Microsoft's beefing up security with Windows Phone 8 may make custom ROMs a thing of the past

While there is a lot to look forward to with Windows Phone 8, some of the changes may not be as noticeable but no less important. Windows Phone 8 will have a number of significant changes under the hood to bolster the security of the platform.

Windows Phone 8 will have device encryption throughout the entire device including the OS and its applications. Designed along the same lines as Windows 7 PCs, encryption kicks in as soon as you power up the device. This system, based off of Bitlocker (but adapted for Windows Phone) was something first reported on back in February as an early rumor.

BitLocker (opens in new tab) is a logical volume encryption system that is present in Windows 7 and will be present in Windows 8.  BitLocker is designed to protect data by providing encryption for entire volumes or drives within a computer to protect the integrity of a trusted boot path.  The main difference between the PC version of encryption and what we will see on Windows Phone 8 is that the encryption keys are not manageable on our Windows Phone as they are on desktops or laptops.

WP Central

Two exceptions will be present with Windows Phone 8 encryptions. If you live in a location that does not allow the importation of encryption technology the device encryption will be disabled. The other exception is with the SD card due to unknown issues with the performance of swappable SD cards. Keep in mind that the SD card can only be used to store pictures, music and videos, not documents. While what is stored on the SD card may not be encrypted, the data on our Windows Phone will be.

The other big security feature coming to Windows Phone 8 is the SafeBoot Feature. In a nutshell, the SafeBoot Feature makes it very difficult for malware or an component that lacks the correct digital signature to be loaded on your Windows Phone. Each device will get a unique key burned into a chip along with a number of common keys from Microsoft and the OEM. When you power up the Windows Phone the firmware will start a Unified Extensible Firmware Interface. The UEFI will only validate and launch elements that have the correct digital signature from Microsoft.

WP Central

The downside, for some, with the SafeBoot feature is that it will not be possible for custom ROMs to be built because the developers won't have access to the correct digital signatures.

Lastly, the base footprint of the Windows Phone OS has reduced and Microsoft is now requiring all applications to run in the same sandbox as third party Marketplace apps. This will limit the area any compromised app will have access to and add further protection to lower system levels such as the device registry or locked API's.

While it is nice to see Microsoft strive to make our Windows Phone as secure as possible, these efforts also explain the reluctance to offer the Windows Phone 8 upgrade to existing devices. The existing devices lack the keyed chip the new phones will have which could present a weakness in the security system. While existing devices are fairly secure within their own rights, I can understand why Microsoft isn't willing to take the chance.

Source: MobileJaw; Thanks, Mike S., for the tip!

George Ponder

George is the Reviews Editor at Windows Central, concentrating on Windows 10 PC and Mobile apps. He's been a supporter of the platform since the days of Windows CE and uses his current Windows 10 Mobile phone daily to keep up with life and enjoy a game during down time.

