stackoom
  简体   繁体   中英

How to secure my windows phone 8.1 application?

 原文  2015-01-16 14:00:01       c#/ security/ xaml/ windows-phone-8.1

Question

I am a windows phone developer using c# and xaml technologies.
Currently I am creating a banking application for my client and it is targeting for Windows phone 8.1 OS version.

And I am using Windows Phone xaml app template for creating it.

Since It is a banking application I need to get it maximum secured. As I send my Appx file to the bank technical team , They have made concern about the app security. And they had sent me the codes I have wrote for my application by the process of reverse engineering.

What I need to do against ? And in what way we can avoid this type of vulnerabilities? Please suggest me best way to avoid this.

Thanks

2 answers

solution1
 3 ACCPTED  2015-01-16 16:31:18

The security of the banking application should not depend on the client code being secret. You should not store any secrets on the client as it is impossible to keep them from an attacker.

Use encrypted communications (https) to talk to the server. Validate the used certificates, authenticate the user and have the server issue an access token with a limited time to live. These are all industry best practices. Don't try to invent your own security measures.

solution2
 2  2015-01-16 14:15:09

I'd say Security by Obscurity isn't really state of the art any longer...

Once your package got submitted to the store, it will be encrypted and it won't be such easy to reverse engineer any longer. You can ask them to decompile a package they downloaded from the store.

Other thing you can do is using an Obfuscator by yourself to make your code harder to reverse engineer.

You have to make sure to encrypt locally stored date (for example using the PasswordVault) and such.

But in the end, you still have to deliver your code to the phone itself and if somebody really want's to work through it, he always can do that. You can just make it harder.

Update: I just checked back and the store encryption of install files only holds to be true for XAP (Silverlight) files. Don't have an official state for appx files yet, but will definitely come either.

See details here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to manage the onClose of windows phone 8.1 application Pausing application Windows Phone 8.1 Windows Phone 8.1 Application Picker how to write into the excel file in c# windows phone 8.1 application? How to pass data between two pages in Windows Phone 8.1 application ? How to open .accdb file in Windows Phone 8.1 Application? How to use shellTile in windows phone 8.1 run time Application How to handle all file types with my Windows Phone 8.1 app How to know which was my last page in Windows Phone 8.1 Windows Phone 8.1 : how to Launch an Installed app From My app
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM