[Q] Hidden APIs to access public folders - Windows Phone 8 Q&A, Help & Troubleshooting

Hi,
Write file access on Windows Phone 8 is very restricted. In fact 3rd party apps can only write pictures to the public picture folders. Other types, such as music, documents, or video folders cannot be accessed.
Are there hidden API calls available for accessing these folders (I am aware that applications using these APIs will probably fail Marketplace submission)?
Greetings,

Yes, there are but you need special permission from MS to use them.

Do you have more details about these API calls?

No...not really. I know there are APIs for everything we can't do as ordinary devs, but MS only releases these to certain groups (typically recognized development studios).
These include:
Native compiled APIs, to use with C++/C#
Appointment API (other than live calendar)
Bluetooth APIs
and some others.

thanks, this really explain a LOT of things.

Do you have an idea how to get access to these APIs? I already tried it with the MS developer support but they say that they don't know

I don't know exactly. But you can't get them through the usual ways. Maybe if you send them a physical letter asking xD?

There are native APIs accessible to regular users. You can read all Calendars since WP7.5 and starting with WP8 you at least can create a new Appointment in a Calendar but only through a Task so the user has the ability to edit it and he must confirm it. Bluetooth-APIs are also open in WP8 although not everything can be done through them.
There might be additional APIs you can gain access too if you work with Microsoft directly. I would suggest you contact one of the Microsoft Dev Champs near you (there is a "Find my Champ" App in the Marketplace) and get into contact with him.
But unless your App gains special permissions through Microsoft even though you might know about those APIs your App would not be able to use them.

And then they cry that Google won't give them the API for a youtube app....the irony

The problem with YouTube is more that there are APIs but that YouTubes Terms of Service prohibit using those APIs for competitors in the search engine space. So Microsoft is specifically prohibited because they own Bing. I hope you can understand the difference but I have a feeling you won't.

Thanks for all your comments. Please don't abuse this thread with company bashing because the situation is often more difficult than it seems. Thanks :good:.

I think wp8.5 may see some more APIs open up. Wp8 is rushed and many existing APIs on win8 simply does not exist on wp8.
Ms is taking a more cautionary approach for APIs as they don't want junior devs mess up the phones user experience like they did with Android.
Sent from my RM-820_nam_canada_246 using Board Express

Related

SAPI in WP

Hi Guys,
Just curious about if WP8 will open sapi for developer. I think sapi has been included in WP7.5 since tellme service indicating it on the device. But developer cannot use it....
How about WP8?
Thanks.
There are speech APIs in the leaked SDK. Also you might want to have a look at the Video from Microsoft's Windows Phone event when they first presented WP8. There will be a conversation functionality which is aiming at allowing Apps to well execute speech commands but also initiating those Convos themselves when certain events occur (e.g. Navigation system might ask if the route should be changed due to traffic and then waiting for confirmation from the user (by speech).

Do you think WP8 should be WindowsRT feature wise ??