  • More security the better. Companies will love this.
  • +1
  • +2
  • Awesome and not so awesome... No one wants Microsoft to become Apple.
  • Nor do they want them to become Android.
  • Sounds like a catch 22.
  • Android is open source .. moron
  • Please. Cut it out. Android hasn't been Open Source since Version 2.0. There's more to Open Source than just the ability to download a stock version of the source code. Open Source also means the community can CONTRIBUTE back to the Source Code.  Google do not allow anyone else to contribute to Android.  It isn't Open Source.
    A few weeks ago in a court in California Google refused to provide the source code for the Galaxy S3 stating it was "proprietary".  How can open source be proprietary?  Who's the moron now?
  • Check you facts "smart guy", Android IS Open Source, and if you want access simply start here Also Samsung modifies their Android OS implmentations, ad do many fanafctures, often time using propritery code. Which Google, if the have access to are likely unable to disclose due ti an Non-disclusure Agreement (NDA) or other legal agreement.  Get your facts straight.
  • My HTC HD2 was abandoned by MS much like Lumia 800 but it now runs Jelly Bean. WP8 will block the choice. I think I've made my choice of which mobile OS to go with.
  • Cool story bro
  • My HD2 runs WP7.5 Tango. I can also dual-boot Jelly Bean, but, frankly, it's an incredibly dull drab boring and aweful OS.  And compared to WP7.5 on an HD2, incredibly sloooooooooow.
  • I like how you can't do custom roms with wp8..
  • Not me that's a big down side will seriously consider dropping windows based on what the community at xda developers thinks about this issue. No custom ROMs, then no capabilities of home brew apps.
  • You came, you saw, you left.  Enjoy your Android device.  Not there's anything wrong with that.  It's a consumer market and as a consumer you choose what device is best for you. 
  • And consumers want custom roms. This is why android is so big. I hope Microsoft realizes this before it's to late.
  • The best selling androids are the cheap as hell ones on metro and other company's that only sell one smartphone type lol
  • And 10 million (expensive) SGIII's :-)
  • ...or even know what they are like me.
  • This is very true. I don't see this being a good thing, but some will. I also don't think this will help get devs & geeks to help push or promote the platform.
  • power users want ROMs.  Consumers want it to just work. 
  • Yes! +1,000,000
  • Remember, Microsoft did the android thing and in the long run it didn't work out too well. It was called Windows Mobile. It allowed OEM's and users to do whatever the hell they wanted. It ended up being fragemented with a subpar user experience just to name a few issues. 
    Microsoft learned its lesson. With phones being so powerful now and hold an insane amount of private data, pictures, etc and equipped with a variety of sensors, I want that level of security. 
  • +1 which is why I prefer this
  • Not really: WM OS achieved almost 50% of the market, the decline was caused by MS stopping development and innovation while Ballmer was laughing at the iPhone.
    I do not think the iPhone would have been so popular if people did not find a way to customize it.
  • yeah that 60% of all adroid devices running Gingerbread is screaming "we want custom roms"...
  • Nerds do. Users don't.
  • That is a very common mistake and assumption "techies" make when using the word "consumers."  No, the VAST majority of consumers could care less about custom ROMs.  In fact, one can argue that people shouldn't need custom ROMs if the user experience was right.  Oh, and if you need to load a custom ROM just to get the user experience better, you chose the wrong device.  That's why there are plenty of devices to chose from.
  • It is not that they want a custom ROM. They want a working ROM with out all the carrier BS that Google and the hardware makers let them install. If Google provided a complete ROM with no BS carrier crap and one that worked properly, people would find no need for a custom ROM. Many Android ROMs have more issues than the defacto ROM. 
  • I never met a custom ROM I didn't hate. As a consumer and power user I like my device to work with few to no bugs, have access to apps that don't degrade the usuability of my phone and be secure.
  • Anything can be broken, and this will be broken just the same.  A careless piece of code at MS will allow hackers to pull down the unencrypted filesystem.  That's the way of everything.  BluRay was suppose to be unbreakable, now look at it.  The same will happen to WP8.
  • The TPM chip is what controls the encryption. It took a security firm 6 months and physically altering the chip to crack the encryption.
  • It can still be done. Whether the correct people care enough to do it is really the biggest issue.
  • It's per device. Breaking the encryption on one phone will not break the encryption of the rest. This is without a doubt probably the best security of any smartphone OS.
  • Of course it can be broken. Any security can be gotten around with time.  Even cryptographic security mainframes use for banks and such.  The point is it would take so much time and effort to decrypt that the data would be useless - same with this.
  • meh, I'm sure someone will manage to hack it. look at ios ita super locked-down and still can be jailbroken.. anyways, more important news, wp8 has app list + settings backup!!! (see: the verge) hope it includes progress in games..
