To update firmware which hosts a lot of the driver instructions for those stacks would require you to have a signing key from MS. If that key ever got out in public then it would be a problem. Luckily it can be revoked and have a new one generated. And sure it can be bypassed if you're skilled but you need access to the hardware directly.
On top of that a TPM is used which has a cryptoprocessor dedicated to that specific device. It can verify hardware/software integrity. It's still vulnerable no doubt. Both android/ios devices have been rooted. It's only a matter of time before the same happens to windows mobile. It's not an easy process though and takes a large amount of skill. And of course you need to have the device with you. But point is that while your phone is not rooted it will maintain security. Even android phones are not subject to a lot of different exploits unless they are rooted. Sometimes they are sure, but that's the nature of android unfortunately. It's easier to attack a fully open sourced OS and it also relies on open source libraries that aren't necessarily tightened down heavily.
Anyways, as it stands today you can't really have much done to your phone from a store app. So if you stick with that you likely won't have many issues. MS is pretty hard on security in order to have businesses invest into windows mobile.
And as far as you getting a drivers cert. It doesn't work that way. MS deals with all the drivers themselves and package them as part of the full mobile package that is installed. Regular companies don't have access to install drivers in their apps. They have a layer of access to the OS which is the API. That allows them to do what they need and is hardened down so that they don't get anymore access than that. This UWP api is also resulting in complaints from some people in the industry due to its hardened down nature. Gamers in particular are scared of not being able to mod properly as you can't do anything like with w32 which would allow you to inject things into executable code and alter how things work. MS is instead trying to build the API to allow for a modding type framework. So UWP api is still a work in progress likely till redstone 2. It will always be enhanced as new features come out, but it is far from being on par with w32.
Yeah, the TPM business makes this harder, without a doubt. From my reading though, OEMs have an option to disable it, if they want, and it's dynamically disable-able as well.
On the certs, unless something has change, you can get a co-signed cert, which is trusted by MS, or at least you used to be able to, maybe that part's changed, I'm not 100% on top of all the current driver models/rules.
This was to make it possible for people to distribute their own packages, via their OEM/IHV release points, and that kind of thing.
I see utilities that are outside of the Store, for the phone, and I wonder, if they can also install a driver this way, maybe it's not possible.
I fully admit to not being a mobile developer, and certainly not current on W10m, in terms of driver trust models and the like.
This page here describes how to get your package all set up for install on mobile though, and does appear to be current:
https://msdn.microsoft.com/windows/...2459594)(TnL5HPStwNw-hti.Zs4tUoDkdnB8NuxaTA)()
Distribution for install is trickier, unless they're side-loading, covered here:
https://msdn.microsoft.com/en-us/windows/hardware/drivers/develop/distributing-a-driver-package-win8
UWP is definitely getting restricted, but that's not the same as Universal DDI interfaces, the ones you'd use for a driver that was portable to any OS. The Universal DDI set is NOT restricted to a given virtual address space, at all, if you go look at some of the old DDIs we used to use, when writing test drivers (I was curious, so I looked up a few common ones, avoiding downloading the whole WDK).
I 100% agree, the barriers are MUCH higher, the complexity is way up there, there's the boot protection and other components in-place as well.
Is this good, you bet, I really don't want my phone getting compromised.
Is it iron-clad, well, maybe, but my old, dated, developer-sense is saying that is just really difficult now, perhaps difficult enough that it's not viable, which is almost as good as the former.
I probably carried this discussion too far, but when people started saying things like "you're just wrong" with no basis, I got a little fired up, and dug into the latest docs a bit, to see how accurate my old constructs were. Turns out, they're not that far off, but new additions have been added, and that we're "mostly safe", IMHO.
-pete