In a previous article I covered some of the security features from a platform level available with Windows Phone 8. In this article, I’ll go through some of APIs available to help secure your applications, what Windows Phone gives you out of the box and also various ways to secure your applications.
Secure Sockets Layer
SSL certificates allow you to connect securely to a backend webserver by encrypting the communication channel using the HTTPS protocol. Depending on your use case, you may want to implement an SSL certificate in your backend web services to make it difficult to intercept and decipher the data being sent by your app.
For example, if are building a game and have a leader board in the backend, you may want to encrypt this channel to prevent someone from submitting some false data.
As a developer, there is nothing special you have to do in your code when accessing a secure URL other than making sure you use the HTTPS protocol instead of HTTP which is not secure. For example
WebClient webClient = new WebClient();
webClient.UploadStringCompleted += webClient_UploadStringCompleted;
webClient.UploadStringAsync(new System.Uri("https://www.mysecureapp.com/api/v1/uploadscore"), newScore);
You should be aware that not every SSL certificate will work on Windows Phone and you should verify the certificate authority
- SSL root certificates for Windows Phone OS 7.1
- Windows and Windows Phone 8 SSL Root Certificate Program (Member CAs)
I buy my certificates form K-Software which is a reseller of Comodo (but a lot cheaper) and have not had a problem with these. But whatever you buy, verify with the lists above.