Application Security Testing: An Integral Part of DevOps
Isolated storage for the Windows Phone platform works a little differently than Isolated Storage for Silverlight. Here is a compilation of the top 10 things Windows Phone developers should know about using isolated storage in their application.
- Application update - When an application is updated, its isolated storage location is not changed. For that to take effect, you need to ensure you build your application and submit the application as if it was an upgraded version. Astute developers should test the upgrade scenarios to ensure successful data migration.
- Quota limitations - Unlike Silverlight applications, Windows Phone applications do not have a quota for the isolated storage. This allows applications to take up a lot of space. Be deliberate in your application design when you use disk space on the phone.
- Application uninstall - When a Windows Phone application is uninstalled, its isolated storage data will be deleted.
- Temporary cache - For data that is short-lived, make sure you store it in a temporary folder inside the isolated storage, which is cleaned up upon application exit. This ensures that your application does not gobble up disk space unnecessarily.
- For user generated data, if possible, store it in the cloud with Azure platform. This ensures that when the user formats the device, he/she does not lose the data. If cloud storage is not possible, make sure there is a dedicated folder in the isolated storage for that.
- IsolatedStorageSettings is not threadsafe and can throw IsolatedStorageException when Save is called.
- Data binding - Since the Save method on the "IsolatedStorageSettings" class throws an exception, if there are any data bound objects in IsolatedStorageSettings, and they need to be saved, create a clone of the object and save that.
- Always call all isolated storage API calls inside a try/catch block, so you can handle any exception throws without taking down the application and can inform the user.
- When the phone begins to run out of disk space, it will give the user a warning.
- Do not use isolated storage to store high-value secrets, such as unencrypted keys or passwords, because isolated storage is not protected from highly trusted code, or from unmanaged code. On an unlocked device, that could mean your application can be susceptible.
In this article, we saw various best practices about using isolated storage in your windows phone application. I hope you have found this information useful and will be able to use the knowledge to write better Windows Phone applications.