Certification failed for valid app - Windows Phone 8 Q&A, Help & Troubleshooting

I developed an app and I sent it to processing submission but every time get certification failed.
this is an errors list
https://dev.windowsphone.com/FileVendor/FileAsset?fileid=b66b4fae-c1d6-48e8-802b-86afa07a56f6
MS told that app crashes when they press the button, but for me on my device everything works well. I don't know what could be wrong?

Try it on both phone and emulator. Using the emu, try it on different resolutions, try it on different amounts of RAM , etc.
Did they give you any exception details? Use those to try and track down where it could be coming from (example: if it's a NPE, check everything that *could* be null, even if it *shouldn't* be).

I dont have emulator because my pc dont support slat.
I really dont know how to test my app because on my device works well and i dont have another wp8 device

cro.dev said:
I dont have emulator because my pc dont support slat.
I really dont know how to test my app because on my device works well and i dont have another wp8 device
Click to expand...
Click to collapse
Try using Nokia Remote Device Access. They pretty mush have two or three of every Lumia device available.
Its free too!
Sent from my Lumia 928 (RM-860) using Tapatalk

Today my app finally submited to store but when I install it and open, when I try to log in it terminates. That was same error when my app certification failed. Microsoft told me that my app terminates when try to log in.
When I deploy my app on deployer it works like charm. But I dont know why same app not work when I install it from Store.
This is C# code in action when I press Log in button and app terminates
Code:
string zap;
if (cbZap.IsChecked.Value)
zap = "1";
else
zap = "0";
if (File.Exists("X.dat"))
File.Delete("X.dat");
using (StreamWriter sr = File.CreateText("X.dat"))
{
sr.WriteLine(string.Format("{0};{1};{2}", tbIme.Text, tbLozinka.Password, zap));
sr.Close();
}
//NavigationService.GoBack();
NavigationService.Navigate(new Uri("/MainPage.xaml", UriKind.Relative));

cro.dev said:
Today my app finally submited to store but when I install it and open, when I try to log in it terminates. That was same error when my app certification failed. Microsoft told me that my app terminates when try to log in.
When I deploy my app on deployer it works like charm. But I dont know why same app not work when I install it from Store.
This is C# code in action when I press Log in button and app terminates
Code:
string zap;
if (cbZap.IsChecked.Value)
zap = "1";
else
zap = "0";
if (File.Exists("X.dat"))
File.Delete("X.dat");
using (StreamWriter sr = File.CreateText("X.dat"))
{
sr.WriteLine(string.Format("{0};{1};{2}", tbIme.Text, tbLozinka.Password, zap));
sr.Close();
}
//NavigationService.GoBack();
NavigationService.Navigate(new Uri("/MainPage.xaml", UriKind.Relative));
Click to expand...
Click to collapse
go to the DEBUG menu >exceptions...
Tick al the check-boxes under "thrown";
uninstall the app from your device. Debug the app again, look for any unhandled exceptions.

mcosmin222 said:
go to the DEBUG menu >exceptions...
Tick al the check-boxes under "thrown";
uninstall the app from your device. Debug the app again, look for any unhandled exceptions.
Click to expand...
Click to collapse
Looks like everything works well. There is no problem in app when I deploy it with deployer. Only with app downloaded from Store I've got problems.

I actually have a guess about that...
You're writing files to the app's install folder. This works (bizarrely enough) on sideloaded apps. However, it's entirely possible that store apps might *not* have the required permissions to write to their install folders. In that case, your code would be throwing Access Denied errors, and (since you aren't handling exceptions, apparently...) crashing.
Also, you should always set the global exception handler (in App.xaml.cs, for C# XAML apps) to do something useful.

GoodDayToDie said:
I actually have a guess about that...
You're writing files to the app's install folder. This works (bizarrely enough) on sideloaded apps. However, it's entirely possible that store apps might *not* have the required permissions to write to their install folders. In that case, your code would be throwing Access Denied errors, and (since you aren't handling exceptions, apparently...) crashing.
Also, you should always set the global exception handler (in App.xaml.cs, for C# XAML apps) to do something useful.
Click to expand...
Click to collapse
thank you for your tip. So where I would be able to write files then, because my app is based on writing and reading file.

... really? The isolated storage folder, like all the documentation around file handling on WP tells you. Writing files to an application's install directory has been a bad idea (and often not possible, unless you are running with more privileges than you should be) since before modern smartphones even existed.
You can do it using the normal System.IO classes, but there's actually an entire collection of classes (in System.IO.IsolatedStorage, see http://msdn.microsoft.com/en-us/library/System.IO.IsolatedStorage(v=vs.95).aspx) explicitly for managing files in WP (and other Silverlight) apps. The IsolatedStorageFile class is the one with most of the info you'll be interested in.

GoodDayToDie said:
... really? The isolated storage folder, like all the documentation around file handling on WP tells you. Writing files to an application's install directory has been a bad idea (and often not possible, unless you are running with more privileges than you should be) since before modern smartphones even existed.
You can do it using the normal System.IO classes, but there's actually an entire collection of classes (in System.IO.IsolatedStorage, see http://msdn.microsoft.com/en-us/library/System.IO.IsolatedStorage(v=vs.95).aspx) explicitly for managing files in WP (and other Silverlight) apps. The IsolatedStorageFile class is the one with most of the info you'll be interested in.
Click to expand...
Click to collapse
I forget to write that I found solution few hours ago. I found my answers here
http://www.c-sharpcorner.com/Upload...-to-save-and-read-text-file-from-windows-pho/
thanks. Everything works well now.

Related

Wifi tethering application

***Sticky this please
Check out this application I put together. It is a simple stand alone app for true tethering over wifi, you must have a rooted phone for this app to work....
http://www.androidactivity.com/tetherWifi.html
The main purpose of this thread is to discuss issues with the application. For instructions on how to use it read the webpage from the link above.
Good deal will try it out as soon as i get sp3, is it compatible with new update? thanks for this!
Any chance of making this open source?
If it just uses the same method as http://forum.xda-developers.com/showthread.php?t=474470 then it would be pretty helpful for those of us trying to make a frontend to command line applications.
amgupt01 said:
Any chance of making this open source?
Click to expand...
Click to collapse
Pretty Please... I do appreciate the effort and at that same time, I like to know what I am giving root access to. But, really - I'd like to be able to modify it to my own network environment. I like to customize the dnsmasq.conf a bit for my own peace of mind...
Thanks again, this is the beginning of a great piece of work...
This is really nice!!! The old way with terminal was getting old. Thanks!!!!
Could you have a status icon at the top toolbar to show that the tethering service is active?
Tested, worked flawlessly. Unscecured, of course, but freakin' sweet if you can't get another network. Tried this from my house, worked great on 3g. Work VPN functioned w/o issue.
Nice! Confirmed working with Vista laptop.
I'd like to also voice support for open sourcing this-- or for removing the root requirement if you could get that worked out. I am very appreciative that you've pulled this together but at the same time feel reluctant to install any software that will be running under root that isn't signed or at least has the source code available.
Keep up the great work!
please add an option to change ssid, and settings, and we definately gotta find a way to secure the wifi
I just made a couple bug fixes and put up a new version this morning.
This is still beta and I am looking into making a lot more things configurable.
Right now it is not secure. It only will DHCP out one IP, but it does NAT forward the whole range of 10.0.1.X
I understand everybody's concern about making it open source for root access, at this moment I am not going to make it open source. I would like to figure out a way to make it work without root in the future, but if I cannot I may make it open source.
This may help you out with your concerns, this is what the application does:
-it unpacks files to the /data/data/com.androidactivity.tetherWifi/ directory only on the first run of the application, installing an upgrade of my app will re-unpack the latest files in this directory. a chmod of 744 is done to all of these files.
-manual configuration of dnsmasq.conf, tiwlan.ini, etc.. can be done by modifying these files in this directory. You need to run my application once before modifying, so that these files get unpacked. If you ever upgrade my app, make sure you back up these files before upgrading, because on upgrade my app will overwrite these files.
-when you hit start, i disable wifi if it is on and then run the tether.sh start script.
-when you hit stop, i run the tether.sh stop script, I also enable the wifi back if i had disabled it before running start.
-to see what tether.sh start and stop does, take a look at the /data/data/com.androidactivity.tetherWifi/tether.sh file
stats555 said:
Good deal will try it out as soon as i get sp3, is it compatible with new update? thanks for this!
Click to expand...
Click to collapse
I doubt it needs service pack 3. I just confirmed it working on my machine which has service pack 3.
My bluetooth tethering app, on the other hand, works better with service pack 3, and I do recommend upgrading if you are going to use that app.
moussam said:
***Sticky this please
Check out this application I put together. It is a simple stand alone app for true tethering over wifi, you must have a rooted phone for this app to work....
http://www.androidactivity.com/tetherWifi.html
Update:What this program does..
-it unpacks files to the /data/data/com.androidactivity.tetherWifi/ directory only on the first run of the application, installing an upgrade of my app will re-unpack the latest files in this directory. a chmod of 744 is done to all of these files.
-manual configuration of dnsmasq.conf, tiwlan.ini, etc.. can be done by modifying these files in this directory. You need to run my application once before modifying, so that these files get unpacked. If you ever upgrade my app, make sure you back up these files before upgrading, because on upgrade my app will overwrite these files.
-when you hit start, i disable wifi if it is on and then run the tether.sh start script.
-when you hit stop, i run the tether.sh stop script, I also enable the wifi back if i had disabled it before running start.
-to see what tether.sh start and stop does, take a look at the /data/data/com.androidactivity.tetherWifi/tether.sh file
Click to expand...
Click to collapse
Thanks for this gonna test it out. I was thinking of making something like this you beat me to it.
http://code.google.com/p/gtether/
Similar project, open source.
Do not support closed source projects.
Especially those that require root on your phone!
miseiler said:
http://code.google.com/p/gtether/
Similar project, open source.
Do not support closed source projects.
Especially those that require root on your phone!
Click to expand...
Click to collapse
The gtether application clashes with the ****ty superuser application on the JF releases... it's unusable for me. However, Moussam's works fine.
With GTether, everytime I try and connect my PC - it just goes into an endless loop of approving the super user access, even if you select "Always" it just doesn't work. Which is a shame, because GTether is clearly a better application.
I found the same issue with the endless loop with Super user.
vr24 said:
The gtether application clashes with the ****ty superuser application on the JF releases... it's unusable for me. However, Moussam's works fine.
With GTether, everytime I try and connect my PC - it just goes into an endless loop of approving the super user access, even if you select "Always" it just doesn't work. Which is a shame, because GTether is clearly a better application.
Click to expand...
Click to collapse
Well, the GTether application isn't even Open Source. The SVN for it has no code and the downloadable "source code" is just a gzipped .apk file.
Also, the Super User app is far from ****ty. It is the only thing protecting your phone from people releasing apps on the market targeting rooted users. If someone released an app on the market that ran su without your approval, they could wreak havoc on your phone and potentially brick it.
miseiler said:
http://code.google.com/p/gtether/
Similar project, open source.
Do not support closed source projects.
Especially those that require root on your phone!
Click to expand...
Click to collapse
Everybody, do your homework first before you start making stupid comments. First off gtether is not an open source app. My app is simpler and more stable. Gtether is also a good application, but I wanted to create something that had everything packed up into one install without having to run any shell commands.
I do not have the bells and whistles yet, but I am working on them, this is just a beta release.
amgupt01 said:
Well, the GTether application isn't even Open Source. The SVN for it has no code and the downloadable "source code" is just a gzipped .apk file.
Also, the Super User app is far from ****ty. It is the only thing protecting your phone from people releasing apps on the market targeting rooted users. If someone released an app on the market that ran su without your approval, they could wreak havoc on your phone and potentially brick it.
Click to expand...
Click to collapse
Well, no. The source tgz has all the components of the tether-1.6 app in it, in additional to the apk file (for whatever reason). I suppose you could argue the iptables source isn't present in the file, but that is available elsewhere.
And apps that run su with your approval are just as likely to brick/rootkit.
Well by "source" I am referring to the actual source code used for the .apk file which is run on Android. That's the part which is installed as an application and is actually using the binaries from the tether-1.6 kit as root and running in the background to notify when new users connect.
Also, when I say that SuperUser protects your phone, I'm assuming that people will actually do research before allowing an app to user root privileges and will block an app which has no need to use root whatsoever.
miseiler said:
Well, no. The source tgz has all the components of the tether-1.6 app in it, in additional to the apk file (for whatever reason). I suppose you could argue the iptables source isn't present in the file, but that is available elsewhere.
And apps that run su with your approval are just as likely to brick/rootkit.
Click to expand...
Click to collapse
if it makes everybody more comfortable i can post the script files that are run in my app. su is only needed to run these script files. these files are unpacked into /data/data/com.androidactivity.tetherWifi on the first run of this application and can even be altered to whatever config you want afterwards. su access is not needed until you hit start or stop. if you are concerned install my app and run it and dont grant su access and you will be able to see the unpacked script files in the dir i mentioned, and even alter them if you want.

Idea for general (all phone brands) interop bypass (NOT UNLOCK) - but can it be done?

