One of the features of the Windows Mobile (PDA) application that I am developing is simple one-click update. User clicks the “Check update” button and everything is done by the application itself after that – it checks for a new version, downloads, installs, and restarts. Simple and straightforward stuff.
Except that I need to do some extra processing before and after the update. Back up the settings, back up files in case update fails for some reason and so on. Not overly complicated.
The installer comes as a Windows Mobile CAB file – and I use Wceload.exe to start the install. As I need the silent install, I used:
Keys /silent and /noui should hide the installer process completely from the user (read about Wceload command line parameters here).
And it worked just fine when I tested it. It worked on all Windows CE 2003, Windows Mobile 5 and 6. But then an outside tester had issues with the update on Windows Mobile 6 – it failed with a file missing after the cab installer had finished and was always rolled back. I couldn’t figure out what was wrong, so I asked PDA to be brought to me.
I plugged their PDA to my USB, started VS to debug the installer application – and everything worked without any problems. “Surely this was one-time glitch,” I was certain.
But another tester had the same issue – and this time I didn’t start the debugger right away – and there! I was able to reproduce the bug! Tried to debug the updater… and everything worked fine again.
So I did a cold reset to the PDA. And tried to run the CAB out of the installer application – and I was greeted with a question:
“The program is from an unknown publisher. You should install it only if you trust its publisher. Do you want to continue?”
If I answered “Yes”, then install went OK. But “No” gave me:
“Installation was unsuccessful. The program cannot be installed because it is not digitally signed with a trusted certificate.”
Trusted certificate?! Hmm… I tried creating my own certificate – I certainly trust myself – and signing everything with it – no dice. So I started to Google for information.
And I found out that starting from Windows Mobile 5, there is an additional security requirement for signed executables (“Mobile2Market”). I went to see the prices of “trusted certificates” and they are quite steep. I did not want to buy the certificate for something as small as this. So I looked at the alternatives – the first article mentioned SetSecurity.exe to disable the security question.
I hunted down SetSecurity.exe (as the home page is gone) and tried it. Nice small GUI app which worked as advertised. But it had no command-line options for silent execution nor did I want to bundle an external application with ours.
So, I had to find how SetSecurity.exe works. Thankfully I didn’t have to disassemble it – someone else had done it (last post). And… great MS security was just one registry key:
[HKEY_LOCAL_MACHINE\Security\Policies\Policies] "0000101a"=dword:00000000 <- On "0000101a"=dword:00000001 <- Off
You don’t even need to reboot the PDA, just set the value to 1 and no more security questions. Here is the C# code (note that it will not work on Compact Framework 1, as it had no registry access. Minimum CF 2.0 needed):
Of course my application reads the registry key value before changing it and restores after the application update has been done.
int securityStatus = (int)rKey.GetValue("0000101a");
But why did everything work with Visual Studio? Because VS installs silently “developer certificates” to the root of PDA certificate store. And no issues when VS is running…