Microsoft’s renewed focus on Universal Windows Platform (UWP) is about more than an improved user experience or an attempt to get additional apps into the Windows Store. UWP moves Windows application development closer to a more secure ecosystem where Windows software can’t wreak havoc on user devices or compromise data.
UWP was originally introduced alongside Windows 10, with several enhancements announced at Microsoft Build 2016. UWP gives developers several options for user authentication, ranging from single sign-on to third-party provider services such as Facebook or Twitter login. The apps also work with Windows Hello, which lets developers add fingerprint biometrics to applications so that users can swipe their fingers to confirm an in-app purchase or access restricted resources. At Build, Microsoft’s Bryan Roper demonstrated on stage how he could log in to the USAA website by swiping his finger on his computer’s built-in fingerprint reader.
The developer initiative has plenty of critics, notably Epic Games co-founder Tim Sweeney, who doesn’t like Microsoft’s shift toward a walled-garden approach for Windows. In the past, it was easy to develop Windows software and make it available from anywhere. With UWP, developers now have to be accepted into the developer program and submit their UWP apps to Microsoft for approval. Microsoft digitally signs accepted apps and makes them available through the Windows Store. Developers can also take the signed apps and distribute them through their own means.
UWP and the Windows Store, however, aren't as onerous as Apple’s Mac OS X store or the App Store for iOS apps, because developers can continue to push their applications through their own channels.
“This is an open platform. For over 30 years, Windows has welcomed an open ecosystem of hardware and software partners. Nothing changes with the Universal Windows Platform,” Satya Nadella said at Build.
Nothing changes, except for the fact that Windows becomes more secure.
Walled gardens enhance security
While the days before UWP were great for widespread adoption, it was terrible for security. Malware is much more prevalent on the PC platform, precisely because of the open distribution model. If a developer made a mistake and failed to use the API correctly, the resulting application could cause compatibility issues with the operating system, device drivers, or other installed applications. Software updates are difficult to manage, and in some instances upgrading the operating system can break applications. All this creates a maintenance and security nightmare on the PC.
A gatekeeper is good for security because it adopts a more application-centric model that is easier to secure and trust. Scanning applications to determine how they use approved APIs (UWP has more than 1,000) helps reduce misbehavior. Microsoft can enforce technical rules, such as prohibiting the use of some APIs in certain cases and mandating and enforcing performance requirements.
UWP also uses sandboxing, so applications can't access resources they don’t need, preventing rogue apps from directly addressing hardware, installing device drivers, or modifying core operating system elements. Malware will be less likely to get onto Windows devices, and more important, it will be harder to cause damage even if a malware infection occurs. UWP won’t solve the malware problem (hey, Mac OS X has malware, too), but vastly reduces the risk.
Improving the application experience
At Build, Microsoft announced that its Edge browser will support Windows Hello for websites to let users log in using biometrics. The Anniversary Update for Windows 10 will let owners use fingerprints and other biometric information to log into applications, not merely log on to devices.
Along with sandboxed security, UWP addresses another problem with the current Windows ecosystem: updating and uninstalling software. With Windows Store handling installs, uninstalls, and updates, users have a seamless experience across all applications, and developers don't have to worry about cruft left behind or users not updating the software regularly.
With UWP, developers can write an application once and have it work on any Windows 10 device, whether the PC, tablet, smartphone, Xbox, or HoloLens. The fact that “run anywhere” includes Xbox and HoloLens, Microsoft’s augmented-reality headgear, was big news at Build. Game consoles provide a predictable experience, with uniform updates, clean uninstalls, and no weird video driver incompatibilities. That will now possible for Windows 10.
All these devices will benefit from having a gatekeeper to ensure security, isolation through sandboxing, and compatibility. Microsoft is trying to build the same model for everything that runs Windows, and if we want to see a more secure Windows world, it's the approach that makes the most sense.