Recently, interest around Windows Phone 7 has started to pick up and as of late many questions have been sent to me around the security model implemented in Windows Phone 7. This blog post will provide insight on how security is enabled and implemented within the Windows Phone model and provide additional links to security guides provided by Micosoft.
The security model outlines four different chambers of which each have strictly enforced and defined boundaries and privileges. As an example, an application downloaded and installed from the Marketplace Hub has access to the least privileged chamber based on what the app needs. When applications run, they are isolated from each other alongside the app data so that it cannot be access from other apps providing a superior experience around app security.
Application developers use Microsoft .NET managed language development technologies and tools to ensure data communications of said apps are encrypted via Secure Sockets Layer (SSL) in accordance with specified standard practices. Once an app is developed, it is submitted to Microsoft to undergo certification tests to ensure the app falls in compliance. After the application is certified it is code-signed and can only be sold and installed through the Windows Phone Marketplace Hub. Even the included Internet Explorer browser is unable to install applications to prevent the potential of malware to be installed.
Lastly, although technically not part of the security model, the file system cannot be accessed via a tethered PC and the phone does not support removable memory storage cards. Even though the Samsung Focus can accept a “Windows Phone 7” approved MicroSD cards, this upgrade is a onetime only deal which incorporates the card into the phone’s file system and cannot be read or used by any other device.
Microsoft has created an IT Professionals guide which further documents the Windows Phone 7 Security model which can be found here. Additional documents included in the pack, ranging from deployment to management, will also be of interest to IT Professionals considering deploying Windows Phone 7 in their respected organizations.