When Tailspin developed the mobile client application, it wasn’t possible to install certificates on the Windows Phone 7 device, so to implement SSL, it was necessary to use a server certificate from a trusted third-party company, such as VeriSign, instead of using a selfsigned certificate. Therefore, the sample application does not secure the WCF REST service with SSL, so a malicious client can impersonate the phone client and send malicious data.
Inside the Implementation
Now is a good time to walk through the code that enables the mobile client application to access data in the cloud in more detail. As you go through this section, you may want to download the Visual Studio solution for the Tailspin Surveys application from CodePlex (http://go.microsoft.com/fwlink/?LinkId=205602).