Building Trustworthy Windows Store Apps
The new Windows Store App environment was built to provide the user with confidence: nothing bad should happen to the typical user, no matter how many Windows Store Apps they try, buy, and uninstall. Windows Store Apps deliver that confidence through a combination of the Store onboarding and the Windows 8 platform. However, while this protects the PC and the user's data from apps, it is a 'jail' rather than a castle, and so to protect the apps themselves from the world, the apps must still be built using secure development practices. Specifically, apps must take steps to secure themselves against potential vulnerabilities (e.g., XSS) that would allow access to valuable resources, such as banking, Facebook, or other personal accounts. Because apps may host such valuable information – and they still interact with the real world – apps need to be written securely so they do not fall victim to attack.