8

I'm going through the Windows Phone test suite before submitting my app to the Windows store.

The guidelines have the following section:

Requirement - 5.4.1 - Malicious software screening

Requirement Text - The app must be free of viruses, malware, and any malicious software. -

Test Steps -

  1. Launch your app.

  2. Scan the app for malware.

  3. Verify that there are no viruses, malware or malicious software in the app.

What does "Scan your app for malware" mean? Is there some tool I'm supposed to use to scan the app for malware? The document contains no link to such tool and a google search and MSDN search did not yield much results.

Community
  • 1
  • 1
Benjamin Gruenbaum
  • 270,886
  • 87
  • 504
  • 504
  • Honestly, I'm tempted to say "don't worry about it" :) Does your app or any libraries that you use do anything malicious? No? Good - ship it. :) – New Dev Sep 08 '13 at 17:47
  • 1
    @Charles I've opened up the tag wiki to discussion on meta http://meta.stackexchange.com/questions/196236/windows-phone-store-tag I'd love for you to argue your case there so we can reach a better community consensus on the subject. – Benjamin Gruenbaum Sep 08 '13 at 20:36
  • Hmm, I actually intended to add the tag for windows store apps here, I think, but I either spaced or decided it was a bad idea. See you on meta. :) – Charles Sep 09 '13 at 03:29

1 Answers1

1

I can't speak on behalf of MS but I imagine that the malware tools used internally aren't available outside. Having said that, you could still run scans using programs like MalwareBytes or Microsoft Security Essentials on your XAP file itself and/or rename XAP to ZIP and unzip it to scan the files individually. Viruses stored within the XAP file could be read in by an app and then spread onto other platforms (even if it doesn't affect the phone itself. The requirements may be discussing that.

If your app isn't doing anything suspicious and doesn't use unsupported APIs, I personally wouldn't worry too much. Whilst there may be some false positives sometimes, I'm not aware of any particular tool that this section of the requirements specifically refers to.

Edit - I was reminded that there is a Store Test Kit but I didn't initially post that as it doesn't specify that it does a malware check. Good idea to run it nevertheless.

[What Store Kit Tells You]

Whether the XAP file meets size requirements and whether the app manifest file is valid.

Whether a Direct3D app that targets Windows Phone 8 uses APIs that are not allowed on the phone.

Whether a background agent app uses APIs that are not allowed with background agents.

What capabilities the app uses (for apps that target Windows Phone OS 7.1 only).

Whether the specified images and screenshots meet certification requirements.

Whether the app icon and background image used in the app meet certification requirements.

Community
  • 1
  • 1
keyboardP
  • 68,824
  • 13
  • 156
  • 205
  • 1
    "I'm not aware of any particular tool that this section of the requirements specifically refers to." Well then why do they make it sound like there should be some sort of tool you should be using? If they mean that devs should use their own scanners, then the docs should explicitly mention it. – synth3tk Sep 08 '13 at 23:16
  • I agree but I can't comment on why the've done that as I don't know. I've been doing Windows Phone dev since it came out and have not encountered any tool that should be used to scan a running app but that's just my experience. Documentations can be incorrect and ambigious at times. It may even be that these docs are the used internally as well. I suggest getting in touch with the MSDN team or sending MS an email directly if you feel this is something that is going to affect you. – keyboardP Sep 09 '13 at 08:18
  • No one knows why it's there. I was in Microsoft recently and asked the relevant people :) No need to worry about it, thanks. – Benjamin Gruenbaum Oct 08 '13 at 14:27
  • Randomly found its way in there :D Thanks for the follow up. – keyboardP Oct 08 '13 at 19:44