Windows Phone 8.x is a very closed operating system. Documenting its internals and security model is usually a painful task, but like all other operating systems, WP 8.x provides many key platform security features to protect OS integrity, user's data, and privacy.
To ensure system and user's data integrity, Windows Phone 8 mainly relies on Secure Boot and the application platform security.
Windows Phone validates firmware images before loading the main operating system using the Secure Boot technology, which is built on a chain of trust extended to hardware and firmware. During manufacturing, a "root of trust" is made by provisioning the hash of the public key used by the SoC vendors and original manufacturers to sign the initial bootloaders. Thus, Secure Boot cryptographically validates all the boot components from the pre-UEFI bootloader to the UEFI environment followed by the main operating system and all the drivers and applications...