Chapter 25. Security

Windows Phone 7 provides a couple of built-in security features that help enforce a base level of security. Isolated storage can be used only by your application. Other applications cannot access your application's isolated storage, and you cannot access the isolated storage of other applications on the phone.

Windows Phone 7 also provides a device-wiping feature that not only gives IT departments the ability to wipe the memory on a Windows Phone 7 device remotely if the device is lost, but also automatically wipes the device's memory if too many incorrect password attempts are made when the password locking feature is enabled.

These features do not address data security when sensitive data is stored in isolated storage, or is transmitted across the Internet. To provide security in these use cases you can use the System.Security.Cryptography namespace.

SECURING YOUR APPLICATION

When developing your Windows Phone 7 application you should assess whether your application will obtain or store sensitive data, and if it will you should take a few additional security precautions to ensure the safety of that data. You should also ensure that your application is enabling only the necessary device capabilities.

Using the Available Cryptographic Algorithms

The System.Security.Cryptography namespace provides cryptographic services, including secure encoding and decoding of data, as well as many other operations, such as hashing, random number generation, and message authentication. ...

Get Windows® Phone 7 Application Development 24-Hour Trainer now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.