Please note that as of October 24, 2014, the Nokia Developer Wiki will no longer be accepting user contributions, including new entries, edits and comments, as we begin transitioning to our new home, in the Windows Phone Development Wiki. We plan to move over the majority of the existing entries. Thanks for all your past and future contributions.

Talk:How to encrypt your application data in Windows Phone

From Wiki
Jump to: navigation, search

Hamishwillee - Hamishwillee - I don't think IsolatedStorageExplorer is a big risk

Apparently it can only get data from an app that is sideloaded - not from anything in marketplace. I guess there are cases where you could theoretically sideload an app onto the phone and someone would use it thinking it was safe, and then you could get it off and check out the password - but its not an "easy" hack.

Which of course doesn't mean this isn't worthwhile - depends on the value of the encrypted information.

hamishwillee 08:28, 19 November 2012 (EET)

Vinayppatil - Vinayppatil - strengthening security

Hi Hamish and influencer,

We can strengthen the security here by passing a salt to the ProtectedData methods. The same salt should be passed to ProtectedData.Protect() and ProtectedData.Unprotect() while encrypting and decrypting respectively. This way even if you somehow manage to get files out of IsolatedStorage you can't decrypt it without salt. For getting salt you will need get the application binaries and reverse engineer them to get code(you can obfuscate you code to add one more layer of security). I have modified the article to reflect the changes.



vinayppatil (talk) 11:46, 29 January 2014 (EET)