Security Considerations

Must Read

Debt Consolidation Lenders – How Can Lenders Help You Reduce Debts?

Lenders can help you reduce your debts through lower rates and smaller payments. Turning in your high interest credit...

8 Ways to Pay Off Student Loans Debt

A recent study by the National Center for Education Statistics shows that 50% of recent college graduate have student...

Tips For Finding a Personal Injury Attorney

When you are injured in an accident it can have a devastating impact on your life. It is worse...

Bases blogs Business

Business blogging is not only a trend, but a necessity. Brick and mortar businesses are turning to blogs as...

Black Friday – Deal Or No Deal? 5 Ways to Shop Smarter

Are you already on the prowl for Black Friday deals or Cyber Monday sales? We all know that these...

Homeowners Refinance Mortgages To Consolidate Credit Card Debt and Save Money

If you are a homeowner you have likely survived the recent economic turmoil. The real estate market has been...

Windows Phone 7 applications take advantage of several fundamental features of the platform and the phone environment to maximize security. These include the certification of all applications that can be installed (all applications must be installed from Windows Marketplace), the use of only .NET Framework managed code, a sandbox for each application, and an execution manager that monitors resource usage and the behavior of applications.

However, when designing the data storage approach you will use, and the communication mechanism for accessing remote services, you must consider how you will secure the data. Even though the phone requires a user PIN to access it, and data in isolated storage is protected from access by other users of the phone, you should consider encrypting sensitive data that you store on the phone. In addition, unless you are accessing a public service, such as a site that exposes a list of movies currently showing at a local cinema, you must protect the data and the content of messages exchanged with the server from
interception and tampering.

Therefore, when designing applications for Windows Phone 7, you should consider the following factors to maximize security:

  • Use HTTPS (SSL) when connecting to services where sensitive data is exchanged. If the server certificate is not valid or trusted by a certification authority installed on the phone, the connection will be blocked (you can test a service by navigating to it using the version of Microsoft Internet Explorer® installed on the phone and the emulator). Users can add a certificate authority to the trusted authorities list in the phone, but they cannot add client Secure Sockets Layer (SSL) certificates to support client authentication by the server.
  • Encrypt data that you store on the phone, and consider encrypting any particularly sensitive data that you transmit over the network—even when using SSL. Always encrypt sensitive data that you send over non-secure connections, and send only hashed versions of passwords over the network for verification on the server. You can use the AES, HMACSHA1, HMACSHA256, Rfc2898DeriveBytes, SHA1, and SHA256 algorithms on the phone.
  • If your server application communicates with the Microsoft Push Notification Service (MPNS) to send notifications to the phone, consider using SSL when communicating with the MPNS server. This is possible only when you register for the full version of MPNS.
  • Take advantage of the tools available for use as part of a Security Development Lifecycle (SDL). These include tools such as the Microsoft Threat Modeling Tool, FxCop, and BinScope.

If you decide that you need to store or encrypt your application’s data on the phone, you must be aware of the following points:

  • Windows Integrated Security Authentication is not supported on Windows Phone 7. You must implement authentication with remote services and servers using a technique such as Open Authentication (OAuth).
  • The Windows Phone 7 API does not include an equivalent to the DPAPI that is available in other Windows operating systems for securing passwords and encryption keys. This means that there is no way to securely store data on a Windows Phone 7 device without requiring the user to enter a password or PIN at some point.
  • If you decide to store confidential data on the server instead of on the Windows Phone 7 device, the device must authenticate with the server. This means that you must again prompt the user for a password or PIN at some point.
  • You must consider the usability of your application and minimize the number of times that it prompts the user for a password or PIN to access the data. However, if you cache data on the device (including hashed data such as passwords) it may be vulnerable if the device is stolen.
  • Encrypting and decrypting data will cause your application to consume more battery power.

For more information about securing Windows Phone 7 applications, see “Security for Windows Phone” at on MSDN ( For details of the cryptographic capabilities supported in Silverlight on Windows Phone 7, see “Cryptographic Services in Silverlight” on MSDN (

Note: Microsoft offers a Find My Phone service ( that will help locate missing phones by displaying their location and initiating a call to them, or locking and wiping the phone so that information cannot be accessed by others.


Latest News

Digital Marketing for Beginners

Digital marketing for starter, Let to basic learning about connecting with your audience in the right place at the...

What are 7 things poor people do that the rich don’t?

1. poor people watch TV in which people read books how many hours you spend in front of the TV and when was the...

Top 18 best small business ideas for beginners starting

A small business can be frightening and requires plenty of careful planning there are many small business ideas which can be beneficial as well...

Summer that makes you happy

We saw were already here I've been thinking about some of the things. I used to do with my husband even though he had...

4 Point to helpful tips specifically for caregivers

What you need to take a vacation. I know it sounds impossible creative and try to make it work for you almost everyone needs...

More Articles Like This