+Raphaël G. MVC Posted November 13, 2015 MVC Share Posted November 13, 2015 Hi everyone, I work for a big multinational, which I wont name. Today it launched 2 apps for use onthe internal network, for checking the restaurant menu and the available parking spots on the sites. The apps were launched only for Android and iOS. I had to ask when we can expect the Windows Phone/Mobile version. The answer was: "Windows Phone devicess are not allowed on the network, as they are considered insecure. We will not develop any Windows Phone apps." There is no reasoning with a company that uses 8 year old software on it's corporate laptops. But I would like you take on this. And maybe some serieus articles which indicate or compare security on mobile platforms? So what is your opinion? (No fanboy stuff please. I'd like an open discussion) Link to comment Share on other sites More sharing options...
seeprime Posted November 13, 2015 Share Posted November 13, 2015 It sounds like management may be confusing Windows phone with Windows OS on desktop/laptops. It's probably as secure as iOS, if not more so. If you think it'll do any good, you can search for studies on mobile OS security. I suspect their real reason is that they just don't want to support a platform with a current 3% (or so) market share. tompkin and Draconian Guppy 2 Share Link to comment Share on other sites More sharing options...
+DonC Subscriber² Posted November 13, 2015 Subscriber² Share Posted November 13, 2015 Windows Phone 8.x and beyond are based on Windows NT and the kernel is in step with regular desktops. The security (as far as being able to "root" it, etc.) component is the same as the Windows desktop, which these days is very good and sees a lot of attention from good and bad guys. To consider it as being untested due to the low adoption of Windows *Phone* is an understandable but uninformed viewpoint. Link to comment Share on other sites More sharing options...
President Devil Posted November 13, 2015 Share Posted November 13, 2015 WOW, complete BS. Current Windows security is very good. This is more likely a poor excuse because there aren't that many Windows phones out there in comparison. If anything, because it's Windows, it could fit better in a corporate environment. DConnell and Ian W 2 Share Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted November 13, 2015 Supervisor Share Posted November 13, 2015 Hello, Very surprising, as Windows Phone is one of the most secure operating systems available. I have never seen a virus, rootkit, Trojan horse, worm or other kinds of malware for Windows Phone. The closest thing I can think of was a jailbreak app in the Windows Phone 7 timeframe. Malware has appeared for Android and iOS, so if anything they are less secure than Windows Phone, and, presumably, should not allowed on your corporate network, either. Here are some articles and white papers I have written on the security of Windows 8 and 10, but also mention Windows Phone in passing or are applicable to it as well: Will Windows 10 leave enterprises vulnerable to zero-days? Windows 10, Privacy 0? A deep dive into the privacy of Microsoft’s new OS Windows 8.1 - Security Improvements Six months with Windows 8 (white paper) Windows 8's Security Features (white paper) Windows Phone 8: Security Heaven or Hell? The last article is on Windows Phone 8 itself; and if I had something new to write on Windows Phone's security, I'd certainly do it. Right now, there's just not that much going on. There are issues with junk apps in Windows Phone's app store, but that is hardly unique and still not at the same level as Google Play. Frankly, I suspect this is more a matter of the company's developers not wanting to support a platform due to low market share than anything else. Regards, Aryeh Goretsky DConnell and Ian W 2 Share Link to comment Share on other sites More sharing options...
+Biscuits Brown MVC Posted November 13, 2015 MVC Share Posted November 13, 2015 They allowed an Android app but not Windows Phone? Sometimes I think Windows XP was more secure than Android (and in the interest of disclosure, I use and Android phone). Link to comment Share on other sites More sharing options...
simplezz Posted November 13, 2015 Share Posted November 13, 2015 Microsoft Windows Store Is Polluted With Scamware And Microsoft Doesn’t Seem To Care Of all the things that Windows 8 brought to the table, it's the much-maligned Start Screen that seems to get most of the attention. That's unfortunate, because there were many other aspects of the OS that made it a major release. Take for example the fact that it was the first version of Windows to include an app store. That feature might seem minor to OS X and Linux users who've had access to their own app stores for a while, but for Windows, the addition was significant. However, as significant as the addition may be, the app store in Windows 8 is easily one of the worst around - if not the worst among the mainstream options. It falls completely flat on its face when compared to Apple's App Store or Google's Play Store, and it takes little more than simply loading it up to understand where I'm coming from with that assessment. It's not entirely intuitive, the selection is subpar, and worse, scams and trickery are abundant. http://hothardware.com/news/microsoft-windows-store-is-polluted-with-scamware-and-microsoft-doesnt-seem-to-care Some might view that as insecure. I don't encounter those problems with the Playstore or GNU/Linux repositories. So yes, I'd say it is insecure. Another example would be SKSE: Having trouble extracting the archive? Install via Steam, use the installer, or download 7-zip. DO NOT USE ANYTHING FROM THE WINDOWS APP STORE. http://skse.silverlock.org/ Clearly, the Windows app store has a bad reputation. You would have thought Microsoft would have learnt from all the trouble it's had with win32 desktop apps being infested with malware and viruses, but it seems not. As it stands, they're both terrible. Link to comment Share on other sites More sharing options...
