English | EN Windows Store Apps live in the Sandbox
May 5, 2014
Since the dawn of personal computing, security and reliability have been an issue. In Microsoft Windows this has been primarily due to the decision to make security and reliability the responsibility of the software running on Windows. Windows Desktop software runs by default with Full Trust and full access to all the resources and capabilities of the computer. The upside of this is that incredibly powerful and rich applications can be created. The downside is that a poorly written or poorly tested application can crash the whole computer resulting in the dreaded “Blue Screen of Death”. The openness of platforms like Desktop Windows and Google Android, while providing great benefits, has also given rise to Viruses, Malware, Trojans, Rootkits and other nasty pieces of software that have caused untold amounts of frustration, embarrassment, lost revenue, lost productivity. Here are two recent examples:
- Multiple Android apps downloaded millions of times contained code to mine crypto-currencies like Bitcoin without the user’s knowledge.
- An SMS Trojan that calls premium-rate phone numbers is spreading around the world in Android apps.
In response, a multi-billion industry has arisen to combat all of this criminal activity resulting in most computers requiring Anti-Virus, Anti-Malware and other types of security software to keep our data safe. In essence, a war has been waging for decades on our computers with all of us caught in the middle. Both Apple and Microsoft have taken a different approach; with the lifecycle of iOS and Windows Store apps being strictly controlled by the Operating System. The rest of this article will explore the different facets of this in the context of Windows Store apps since I do not have any experience with Apple’s products.
Sandboxing
All Windows Store apps are tightly sandboxed. This means Windows Store apps run in their own virtual space (the sandbox) and whatever happens to it does not affect any other app running or the OS itself. It should be practically impossible for a Windows Store App to crash the entire computer, it may still crash itself but it won’t be able to hurt anything else. Being in the Sandbox also means the app has no direct access to any other app or service running outside of the app’s sandbox. Access to other apps or services is facilitated by Windows itself with a defined set of APIs with in the runtime environment. While this does place limits on what a Windows Store app can do the tradeoff is worth it because it should never be possible for a Windows Store app to be a Virus, Trojan or Rootkit.
Declaring Resources and Capabilities
Unlike traditional Desktop software which by default run with Full Trust and have access to all the resources and capabilities of the OS a Windows Store App runs in a “Least Privileged” mode and must declare all the resources and capabilities needed at the time it is made available in the Windows Store. When installed, Windows will prevent the app from accessing any resources or capabilities it has not declared. In addition for certain declared resources and capabilities, like a camera or location services, Windows will actually request the permission from the user to use that resource or capability the first time a Windows Store App tries to access them. Finally certain actions, for example opening a file, are actually controlled by Windows itself. A Windows Store app, for the most part, does not have direct access to the file system; instead it requests that Windows present a File Picker dialog to the user and Windows will return the selected file to the App. All of this should make it impossible for a Windows Store app to do or access anything without the user being aware of and ultimately in control of it.
Windows Store
When an app is submitted to the Windows Store it goes through a certification process and if it fails certification it is not added to the store. The certification process runs a large number of tests on the app ensuring that it behaves properly and does not do anything that it shouldn’t. This ensures that the apps available in the Windows are reliable and secure. Windows Store Apps completely change the story on security and reliability of applications on Microsoft Windows. Windows Store Apps are inherently secure and reliable providing a much better experience to the user. Microsoft has made a radical change in the Windows ecosystem with the release of Windows Store apps but the benefits of the Windows Store apps greatly outweigh the disruption this change will cause. While this is a great benefit to the individual user, in my opinion, the biggest winner here is the Enterprise. Enterprises spend an incredible amount of money, time and resources ensuring the security, reliability and integrity of their hardware and software. By adopting Windows 8 and building/deploying Windows Store Apps an Enterprise can take advantage of all the security and reliability improvements discussed here to achieve significant time, resource and cost savings. With all that said, there are some disadvantages to implementing sandboxed apps. It is necessary to accept the limitations imposed by the sandbox that make implementing certain features or capabilities difficult if not impossible. Another difference is how apps are distributed and updated. In the Windows world it will be necessary to set up an in-house Corporate App Store for distributing custom built Windows Store Apps or a hand-picked selection of commercial apps since the lifecycle of an app starts from how it is installed and as previously stated Windows controls the lifecycle of the apps. Finally the biggest hurdle to overcome may be the mindset of corporate IT which traditionally has strived for complete freedom and complete control over every aspect of their systems and applications. Adopting Windows Store apps requires a different mindset where the curtailing of that freedom and control is accepted in exchange for the benefits to be gained. I believe this is a worthwhile tradeoff.
About the author
