Windows Phone Security Vulnerabilities and Language Overview
Initially released in November 2008 as Windows Mobile, Windows Phone began as a Windows Mobile update which was codenamed “Photon.” As an operating system, Windows Phone is not backwards compatible due to the time limitations that the team faced during development.
In 2015, Windows Phone was replaced by Windows 10 Mobile which boasted a unified unified application ecosystem, and an expansion of its scope to include small-screened tablets.
Larry Lieberman, senior product manager for Microsoft’s Mobile Developer Experience, told eWeek: “If we’d had more time and resources, we may have been able to do something in terms of backward compatibility.”
Currently, Microsoft is seeking to unify their applications which means that many developers are remaking their applications as Universal Windows apps as the ROI on maintaining a stand-alone Windows Phone app is too little.
This is done through App Bridges. Microsoft’s Kevin Gallo explains why Microsoft is focusing on this:
Applications built for Windows Phone are available via the Windows Phone Store (previously known as the Windows Phone Marketplace).
In March 2016, Windows Central reported that Microsoft’s Windows Phone Store boasted 500,000 apps, just one-third the apps found on Google Play and Apple’s App Store.
Big name apps available for Windows Phone include:
As the content consumed around the globe shifts even further from web-based content to content consumed on mobile, it’s critical that anyone developing software for mobile devices is committing to proper security throughout the development cycle.
“Over 7 billion mobile devices are being used today all around the world and their number is multiplying 5 times faster than human beings,” said Emmanuel Benzaquen, CEO of Checkmarx. “With the huge amounts of private information being transferred worldwide through these devices, the need for strong mobile security has become paramount. Mobile application security is a huge challenge and only robust application code can help organizations provide the users with the security they need, expect and deserve.”
Applications for Windows Phone are written C++ which presents security concerns for developers and users alike.
Alongside SQL Injections (SQLi), Command Injections and process control issues, which affect many contemporary programming languages, C++ applications also face threats from:
Checkmarx’s CxSAST, a static code analysis solution, stands out amongst Windows Phone testing solutions as not only the solution which will keep your Windows Phone code free from security and compliance issues, but also as the tool which will contribute to your organization’s advancement when it comes to application security maturity.
CxSAST works with the tools your developers are already using as it seamlessly integrates with most of the common development programs available at every stage of the SDLC. CxSAST’s features such as incremental code scanning and the best fix location made it ideal for any continuous integration continuous development (CICD) environment.
When vulnerabilities are detected in the Windows Phone code, CxSAST will not only identify the best fix location, but will also offer resources to the developer to understand how the attack vector work as well as remediation advice which will help them ensure similar mistakes are avoided in the future.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.