Windows Phone Security Vulnerabilities and Language Overview
What is Windows Phone?
Initially released in November 2008 as Windows Mobile, Windows Phone began as a Windows Mobile update which was codenamed “Photon.” As an operating system, Windows Phone is not backwards compatible due to the time limitations that the team faced during development.
In 2015, Windows Phone was replaced by Windows 10 Mobile which boasted a unified unified application ecosystem, and an expansion of its scope to include small-screened tablets.
Larry Lieberman, senior product manager for Microsoft’s Mobile Developer Experience, told eWeek: “If we’d had more time and resources, we may have been able to do something in terms of backward compatibility.”
Currently, Microsoft is seeking to unify their applications which means that many developers are remaking their applications as Universal Windows apps as the ROI on maintaining a stand-alone Windows Phone app is too little.
This is done through App Bridges. Microsoft’s Kevin Gallo explains why Microsoft is focusing on this:
Which Applications are Built for Windows Phone
Applications built for Windows Phone are available via the Windows Phone Store (previously known as the Windows Phone Marketplace).
In March 2016, Windows Central reported that Microsoft’s Windows Phone Store boasted 500,000 apps, just one-third the apps found on Google Play and Apple’s App Store.
Big name apps available for Windows Phone include:
- Candy Crush
- Uber, Twitter
As the content consumed around the globe shifts even further from web-based content to content consumed on mobile, it’s critical that anyone developing software for mobile devices is committing to proper security throughout the development cycle.
“Over 7 billion mobile devices are being used today all around the world and their number is multiplying 5 times faster than human beings,” said Emmanuel Benzaquen, CEO of Checkmarx. “With the huge amounts of private information being transferred worldwide through these devices, the need for strong mobile security has become paramount. Mobile application security is a huge challenge and only robust application code can help organizations provide the users with the security they need, expect and deserve.”
Windows Phone Security Vulnerabilities
Applications for Windows Phone are written C++ which presents security concerns for developers and users alike.
Windows Phone Security Vulnerabilities
High-Risk Windows Phone Security Vulnerabilities:
High-Risk C++ Security Vulnerabilities:
Alongside SQL Injections (SQLi), Command Injections and process control issues, which affect many contemporary programming languages, C++ applications also face threats from:
- LDAP Injections
- Command Injections
- XPath Injections
- Second Order SQL Injection
- Connection String Injection
- Resource Injection
Securing your Windows Phone Code
Checkmarx’s CxSAST, a static code analysis solution, stands out amongst Windows Phone testing solutions as not only the solution which will keep your Windows Phone code free from security and compliance issues, but also as the tool which will contribute to your organization’s advancement when it comes to application security maturity.
CxSAST works with the tools your developers are already using as it seamlessly integrates with most of the common development programs available at every stage of the SDLC. CxSAST’s features such as incremental code scanning and the best fix location made it ideal for any continuous integration continuous development (CICD) environment.
When vulnerabilities are detected in the Windows Phone code, CxSAST will not only identify the best fix location, but will also offer resources to the developer to understand how the attack vector work as well as remediation advice which will help them ensure similar mistakes are avoided in the future.