Talk:How to encrypt your application data in Windows Phone
Hamishwillee - Hamishwillee - I don't think IsolatedStorageExplorer is a big risk
Apparently it can only get data from an app that is sideloaded - not from anything in marketplace. I guess there are cases where you could theoretically sideload an app onto the phone and someone would use it thinking it was safe, and then you could get it off and check out the password - but its not an "easy" hack.Which of course doesn't mean this isn't worthwhile - depends on the value of the encrypted information.
08:28, 19 November 2012 (EET)
Vinayppatil - Vinayppatil - strengthening security
Hi Hamish and influencer,
We can strengthen the security here by passing a salt to the ProtectedData methods. The same salt should be passed to ProtectedData.Protect() and ProtectedData.Unprotect() while encrypting and decrypting respectively. This way even if you somehow manage to get files out of IsolatedStorage you can't decrypt it without salt. For getting salt you will need get the application binaries and reverse engineer them to get code(you can obfuscate you code to add one more layer of security). I have modified the article to reflect the changes.
talk) 11:46, 29 January 2014 (EET)(