Managing Privacy: Windows Store and Resulting Internet Communication
Updated: October 17, 2013
Applies To: Windows 8.1, Windows Server 2012 R2, Windows 8
In this section
The Windows Store is Microsoft’s digital distribution platform which provides access to certified desktop applications and Windows Store apps. A Windows Store app is a new type of app that uses the new Windows user interface (UI) that was introduced in Windows 8. Windows Store apps work with a variety of input sources, including touch, pen, mouse, and keyboard. Windows Store apps can also connect to a variety of different social network services such as Facebook, while the Photos app as can aggregate photos from services such as Flickr.
Designed for Discovery: The Windows Store is designed to ensure the discoverability of apps. Discoverability mechanisms such as search, category browse, rankings, and editorial curating help users find apps. Windows Store landing pages are designed to surface compelling apps and categories like new releases, top paid, top free and rising star help organize the catalog. The Windows Store catalog is indexed by search engines, so apps are easy to find.
App Availability in a Global Marketplace: The Windows Store supports the distribution of free and paid apps in hundreds of markets worldwide, so most customers can find and install the apps they want in the language of their choice. The Windows Store supports market-specific catalogs, tailored for customers in specific locales, as well as market-specific payment providers.
Support for Enterprise Management: IT administrators can control the method of how apps get onto user's PCs and can control access to the Windows Store by using Group Policy and AppLocker. Specific apps from the Windows Store can be allowed or blocked by using AppLocker..
Support for Roaming User Settings: Windows Store apps can store user-specific settings so that these settings roam across multiple devices. As with operating-system settings, these user-specific app settings are available whenever the user signs in with the same Microsoft account on any device that is running Windows 8 and is connected to the cloud. After the user signs in, that device automatically downloads the settings from the cloud and applies them when the app is installed.
Support for Enterprise Deployment: For enterprises looking to take advantage of the rich capabilities of Windows Store apps, the Windows Store offers acquisition options that provide direct control over the app deployment experience. Businesses can load their apps without having to publish their app to the Windows Store. This process, which we call “sideloading”, is available on a Windows 8 PC that is domain-joined or on a Windows 8 PC with an activated sideloading product key. This ensures that an app that is created in an enterprise can stay within the corporate network and be centrally managed, updated, and distributed.
Apps installed from the Windows Store are designed to take advantage of specific hardware and software features of a PC or tablet. For example, some common consumer scenarios such as a photo app that needs to access your webcam, or a restaurant guide might need to know your location in order to provide dining recommendations near you. You can view what features and functionality an app requires in the Windows Store before installing the app. Windows will ask whether you want to allow or deny access to the most sensitive of these features—location, text messaging, webcam, and microphone—before the first time each app uses them.
Application publishers to the Windows Store must disclose if an app accesses or utilizes sensitive user information such as:
An Internet connection: Allows the app to connect to the Internet.
Incoming connections through a firewall: Allows the app to send information to or from your PC through a firewall.
Usage of a home or work network: Allows the app to send information between your PC and other PCs on the same network.
App access to your pictures, videos, music, or document libraries: Allows the app to access, change, or delete files in your libraries. This includes access to any additional data embedded in these files, such as location information in photos.
Removable storage: Allows the app to access, add, change, or delete files on an external hard drive, USB flash drive, or portable device.
Usage of user windows credentials: Allows the app to use user credentials to authenticate and provide access to a corporate intranet.
Certificates stored on your PC or a smart card: Allows the app to use certificates to securely connect to organizations like banks, government agencies, or your employer.
Your location: Allows the app to determine your approximate location based on a GPS sensor or network information.
Your PC’s text messaging feature: Allows the app to send and receive text messages.
Your PC’s near-field communication feature: Allows the app to connect to other nearby devices that the same app is running on.
Your portable devices: Allows the app to communicate with devices like your mobile phone, digital camera, or portable music player.
Your information on a portable device: Allows the app to access, add, change, or delete contacts, calendars, tasks, notes, status, or ringtones on your portable device.
Your mobile broadband account: Allows the app to manage your mobile broadband account.
Your webcam and microphone: Allows the app to take pictures and record audio and video.
Use of information: Apps which use these features must disclose this in their developers’ privacy practices statement. If an app uses sensitive features, a link to its developer’s privacy statement must be available on the “App Description page” in the Windows Store.
By default, the Windows Store tile is not installed on a graphical user interface (GUI) installation of Windows Server 2012 or Windows Server 2012 R2. The Windows Store tile can be added via the Server Manager | Add Roles and Features Wizard | Features | User Interfaces and Infrastructure | Desktop Experience. For most customers, accessing the Windows Store from a Windows server is not a common scenario and is included for development purposes only.
Below are the Group Policy settings which can be used to manage Windows Store access.
Allow all trusted apps to install: This policy setting allows you to manage the installation of app packages that do not originate from the Windows Store. If you enable this policy setting, you can install any trusted app package. A trusted app package is one that is signed with a certificate chain that can be successfully validated by the local computer. This can include line-of-business app packages signed by the enterprise in addition to app packages that originate from the Windows Store. If you disable or do not configure this policy setting, you can only install trusted app packages that come from the Windows Store.
Allow Deployment Operations In Special Profiles: This policy setting allows you to manage the deployment operations of app packages when the user is logged in under special profiles. Deployment operation refers to adding, registering, staging, updating or removing an app package. Special profiles refer to profiles with the following types: mandatory, super-mandatory, temporary or system. Local and roaming profiles are not special profiles. When the user is logged in to a guest account, the profile type is temporary. If you enable this policy setting, the system allows deployment operations when the user is using a special profile. If you disable or do not configure this policy setting, the system blocks deployment operations when the user is using a special profile.
Block launching desktop apps associated with a file.: This policy setting allows you to minimize the risk involved when an app launches the default program for a file. Because desktop programs run at a higher integrity level than apps, there is a risk that an app could compromise the system by launching a file in a desktop program. If you enable this policy setting, Windows prevents apps from launching files that would open in a desktop program. When you enable this policy setting, apps may only launch files that can be opened by another app. If you disable or do not configure this policy setting, apps could launch files that would open in a desktop program.
Block launching desktop apps associated with a protocol: This policy setting allows you to minimize the risk involved when an app launches the default program for a protocol. Because desktop programs run at a higher integrity level than apps, there is a risk that a protocol launched by an app could compromise the system by launching a desktop program. If you enable this policy setting, Windows prevents apps from launching protocols that would be passed to a desktop program. When you enable this policy setting, apps may only launch protocols that can be passed to another app. If you disable or do not configure this policy setting, apps could launch protocols that would be passed to a desktop program. Enabling this policy setting will not block apps from launching http, https, and mailto protocols that would be passed to a desktop program. The handlers for these protocols are accustomed to handling data from untrusted sources and are therefore hardened against protocol based vulnerabilities. The risk of allowing these protocols to be passed to a desktop program is minimal.
Turn off the Store application: Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. If you disable or do not configure this setting, access to the Store application is allowed.
For more information about the Windows Store see the following topics: