Over the Christmas Holiday I came across a couple interesting articles on the state of security for the Windows Phone 7. Actually, I came across them while on the train – I didn’t do anything computer related while I was with family and friends. Weird, I know.
Anyway. The first thing I came across was the MSDN Article: Security for Windows Phone. It does a pretty good job of detailing the high-level stuff for why the phone is so secure, as well as the reasoning behind the decisions Microsoft made to provide a secure phone platform. There are three core categories that encapsulate the reasoning's:
- Quality of phone experience – The phone belongs to the user. Therefore, the experience should show it. The user should feel comfortable knowing exactly what the application is doing, or is trying to do.
- Access to the user's information – There is a lot of personal data stored on a users phone, ranging from contacts, to emails, to pictures, to even geographic location, etc. Going back to the first point, the user should feel comfortable about their phone. They should know exactly what information the application can access.
- Billable events – The user should know whenever the application tries to do something that could potentially incur costs, such as using the data plan or making a phone call.
These are all well and good, but the developer still has to build the application, therefore part of the responsibility falls to the developer to make sure they are meeting the security requirements. Microsoft has introduced several security measures to the development cycle to safeguard the user experience. Like all security practices, there is a process:
- Sign up for an ISV account – This allows Microsoft to verify the person, group, or company that is building an application.
- Use the recommended development environment – Visual Studio. Nuff said.
- Use .NET managed languages as well as standards and practices associated with good Windows development.
- Submit the application to the Marketplace for testing and validation – Microsoft actually tests the applications to verify if they comply with security and experience requirements.
This process was created to introduce safeguards for the developer so they don’t inadvertently deploy an application fraught with bugs – possibly security related. While the testing is fairly invasive, it won’t catch everything. I liken it to a sanity test. Use it wisely.
This brings us to the phone OS itself. Some might call the changes between v6 and v7 a face lift, but in reality, it was a major rip-and-replace for most of the platform. The Kernel is essentially v6.5, but user-mode was rewritten (as I understand it) from scratch. This rewrite introduces the concept of chambers. In security parlance, a chamber is a security boundary, as described in the Whitepaper for the Windows Phone 7 Security Model. There are four chambers:
- The Trusted Computing Base (TCB) – Kernel mode essentially. Kernel mode drivers run here, and as a result have access to pretty much everything. At the moment, only phone hardware manufacturers can write drivers. Has the most rights.
- Elevated Rights Chamber (ERC) – Designed for user mode drivers and shared resources across the entire device. Has less rights than the TCB.
- Standard Rights Chamber (SRC) – Designed for pre-installed applications such as Outlook. Has less rights than the ERC.
- Least Privileged Chamber (LPC) – Designed for all Marketplace and 3rd party applications. Your application runs here. It has less rights than SRC and has the least amount of rights.
Each Least Privileged Chamber is isolated from other chambers and cannot communicate with any other applications. Each chamber has isolated storage only accessible by the owned chamber, effectively creating a sandbox environment for the application.
It’s impressive how much work has gone into the Windows Phone 7 platform, let alone all the security work done. This post only touches the surface, but hopefully provides an understanding of some of the high-level changes within the platform. For more information you can download the Windows Phone 7 Guides for IT Professionals. The title is a bit misleading, as it’s definitely a good read for developers too.