How Windows Phone guards against malware

How Windows Phone guards against malware

  • Comments 6
  • Likes

It seems like every couple of weeks we see another report cautioning people about the danger of malicious apps—sneaky software that tracks your location, steals your passwords, runs up phone bills, or worse.

This week’s installment, courtesy of the U.S. Department of Homeland Security, is generating quite a stir. So I thought I’d take a minute to remind people of some of the steps we’ve taken to help protect the Windows Phone Store and its customers.

  1. The Windows Phone Store is the exclusive consumer source of Windows Phone apps. This helps ensure the quality of the apps that show up in our Store, and on your phones.
  2. Every app is tested and certified by Microsoft so you can feel confident when you download one from the Windows Phone Store. We review every app that developers submit for potential malware and performance issues.
  3. No system is perfect, but if we discover a malicious app, we remove it.

As a result, malware hasn’t been much of an issue for Windows Phone customers. If you ever do suspect that an app is doing something it shouldn’t, report it to us at reportapp@microsoft.com and we’ll check it out.

Even with all of these preventative measures in place, we do still encourage caution and advise against clicking links, SMS messages, or emails from unfamiliar sources. And we also recommend that you protect the info on your phone by setting up a password. Here’s how to do that—plus more tips for keeping your phone secure.

6 Comments
You must be logged in to comment. Sign in or Join Now
  • I know what a persons definition of malware is but I would go as far as to say facebook collecting contact details from phone is malware too, especially if it's a process not specified clearly. Windows Phone needs a feature like CyanogenMod's privacy guard which prevents apps accessing info on your phone.

  • markbt
    3 Posts

    You should advertise this more. Or is that just tempting fate?

  • henbo
    0 Posts

    ... (oops) screens.

    May you could elaborate on the current landscape of mobile threats to better understand the possible problems affected users might run into.

    Users will grant apps all the permissions they want, because it is a yes-or-no decision to install the app. Couldn't a different approach be to provide apps with only the data I actually want them to have? Fore example, if WhatsApp wants to copy my contacts to their server, couldn't I just quickly create an app-private, limited copy with only a couple of entries and only some phone numbers? This would be particularly useful for app trials.

    Then in turn, more APIs can be opened to apps trusted by the store and contracted third party evaluators and certification authorities, or eventually a certain threshold of users. APIs currently unavailable include reading and processing text messages, profile switching (volume, ring-tones, network, Wi-Fi, NFC) and call history, IIRC.

  • henbo
    0 Posts

    I hope there is more to that story than the store and the user watching out for suspicious looking apps.

    There is a lot the OS and the runtime do to prevent malicious behavior, beginning with the isolation of applications and the mere unavailability of APIs that would allow unattended cost-bearing activities such as dialing or texting.

    But as, if and when the platform gains traction, there will be vulnerabilities in common apps and surely holes in the runtime that need to be addressed in advance. It could start with malicious documents, e.g. PDF and phishing with counterfeit

  • windowsphone superb!!

    this is one of tons reason I love windowsphone :)

  • Sven
    54 Posts

    It seems like every couple of weeks we see another report cautioning people about the danger of malicious apps—sneaky software that tracks your location, steals your passwords, runs up phone bills, or worse.

    And those are just from the government.       ;) sorry couldn't resist