about scripts and your private information

A published script might access the resouces of your phone, such as your current location and pictures stored in your picture library. Later, a script might want to sent out this private information for example by posting it to Facebook or to the web.

TouchDevelop works to protect your private information in the following ways:


TouchDevelop scripts can access different capabilities. Some capabilities provide access to your private information (sources), other capabilities send out information so that other people can see it (sinks):

information flow

Information flow describes what kinds of private information, such as your picture taken from the camera, can flow to what kinds of output channels, such as posting to Facebook.

anonymized vs. real information

For each kind of private information flowing to output channels, you can grant the scripts the ability to use anonymized or real information. Anonymized information means that TouchDevelop will replace your real information with anonymized information, such as a fixed location instead of your real location, so that your real location remains secret. In this way, you can try out scripts before granting access to any real private information.

default of anonymized vs. private information

To ensure that no private information escapes your phone without without your knowledge, TouchDevelop provides a default setting based on an automated script analysis, in which TouchDevelop inspects the possible informationn flow as follows: