Content Security on Windows Mobile Devices

On Windows Mobile Professional, mobile workflow files are stored unencrypted on the device’s file system, and mobile workflow Settings are stored unencrypted in the device’s registry.

Note: The Windows Mobile mobile workflow container defers all security and encryption responsibilities to Afaria’s Security Manager; therefore, Sybase strongly recommends that you use Afaria Security Manager.
If you do not use Afaria Security Manager, you must:
  • Protect these files through alternative means. The \Program Files\Sybase\Messaging\AMP folder (and all if its sub folders) must be secured on the device.
  • To protect the mobile workflow settings, the [HKEY_LOCAL_MACHINE\Software\Sybase\MessagingClientLib] registry key (and all of its sub keys) must be secured on the device.

Mobile Workflow Files

Mobile workflow files include all the files contained in the <workflow_package_name>.zip that is deployed to the device, including all HTML, JavaScript, CSS, and any other files that may be included as part of the Workflow zip package. These are all stored unencrypted on the file system of the device.

Attachments

If attachments, such as *.docx, *.pdf, and so on, are part of the <workflow_package_name>.zip deployed to the device, they are stored unencrypted on the file system of the device.
  • When the JavaScript requests these attachments for viewing, a file URI is constructed for a suitable external viewer to display these files.
  • Once the mobile workflow application closes, these temporary attachment files are immediately removed.

Cached Online Requests

The results of online requests that are specified to be cached are stored unencrypted on the device’s file system. Cached results are removed when the mobile workflow package is unassigned from the device, or uninstalled from the server.

Notifications From the Server

Server notifications are stored unencrypted in the Inbox database of the device (the same database that houses the device’s regular e-mail messages). When the notification is acted upon, the JavaScript makes a request for the notification contents. This is read from the Inbox database and passed to the browser in memory. If you are not using Afaria Security Manager, the Windows Mobile Inbox database must be secured.

User Input Sent to the Server

When the device has no network connectivity, and the user submits a Workflow for the server to process, the data destined for the server is queued up on the device. The contents of this queue are stored in an unencrypted SQLite database.

Parent topic: Content Security on Devices