MOD EDIT: Thread closed by OP's request.
If you have used reker's proxy, you will notice the "by @reker" entry on top of the list with search results. If we could do the same with the SamWP8 tool (and link his app to a similar app page), maybe we could bypass the interop unlock requirement (the error you receive if you try to sideload a app with interop capabilities on a non-interop unlocked phone) because apps installed in the store don't get this check (as compu829 demonstrated by saying the original Microsoft youtube app contained the ID_CAP_MEDIALIB_PHOTO_FULL entry in the WMAppManifest.xml, and how could you install this app on phones without having an interop-unlock, exactly : the app was installed through the store).
Correct me if I'm wrong, I'm still learning how the WP OS is build and how it functions.
To admins, I can't post this in the Windows Phone 8 Development and Hacking thread because I don't have the required 10 posts yet.
Seems like a feasible idea, I'll take a look on how the store works but I think the XAP's still need to be signed by a trusted root to this works.
I'll post any updates here as I can't post on dev section x.x
This idea is older than WP8, and it doesn't work. First of all, the apps themselves (as opposed to the data about them) are delivered over an encrypted channel that uses certificate pinning; we can't intercept or modify it. Second, the Store will only install Microsoft-signed (and probably only DRMed) apps. Unsigned apps failed to install through this channel back on WP7. Third, even if we could install the apps this way, hey would still be unsigned. The OS would thus treat them as developer apps. Developer apps on phones where the MaxUnsignedApp registry value is less than 300 are limited to the standard third-party app capabilities, meaning no INTEROPSERVICES or similar.
By all means, go ahead and poke at it - WP8 has surprised me before with weaknesses it has relative to WP7 - but don't expect this to work even if you get past the first issue (which *does* exist on WP8).
Did someone contact reker? We need to figure out how he did this. I can't tell if he succeeded into linking an app to the custom app page because when I click install, I get an error message : "This app is not available for your region", maybe I need to change my region to China and try again.
@GoodDayToDie : Won't the phone be tricked by the store installation, thinking it's an encrypted app? Does it matter whether the app is encrypted or not if someone manages to link an app to a custom app page, because Windows Phone app weren't always encrypted to my recollection (this may predate the WP8 era, if so we're screwed ). And if it matters, can we encrypt the app ourselves by using a encryption method like AES, SHA, MD5, ... ? Unlikely hypothesis, but if someone would succeed in doing all this, could the SamWP8 tool be used to increase the HKEY_Local_Machine\Software\Microsoft\DeviceReg\Install MaxUnsignedApp value beyond 300 to unlock interop capabilities? Are the EnableAllSideloading.xap and Bootstapper.xap also usable on other WP than Samsung or do they need to be recoded to work on WP of other manufacturers?
EnableAllSideloading.xap and Bootstapper.xap depends on Samsung diagnosis tool and it's RPC server that runs on LocalSystem account that has "unlimited" registry access, it's not available on other manufacturers.
Tonight I will start my experiments on it.
greenboxal said:
EnableAllSideloading.xap and Bootstapper.xap depends on Samsung diagnosis tool and it's RPC server that runs on LocalSystem account that has "unlimited" registry access, it's not available on other manufacturers.
Tonight I will start my experiments on it.
Click to expand...
Click to collapse
I was wondering how you could flash the bootloader of Android on the Ativ S as the Secure Boot made by Qualcomm is locked by a blown fuse (it's a hardware issue, not only a software issue you must deal with).
bruce142 said:
I was wondering how you could flash the bootloader of Android on the Ativ S as the Secure Boot made by Qualcomm is locked by a blown fuse (it's a hardware issue, not only a software issue you must deal with).
Click to expand...
Click to collapse
SecureBoot checks signature of the bootloader by a known public key, the case is that Samsumg uses the *same* key for android and wp8 bootloaders.
greenboxal said:
SecureBoot checks signature of the bootloader by a known public key, the case is that Samsumg uses the *same* key for android and wp8 bootloaders.
Click to expand...
Click to collapse
If this checks out, what does it mean, could we flash android on the Ativ S? Or could you even make a dual-boot scenario possible? Great find by the way, :good:.
bruce142 said:
If this checks out, what does it mean, could we flash android on the Ativ S? Or could you even make a dual-boot scenario possible? Great find by the way, :good:.
Click to expand...
Click to collapse
Yes, it's the same hardware as SGS3 Snapdragon 4 version. But let go back to the topic, if you have some question about it send me a PM or post on my R&D thread
greenboxal said:
Yes, it's the same hardware as SGS3 Snapdragon 4 version. But let go back to the topic, if you have some question about it send me a PM or post on my R&D thread
Click to expand...
Click to collapse
I can't post yet in your R&D thread because I don't have the met the 10 post requirement yet.
Edit : I can install reker's "by @ reker" app when changing the region to China, and this is interesting (pasted directly from his WMAppManifest.xml) :
<?xml version="1.0" encoding="UTF-8"?>
-<Deployment AppPlatformVersion="8.0" xmlns="http://schemas.microsoft.com/windowsphone/2012/deployment">
<DefaultLanguage xmlns="" code="zh-CN"/>
-<Languages xmlns="">
<Language code="zh-Hans"/>
</Languages>
-<App xmlns="" PublisherId="{9b1d1b5b-f206-4b27-a139-89659591061b}" IsBeta="false" PublisherID="{b259af64-2f7d-4a89-983f-836325480629}" Publisher="智机网_WPXAP" Description="智机市场官方版" Author="智机网_WPXAP" Genre="apps.normal" Version="2.0.0.0" RuntimeType="Silverlight" Title="智机市场" ProductID="{59bd999b-496e-4e05-afce-94b67ba6e862}">
<IconPath IsResource="false" IsRelative="true">Assets\ApplicationIcon.png</IconPath>
-<Capabilities>
<Capability Name="ID_CAP_IDENTITY_DEVICE"/>
<Capability Name="ID_CAP_IDENTITY_USER"/>
<Capability Name="ID_CAP_NETWORKING"/>
<Capability Name="ID_CAP_PUSH_NOTIFICATION"/>
<Capability Name="ID_CAP_SENSORS"/>
<Capability Name="ID_CAP_WEBBROWSERCOMPONENT"/>
<Capability Name="ID_CAP_APPOINTMENTS"/>
</Capabilities>
-<Tasks>
<DefaultTask Name="_default" ActivationPolicy="Resume" NavigationPage="MainPage.xaml"/>
</Tasks>
-<Tokens>
-<PrimaryToken TaskName="_default" TokenID="WpXapToken">
-<TemplateFlip>
<SmallImageURI IsResource="false" IsRelative="true">Assets\Tiles\FlipCycleTileSmall.png</SmallImageURI>
<Count>0</Count>
<BackgroundImageURI IsResource="false" IsRelative="true">Assets\Tiles\FlipCycleTileMedium.png</BackgroundImageURI>
<Title/>
<BackContent/>
<BackBackgroundImageURI/>
<BackTitle/>
<DeviceLockImageURI/>
<HasLarge/>
</TemplateFlip>
</PrimaryToken>
</Tokens>
-<Extensions>
<Protocol Name="wpxap" TaskID="_default" NavUriFragment="encodedLaunchUri=%s"/>
</Extensions>
-<ScreenResolutions>
<ScreenResolution Name="ID_RESOLUTION_WVGA"/>
<ScreenResolution Name="ID_RESOLUTION_WXGA"/>
<ScreenResolution Name="ID_RESOLUTION_HD720P"/>
</ScreenResolutions>
</App>
</Deployment>
@bruce142: The store may or may not care about the DRM - that was in place by the time WP8 came out, but WP7 didn't have it for a long time - but it absolutely cares about the signatures. More accurately, actually, the XAP install code (which the store invokes) cares about the signatures. There's no "tricking" it; the signature is quite plainly there, or it's not. You don't exactly have to look hard to find it. The app launch code *also* cares about signatures. Non-sideloaded apps won't have ID_CAP_DEVELOPERUNLOCK, which is a special capability automatically added to sideloaded apps to allow them to launch even though they don't have signatures. Without that capability (or rather, without the SID which the token of an app with that capability gets at chamber creation), the kernel will refuse to load the unsigned executable binaries.
GoodDayToDie said:
@bruce142: The store may or may not care about the DRM - that was in place by the time WP8 came out, but WP7 didn't have it for a long time - but it absolutely cares about the signatures. More accurately, actually, the XAP install code (which the store invokes) cares about the signatures. There's no "tricking" it; the signature is quite plainly there, or it's not. You don't exactly have to look hard to find it. The app launch code *also* cares about signatures. Non-sideloaded apps won't have ID_CAP_DEVELOPERUNLOCK, which is a special capability automatically added to sideloaded apps to allow them to launch even though they don't have signatures. Without that capability (or rather, without the SID which the token of an app with that capability gets at chamber creation), the kernel will refuse to load the unsigned executable binaries.
Click to expand...
Click to collapse
I understand, the app has to be signed before it can be uploaded to the store, but does the developer of an app not sign its app when he assembles it or does the store sign the app itself? I see no threshold here, as signing an app is not a problem, or is it? I still admire that reker managed to make an app page by using a proxy which isn't normally there and successfully linked an app to it, which I was able to download and it contained elevated capabilities, I thought the ID_CAP capabilities were all interop capabilities (correct me if I'm wrong). Could someone make the old version of the Samsung Diagnostic tool available this way which users with other WP than the Ativ S/Ativ S Neo might able to use to modify the MaxAppUnsigned value and unlock more capabilities, or is this impossible? If only we knew how reker did this, ...
bruce142 said:
I understand, the app has to be signed before it can be uploaded to the store, but does the developer of an app not sign its app when he assembles it or does the store sign the app itself? I see no threshold here, as signing an app is not a problem, or is it? I still admire that reker managed to make an app page by using a proxy which isn't normally there and successfully linked an app to it, which I was able to download and it contained elevated capabilities, I thought the ID_CAP capabilities were all interop capabilities (correct me if I'm wrong). Could someone make the old version of the Samsung Diagnostic tool available this way which users with other WP than the Ativ S/Ativ S Neo might able to use to modify the MaxAppUnsigned value and unlock more capabilities, or is this impossible? If only we knew how reker did this, ...
Click to expand...
Click to collapse
ID_CAP's aren't all Interop capabilities, most of them are available for every app, and the ones you posted are, afaik, normal ones that don't need and Interop Unlock.
GoodDayToDie is right. His answer is very detail.
You may replace a xap with homebrew one in theory, but phone will never launch a store app without MS signature. Every single dll is signed by MS, and phone will check it.
Few questions and opinions:
The signature is used only for allowing the app to be installed on the device right?
Is the signature after added to the app a constant for the whole time or is it changing from time to time?
If the signature is used only for allowing an app to be installed, can we somehow make an virtual MS Server (Using FIddler for example), who can clone the real one and give us an offline signing of the app`s when installing them?
Can a signature be pulled off from an original installed app and the be put in to an another one?
cevi said:
Few questions and opinions:
The signature is used only for allowing the app to be installed on the device right?
Is the signature after added to the app a constant for the whole time or is it changing from time to time?
If the signature is used only for allowing an app to be installed, can we somehow make an virtual MS Server (Using FIddler for example), who can clone the real one and give us an offline signing of the app`s when installing them?
Can a signature be pulled off from an original installed app and the be put in to an another one?
Click to expand...
Click to collapse
The signature is checked when running the application, every PE image on the device should have a valid digital signature.
You don't seem to understand how it works, the signature is any kind of hash, let's say, SHA256, of the entire file. This signature is encrypted with the signee private key. If you change one single bit of the file, the hash will change, and so the signature will be invalid.
There are few ways to exploit this kind of security, like generating a hash collision or breaking the private key, both would take million of years.
I do really don't understand the whole process I was just giving some noob suggestions.
It's strange for me that after the app is installed it doesn't require an active network to start.So I am wondering if it could be possible to trick the app to start somehow?
Sent from my Windows Phone 8S by HTC using Tapatalk
While suggestions are always welcome, you really should read up on digital signatures and how they work. @greenboxal's explanation seems like it might have gone over your head a bit... The fact that you didn't understand about ID_CAP_* also means you've probably never looked at WP development, or even looked at the manifest of a WP app, either; you may want to do some of that. Until you do so, it would be only by the sheerest crazy luck that you managed to hit on a solution, because you don't even know what you're actually trying to accomplish!
For example, it's pretty obvious why there's no need for a network connection to start an app, once it's installed. There's a license on WP apps, which is checked when the app is installed (requires Internet access) and is then valid for some time (never checked how long exactly, probably years though). The signatures are different. When the app is installed, the signing certificate (which contains the public key, but not the private key, of the keypair used to sign the app) is extracted from the app and checked to see whether it is trusted by Microsoft (the phone has Microsoft's certificates embedded in the OS; it doesn't need a network connection for this). When you try to launch the app, it checks to see whether the signatures on each binary (which are, as greenboxal mentioned, created by taking the cryptographically secure hash of the binary and then applying something like encryption to it using the private key) are valid (it applies the public key to the signature to get the signing hash back, and checks whether that hash still matches). We (developers) can't fake store signatures ourselves, because we don't have Microsoft's private keys. Therefore the phone wouldn't trust our signatures (make sure you read up on the concept of a "chain of trust" and the concepts of public key cryptography and public key infrastructure in general too) and would refuse to load the binaries. The process of verifying signatures is just a bunch of math once you've already got the public keys, and those are, as I said, extracted from the app at install (for individual apps) and stored in WP8 itself (for the Store-wide signing key); no need to access the network.
Thanks guys for clearing this up for me.I know that it`s not that simple as i say.Anyway, just keep up the good work.We the Noobs depend from you.
If you are not those who you really are i personally know that i will never buy a Windows Phone again.You are the reason for the MS`s profit.
Sorry again for jumping in into this "battle".
This thread is becoming way out of hand, question is asked and answered : adding a app via proxy which may interop-unlock other WP is not possible. Locking thread now.
PS : yay, ten posts.

Windows phone security- is there one and if so, how does it work?

Hi,
So, Android has a permission system which albeit somewhat flawed (malware can gain permissions not intended for it) and not very suitable for laymen (non rooted phones have to either accept all permissions or be denied from the app. In many programs people don't have the luxury of not using them) theoretically has merit. IOS has...well actually I'm not sure how it works security wise but I pressume it creates sandboxes for each app, layman wise it is reasonable since you (theoretically) can deny access for all programs to certain components (no need to jailbreak).
How does WP works?
Thank you.
Security is different, apps can't do as much as on android. But iOS is better in this, because capabilities are like in Android: you can see what the apps want prior to installing them, but blocking some of them isn't possible.
I am very saddened to hear this.
Is there an ability in place similar to Androids rooting?
Also, what do you mean by "apps can't do as much as on android"?
Thank you!
@th0mas96's post is technically *mostly* accurate but very confusing and doesn't actually answer your question at all.
The short version is that WP apps use a capability-and-sandbox system much like iOS and Android, with each app getting a sandbox that gives it read-only access to the app-specific install directory and the global system directory, read/write access to the app-specific data directory, and access to whatever other stuff is specified in the capabilities. Capabilities are currently all-or-nothing; you can't reject or disable any capability except by just not installing the app.
I could go into the technical implementation of the system a bit, but the short version is that WP8 apps use fairly standard NT (as in the NT kernel that is at the core of PC Windows versions) security features: each app has a unique token (rather than inheriting the token of the process that crated it, the way it normally works on PC but very much like how Windows Store apps work on Win8) which contains the app-specific Security IDentifier (SID) that gives access to the app directories, plus the SIDs of the various capabilities that the app has.
What @th0mas96 was talking about is that WP capabilities usable by third-party developers are much more restrictive than they are on Android. For example, Android allows an app have full read-write access to your contacts or to send SMS directly. WP8 doesn't allow that unless you use capabilities that are normally neither allowed on the store nor allowed in sideloaded apps (Microsoft's code can have them, of course - that's how the built-in SMS app works - but not Joe Random Dev). The downside of this is obvious; some app behaviors (like a full replacement for the SMS app or phone dialer) are not possible. The upside is that apps are *way* more limited in how malicious they can be; the most common way that Android malware makes money (remember, the vast majority of malware is for profit) is by sending SMS to "premium" numbers. On WP8, an app could *compose* such a message, but it couldn't *send* it for you (unless it had a capability that third-party apps normally can't have) so you'd have a chance to see what the app was doing and decide not to send that message after all.
This means that the ability to disable capabilities is much less important on WP8 than on Android.
Oh, then those restrictions are actually good news.
Aside from from your typical run-of-the-mill malware my main concern was actually privacy. I have a huge displeasure from apps like Whatsapp which on android takes a whole plethora of liberties and was hoping that perhaps some other system may contain their user data voracity and their ability to control the divice their on.
Is there any link in which I could see the full list of those restrictions?
I'm still downhearted from not having a more fine grained control of the system but maybe it still has it uses in some scenarios...
Also, thank you very much for your comprehensive explanation!
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Window phone Security Issues
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
grilledcheesesandwich said:
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Click to expand...
Click to collapse
Sounds interesting.
Not something I'd try )) but interesting.
Aman Raien said:
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
Click to expand...
Click to collapse
I pressume this is an advert for Master Software Solutions, but nevertheless I did google the term you suggested and got nil results. I also browsed the main site of the company itself but haven't found anything related, nor did I find anything on their facebook page.
Regardless, I checked out this Kids corner thing, it's cute but not really security related...
Thx anyway.

[Q] OEM Apps Filesystem Access Limitations

Hello,
can an OEM App access 3rd parties app sandbox content? Is there any specific capabilities ?
Thanks,
MaX
m4xp0w3r said:
Hello,
can an OEM App access 3rd parties app sandbox content? Is there any specific capabilities ?
Thanks,
MaX
Click to expand...
Click to collapse
they can access to your apps Isolated Storage directly using ID_CAP_INTEROPSERVICES
if you mean other thing please let me know .
Well, Interopservices is kind of the opposite of "directly" - it's more like "they can tell some system service to look in your folder, and report back what it sees, if there is any service available that supports doing that" - but I believe OEM apps can gain the ability to read app install locations (by enumerating the apps using ID_CAP_OEM_DEPLOYMENT and then accessing the InstallLocation property of each Package, which returns a StorageFolder). Not sure about accessing data, though.
GoodDayToDie said:
Well, Interopservices is kind of the opposite of "directly" - it's more like "they can tell some system service to look in your folder, and report back what it sees, if there is any service available that supports doing that" - but I believe OEM apps can gain the ability to read app install locations (by enumerating the apps using ID_CAP_OEM_DEPLOYMENT and then accessing the InstallLocation property of each Package, which returns a StorageFolder). Not sure about accessing data, though.
Click to expand...
Click to collapse
ID_CAP_DEPLOYMENT only returns store installed apps not Sideloaded apps .
I think they can use also storageFolder.GetfoldersFromPathAsync(String Path)
to get all apps folders and checking them is so easy isn't it ?
apps are install in some well known folders (like D:\WPSystem\Apps) so get folders of them can't be hard
oh , could you please check this too : ?
http://forum.xda-developers.com/windows-phone-8/help/control-keyboard-entery-silverlight-t2957927
thanks

can we have an alternate store for windows phones this 2020?

