Location Framework Security
Other versions of this page are also available for the following:
.gif "A hyphen indicates that the information in this topic is not relevant for this platform, or that the platform does not support the API that is listed.")
.gif "A checkmark indicates that the information in this topic is relevant for this platform, and that any API listed is also supported on this platform.")
8/28/2008
Care must be taken to protect a user’s location in order to safeguard their privacy. Devices that ship the Location Framework need to have a mechanism that will only allow them to install only trusted 3rd party applications or to not install 3rd party applications at all.
The Location Framework and all the plugins run in services.exe. Therefore, they must be native code. Services.exe does not support loading managed code. This makes malicious plugin code as one of the major security issues in the implementation of Location Framework service, as it will run in native code in services.exe. This threat is mitigated to an extent as long as the plugin Provider or Resolver DLL is from a trusted source before services.exe can load it. In particular, this means that a trusted certificate from either the OEM or carrier should be used to sign the plugin DLL.
See Also
Reference
Concepts
Location Framework OS Design Development
Location Framework Registry Settings
Other Resources
Location Framework
Location Framework Application Development
Location Framework Samples