  • iOS uses software encryption, so it is hackable plain and simple. Once hardware encryption is introduced it makes it ten fold more difficult, and usually requires hardware changes to hack it, which no one in the consumer market is willing to do other than the most extreme, which completely removes the homebrew following that Windows Phone has.
  • I remember the days with the ps and ps2 and installing mod chips to get your console to play foreign games and burnt games. Risk was your console could stop playing genuine games or stop working altogether. Yet I knew many with one. I had one in my ps as well. Point is, never underestimate what the community might be willing to do. Whether it be hardware security or software. There are many out there that will look at this as a challenge and will break through it.
  • The PS1 had a simple hack that was easy to implement and the payoff was large. Windows Phone's homebrew scene is already pitifully small. This level of security will only thin it out further, reducing the payoff and with it any reason for most people to bother implementing any exploit that might be found.
    Maybe I'm going to be proven wrong, but I doubt it. The iPhone was the same as the PS1 - easy to hack and there was a big pay-out once you did it - Jailbroken iPhones had apps, multitasking, tethering and all sorts of other stuff that locked iPhones didn't have (incidentally, with each new feature that Apple implement, the iPhone Jailbreak scene dies a little bit more. A lot of people stopped jailbreaking once they got multitasking - they only jailbroke to access features that they deemed essential).
  • I wouldn't call installing a mod chip in a ps1 a simple task to your average user considering the numerous opportunities to cause damage unintentionally to the unit. However, I do agree that time will tell. There may be a small homebrew community now, but what if wp8 takes off? If we want a bigger homebrew community, all we have to do is go on the internet and spread the word all across the net that wp8 is unhackable. Lol Any true hacker will not be able to resist that call out. ;) Guess we will see what they can come up with one way or another.
  • I used custom roms on my titan only to enable mms and using already scarce homebrew apps. Also for carrier debranding (att). I don't see the necessity of custom Roms for me, and most of the users except power users. But i wish i can use HTC hub on my future Nokia wp8.
  • Apple doesn't know security. Their shit is always the first to fall at black hat conventions.
  • So true.
  • I don't understand not having the option to store documents on a SD card. For enterprise, I do. Not for the consumer.
    I am very happy for the mobile bit locker. It is awesome security, for enterprise use.
  • Honestly... I've been so excited about WP8, and have been usign a WP7 device since launch day. But this article pretty much just crushed my chances of buying a WP8 device, which I fully intended to do before reading this. Security is great, but the hacker community is large, and throwing them completely under the bus is stupid. Apple even knows this and keeps the cat and mouse game alive. I guess my next device will be the next Nexus instead of the next Nokia. Bad move Microsoft.
  • Actually, it's an excellent move on Microsoft's part to promote WP8 as a secure OS. It's definitely innovative in the sense no one else does this (hardware security) as of now. Enterprises will be willing to adopt WP in their environment, especially if they are looking to replace a Blackberry environment. Security conscious users, who are apprehensive about using custom mods, will also give the OS a very serious consideration. All said, Microsoft stands to gain much more by this move.
    Sure it'll disappoint some users who like using custom roms, but the incentives for making the OS secure (monetary and otherwise) are far, far greater.
  • @ousooner this is funny stuff. Is Android secure? Is it not the largest and fastest growing os ? Maybe this locked down secure thing is a non factor to the consumer. I like W8 but I'm only here because of Xbox live. I kinda miss being able to customize things.
  • That's totally true. I was talking to my sister in law and my mother in law about Android the other day. They picked it specifically because they can root it and it has a great hacking community. My 15 year old nephew too, she thought it was "awesome". 
    No man... as much as we in the "bubble" like to think so, 99% of the android users out there barely know how to use 10% of what the phone offers let alone about hacking and all that. People buy what they see in ads and what the sales guy shows them at a price that meets their budget. It's as simple as that :)
  • Yet, the fact that you can't simply copy documents onto your device makes it pretty useless for the enterprise. For business, Windows Phone 8 seems to promote / support the wrong things: music, pictures, video ... all those things you shouldn't use during work. :)
  • That's because they want people to use the cloud and Skydrive for their documents. The newest release of Office should have tipped you off there.
  • MS also said that "telemetry" indicated that people did not use the "Show Unread emails only" view and took it away  in Office 2010; guess what? It is back in Office 2013....
    What MS wish is not necessarily what the people want and, in the end, the latter are the ones who decide the success of a product. 
  • I think you misunderstood. You cannot put documents on the removeable SD card, but you can still put documents in the internal memory.
  • See ya. You surely won't be missed.
  • Well I guess it's good news that ROMS don't rely on unsecured information. Without even looking through the new kernel I can expect the easiest way through is allowing the system to think the custom ROMS have the correct signatures,then blocking them from checking. Simple.
