@Nico@FMA :
On many points we agree.
You do miss one thing.
Vetted and signed for the store are not the same as being signed for system.
Two very different things.
Apps can't infect system, even if a trusted firm turns to the dark side.
All it can do is download a new edition inside its own sandbox.
This update still has to be vetted, signed and slip through though.
Since no app will ever gain access to system or other apps, then no real infections.
You can have a fake app that displays a UI with a couple of buttons claiming to do something, and when you hit them then they don't do anything.
To catch such you would need visual control on every app on top of the code vetting.
But this is hardly malicious or infective.
You are right that some data mining are possible.
Only with user consent though.
But infecting system, no.
Every single capable person under the sun has had a go at that sandbox without breaking it.
There are no reason to fear malware on Windows Phone.
As for three letter agencies, we agree and that was why I react strongly whenever people try and shove it in as evidence.
At that level, you just don't care about devices.
No i have not missed the fact that apps are being vetted as with signing i mean digitally signed and checked.
But here lies the problem the actual code is only being vetted due to a automated process which is as you understand far from flawless.
3 out of 10 apps on MS store would never made the cut if their code is manually checked. Obviously with the amount of apps being released its virtually impossible for MS to go trough all of them one by one. Now as you said Malware is a factor that is not present on the Windows phone YET. It will in time i am sure.
But Viruses, Trojans and other harmful programs like we see them on the PC is just one thing.
"malware" also means data-mining, exploits, rogue applications and so on.
Not trying to give you a hard time but another thing is
exploits and vulnerabilities HP zero day initiative did discover 4 critical flaws in 2014 that would allow the system to be broken, it took MS more then 120 days to even respond and ones HP did release the flaws so everyone knew about it, MS was lighting fast to comment that no attacks have been detected and that they monitor the situation.
One other BIG issue is that the MS certification system is not flawless either in 2014 they released a emergency advisory because a whole bunch of the trusted certificates where bogus and opened up windows phone for man in the middle attacks, phising and other crap.
Again this ain't malware in the traditional sense (Aka PC virus) but data collecting, profile mining, social engineering and so on pose a even bigger danger then normal viri anyway.
Do not get me wrong i agree with you on most points, but being in the industry has learned me that what MS says, publishes, announces, releases is one thing, the actual facts is another and then you got factor X which is time.
Time has always been unforgiving when it comes to anything MS has said and done in the past.
And to give a example:
Another issue was the malware written by this guy (Shantanu Gawde) in India who wrote the first malware for Windows Phone in 2012, and if i am not mistaken it was Sophos Paul Roberts who confirmed and tested it. So much for no malware on Windows Phone.
Look currently there only a handful of known malware that does infect a windows phone, but most of them are directly engineered and developed for a specific target or purpose without being released to harass the public, as these pieces of code are usually governmental sponsored. This is nothing new this is something that we will see more and more. And here is exactly the problem, right now Windows Phone is 99.5% malware free, because there is just no malware targeting the damn thing lol. But hackers and malware writers are shifting their focus to Windows Phone devices as its market share increases, and if a "sponsored" hacking team can make a working tool to gain access over you phone, then it only takes time before some kid, group or lone guy with fantastic coding skills does it and releases it in the wild.
Right now Windows Phone has only a tiny part of the Mobile Phone market and it suffers from a windows store with a serious lack of apps compared to the millions of Android apps so to a user W-phone might not be the way to go or be as attractive, another thing is that MS its signing and vetting is selective.... Very selective.... They force companies to spend a HUGE amount of cash for a certificate, and they are forced to affiliate their apps with MS.
So the very security coming from vetting and certificate signing is more a money thing then a security feature. Another thing is you HAVE to sign the apps with a MS issued cert... Where other certification brands are being rejected while they in some cases are by far superior to anything MS has to offer "cert" wise.
What i just said are just bits and pieces of a much bigger thing so forgive me if i leave out some details, but ask anyone within the security industry Windows phone is not as secure as it seems.
Microsoft’s Windows Phone has been around since 2010, but the device started gaining steam with the release of Windows 8 in the summer of 2012. Though the devices still pale in market share to would-be rivals Android and Google, they are growing in popularity.
They are also developing a reputation as the most secure mobile phone on the market. For sure, Windows Phones experience fewer problems with malware because attackers spend the bulk of their time targeting the most widely used platforms.
It’s hardly a coincidence that Google’s Android is the most widely sold mobile platform, yet continues to be plagued by malware concerns.
Windows Phones continue to grow in popularity, which means users should take precautions to make their devices as secure as possible. But mobile-device security isn't just about stopping malware.
It’s just as much about privacy features, restricting the permissions of over sharing apps and encrypting personal data.
Kind Regards Nico
