PSA: Windows Phone 7's third-party apps easy to decompile, native code hooks exposed
byChris Ziegler||November 12th 2010 at 3:01pmNovember 12th 2010 3:01 pm
We suspect most developers have gathered this since MIX earlier this year -- many of them have been dealing with variations of the problem since the genesis of Microsoft's .NET Framework -- but we thought we'd throw out a note that word's getting around on how easy it is to tear apart applications downloaded from the Windows Phone 7 Marketplace, gain access to their resources, and get a look at their inner workings. Microsoft has been encouraging developers on the desktop to make this tough by using code obfuscation tools -- Dotfuscator, specifically -- for many years, but Dotfuscator's developer has only just released a free version (through March 31 of next year) for WP7, so it's made things tough to secure. In other words: business as usual, and "business as usual" isn't as airtight as your average white-hat dev would like.
On a happier note, an enterprising coder by the name of Chris Walsh has fleshed out some hooks into unmanaged (read: native) Windows Phone 7 services. It's not what we'd call a "jailbreak" -- you're not altering the security settings of the device in any way -- you're just taking advantage of undocumented services Microsoft has in place, though it's still very cool. Walsh promises some tutorials on hooking into cool stuff like file system and registry access soon, but he notes that apps using these hooks are still running as managed tasks, meaning they can be slapped around by the kernel (killed, suspended, and so on) just as any other WP7 app can -- and we also doubt you'd be able to get Marketplace approval using this stuff.