GPS Intermediate Driver Security (Windows Embedded CE 6.0)
1/6/2010
This topic discusses security issues for the GPS Intermediate Driver. To mitigate security risks, use the following best practices.
Best Practices
Protect location information from unintended use
Never allow location information to be used without the user's consent. For example, the user should explicitly initiate any use of location information. Use of this information should only occur if an application prompts the user with a notification of privacy concerns, and if the user gives explicit consent. Furthermore, a user who has approved the use of location information for a specific purpose should have the ability to revoke the consent at any time.
Consider restricting GPS Intermediate Driver access to trusted processes
Device manufacturers can choose to restrict GPS Intermediate Driver access to trusted processes only by using the DEVFLAGS_TRUSTEDCALLERONLY flag with the ActivateService function. Device manufacturers can set this flag, per device driver, using the registry.
By default any application can access the GPS Intermediate Driver. To restrict access to trusted applications only, first modify the Flags setting under the registry key HKEY_LOCAL_MACHINE\Services\GPSID. Next, change the Flags registry setting to also contain DEVFLAGS_TRUSTEDCALLERONLY for the multiplexer under the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\GPS Intermediate Driver\Multiplexer\ActiveDevice. For more information, see GPS Intermediate Driver Multiplexer Registry Settings.**
Warning
Using the DEVFLAGS_TRUSTEDCALLERONLY flag for the GPS Intermediate Driver can make it more difficult for a malicious application to obtain location information that it might then transmit or use in other unpredictable ways. Even with the flag specified, however, a malicious application might still be able to access location information by opening the GPS hardware device driver directly. The device manufacturer can mitigate the danger by ensuring that the GPS hardware device driver is also available only to trusted applications.
Using the DEVFLAGS_TRUSTEDCALLERONLY flag does not restrict access to files produced by the GPS Intermediate Driver. Specifically, the CurrentLogFile, OldLogFile, and MaxLogFileSize registry entries control files that can contain location information. For more information about these registry entries, including information that explains how to ensure that a device does not save log data to a file, see GPS Intermediate Driver General Registry Settings.
Be aware of registry settings that impact security
If a value has security implications, you will find a security note in the registry settings documentation. For more about GPS Intermediate Driver registry information, see GPS Intermediate Driver Registry Settings.
See Also
Concepts
GPS Intermediate Driver Registry Settings
Other Resources
GPS Intermediate Driver
Enhancing the Security of a Device
ActivateDeviceEx