I know the Store has shut down since last 2 months and most of the Microsoft services for Windows Phone are already dead or cut off. We all know that we can no longer download and install apps in the Store and now we depend on cracked and/or deployable XAP files and APPX/Bundle files on the Internet. But can we share our "surviving" installed marketplace apps thru one app? Like maybe making an ALTERNATE store for WP...
Well, Microsoft would (maybe) not care if we do this since Windows Phone is dead so why not give it a try? Sharing our installed apps (by extracting it from their Installation Folder and zipping it/recompile it) to others would help a lot, especially for users who don't have time to bother buying a new non-Windows smartphone.
Also can someone make or share a "Tap the tile to lock phone screen" app? I desperately need one because my power button is broken.
I would share my installed software if I would know how to retrieve them.
Microsoft Lumia 640 LTE @ WindowsPhone 8.1
djinni111 said:
I would share my installed software if I would know how to retrieve them.
Microsoft Lumia 640 LTE @ WindowsPhone 8.1
Click to expand...
Click to collapse
You can (for XAP files) using this method from this YT video: https://www.youtube.com/watch?v=buWOsHd6jdg
The method works for SD card apps.
For Internal, boot phone into Mass Storage Mode (you need to root your phone using WPI). Then, in your PC, go to MainOS > Data > PROGRAMS. Copy either everything or a specific app (via GUID), and do as what the video also show how.
For APPX or APPXBundle apps, go to WINDOWSAPPS folder whilst in PROGRAMS (internal) or WPSystem\Apps (SD) directory. Then, copy the app files.
For APPX, those without any similar names of the app.
For APPXBundle, those with similar names of the app plus the cpu architectures "arm", and "neutral" (there may be two more of those "neutral" ones, but join them also).
Then create (on your PC) a self-signed certificate, pack each package (for APPXBundle, pack them app but put into a seperate folder so that they wont join in the others), sign them one by one, (for APPXBundle, pack them into a bundle, and sign them (again? idk)), and your done.
To check if they're deployable, i recommend deploying them one by one on an emulator or on a separate device. If you deploy one but fails, the tendency of the app with the same app GUID installed on your phone being uninstalled is high.
I know many people still using Wp 8.1 and still need install App for Wp, but Store closed. Waiting for help ! Can some great devoloper do that ? Sorry my bad English !
CreativeGamer03 said:
I know the Store has shut down since last 2 months and most of the Microsoft services for Windows Phone are already dead or cut off. We all know that we can no longer download and install apps in the Store and now we depend on cracked and/or deployable XAP files and APPX/Bundle files on the Internet. But can we share our "surviving" installed marketplace apps thru one app? Like maybe making an ALTERNATE store for WP...
Well, Microsoft would (maybe) not care if we do this since Windows Phone is dead so why not give it a try? Sharing our installed apps (by extracting it from their Installation Folder and zipping it/recompile it) to others would help a lot, especially for users who don't have time to bother buying a new non-Windows smartphone.
Also can someone make or share a "Tap the tile to lock phone screen" app? I desperately need one because my power button is broken.
Click to expand...
Click to collapse
use android :good:
Did anyone try to look how far we can get in replicating the original App Store's backend? Might hit a road block sooner or later with signing etc., but I was surprised to see at least the initial communication is HTTP only:
Code:
GET /v9/catalog/storePages?typeId=DynamicHub.Main&os=8.10.15148.0&cc=DE&lang=de-DE&hw=520190980&dm=RM-984_1001&oemId=NOKIA&moId=&cf=99-1&Flight=&SEG0=%3B&SEG1=&SEG2=&SEG3=&SEG4=&SEG5=&optedOut=true HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip
User-Agent: ZDM/4.0; Windows Mobile 8.1
X-WP-Client-Config-Version: 81001
X-WP-Device-ID: ******
MUID: *******
X-WP-StorePage-Cookie: *******
Host: cdn.marketplaceedgeservice.windowsphone.com
That request then times out after a while since it goes via akamai and probably tries to hit backend servers that no longer exist (504 Gateway Time-out).
Unfortunately I never captured the traffic while the store was still working, so the question is how to figure out what to reply to this.

Categories

Resources