Ah, Windows Phone. I’ve never personally owned a Windows Phone device, but it was nice knowing you. As of July 11, Microsoft has ceased supporting Windows Phone 8.1. With only about 20% of Windows Phone devices running Windows Phone 10 – and Windows Phone in total having less than 1% of the overall mobile market – observers predict that support for the platform will soon stop completely. Now is the time to consider the history of Windows Phone, and what the cybersecurity world may have lost.
It all started with Windows CE, otherwise known as Windows Embedded or Windows Embedded CE. Development began in 1992. The first version of Windows CE launched in November 1996, appearing in some PDA devices of the era – and Windows CE also appeared in the Sega Dreamcast, Sega’s last attempt in the video game console market, which was released in Japan in 1998, and worldwide in 1999.
The Windows CE 3.0 kernel was used in the first version of Windows Mobile, originally named Pocket PC 2000, appearing in more advanced PDA devices and smartphones. The platform ran from the first version of Pocket PC 2000 in April 2000, through to Windows Mobile 6.5 in May 2009.
Windows Mobile 6.5 was going to be followed by Windows Mobile 7, but with the massive success of Apple’s iPhone, which launched in 2007, and smartphones running Android (the first Android phone was T-Mobile’s G1, which launched in October 2008), Microsoft changed direction.
During Mobile World Congress in February 2010, Microsoft announced Windows Phone 7. This new version of the OS was designed to be optimized for touchscreen smartphones, featuring Microsoft’s Metro design language. In my opinion, smartphones and tablets are the devices that the Metro UI is appropriate for. I never personally liked it on the desktop in Windows 8 and 10, Windows Server 2012 and 2016, or on the Xbox 360 and Xbox One, but to each their own.
Although Windows Phone 7, 8, and 10 were actually pretty good operating systems, Microsoft may have released the platform too late to acquire major mobile marketshare, even with their historic Nokia partnership in 2011. What interests me is that some cybersecurity experts believe that Windows Phone is the most secure mobile operating system.
Penetration tester Steve Lord of Mandalorian Security Services analyzed Windows Phone for himself, telling WhatMobile.net:
All have benefits and drawbacks. Currently Windows Phone seems to be the hardest nut to crack. Blackberry has a long history of being very security-focused. If I have physical access to the device, I find Android’s usually the easiest target. Then comes iPhone, then older versions of BlackBerry. If it’s over a network or I have to attack via email or message, Android’s usually the softest target.
Older smartphones tend be considered less secure as they’re usually affected by known weaknesses. If you’re using an older phone you’re better off with a classic dumb phone. If you have to have an older smartphone, use an older BB10-based Blackberry, or a Windows Phone running Windows Phone 8 or newer.”
Eugene Kaspersky also has praise for Windows Phone. He was interviewed by iTWire in 2015, and he talked about his mobile security findings.
The most dangerous [cyberattack] scenario is with iPhones. It is less probable because it is very difficult to develop malware for iPhones, because the operating system is closed to outside programmers. But every system has a vulnerability. If it happens – in the worst-case scenario, if millions of the devices are infected- there is no antivirus, because antivirus companies do not have any rights to develop true endpoint security for Apple.
Kaspersky added that in his view, Android is “not safe,” and said that Windows Phone is “so far very clean”.
So now those of us in the cybersecurity world can reminisce about what we may be losing in a world with no more Windows Phone. Windows Phone, it was nice knowing you.