Apps for Office security question

Question

This quesiton was posted by Mark Butler on the Office Next blog:

Wow, this is going to open a whole new set of cool capabilities

I hope you are going to cover the security of all this in a later post. It is bad enough that hackers can send me files with malicious scripts inside, the idea they can now send me word docs with actual apps inside makes me shudder.

Answer 1

Hi Mark,

Yes, the apps for Office platform opens a whole new set of awesome capabilities and makes it really easy for developers to build and publish apps! You can learn more about it at http://dev.office.com

We are going to cover security in depth in an ucpoming post, but in a nutshell, we employ a number of security features to ensure end user are protected when using apps.

1. Apps for Office are subject to all security constraints imposed by browsers such as the same-origin policy for domain isolation and security zones. 

2. The user is always in control - if a user opens a document that contains an app that they haven't seen before, we will prompt the user to grant the app permission to run in the document. We also prompt the user if we detect that document is coming from an external source.

3. Apps get validated and verified - each and every app offered from the Office Store comes from a verified develoepr. We take a lot of care to ensure those apps are secure and add value to our customers.

We've done many other things under the covers to ensure app users are as safe as (or safer than) browsing to web sites. An upcoming post will explain this work in greater detail.

Thanks,

Hila

Answer 2

Yeah, I believe a lot of developers has this concern. Hopefully this post can make people confident.

thanks.

---

Forrest Guo | MSDN Community Support | Feedback to manager