Last week we asked our readers if they thought Windows Phone 8 might bring a greater degree of custom ROM potential kind of like what Windows Mobile brought to the smartphone space around the turn of the century. Unfortunately for hackers, but fortunately for businesses and users, Windows Phone 8 brings with it a very high level of platform security. First of all encryption is built into the entire device including the operating system and applications. As Mike Temporale of Mobile Jaw notes, “The encryption is backed by the TPM 2.0 standard, which requires unique keys to be burned into the chip during production.” There are also a number of common security keys from Microsoft and the OEM burned onto the chip in a read-only manner. The firmware has a secure UEFI environment that validates that the device has all of the keys on initial boot. The boot manager knows which applications are to be started on boot up and will only launch those that are signed and trusted. Custom ROMs will not have the correct digital signatures and therefore will not be able to start.
The security model also extends to all applications. Everything, including Microsoft’s own applications, OEM drivers, and OEM customizations, are required to run in their own sandbox. That means you can forget about viruses or any kind of malware as well.
These new Windows Phone 8 security features also make it obvious as to why Windows Phone 8 will not run on current Windows Phone devices… they lack a chip that has been burned with security keys for the platform, OEM, and device.