> fake tweetium app that was stealing everyone's password
Since you are a WP developer I'd like to ask you some questions about the trustworthiness of apps. If they let spyware apps through, is there any way for an user to be sure that an app doesn't do anything it's not supposed to? Does Microsoft have access to the complete source code of apps for inspection?
For example, WinPass is an open-source KeePass app for WP, which should make it trustworthy. But there doesn't seem to exist a way to make sure that the app on the store is the exact same app and not a spoofed app with "additional functionality" that steals your passwords. It looks like it's a matter of trusting the developer. Is that correct?
Also, if the app lacks permissions such as "Use your device network services" and anything Internet related, is it guaranteed that it cannot access the Internet?
Just wondering, why is everyone re-inventing the wheel with all the password storage applications?
There are some KeePass-compatible apps that also support OneDrive, Dropbox and so on since Windows Phone 7 (~5 years), see WinPass for an example.