How many of you think in such a way. I mean the freedom we get in Windows RT is actually what an average user want with security. Heard WP Blue will share winRT APIs and other codes. So does that mean we will see freedom and app like file explorer limited to personal files, ability to have 3rd party audio and video players with full media api access ?? In short the sandbox model if Windows RT in WP...
Sent from my Nexus 4 using Tapatalk 4 Beta
Vishwal said:
How many of you think in such a way. I mean the freedom we get in Windows RT is actually what an average user want with security. Heard WP Blue will share winRT APIs and other codes. So does that mean we will see freedom and app like file explorer limited to personal files, ability to have 3rd party audio and video players with full media api access ?? In short the sandbox model if Windows RT in WP...
Sent from my Nexus 4 using Tapatalk 4 Beta
Click to expand...
Click to collapse
It might be possible.
The plan is to get it there, I am not sure if Blue will bridge the platforms completely or just some APIs.
mcosmin222 said:
It might be possible.
The plan is to get it there, I am not sure if Blue will bridge the platforms completely or just some APIs.
Click to expand...
Click to collapse
I hope it's former part of your last sentence. I want to operate my smart phone, not vise versa...
Sent from my Nexus 4 using Tapatalk 4 Beta
It would be nice. I don't wholly agree with Microsoft's approach to RT, either, mind you. I think that restricting things like Testsigning mode and kernel debugging and third-party drivers is harmful to the platform from a developer standpoint without providing any benefit to either Microsoft or the users. I think the restriction around desktop apps is silly and should be optional, even if the option is well hidden and/or contains dire warnings. I'll put up with those restrictions in return for Microsoft's current laissez-faire attitude about the "jailbreak", but even then I find the "secure boot" lockdown insulting; we bought the hardware and the software it comes with, and should be able to run whatever other software we want to on it.
With all that said, the RT world is miles ahead of the WP world. I'm not suggesting they should bring the desktop to WP - it's actually possible, and while it would be hard to click things the specs and resolution on the higher-end phones are more than sufficient - but some kind of file manager (or even the ability to write our own), some kind of scripting environment (closer to powershell than TouchDevelop), and some of the core utilities and features of Windows (ability to back up any and all files automatically, or to set per-app and per-sound device volume controls, or to create symbolic links in the filesystem) would be really nice, and full access to the registry would be fantastic.
The issue of security does become relevant here - I don't want any arbitrary app to have such registry access, for example - but I wish they would put in some way to do such things, even if only through a built-in special-privileges settings app. Besides, eventually we will find a way into the OS, and there's a decent chance that the exploit used will be something that *any* app could use. At that point, we might very well find malware exploiting those holes. Historically, the biggest breaks in device lockdown have come neither from malicious attackers nor from those who wish to pirate apps/games/whatever, but from those who simply want to use their own devices without BS restrictions getting in the way. The most famous example in recent histroy is probably the PS3, which was broken wide open after Sony seriously (and foolishly) pissed off some people by retroactively removing device features such as the ability to boot Linux. However, the same act plays out regularly on iOS (where the goal is control, but once the hacks are demonstrated they get used for both malware and piracy) and has also already been seen on RT.
If you want to make something secure, don't give the most talented people (who only rarely work for the blackhats or the pirates) an excellent reason to break its security wide open. This means the security has to stay out of those users' way, instead of constantly impeding them.
I actually would like to have the desktop available on WP as well but not necessarily if you are using it as a phone. But imagine connecting it via HDMI and having RT Applications + Desktop available. The hardware power is there, given that current WP8 devices run the same Qualcomm SoC that Dell uses in the XPS10.
API-wise I expect them to bring a lot more of WinRT over to WinPRT (especially on the managed side). I'm not sure if they will extend it to system-level concepts like a shared file-system - my feeling is that they won't do that but we'll have to wait and see how the APIs to access the SD card are progressing.
While I agree, the downside of doing that is that it greatly increases the install footprint. Windows RT has a much larger install footprint than other "mobile" OSes, and it has hurt platform adoption somewhat as well as increasing the manufacturing price of the tablets it runs on (because they need more storage; 16GB wouldn't really cut it). WP8 is even more space-sensitive; there are already WP8 devices with very little internal storage, and many phone lack any kind of expansion port. Adding the desktop and all of the desktop utilities (management console and all its snap-ins, all the little utilities like paint and wordpad and so on, plus all the libraries needed to support them) would add up to probably at least another few hundred megs; trivial on a PC, acceptable on a tablet, problematic on a phone.

