or distributed in source code form; or
• others have the right to modify it.
Click to expand...
Click to collapse
does this mean that any open source apps cannot make use of this?
I'm no lawyer, but I think they are saying you cannot take any source code for the compact framework either by reverse engineering or if they have made it available, and license it yourself. You can do whatever you want with your own source code, and it may use the compact framework, but you can't do something like redistribute the source code of System.Data or some other .net DLL. This was an issue with the development of Mono, anyone working on that framework is not supposed to use a tool like Reflector to look at the disassembled source of .NET libraries, then code their own version of it. For typical development which just uses the framework, you should be fine.
thank you, makes sense I suppose

[Q] How XAPs are deployed to Emulator and Device

Hello.
I'd like to automate XAP deployment from my development environment to WP emulators running for testing. WP emulators are running as Hyper-V VMs and they have a valid IP. As much as I understand communications between MS tools like Visual Studio 2011 Beta and WP are TCP/IP based. So, I wonder what is hiding behind the "Deploy" button? Some PowerShell command? Anything else? For starting I'd like to upload the XAP and install it on the Emulator and eventually the device.
Thanks.
There are third-party deployer apps, so what you want is entirely possible. You'd have to look at the source for them, though, and then write your own that listened on a network socket for the file that it is supposed to install.
GoodDayToDie said:
There are third-party deployer apps, so what you want is entirely possible. You'd have to look at the source for them, though, and then write your own that listened on a network socket for the file that it is supposed to install.
Click to expand...
Click to collapse
Due to security restrictions I still cannot post to developers forums, so I'll try to ask here:
are these applications like Tom XAP installer or Multi-XAP installer Open Source, or what? They are distributed in a compiled form so how I can ask their developers for the source code?
There are any number of programs that can decompile managed assemblies (JustDecompile, for example, but there are a bunch and many are free). It's nice to ask for source (and some of the apps are probably open-source; you can look for the tag [SOURCE] or similar in the thread title) but unless they obfuscated the assembly for some reason, decompiling well enough to understand what it does is easy.

Android SDK Licence changes

I was reading an interesting blog post this morning about changes to the android SDK licence. Now after reading through the licence, a large part seems to be indemnity from liability should a developer behave poorly and steal his users phone number.
With that being said a portion of this stuck out like a sore thumb, which affects many users here on xda:
3.3 You may not use the SDK for any purpose not expressly permitted by this License Agreement. Except to the extent required by applicable third party licenses, you may not: (a) copy (except for backup purposes), modify, adapt, redistribute, decompile, reverse engineer, disassemble, or create derivative works of the SDK or any part of the SDK; or (b) load any part of the SDK onto a mobile handset or any other hardware device except a personal computer, combine any part of the SDK with other software, or distribute any software or device incorporating a part of the SDK.
Basically, the last line states that adb may not be shipped with other software. This means downloading the complete SDK to use adb alongside another application. Now I don't know about many of you, but I for one only update my SDK when my device is running a new release of android, and then only when it has become stable. The SDK is not a small download either and many countries have restrictions on data, whether its because its rather expensive or not generally available in the area.

Categories

Resources