The market share of Windows Phone devices continues to grow and so grows the number of WP applications: from simple games and social apps to complex business apps. WP security model is considered to be secure; nevertheless, the application themselves may have potential vulnerabilities.
In this presentation, we want to show the techniques we use to analyze the security of WP applications. We will introduce a new tool that makes analysis much easier. This tool allows using both static and dynamic (code instrumentation) techniques. In fact, it is an environment for WP application analysis. We will also show on real examples how to find vulnerabilities with this tool and exploit them.
Authors: Dmitriy Evdokimov, Andrey Chasovskikh