×

Discussion Board

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Registered User
    Join Date
    Jan 2009
    Location
    Melbourne, Australia
    Posts
    2,571

    Windows Phone Platform security

    We've created a wiki Windows Phone category, and our first priority is to get articles to help developers port their existing code from Nokia Platforms to Windows Phone, and from Windows Phone to other Nokia platforms.

    As a result I've started my first article Windows Phone Platform Security. Its still a long way from done. I'd appreciate any help on the following open questions:

    1. Is there any mechanism to write native code? If so, can I get a pointer to the documentation.
    2. Is freeware supported? From what I can see only code that has been tested and distributed through the app hub is allowed, and that must be sold for minimum $1 USD. While there are free tools, you need app hub membership at 99 a year or whatever. All this makes me think the answer is no.
    3. What about freeware? Looks like you can't run code without testing or distribute other than through the app Hub at minimum $1 cost. This implies no freeware.
    4. How does C# / Windows phone support shared code/DLLs? Firstly, are they supported at all? Secondly, how are they packaged in your app, thirdly, do capabilities need to separately be assigned to the shared code. My take on this is that for apps there is no "3rd party" shared code. Even if you can write some sort of library you won't be able to share access to it with another app (which would have to supply it as well) and that it would have the same capabilities as the rest of the app.
    5. Is there any concept of a secure ID? UID
    6. Is there a partnering model to get access into more privileged tiers. What are the links?
    7. Are there other IPC mechanisms than cloud/sockets - e.g. publish and subscribe, queues etc allowed between apps. Answer appears to be no, so just checking
    8. Other than drivers and kernel, what is in the TCB for windows? Software installer?


    Feel free to answer below, or as comments to the article itself!

    Thank you.

  2. #2
    Super Contributor
    Join Date
    Mar 2003
    Location
    Finland
    Posts
    9,569

    Re: Windows Phone Platform security

    AFAIK, Windows Phone 7 or 7.1 (Mango) supports only managed code (VB, C#), and no native code (C/C++, or compiling VB/C# to native, nor development systems that create native/ARM binaries such as Ideaworks3D's AirPlay/Marmalade).

  3. #3
    Registered User
    Join Date
    Feb 2011
    Posts
    10

    Re: Windows Phone Platform security

    Microsoft has put out a feedback site to seek developer needs. If you are interested in native code (I am), you can vote here: http://wpdev.uservoice.com/forums/11...-sdk?ref=title

  4. #4
    Registered User
    Join Date
    Feb 2011
    Posts
    10

    Re: Windows Phone Platform security

    Hi,
    1. In Windows Phone 7 you could (not possible in Mango anymore) use native DLLs using Interop Services (call native code from .Net). However, this feature is reserved for OEMs and Carriers. If you are interested in native code, you should vote here: http://wpdev.uservoice.com/forums/11...-sdk?ref=title
    2. Free Apps AND Freemium (= Free with Ads) are absolutely supported and will be reviewed the same as paid apps. You need a developer account (99$), student account (free) or nokia launchpad program (will get free developer account) to publish apps to the marketplace. If you don't want to distribute your App through the public Marketplace read (3). All details: http://blogs.msdn.com/b/usisvde/arch...at-teched.aspx
    3. In addition to (2) you can distribute (starting with Mango) internally (in-house, they call it "Private Marketplace") or Beta deployment (I think max 100 Users). On top of that, official homebrew (do whatever you want outside the marketplace) will be supported! http://www.chevronwp7.com
    4. This is correct. Applications are encapsulated and each has their own protected sub-directory (isolated storage). [Update] : This is unfortunately not possible. The only way two 3rd party apps can "talk" to each other is via the cloud approach (7). You are free to put an suggestion out here: http://wpdev.uservoice.com
    5. [Update] If you upload an App to the Marketplace, the App will be signed via your Certificate and the Microsoft Certificate automatically. Devs don't have to do anything (same in Apple App Store btw.). All 3rd Party apps are trusted equally. If the application uses GPS, accesses the camera roll, etc. the user will be notified during the installation process.
    6. It depends. OEMs, Carriers. If you need more, ping http://twitter.com/brandonwatson He is the right guy for this.
    7. [Update] Simple Answer: IPS is not possible for 3rd party apps. My take: What kind of functionality are you thinking of? I have done iOS development and they don't allow it either. Sharing data between apps would be possible via a combination of cloud, background agents and push notifications. But I guess, this is not sufficient for your requirement?
    8. [Update] You should start here: http://msdn.microsoft.com/en-us/libr...(v=vs.92).aspx and here https://docs.google.com/viewer?a=v&q...HuJzmj7A&pli=1 . Ping http://twitter.com/#!/brandonwatson He is the guy if you need more details
    Last edited by mithril87; 2011-06-26 at 17:37. Reason: clarification by wizard_hu

