While there is a lot to look forward to with Windows Phone 8, some of the changes may not be as noticeable but no less important. Windows Phone 8 will have a number of significant changes under the hood to bolster the security of the platform.
Windows Phone 8 will have device encryption throughout the entire device including the OS and its applications. Designed along the same lines as Windows 7 PCs, encryption kicks in as soon as you power up the device. This system, based off of Bitlocker (but adapted for Windows Phone) was something first reported on back in February as an early rumor.
BitLocker is a logical volume encryption system that is present in Windows 7 and will be present in Windows 8. BitLocker is designed to protect data by providing encryption for entire volumes or drives within a computer to protect the integrity of a trusted boot path. The main difference between the PC version of encryption and what we will see on Windows Phone 8 is that the encryption keys are not manageable on our Windows Phone as they are on desktops or laptops.
Two exceptions will be present with Windows Phone 8 encryptions. If you live in a location that does not allow the importation of encryption technology the device encryption will be disabled. The other exception is with the SD card due to unknown issues with the performance of swappable SD cards. Keep in mind that the SD card can only be used to store pictures, music and videos, not documents. While what is stored on the SD card may not be encrypted, the data on our Windows Phone will be.
The other big security feature coming to Windows Phone 8 is the SafeBoot Feature. In a nutshell, the SafeBoot Feature makes it very difficult for malware or an component that lacks the correct digital signature to be loaded on your Windows Phone. Each device will get a unique key burned into a chip along with a number of common keys from Microsoft and the OEM. When you power up the Windows Phone the firmware will start a Unified Extensible Firmware Interface. The UEFI will only validate and launch elements that have the correct digital signature from Microsoft.
The downside, for some, with the SafeBoot feature is that it will not be possible for custom ROMs to be built because the developers won't have access to the correct digital signatures.
Lastly, the base footprint of the Windows Phone OS has reduced and Microsoft is now requiring all applications to run in the same sandbox as third party Marketplace apps. This will limit the area any compromised app will have access to and add further protection to lower system levels such as the device registry or locked API's.
While it is nice to see Microsoft strive to make our Windows Phone as secure as possible, these efforts also explain the reluctance to offer the Windows Phone 8 upgrade to existing devices. The existing devices lack the keyed chip the new phones will have which could present a weakness in the security system. While existing devices are fairly secure within their own rights, I can understand why Microsoft isn't willing to take the chance.
Source: MobileJaw; Thanks, Mike S., for the tip!