Having explored identification and vulnerability testing for various application-level weaknesses in Windows Phone applications in Chapter 11, we’ll now look at common implementation issues that can also be culprits for presenting security problems in apps.

You can think of implementation issues as being somewhat general issues that developers should be aware of to build suitably secure apps.

For example, storage of sensitive data may be considered an implementation issue. Failure to store personally identifiable information (PII) safely (that is, encrypted) could potentially have disastrous consequences for an individual or an organization if a lost or stolen device came into the wrong hands; hence, implementing such operations in a secure manner is important.

In this chapter we delve into more generic problems that are common to Windows Phone, rather than attacking specific pieces of an app’s functionality, as discussed in Chapter 11.

Identifying Insecure Application Settings Storage

Windows Phone provides a standard interface for persisting custom settings and data that the application developer deems appropriate to save for later use. This class is called IsolatedStorageSettings and can be viewed as being the Windows Phones’ equivalent of iOS’s NSUserDefaults and Android’s SharedPreferences interfaces. You can find the MSDN documentation for IsolatedStorageSettings at http://msdn.microsoft.com/en-us/library/system.io.isolatedstorage.isolatedstoragesettings(v=vs.95).aspx ...