Windows Phone 7 applications take advantage of several fundamental features of the platform and the phone environment to maximize security. These include the certification of all applications that can be installed (all applications must be installed from Windows Marketplace), the use of only .NET Framework managed code, a sandbox for each application, and an execution manager that monitors resource usage and the behavior of applications.
However, when designing the data storage approach you will use, and the communication mechanism for accessing remote services, you must consider how you will secure the data. Even though the phone requires a user PIN to access it, and data in isolated storage is protected from access by other users of the phone, you should consider encrypting sensitive data that you store on the phone. In addition, unless you are accessing a public service, such as a site that exposes a list of movies currently showing at a local cinema, you must protect the data and the content of messages exchanged with the server from
interception and tampering.
Therefore, when designing applications for Windows Phone 7, you should consider the following factors to maximize security:
- Use HTTPS (SSL) when connecting to services where sensitive data is exchanged. If the server certificate is not valid or trusted by a certification authority installed on the phone, the connection will be blocked (you can test a service by navigating to it using the version of Microsoft Internet Explorer® installed on the phone and the emulator). Users can add a certificate authority to the trusted authorities list in the phone, but they cannot add client Secure Sockets Layer (SSL) certificates to support client authentication by the server.
- Encrypt data that you store on the phone, and consider encrypting any particularly sensitive data that you transmit over the network—even when using SSL. Always encrypt sensitive data that you send over non-secure connections, and send only hashed versions of passwords over the network for verification on the server. You can use the AES, HMACSHA1, HMACSHA256, Rfc2898DeriveBytes, SHA1, and SHA256 algorithms on the phone.
- If your server application communicates with the Microsoft Push Notification Service (MPNS) to send notifications to the phone, consider using SSL when communicating with the MPNS server. This is possible only when you register for the full version of MPNS.
- Take advantage of the tools available for use as part of a Security Development Lifecycle (SDL). These include tools such as the Microsoft Threat Modeling Tool, FxCop, and BinScope.
If you decide that you need to store or encrypt your application’s data on the phone, you must be aware of the following points:
- Windows Integrated Security Authentication is not supported on Windows Phone 7. You must implement authentication with remote services and servers using a technique such as Open Authentication (OAuth).
- The Windows Phone 7 API does not include an equivalent to the DPAPI that is available in other Windows operating systems for securing passwords and encryption keys. This means that there is no way to securely store data on a Windows Phone 7 device without requiring the user to enter a password or PIN at some point.
- If you decide to store confidential data on the server instead of on the Windows Phone 7 device, the device must authenticate with the server. This means that you must again prompt the user for a password or PIN at some point.
- You must consider the usability of your application and minimize the number of times that it prompts the user for a password or PIN to access the data. However, if you cache data on the device (including hashed data such as passwords) it may be vulnerable if the device is stolen.
- Encrypting and decrypting data will cause your application to consume more battery power.
For more information about securing Windows Phone 7 applications, see “Security for Windows Phone” at on MSDN (http://msdn.microsoft.com/en-us/library/ff402533(VS.92).aspx). For details of the cryptographic capabilities supported in Silverlight on Windows Phone 7, see “Cryptographic Services in Silverlight” on MSDN (http://msdn.microsoft.com/en-us/library/cc265159(VS.95).aspx).
Note: Microsoft offers a Find My Phone service (http://www.microsoft.com/windowsphone/en-us/howto/wp7/start/find-alost-phone.aspx) that will help locate missing phones by displaying their location and initiating a call to them, or locking and wiping the phone so that information cannot be accessed by others.