Feeds

Windows Phone 7 'not fit for big biz ... unlike Android, iOS'

Enterprise sec expert bigs up Microsoft rivals

Next gen security for virtualised datacentres

B-Sides Window Phone 7 is not yet fit for enterprise deployments, according to an application security expert.

David Rook, application security lead at Realex Payments, told delegates at the B-Sides conference in London that the youngest of the smartphone operating systems is less mature than either Google's Android or Apple's iOS.

Rook's well-received presentation also discussed how developers can produce apps for consumers that are free from common application security vulnerabilities.

However, for enterprise deployment, the most important issues to focus on are authentication, authorisation and secure storage, he said.

Speaking to The Reg after the event, Rook explained: "The main three things that would stop me personally deploying WP7 in the enterprise would be the lack of native disk encryption, no support for client side SSL certificates and the lack of in built VPN functionality.

"In addition to those features being missing Microsoft have specifically targeted the consumer market with WP7 which to me says a lot about it being the right solution for the enterprise. I believe WP8 will include native bitlock disk encryption but this isn't in WP7."

He added that he would personally prefer iOS devices in enterprise scenarios, but said "Android can be securely deployed, of course, as a friend of mine pointed out recently".

Rook told delegates at B-Sides that other issues in application security such as input validation ought not to be neglected but are less important in practice than the three top areas he outlined.

"We need input validation but most problems in practice are caused by top three risk areas," Rook explained.

The current Windows Phone 7 framework doesn't allow app to access data held by other apps. Microsoft is likely to reverse this, according to Rook. Examples of possible problem areas include flaws in mobile ad libraries and the like from third-party suppliers.

Window Phone 7 is based on the .Net developer framework and many of the same security principles apply. "There are no new issues in app security here that we don't now how to review and test," Rook explained.

The smartphone OS has various in-built security features but "like any security system it's only a matter of time before these get broken," Rook warned.

Rook has developed a utility called Windows Phone App Analyser to assist software creators in uncovering possible problems. ®

Bootnote

The article was updated to include comment from David Rook after the B-Sides conference.

Boost IT visibility and business value

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?