Tuesday, December 27, 2011

Hard at Work

I've been hard to work for the past month on my next WP7 app. It's called Whiskers and its a password keeper. I wanted to develop a password keeper that accomplished the following few goals:

        1. Is Simple
        2. Is Secure
The simple part is, well, simple. Metro UI, clean, appropriate iconography, and features that simply "get to the facts, ma'am". What Whiskers does best right now is store your passwords and other important data easily. What is missing are features such as backup, import, export, etc.

The secure part has been a wrestling match. First, I wanted the data to be encrypted securely. I went through several options and iterations of implementations and finally settled on the built-in Data Protection API (DPAPI) in Windows Phone 7. The API safely and securely encrypts any type of data and does so in a way that the data may only be decrypted on the very same device. By using the DPAPI, I don't have to store any key data, salt values, or other private encryption bits that could be sniffed out of my .xap or from Isolated Storage data.

The second part of security is leaving out the need for application permissions such as Data Services. For me, any application, especially one the stores my private data, should have very good reasons for the need to access the Internet. Whiskers does not and this should give anyone confidence that their data isn't being sent and stored someplace out in the ether. Accomplishing this was full of compromises.

The first compromise was leaving out a Mango feature that I thought would be useful and that is pinning a tile to the Start screen. I implemented the ability to pin any one of your secrets to the Start screen. I later pulled this feature because usage of the ShellTile namespace requires the application to have the Data Services permission. Why? Because a ShellTile has a Uri property which means the tile could redirect to a URL somewhere out in the ether. 

Other compromises deal with the whole, import, export, backup and save to the Cloud features that many people ask for. Again, in order to feel that this app is secure and isn't sending your private data somewhere out into the ether, I decided to leave these features out that way I can leave the need to add the Data Services permission to the app. 

In the future, I'm considering a pro or plus version of the app that would enable Data Services and allow you to use the Cloud. This would go against my two primary goals for Whiskers but then again, this would be a different version of the app altogether so I guess that is ok.

I hope to wrap up this first version of Whiskers soon and submit it to the Marketplace. Like my previous apps, I'm going to make this free and free from Ads. 

No comments:

Post a Comment