A good reason why Windows Phone 7 applications run in sandboxes and have to be certified

It was reported yesterday that a research conducted by SMobile Systems found out that over 42000 Android applications on the Android Market allow a third-party access to sensitive or private information and some of them even able to send text message or cal any number without requiring interaction from the user. Microsoft’s Brandon Watson took the opportunity to explain why Microsoft will only allow third-party application installation and distribution via the MarketPlace (like Apple and the AppStore) and also point out that such rogue applications won’t be able to run on Windows Phone 7 anyway because every 3rd party app will run in its own sandbox and use isolated storage:

The key word in the above statements, however, is “could.’” Yes, customers make the decision to download those apps, but they have no way of knowing with certainty what those apps are doing behind the scenes. Further, because of the multi-tasking architecture of Android, the apps have the potential to be doing a bunch of bad things in the background when the phone is not in use.

Google has been quick to point out that the architecture of Android would limit what actual damage one of these apps could do, but that’s really not the point. What is being lost in this discussion is that there is no curation of the Android marketplace. For all the grumbling and grousing about the Apple AppStore, their review process would likely catch these abuses. There is no such level of certification for the Android marketplace. Customers don’t want to think about needing anti-spyware software for their phone, as the article implies is one solution for Android.

The Windows Phone Marketplace certainly believes in the curation model, and we have placed user security as a top priority. This is one of the main reasons that we have our app certification process, and why apps are run in sandboxes, with no access to any data other than its own isolated storage, or the ability to communicate with other apps.

Source: B.Watson