+Raphaël G. MVC Posted November 13, 2015 Author MVC Share Posted November 13, 2015 Thanks a lot for participating. Your answers and opinions were all very interesting. Thanks for the articles +goretsky. They're what I was looking for.I was very surprised by my company's response and indeed expected the usual answer to be that the market is too low to reserve budget and resources for development. Then again, we're behind on everything IT. I show have seen it coming.Ironic fact is that, while they're not connected to the company network, the amount of Windows Phones inside the company is increasing at a massive rate. A few months ago, all you heard everywhere in the company was that same annoying (personal opinion) Android ringtone, while now we keep hearing Windows Phone sounds goretsky 1 Share Link to comment Share on other sites More sharing options...
oldtimefighter Posted November 13, 2015 Share Posted November 13, 2015 (edited) "Windows Phone devicess are not allowed on the network, as they are considered insecure. We will not develop any Windows Phone apps." They allow Windows PCs on your network right? It's just a nonsense answer and not the real reason so it has nothing to do with whether Windows Mobile is secure or not. The fact is there is not going to be enough Windows phone users at your company for them to bother with an app and also support. They allowed an Android app but not Windows Phone? Sometimes I think Windows XP was more secure than Android (and in the interest of disclosure, I use and Android phone). Yeah, no... goretsky 1 Share Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted November 14, 2015 Supervisor Share Posted November 14, 2015 Hello, First off, I would suggest exercising some skepticism when reading anything from Hot Hardware. They seem to do a lot of promoting of stories they publish beyond what reputable news and review sites like Neowin traditionally do. That said, yes, the Windows Phone marketplace has the same problem as the Google Play store with scammy apps. In Windows' case, though, I'd say the issue is absolutely smaller than in the Android's, simply due to scaling. From a relative perspective, though, I don't have any data, but would imagine it would be similar or even lower. From an enterprise perspective, though, this is entirely a non-issue. Why's that, you might ask? Well, it's because Microsoft allows enterprises to create their own custom storefront, where only whitelisted applications can be installed on corporate devices, as well as whatever custom apps the company wishes to deploy to its own users. This ensures that the only software made available to those managed, enterprise Windows Phones is whatever the IT department (or whomever within the organization makes that decision) decides goes on them. Regards, Aryeh Goretsky Some might view that as insecure. I don't encounter those problems with the Playstore or GNU/Linux repositories. So yes, I'd say it is insecure. Another example would be SKSE: Clearly, the Windows app store has a bad reputation. You would have thought Microsoft would have learnt from all the trouble it's had with win32 desktop apps being infested with malware and viruses, but it seems not. As it stands, they're both terrible. Brandon H 1 Share Link to comment Share on other sites More sharing options...
123456789A Posted November 14, 2015 Share Posted November 14, 2015 http://hothardware.com/news/microsoft-windows-store-is-polluted-with-scamware-and-microsoft-doesnt-seem-to-care Some might view that as insecure. I don't encounter those problems with the Playstore or GNU/Linux repositories. So yes, I'd say it is insecure. Another example would be SKSE: http://skse.silverlock.org/ Clearly, the Windows app store has a bad reputation. You would have thought Microsoft would have learnt from all the trouble it's had with win32 desktop apps being infested with malware and viruses, but it seems not. As it stands, they're both terrible. You are deluding yourself if you think the Play Store isn't riddled with the same fake apps found on the Windows store. DConnell, Draconian Guppy and goretsky 3 Share Link to comment Share on other sites More sharing options...
Osiris Posted November 14, 2015 Share Posted November 14, 2015 Security, legacy software, "down time" all the usual words IT people and the divisions they run can use to cover up their biases to new approaches and products. We have several large corps asking us for a Windows Phone or Universal app and one offered a considerable sum for the development and ongoing support. Product manager rejected it outright because the majority of our clients don't use it....looks back at large clients, back and product manager...hrmmm. DConnell, Draconian Guppy and goretsky 3 Share Link to comment Share on other sites More sharing options...
jasondefaoite Posted November 14, 2015 Share Posted November 14, 2015 Have a read (or listen) to Steve Gibson's take on Apple's iOS security. https://www.grc.com/sn/sn-532.pdf (page 27 onwards) This is how that Chinese ad network "infected" apps using it's SDK. It is next to impossible for Apple to stop others doing this until Objective C is removed as an option for iOS development in favour of Swift. +Warwagon 1 Share Link to comment Share on other sites More sharing options...
vcfan Posted November 14, 2015 Share Posted November 14, 2015 they are probably referring to windows mobile 6 devices Link to comment Share on other sites More sharing options...
remixedcat Posted November 14, 2015 Share Posted November 14, 2015 iphones aren't so secure... have tons of friends that boast about exploits every day and have a big circlejerk on some tech goups I'm on on facebook. Link to comment Share on other sites More sharing options...
ACTIONpack Posted November 17, 2015 Share Posted November 17, 2015 Do you think management does not want to put any resources in a platform that only have 3% of the market? I'm a Windows Phone user and love it but I do understand that one day its going to died as a platform. It's all about money. tompkin 1 Share Link to comment Share on other sites More sharing options...
+Raphaël G. MVC Posted November 17, 2015 Author MVC Share Posted November 17, 2015 Do you think management does not want to put any resources in a platform that only have 3% of the market? I'm a Windows Phone user and love it but I do understand that one day its going to died as a platform. It's all about money. The 3% of market share answer would have made more sense. However, that is not how they answered my question. Link to comment Share on other sites More sharing options...
ACTIONpack Posted November 17, 2015 Share Posted November 17, 2015 The 3% of market share answer would have made more sense. However, that is not how they answered my question. True but some people just want to give a quick/shut up answer, so they don't want to have a decision about it. Link to comment Share on other sites More sharing options...
Recommended Posts