metadevblog

Windows Phone 7 App Development

Security Flaw in WP7.5

leave a comment »

I came across a security flaw in what is a neat feature in WP7.5 – I am talking about Fast Application Switching (FAS).

FAS is quite simple – press the Start button while running an App and it switches to the background.  Press and hold the back button and all the Apps in the background are displayed as a scrollable list. Touch an App and its brought back to the front.  All quite neat and useful.

However it is flawed because when the App is switched a screen shot of whatever was on the screen at the time is displayed as the background image like this:

FAS_screen

This screenshot is not that clear but ThisIsMyPassword is clearly visible!

Microsoft are aware that this is an issue and have argued that it is the users responsibility to use the phone appropriately and  keep data secure but this is a cop out in my opinion.  FAS is pretty transparent to the user – I wasn’t even aware of it when I upgraded my phone from WP7.

As an App author I have a responsibility to my users for keeping the data they have entrusted to my App as secure as possible.  I have gone to considerable effort in Master Key to ensure that the password data is secure under as many different user scenarios as possible.

In the original WP7 OS when the Start button was pressed the foreground App is closed using a process called tomb-stoning.  The App is given a chance to saved its current state prior to being shut down.  When the back button is pressed the App is restored back to the screen that was in operation.

The state management process is handled with OnNavigated events and it is the App developers responsibility to save/load the state in the event handlers.  It’s a bit of a hassle to handle tomb-stoning because it is a snapshot of where the user is at the time and cannot really show how the user got into that state automatically.  It falls on the App developer to provide additional data so that on resumption the App comes back to a working state.

In Master Key version 2.0 written with WP7 in mind when the App is resumed from tomb-stoning it returns to the login screen forcing the user to re-enter the master key password and reload the encrypted data from isolated storage.

When FAS is invoked the same tomb-stoning process is used but as a developer I don’t get a chance to control the screenshot that is taken as there is no specific API and no chance to influence what it going to be taken as screen grab occurs before the OnNavigated event is invoked.

The only solution is to ensure that the screen is maintained in a safe state so that the screen shot, whenever it occurs, will also be safe.  I implemented a solution by catching the MouseEnter/MouseLeave events and only displaying the password as the user swipes over the password box.  As soon as the mouse leaves the password box it is hidden again.

This code example which is hooked into the password box event handlers shows the password as asterisks and then displays the actual password as soon as the MouseEnter is triggered.  I had to catch the Tap event as well, as it catches and prevents the MouseLeave event from firing which would otherwise leave the password on display.

private string Password="MyCurrentPassword";
private string PasswordHidden = "".PadLeft(Password.Length, '*');
private void OnMouseEnter(object sender, System.Windows.Input.MouseEventArgs e)
{
    textBoxPassword.Text = Password;
}

private void OnMouseLeave(object sender, System.Windows.Input.MouseEventArgs e)
{
    textBoxPassword.Text = PasswordHidden;
}

void OnTap(object sender, System.Windows.Input.GestureEventArgs e)
{
    textBoxPassword.Text = PasswordHidden;
}

The result looks like this:
 

view_entry_password

Ideally Microsoft will provide an API that would let the developer substitute another screenshot in place of the default – the splash screen for example.  Until then its up to us to jump over a couple of hurdles to keep the data secure from prying eyes!

Advertisements

Written by metadevblog

February 4, 2012 at 8:13 pm

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: