Mero AP security problem RRS feed

  • Question

  • Currently installed in the Metro AP can be in the HKEY_CURRENT_USER/Software/ ActivatableClass/Package to find the directory and get all the information.
    The use of JavaScript development program, all of the code can be accesse. The future if the Metro AP via MS Store installation, the user can get all file information.
    Tuesday, September 27, 2011 6:55 AM


All replies

  • I am not sure if I understand your question correctly can you give me an example of the path that is available in the registry that you are concerned about.

    Tuesday, September 27, 2011 4:41 PM
  • You can get the data or source code based on the following methods.

    If I would like access the data of Piano.
    step1: run regedit and select HKEY_CURRENT_USER/Sofware/Classes/Extensions/ContractId/Windows.Launch/PackageId/

    You can find the folder of Piano.


    Open the folder and get all of files.

    The source code could not be hidden when using JavaScript to make our Metro AP.



    Wednesday, September 28, 2011 3:13 AM
  • You will not be able to access the registry from a metro style app so if you need to store information for your app, you should use the WinRT API's

    Windows.Storage.ApplicationData.locaSetings/roamingSetting instead.



    Wednesday, September 28, 2011 9:19 PM
  • I think the point he is making is that as a developer his source code is not obfuscated on the client machine it is installed upon. His secondary question seems to be "will installing from the store be any different?".

    To the original poster- I am curious. Are you worried about someone re-using the code inside your app for their own apps? If you want to obscure what your app is doing I believe there are some off the shelf JS minifiers that can do the deed before you create your APPX file. This should at least prevent casual reuse as the code will require lots of reformatting and lose a lot of semantic meaning if your minifier renames functions and variables.



    Wednesday, September 28, 2011 10:14 PM
  • Yes, I am worried about someone re-using the code. The other question is that someone gain all files and copy them.
    For example, I gain the Piano AP all files, using VC2011 to re-create new project adding all files from the Piano AP.
    It will happen in using JavaScript development program, but not in C++ or C#.
    So Microsoft must be hidden files from MS App Store, otherwise there will be Pirates of the copy problems.

    Hung-Yi Lin

    Thursday, September 29, 2011 4:26 PM
  • Thanks for clarifying. That's great feedback and I think you should also post it over in the general OS section:


    It's possible the experts there may be able to comment more about the Store.

    Also if you would be interested in seeing minification/obfuscation tools in Visual Studio you can log an issue through connect: http://connect.microsoft.com/visualstudio



    Thursday, September 29, 2011 4:36 PM