Microsoft developers of the Windows Phone 7 operating system created an interesting new security model, one that relies on isolating computer processes from each other and providing privileges based on need rather than hunger.
The Windows Phone OS 7.0 security model defines four different types of virtual “chambers,” each of which has different privileges and strictly defined boundaries. All applications (apps) installed from the Marketplace Hub run in a least-privileged chamber created specifically for the app, and controlled by a policy system that assigns capabilities based on what the app needs. In other words, no one-size-fits-all set of capabilities—each app gets what it needs, and when apps run they are strictly isolated from each other. So is app data—it can’t be accessed from other apps. This is a step up for app security on smartphones.
Data communications are encrypted via Secure Sockets Layer (SSL), as one might expect, but the way apps are created and installed is another special part of the security model. First, developers use Microsoft® .NET managed language development technologies and tools, in accordance with specified standard practices. Second, all apps undergo certification tests by Microsoft. Third, all apps that are certified are code-signed. Fourth, apps can only be sold and installed through the Windows Phone Marketplace Hub. Finally, the special version of the Windows® Internet Explorer® Mobile browser cannot install programs or plugins from other websites, which greatly reduces potential exposure to malware.
Although technically not part of the security model, the security mindset of those who developed Windows Phone 7 is reflected in two other aspects of its design; the file system can’t be accessed via a tethered PC, and the phone does not support removable memory storage cards. From all appearances, it looks like this will be a tough nut to crack.
For more info, see the “Windows Phone 7 Security Model” article on the Windows Phone 7 Guides for IT Professionals page on the Microsoft Download Center. You might also be interested in the “Windows Phone 7 Security and Management” article, which discusses how security–related policies can be used by IT departments to manage Windows Phone 7 configurations.