  5. #5
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,751

    Re: Windows Phone Platform security

    The "internal" part of 3 would have been nice to know about a few months ago. I can recall a group enterprise users complaining about being (presumably) unable to distribute software for in-house use.

    4 is about sharing documents, I would assume. Like if your application downloads a .mp3 file, how can a media player application access it. And the same for any kind of content, not necessarily multimedia. Like I invent the zup format and create the unzup utility, which will bring files of arbitrary types on the device, and obviously will not want to handle them.

    5 that is a Symbian security concept, every releasable application has a 32-bit unique identifier assigned by a central entity, Symbian Signed (http://www.symbiansigned.com), which also tracks the ownership of these ID-s. In Windows environment there are GUID-s, so the question is not really their existence, but their role, if there is any (except for being unique of course). In Symbian, UID-s below 0x80000000 are trusted, applications with those UID-s has to be tested and certified by Symbian Signed. UID-s from the high range are untrusted, anyone can use them, and sign the application with a self-signed certificate. Of course such applications have less access to device resources, and also show some warnings in installation time.
    Long story short: SID/UID is about who can install what, and what that application is allowed to do on the device.

    8 TCB=Trusted Computing Base, the group of components with 'absolute power' on the device. Like the software installer which can certainly access everything, including the application binaries, isolated storages, etc.

  6. #6
    Registered User
    Join Date
    Feb 2011
    Posts
    10

    Re: Windows Phone Platform security

    Hi wizard_hu_, thanks for the clarification. Updated my reply and removed some typos (I should not write on sunday morning).

  7. #7
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,751

    Re: Windows Phone Platform security

    The cloud thing is acceptable after all, however it would be nice to know about its caching mechanism, off-line availability, and if there is some control over them (either programmatic or at least for the user).

  8. #8
    Registered User
    Join Date
    Jan 2009
    Location
    Melbourne, Australia
    Posts
    2,571

    Re: Windows Phone Platform security

    Hi All

    Thank you very much. I think probably some of the answers to these really belong in a "Windows Phone" FAQ or a "distribution" document - but still very handy.

    Wizard_hu, yes, the question "5" would indeed be better worded as "is there anything else special you need to do or get for signing, like the Symbian UID". Understand this now.

    I'll follow up with brandonwatson on a few of these.

    Thanks
    Hamish

  9. #9
    Registered User
    Join Date
    Jan 2009
    Location
    Melbourne, Australia
    Posts
    2,571

    Re: Windows Phone Platform security

    Again, thanks for your help. I have finished the first draft of the article: http://www.developer.nokia.com/Commu...tform_Security

    I'd appreciate any feedback as comments to the article:
    - is it useful
    - are there any bits that are confusing
    - is the comparative style useful
    - are the links deep enough/ are the descriptions deep enough or too deep.
    - does it read well.

    I'll be having a look in a few days - at the moment I'm not objective.

    Thanks
    Hamish

  10. #10
    Registered User
    Join Date
    Jun 2011
    Posts
    6

    Re: Windows Phone Platform security

    One has to bear in mind that European business customers must not use US-based cloud services. This is forbidden by law as soon personalized data is handled in many European countries.
    Therefore, as soon as thinking about programming business apps DON`t use the cloud!

