Windows Phone Platform security

[hamishwillee]

We've created a wiki Windows Phone category, and our first priority is to get articles to help developers port their existing code from Nokia Platforms to Windows Phone, and from Windows Phone to other Nokia platforms.

As a result I've started my first article Windows Phone Platform Security. Its still a long way from done. I'd appreciate any help on the following open questions:

1. Is there any mechanism to write native code? If so, can I get a pointer to the documentation.
2. Is freeware supported? From what I can see only code that has been tested and distributed through the app hub is allowed, and that must be sold for minimum $1 USD. While there are free tools, you need app hub membership at 99 a year or whatever. All this makes me think the answer is no.
3. What about freeware? Looks like you can't run code without testing or distribute other than through the app Hub at minimum $1 cost. This implies no freeware.
4. How does C# / Windows phone support shared code/DLLs? Firstly, are they supported at all? Secondly, how are they packaged in your app, thirdly, do capabilities need to separately be assigned to the shared code. My take on this is that for apps there is no "3rd party" shared code. Even if you can write some sort of library you won't be able to share access to it with another app (which would have to supply it as well) and that it would have the same capabilities as the rest of the app.
5. Is there any concept of a secure ID? UID
6. Is there a partnering model to get access into more privileged tiers. What are the links?
7. Are there other IPC mechanisms than cloud/sockets - e.g. publish and subscribe, queues etc allowed between apps. Answer appears to be no, so just checking
8. Other than drivers and kernel, what is in the TCB for windows? Software installer?

Feel free to answer below, or as comments to the article itself!

Thank you.

[petrib]

AFAIK, Windows Phone 7 or 7.1 (Mango) supports only managed code (VB, C#), and no native code (C/C++, or compiling VB/C# to native, nor development systems that create native/ARM binaries such as Ideaworks3D's AirPlay/Marmalade).

[mithril87]

Microsoft has put out a feedback site to seek developer needs. If you are interested in native code (I am), you can vote here: http://wpdev.uservoice.com/forums/11...-sdk?ref=title

[mithril87]

Hi,
1. In Windows Phone 7 you could (not possible in Mango anymore) use native DLLs using Interop Services (call native code from .Net). However, this feature is reserved for OEMs and Carriers. If you are interested in native code, you should vote here: http://wpdev.uservoice.com/forums/11...-sdk?ref=title
2. Free Apps AND Freemium (= Free with Ads) are absolutely supported and will be reviewed the same as paid apps. You need a developer account (99$), student account (free) or nokia launchpad program (will get free developer account) to publish apps to the marketplace. If you don't want to distribute your App through the public Marketplace read (3). All details: http://blogs.msdn.com/b/usisvde/arch...at-teched.aspx
3. In addition to (2) you can distribute (starting with Mango) internally (in-house, they call it "Private Marketplace") or Beta deployment (I think max 100 Users). On top of that, official homebrew (do whatever you want outside the marketplace) will be supported! http://www.chevronwp7.com
4. This is correct. Applications are encapsulated and each has their own protected sub-directory (isolated storage). [Update] : This is unfortunately not possible. The only way two 3rd party apps can "talk" to each other is via the cloud approach (7). You are free to put an suggestion out here: http://wpdev.uservoice.com
5. [Update] If you upload an App to the Marketplace, the App will be signed via your Certificate and the Microsoft Certificate automatically. Devs don't have to do anything (same in Apple App Store btw.). All 3rd Party apps are trusted equally. If the application uses GPS, accesses the camera roll, etc. the user will be notified during the installation process.
6. It depends. OEMs, Carriers. If you need more, ping http://twitter.com/brandonwatson He is the right guy for this.
7. [Update] Simple Answer: IPS is not possible for 3rd party apps. My take: What kind of functionality are you thinking of? I have done iOS development and they don't allow it either. Sharing data between apps would be possible via a combination of cloud, background agents and push notifications. But I guess, this is not sufficient for your requirement?
8. [Update] You should start here: http://msdn.microsoft.com/en-us/libr...(v=vs.92).aspx and here https://docs.google.com/viewer?a=v&q...HuJzmj7A&pli=1 . Ping http://twitter.com/#!/brandonwatson He is the guy if you need more details

[wizard_hu_]

The "internal" part of 3 would have been nice to know about a few months ago. I can recall a group enterprise users complaining about being (presumably) unable to distribute software for in-house use.

4 is about sharing documents, I would assume. Like if your application downloads a .mp3 file, how can a media player application access it. And the same for any kind of content, not necessarily multimedia. Like I invent the zup format and create the unzup utility, which will bring files of arbitrary types on the device, and obviously will not want to handle them.

5 that is a Symbian security concept, every releasable application has a 32-bit unique identifier assigned by a central entity, Symbian Signed (http://www.symbiansigned.com), which also tracks the ownership of these ID-s. In Windows environment there are GUID-s, so the question is not really their existence, but their role, if there is any (except for being unique of course). In Symbian, UID-s below 0x80000000 are trusted, applications with those UID-s has to be tested and certified by Symbian Signed. UID-s from the high range are untrusted, anyone can use them, and sign the application with a self-signed certificate. Of course such applications have less access to device resources, and also show some warnings in installation time.
Long story short: SID/UID is about who can install what, and what that application is allowed to do on the device.

8 TCB=Trusted Computing Base, the group of components with 'absolute power' on the device. Like the software installer which can certainly access everything, including the application binaries, isolated storages, etc.

[mithril87]

Hi wizard_hu_, thanks for the clarification. Updated my reply and removed some typos (I should not write on sunday morning).

[wizard_hu_]

The cloud thing is acceptable after all, however it would be nice to know about its caching mechanism, off-line availability, and if there is some control over them (either programmatic or at least for the user).

[hamishwillee]

Hi All

Thank you very much. I think probably some of the answers to these really belong in a "Windows Phone" FAQ or a "distribution" document - but still very handy.

Wizard_hu, yes, the question "5" would indeed be better worded as "is there anything else special you need to do or get for signing, like the Symbian UID". Understand this now.

I'll follow up with brandonwatson on a few of these.

Thanks
Hamish

[hamishwillee]

Again, thanks for your help. I have finished the first draft of the article: http://www.developer.nokia.com/Commu...tform_Security

I'd appreciate any feedback as comments to the article:
- is it useful
- are there any bits that are confusing
- is the comparative style useful
- are the links deep enough/ are the descriptions deep enough or too deep.
- does it read well.

I'll be having a look in a few days - at the moment I'm not objective.

Thanks
Hamish

[cintema]

One has to bear in mind that European business customers must not use US-based cloud services. This is forbidden by law as soon personalized data is handled in many European countries.
Therefore, as soon as thinking about programming business apps DON`t use the cloud!

[petrib]

One has to bear in mind that European business customers must not use US-based cloud services. This is forbidden by law as soon personalized data is handled in many European countries.
Therefore, as soon as thinking about programming business apps DON`t use the cloud!

Note also: http://www.zdnet.com/blog/igeneratio...oud-data/11225

Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities.

This, accordingly, applies to whatever you do with Microsoft/Skype, Google, Apple, Amazon, Yahoo, eBay, Facebook, salesforce.com, ... any US company, even if the US company has servers in the EU.

[cintema]

This, accordingly, applies to whatever you do with Microsoft/Skype, Google, Apple, Amazon, Yahoo, eBay, Facebook, salesforce.com, ... any US company, even if the US company has servers in the EU.

Exactely.
Conclusion:
Since Windows Phone 7 is largely Cloud-dependent it is not suitable for use in any business environment within Europe.
Better to stay with Symbian or go for MeeGo in the EU!

[miechu]

Since Windows Phone 7 is largely Cloud-dependent it is not suitable for use in any business environment within Europe.
Better to stay with Symbian or go for MeeGo in the EU!

In what sense? I've written a bunch of WP7 Apps for demo purposes and haven't used the cloud once... You can use Amazon's S3 or Microsoft's Azure with MeeGo/iOS/Android/etc.... does that make them bad? Sure the "Patriot Act" is not a good thing for the rest of the world, but from what I've read US has to discuss that stuff with EU.

[cintema]

In what sense? I've written a bunch of WP7 Apps for demo purposes and haven't used the cloud once... You can use Amazon's S3 or Microsoft's Azure with MeeGo/iOS/Android/etc.... does that make them bad? Sure the "Patriot Act" is not a good thing for the rest of the world, but from what I've read US has to discuss that stuff with EU.

You can use doesn`t mean you have to. Using a WP7-phone without using the microsoft cloud doesn`t make sense, since you can`t even sync your contacts with your desktop without M$ live.
Blackberry, MeeGo or Symbian are probably better choices in business environments. Microsoft is very aware of this and therefore bought in at Blackberry recently.

[miechu]

You can use doesn`t mean you have to. Using a WP7-phone without using the microsoft cloud doesn`t make sense, since you can`t even sync your contacts with your desktop without M$ live.
Blackberry, MeeGo or Symbian are probably better choices in business environments. Microsoft is very aware of this and therefore bought in at Blackberry recently.

Please stop spreading false information again. I'm using a WP7 with google account and it syncs my contacts flawlessly. Most of the modern smartphones can sync to whatever you like so in that sense it really doesn't matter which platform you use.