  • The signature checks are in the bootloader / UEFI, which means you're not going to be able to even get past that to modify anything else.
  • On a downside if the release of wp8 has issues there will be now way of fixing it if there is no updates available for some carriers as we know some carriers don't care for WP. So the user will be stuck with a phone that cannot be fixed!
  • But starting with wp8 ms will push updates...much like on windows (desktop os)
  • Not exactly: updates will be pushed over the air without the need to connect your device to a Zune or similar software but OEM and carriers will still be the ones which will give the green light...... unless people will join the "Enthusiast" program and the details of it are still unknown.
  • I believe zeronoise is correct. I had heard that Microsoft will be pushing updates regardless of wat the carriers say.
  • Half correct - "enthusiasts" can opt to receive updates from MS instead of from carriers. i.e. It will be at your own risk to get it directly
  • Dude beefing up Security is never a bad thing in order to persuade enterprise customers to adopt the platform. If hacking the platform is that important to you don't worry because sooner or later it will inevitably still happen
  • I'm going to make the assumption here that these security features will not be enabled automatically, since they aren't on the desktop.
    they are nice to have and I know my company is definitely looking forward to implementing them, though I'm a bit disappointed we won't be able to upload recovery keys to active directory as we do on the desktop.
  • Do you think the non-manageable keys could be because there's a proposed way to backup the phone's data (via the new Zune replacement)? Since that's associated with a Live account, it should allow users to import data into a different phone.. Or is there another benefit to managing recovery keys in AD? I thought it was only beneficial on PCs because of removable hard drives (or am I way off)?
  • Wondering what you would need the key for? Between SkyDrive and MS Account sync, I don't think you'd lose much
  • With Windows Phone 8, they mention that the device encryption is ON and always on. it can't be disabled. (The technology is based on Bitlocker but different - similar as to what's going to be on Windows RT I presume)
    There won't be any need to send security keys etc as they are imbedded into the phone's Chipset
    Security through the EAS settings of course will still all work as well, if not better.
  • I've been burning roms since 2004 with WinMo 2003 SE. Then continued with Windows 6 & 6.5. Back then burning roms was a necessity because WinMo kind of sucked. Roms made my phone usable. I was excited once WinPho 7 launched, as I felt I no longer needed to burn roms to make my phone usable. WinPho 7 just worked and was super stable and fast. I dabbled with hacking WP7 and installed some Homebrew, but I didn't need to. I must say it's nice to not waste my weekend burning Rom after Rom and tweaking and tweaking. My WP7 just works and I'm fine with that. Maybe I'm getting old :D
  • I'm with you, although the Tilt 2 ROM update from HTC was actually good enough for me and I haven't gone to xda since. I am grateful for their prior work and wish them well, but I hopefully won't need their services anymore.
  • Same here, used XDA a lot with Win Mo but back then the performance gains alone made it worth it. With Windows Phone everything works great and I don't need the few homebrew apps.
  • Yup. How much is your time worth? I had to do the same thing with Android. Had to install roms from xda and tweak the shit out of it. Don't miss it at all. Now I have more time to read and comment on articles here. Hah
  • Lock it down but allow side loading and reg access and I will be happy. I don't need to alter windows just have full access to tune as i see fit
  • Good news for developers. Compared to Andorid where there is basically no security there is up to 90% piracy of apps.
  • Exactly! I'm very excited about this!
  • Another nail in the coffin for RIM. With security and encryption built into every single WP8 device, enterprise customers can move away from paying RIM for it's enterprise security features.
  • Like MaulerX said, this is about RIM.  RIM is exiting the enterprise space and possibly existence altogether.  Having a TPM chip is a veritable boon to enterprises that require complete security in the mobile space.  Software just doesn't cut it.  Android and iOS are a complete joke when it comes to security.  I work where that kind of ability is tested daily and these kinds of devices are completely forbidden.  Right now RIM is the only thing that can guarantee an encrypted space on a device and advanced wipe/reset abilities through the BES software.  Now Microsoft can completely replace RIM in the Enterprise space with Activesync in Exchange 2010 and guarantee device security.  Couldn't do that before which is why BES and Good Messaging exist.
  • The way I look at it if you need to hack your device to make it the way you want what's the point of buying it ? I for one love the windows Os I've had ios and Android running ice cream sandwich and I hated them both Android constantly crashes and ios while its good in many aspects is just plain boring to me...while win phone is certainly limited in customizability everything always works flawlessly and it has a single core processor!!! For a daily driver win phone in my opinion is just a better OS but that's to me the only thing Android is good for is flash which all their new phones lack with jelly belly sour beans or whatever they call it tomorrow...i think any added measures to create a much more secure and stable OS is fantastic...if you want a unsecure phone go go get Android for me MICROSOFT AND WINDOWS PHONE WILL BE MY ONLY DEVICE I EVER BUY