[Q] Questions about Microsoft New EULA and interop-unlock

1.9 Are there things I can’t do on the Services? You must not use the Services to harm others or the Services. For example, you must not:
•Use unauthorized software or hardware to access the Services or modify an Authorized Device in any unauthorized way (e.g., through unauthorized repairs, unauthorized upgrades, or unauthorized downloads). You agree that we have the right to send data, applications or other content to any software or hardware that you are using to access the Services for the purpose of detecting an unauthorized modification and/or disabling the modified device; or
•Attempt to disassemble, decompile, create derivative works of, reverse engineer, modify, further sublicense, distribute, or use for other purposes the Services, any game, application, or other content available or accessible through the Services, or any hardware associated with the Services or with an Authorized Device. If you do, we may cancel your account and your ability to access the Services, and pursue other legal remedies. We may take any legal action we deem appropriate against users who violate our systems or network security, this Agreement or any additional terms incorporated or referenced in it. Such users may also incur criminal or civil liability.
Click to expand...
Click to collapse
Source : Xbox Live Terms of Usage
I'm getting a popup that I should accept the new end users agreement when trying to install a new app or check my Xbox Achievements, I have however a few questions about this paragraph above (I have honestly never seen this before) :
- Is it safe to accept if I have interop-unlocked my Samsung Ativ S, installed the BootStrapper.xap and EnableAllSideLoading.xap, WP8Tools and WP Tweaks from -W_O_L_F- and GoodDayToDie and jessenic.
- I'd used proxies provided by reker and others on XDA-Developers to access some manufacturing exclusive apps (like Nokia apps)
- Should I be worried if I accept that they can block and/or delete my Xbox account, I have saved a fair amount of temporally free store apps and I don't want to lose them.
If so, should I be better off to switch back to Android because they "allow" (turning a blind eye to) rooting your phone or tablet?
Please help me guys, I'm starting to freak out (I haven't accepted the new version of the EULA yet).
Terms like that have traditionally been part of the XBL EULA, but in the past they've always related to cheating or piracy on the console itself. People certainly have gotten their accounts banned for that, which is part of why I have nothing to do with such things. As for whether it's "safe" to accept... eh. If they want to, they can easily argue that you broke the EULA (and forfeited your account) when you interop-unlocked your phone, but they haven't - so far as I know - ever tried to attack individuals or their devices. I'm pretty sure they wouldn't do anything so foolish, either. Both Google and Apple have disabled peoples' accounts in the past for EULA/TOS violations - Apple for iOS hacks, Google for incredibly stupid <REDACTED> like breaking the Real Name Policy on G+ - and so for that matter has Microsoft, for something almost as idiotic (if you want to take risqué photos with your phone, make damn sure auto-upload is off even if your SkyDrive profile is set to private; they've called it a TOS violation and suspended, though not quite completely disabled, peoples' accounts for that). Every single one I've heard of resulted in a flood of bad PR, and not in the "all PR is good PR" sort of way... more like calls for lawsuits, and accusing anybody who uses that platform of being an idiot.
If there's one thing Microsoft cannot afford to do with regard to Windows Phone right now, it's give people another reason *not* to buy it. We are probably safe.
Yes, but WP8 is gaining popularity so maybe they won't do it now but in the future they probably will. Was this clause also present at the time of the interop-unlocking of WP7? If so, you are probably right. But as a precaution is it possible to lock out Microsoft from checking if modifications are made to the system (like you did with the relock solution redirect the data to a different proxy)?
GoodDayToDie said:
if you want to take risqué photos with your phone, make damn sure auto-upload is off even if your SkyDrive profile is set to private; they've called it a TOS violation and suspended, though not quite completely disabled, peoples' accounts for that
Click to expand...
Click to collapse
Are you sure of that? It means they watch the photos we take? I don't think so... maybe they used it as an image hosting and shared the link everywhere in the internet...
It's supposedly automated scanning that recognizes anything that looks like it needs to be flagged for human review...
http://wmpoweruser.com/microsoft-monitoring-censoring-skydrive-uploads/
http://wmpoweruser.com/watch-what-you-store-on-skydriveyou-may-lose-your-microsoft-life/
http://www.neowin.net/news/microsofts-ban-of-nudity-on-skydrive-questioned
etc...

Accessing features in Windows phone 8(.1) development

When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
proch said:
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
Click to expand...
Click to collapse
Another question would be - if something like intune can enforce lock screen password policies, shouldn't I be able to do it the same way that intune does it? If so, how? If not - why not?
It's not possible to check if user enabled lock screen password or not as far as I know
but if you want to made your app secure (because it may include important data)
you can create a password for your own application !
I did it in a little notepad app my password page allow user to set a password with all English and Persian Characters , numbers and special Chars like [email protected]#$ and etc.
Sent from my RM-994_eu_poland_1183 using Tapatalk
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
GoodDayToDie said:
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
Click to expand...
Click to collapse
Thanks for this great and detailed information. See, that's exactly what I'd do if I were developing a desktop app - since i know that intune does it, I'd figure out how intune does it and voila. I'm finally getting over the idea that the same methodologies apply to windows phone development.
For my own educational purposes (since I want to understand this platform better), I would really like to know specifically how you go about accessing the registry APIs (for example). If there's any way for you to describe any number of these methods, I'd greatly appreciate it. Thanks again!
My NativeAccess libraries (check my signature, or search on the forum or on Codeplex) contain an example of one way to access the registry. The code is open-source; you may use the libraries as-is (don't expect to get them into the store, though I won't stop you from trying), use the source code as a reference, or modify/build them yourself; the license is very liberal (MS Permissive). The functions I use are generally documented on MSDN, in the desktop APIs section; the phone has the same functions, although the DLL names are changed and the header files hide them.

Victimized23322

All,
I need help immediately..I'm not a developer or tech savvy type beyond corp correspondence and general reporting for project management. I've been hacked in the worst way by criminals I caught doing some very nasty things in my name and on my property. They used Bluetooth and Wifi/Wifi Direct to pair with everything but the toaster in my house. They are using OMADM protocol to send APKs and other apps directly into my devices with what appears to be permanent USB tethering embedded that I cannot breaK and every new device get the same data dump from some cloud or text or email and renders my devices slaves. They've used everything from remote desktop services to ALL legitimate apps DL from playstore Github and other places. These are not detected by malware spyware or antivirus. They install them in the system side via OTA root. It's taken me 9 months to learn this reading bits and pieces like reading 10 books at a time two pages from each book every tem minutes then trying to understand it and apply. Law enforcement is useless. Can YOU help me??! It's cost me my house my patience and nearly my life. If you can and are willing let me know how to contact you on secure platform. I even need your help to do this securely and safely. I'll PAY. I need help. Please. These are Linux and Java code writers and app writers. They KNOW how to attack. Who out there will help? I can provide phone number, email add etc and will contact you in anyway you prefer.
Victimized23322 said:
All,
I need help immediately..I'm not a developer or tech savvy type beyond corp correspondence and general reporting for project management. I've been hacked in the worst way by criminals I caught doing some very nasty things in my name and on my property. They used Bluetooth and Wifi/Wifi Direct to pair with everything but the toaster in my house. They are using OMADM protocol to send APKs and other apps directly into my devices with what appears to be permanent USB tethering embedded that I cannot breaK and every new device get the same data dump from some cloud or text or email and renders my devices slaves. They've used everything from remote desktop services to ALL legitimate apps DL from playstore Github and other places. These are not detected by malware spyware or antivirus. They install them in the system side via OTA root. It's taken me 9 months to learn this reading bits and pieces like reading 10 books at a time two pages from each book every tem minutes then trying to understand it and apply. Law enforcement is useless. Can YOU help me??! It's cost me my house my patience and nearly my life. If you can and are willing let me know how to contact you on secure platform. I even need your help to do this securely and safely. I'll PAY. I need help. Please. These are Linux and Java code writers and app writers. They KNOW how to attack. Who out there will help? I can provide phone number, email add etc and will contact you in anyway you prefer.
Click to expand...
Click to collapse
Hi Victimized23322
XDA is not the right platform for such request and I'm compelled to warn our members that your request may be malicious in itself. Playing the victim is a very common practice used by phishers and con artists.
Therefore I recommend all members not to engage with @Victimized23322 about his/her problem. Any damages and/or losses resulting from engaging are entirely your own responsibility.
Thank you for understanding my concern, we have to take this into account. If what you explained is true, you need a specialized security firm that deals with these type of attacks.

Categories

Resources