So far in this chapter, we've discussed applications of encryption, including how to authenticate a user name and password to protect access to your application and how to encrypt data in databases and files. We have also discussed input validation. If you, the developer, have done your job properly, it really doesn't matter if the device is lost or stolen, does it?

Because there's no such thing as perfect security, you must use defense in depth: Put many obstacles in front of your attackers. If your devices run Windows Mobile, the first thing you should do is use the built-in power-on password. This feature is disabled by default, and when activated you can choose between a simple four-digit personal ...