  11. #11
    Super Contributor
    Join Date
    Mar 2003
    Location
    Finland
    Posts
    9,569

    Re: Windows Phone Platform security

    Quote Originally Posted by cintema View Post
    One has to bear in mind that European business customers must not use US-based cloud services. This is forbidden by law as soon personalized data is handled in many European countries.
    Therefore, as soon as thinking about programming business apps DON`t use the cloud!
    Note also: http://www.zdnet.com/blog/igeneratio...oud-data/11225

    Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities.
    This, accordingly, applies to whatever you do with Microsoft/Skype, Google, Apple, Amazon, Yahoo, eBay, Facebook, salesforce.com, ... any US company, even if the US company has servers in the EU.

  12. #12
    Registered User
    Join Date
    Jun 2011
    Posts
    6

    Re: Windows Phone Platform security

    Quote Originally Posted by petrib View Post

    This, accordingly, applies to whatever you do with Microsoft/Skype, Google, Apple, Amazon, Yahoo, eBay, Facebook, salesforce.com, ... any US company, even if the US company has servers in the EU.
    Exactely.
    Conclusion:
    Since Windows Phone 7 is largely Cloud-dependent it is not suitable for use in any business environment within Europe.
    Better to stay with Symbian or go for MeeGo in the EU!

  13. #13
    Nokia Developer Expert
    Join Date
    Jul 2011
    Posts
    14

    Re: Windows Phone Platform security

    Quote Originally Posted by cintema View Post
    Since Windows Phone 7 is largely Cloud-dependent it is not suitable for use in any business environment within Europe.
    Better to stay with Symbian or go for MeeGo in the EU!
    In what sense? I've written a bunch of WP7 Apps for demo purposes and haven't used the cloud once... You can use Amazon's S3 or Microsoft's Azure with MeeGo/iOS/Android/etc.... does that make them bad? Sure the "Patriot Act" is not a good thing for the rest of the world, but from what I've read US has to discuss that stuff with EU.

  14. #14
    Registered User
    Join Date
    Jun 2011
    Posts
    6

    Re: Windows Phone Platform security

    Quote Originally Posted by miechu View Post
    In what sense? I've written a bunch of WP7 Apps for demo purposes and haven't used the cloud once... You can use Amazon's S3 or Microsoft's Azure with MeeGo/iOS/Android/etc.... does that make them bad? Sure the "Patriot Act" is not a good thing for the rest of the world, but from what I've read US has to discuss that stuff with EU.
    You can use doesn`t mean you have to. Using a WP7-phone without using the microsoft cloud doesn`t make sense, since you can`t even sync your contacts with your desktop without M$ live.
    Blackberry, MeeGo or Symbian are probably better choices in business environments. Microsoft is very aware of this and therefore bought in at Blackberry recently.

  15. #15
    Nokia Developer Expert
    Join Date
    Jul 2011
    Posts
    14

    Re: Windows Phone Platform security

    Quote Originally Posted by cintema View Post
    You can use doesn`t mean you have to. Using a WP7-phone without using the microsoft cloud doesn`t make sense, since you can`t even sync your contacts with your desktop without M$ live.
    Blackberry, MeeGo or Symbian are probably better choices in business environments. Microsoft is very aware of this and therefore bought in at Blackberry recently.
    Please stop spreading false information again. I'm using a WP7 with google account and it syncs my contacts flawlessly. Most of the modern smartphones can sync to whatever you like so in that sense it really doesn't matter which platform you use.

Similar Threads

  1. Who benefits from Platform Security ?
    By nokia_e70 in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 2
    Last Post: 2008-04-09, 13:24
  2. Screensaver & Platform Security
    By storsjo in forum Symbian
    Replies: 8
    Last Post: 2007-10-26, 15:42
  3. Platform Security Doubts !
    By navjotsingh1979 in forum Symbian
    Replies: 7
    Last Post: 2007-03-09, 06:37
  4. Security platform: controversial information
    By mikfi in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 6
    Last Post: 2006-10-03, 10:21
  5. Query on Platform Security
    By symsahoo in forum Symbian
    Replies: 4
    Last Post: 2006-07-28, 12:36

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×