Carrying a Windows Mobile 6.x-based smartphone (a.k.a. Windows Phone) doesn’t bestow one with the same cachet you get from toting an iPhone or certain Android-based handsets around, but that doesn’t lessen the need to keep your “uncool” device secure. That’s especially true given Windows Mobile 6.x’s relative popularity among business users. In fact, last quarter the platform managed to outsell Windows Phone 7, its more consumer-oriented successor.

Fortunately, there are apps available that can help enhance your Windows Mobile 6.x smartphone’s security in a variety of ways – guarding against viruses, securely managing passwords, providing recourse in the event your device is lost or stolen, securely deleting files, and more. Read on for a look at some apps that can handle these tasks.

Note: A few of the app links provided here take you to the Windows Mobile Marketplace, where apps can be queued up for download over-the-air via the phone’s Marketplace app. If you don’t already have this app installed (it’s included with Windows Mobile 6.5), you can get it by pointing your phone’s browser to

Loss and Theft Protection

The consequences of a lost or stolen smartphone go far beyond the inconvenience and expense of having to replace a pricey device. Especially when you consider that it can also result in unauthorized access to personal or otherwise sensitive data. That’s why it’s worthwhile to be able to track a missing device, and if recovering it turns out to be impossible or impractical, lock it down or wipe it clean to keep the contents away from prying eyes.

Surecop ($19.95, 15-day trial) can plot the location of a missing (GPS-equipped) phone via Google Maps, send lock or wipe commands to the phone via SMS, and log any texts or calls that are made while the phone’s out of your possession. Plus, if the SIM card is changed, the phone will automatically lock and send you the new IMEI and IMSI numbers.

RecoveryCop ($29.97, annual subscription) offers similar features but adds Web-based monitoring and control as well as the ability to backup phone contents prior to wiping so they can be restored to a new device. (Either product can make a stolen phone surreptitiously place a call to you so you can eavesdrop on whoever has the device.)

Microsoft has its own version of remote locate, lock, and wipe, which is a premium add-on to its free Microsoft MyPhone service. It’s not nearly as comprehensive as the products mentioned above, but at $4.99 per use, it’s a lot less expensive.


Although you’re probably more likely to pick up a virus or other form of malware infection on a Windows desktop or laptop than a Windows Mobile device these days, that’s changing rapidly as smartphones proliferate and are used more heavily for Internet access.

As a result, it’s prudent to protect your phone with an anti-virus app, such as Airscanner ($34.99 for annual subscription, with 30-day trial), which provides real-time background and scheduled scanning for viruses, spyware, Trojans, etc., as well as automatic updates for both the virus definitions and scanning engine. A less expensive option is Mobile Active Defense ($16.99 annual subscription); it offers phishing protection and spam filters for an unlimited number of POP or IMAP email accounts.

Malware protection apps for Windows Mobile devices are also available from some familiar names in desktop security, such as Kaspersky. It’s Kaspersky Mobile Security (pricing available via sales quote, five node minimum) works with Exchange-based mailboxes and includes GPS-based tracking of errant phones, remote lock and wipe capabilities, and centralized administration and reporting. Both McAfee Mobile Security for Enterprise and Symantec Mobile Anti-Virus for Windows Mobile (pricing via quote) offer similarly comprehensive malware protection options for businesses that require centralized management of multiple devices.

You don’t necessarily have to shell out big bucks to protect your Windows Mobile phone – Lookout Mobile Security is a free app that combines malware protection, data backup, and remote device location with the ability to make your phone “scream” a loud audible alert even when it’s set to vibrate. (Note: A paid “Premium” upgrade advertises additional features, but it’s only available for Android.]]

Password Management

LastPass ($12 billed annually, 14-day trial) is the gold standard among password management utilities, and it’s a great choice as long as you’re comfortable having the company store your passwords for you, as they’re kept on the company’s own servers rather than on your device. A big plus of LastPass for Windows Mobile (there’s also a version for Windows Phone 7) is that it syncs up with the company’s free browser plug-ins which are available for pretty much every OS and browser platform you can think of (Windows/Mac/Linux/IE/Firefox/Chrome/Safari/Opera).

If you prefer to keep your passwords out of the cloud, SplashID ($29.99, 30-day trial) stores them locally using 256-bit Blowfish encryption, and syncs with its (included) Windows desktop counterpart.

If you’re looking for a no-cost password management option and don’t mind a basic set of features, check out Keeper and SlimPasswords.

File Wiping and Encryption

Just like on a PC, deleted smartphone data isn’t really gone unless you take extra steps to overwrite it. Aiko Solutions’ SecuWipe ($38.99) wipes a phone’s free space and can also securely delete specific files, folders, or pieces of info such as contacts, e-mails, or test messages. Another Aiko product, SecuBox Data Encryption, will encrypt sensitive data on your phone using 256-bit AES.

Authentication Tools

Two-factor authentication enhances security by identifying you not just by something you know (i.e. your password) but also by something you have-- typically a hardware token that generates unique single-use numeric passcodes.

In some cases you may be able to use your Windows Mobile phone in lieu of a hardware token. Depending on the sites and services you need to log into and/or the authentication technology used by your organization either of these two free soft token apps, VeriSign Identity Protection and Entrust IdentityGuard Mobile, may save you from having to carry that extra piece of hardware.

Windows Phone 7

Note: You might be wondering why we haven’t covered any security apps for Windows Phone 7 (aside from LastPass). That’s because owing to the newness of the platform – and the fact that Windows Phone 7 doesn’t permit third-party apps to multitask – there aren’t any WP7 security apps available other than a handful of password managers (Windows Mobile 6.x apps can’t run on Windows Phone 7, or vice versa).

Hint: If you have a Windows Phone 7 device, there’s already a free remote locate, lock, and wipe feature built in, though it’s disabled by default. To turn it on, go to the phone’s Settings menu and look for the Find My Phone option. Then visit to remotely access your phone.

Joseph Moran is a veteran technology writer and co-author of Getting StartED with Windows 7 from Friends of Ed.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.