  • Or they could just continue to use their WP7.5 and WP7.8 phones. It's not like these are going to magically stop working on October 29th.
  • Hardware encryption on device and server side encryption for Apps, as a developer, I will continue stronger than ever to develop apps for wp as I feel completely protected against piracy :)
  • completely protected?  I would say that there's more protection but not completely protected.
  • What's wrong with being secure??
  • I won't go so far as to say custom ROMs suck, but they represent the fact OEMs can't get ROMs right when there's a lot of complication involved. On the other hand, Windows Phone doesn't shove a lot of crap in your face that you won't want, and what little the carriers do push on you is quickly and easily removed at your own discretion. Custom ROMs, in my opinion, are already a thing of the past for Windows Phone... especially since we'll now have a means of updating our phones manually to get that latest-greatest feeling.
  • I don't understand why some people in these comments are freaking out about this.  This is a good thing in my opinion.  Microsoft is clearly going after enterprise with WP8 and hardware encryption is one of the best moves they could do to achieve this.  For the people saying Android is popular because of loading custom ROMs I call BS.  I have around 10-15 family members that have android devices and only one of them install custom ROMs or root their devices.  The rest of them bought their phones because they were cheap.  Android is popular because they have 10000 different phones on all carriers and the carriers promote it.  
  • I like to have secure device
    The encryption keeps the device safe
    Anyways I am going to buy wp8 as the wp7.5 worked out really well for me
  • That's it!
    I'm no longer going to do business with my bank because I just learned that they added more security guards, cameras, and new security software that protects my money from thieves. 
    That will teach them!  :-)
  • LMAO!
  • + plenty LOL
  • +2
  • I for one am glad they are beefing up security. Personally I don't need roms, i just want my phone to work and be unique and perform well. With that said bravo ms keep up the good work.
  • On TechEd Europe 2012 a session was given on this aspect:
    You can view the presentation live registration online over here:
  • I remember reading an article a few months ago about how Android users tend to spend a LOT of their time downloading different clock skins, widgets, complete interface overhauls, etc and sometimes completely wiping their phone in favor of this custom ROM, or that one. Especially during the first few days of owning their new phone. Me, coming from Windows Mobile 5.x days, let's just say I've been there and done that... and really don't want that in my phone any more. I honestly just like the WP7 experience straight out of the box... fast, smooth, seamless. If WP8 has some gaps that only a custom ROM can fill, that's another story. But mostly I don't want to have to be a "power" phone user, I'll save the endless tweaking for my desktop.
  • I agree. Although for me it is a catch 22 as I type this on my HD2 running Mango. Truth is WP runs so well that XDA is no longer a site I depend on daily (while respecting those who do great work there). I would like to add that it was said WP would never run on the HD2 and it happened. Hardware encryption will be harder to break, but hackers love to hack. My question is will the encryption be accessible by the oems, carriers and/or MS? You just can't trust big brother either.
  • Good thing :-)
    Companies don't need to worry about security.
    Don't need them roms, wouldn't chip a Rolls Royce either...
  • Bad move Microsoft! Im even considering an iPhone 5 now.
  • All that is needed is an exploit in the security suite created by an app or service (and there will be one) and there will be an unlock... thats how interop unlocks work now on HTC. Custom roms may follow or they may not; as long as I can tweak my phone I will be happy.
  • There's no such thing as unhackable. It just depends on whether someone with the right skills and knowledge can be bothered.
  • There's no such thing as unhackable. It just depends on whether someone with the right skills and knowledge can be bothered.
  • There's no reason to even have custom roms with wp8... android custom roms can give the user a way to radically change their interface but with wp8, theres only so much you can do with squares and rectangles. Jelly bean changed the game because it is beautiful, stable, and lag free. It also practically comes with an invitation to change your device in different ways. The reason why i think WP8 will not succeed with the mainstream consumer because of the brand recognization that Android is starting to get. A friend of mine recently got the HTC ONE X because it's a "Droid" and it has the gigantic screen. Apple even added to Android's brand recognition because of their whole legal battle with Samsung. They must not know how much publicity they are giving the S2 and S3!!!
  • I don't really know what a ROM is or neither the BitLock encryption. I think the best alternative if you are a home user is to give a strong and secure Windows 8 password and lock it when you go out. This way the files and folders are safe from outsiders. But from hackers you need to find a good encryption and simple mechanism. Anti Virus and Internet Security Software should be helpful in keeping the hackers at bay,.