Last week, a Nokia employee named Justin Angel posted an article on his personal website that claimed to show how Windows 8 Modern UI apps could be hacked without a lot of effort. Microsoft later sent out a statement that said the company takes "a variety of extra measures to help harden Windows 8."
This week, a new post on the Windows 8 app blog goes into much more detail on how app developers can better secure their creations. One tip is for programmers to compile their apps with Visual Studio 2012. Microsoft says that the software's security tools help to protect apps from a number of common attacks by default.
Another tip is to remove some of the app's features before submitting it to the Windows Store. One thing that Microsoft says app developers should take out is a way for the app to connect to "Home and work networks." While having this feature can be handy for pre-release testing, it can leave the app open to hacker attacks if it is included when it is published.
Microsoft says:
Consider removing the capability in favor of testing with a remote server, which has the added benefit of replicating real world conditions for your app. If you do use the Home and work networks capability, be sure to remove it before submitting your app for Store certification.
Other Windows 8 app security tips include having the app use the file picker in place of the library file-based feature, along with using HTTPS connections for authentication and not trusting remote data. Microsoft says, "Know who’s calling the Windows Runtime from within your app - after all, you don’t want an unknown internet site to control your app, do you?"
Source: Windows 8 app blog | Image via Microsoft