Capabilities are defined as the resources on the phone (camera, location information, microphone, and more) associated with security, privacy, and cost. The LPC has a minimal set of access rights by default. However, this can be expanded by requesting more capabilities during the installation. Capabilities are granted during the app's installation and cannot be modified or elevated during runtime. For this reason, it is difficult to side-load applications or force custom boot code to the device to gain forensic access, as it is normally rejected prior to bootup.

To install an app on a Windows Phone, you need to sign in to the Marketplace with a Windows Live ID. During installation, apps are required to ask the user for permission before using certain capabilities, an example of which is shown in the following screenshot:

This is similar to the permission model in Android. This gives the user the freedom to learn about all the capabilities that an application has before installing the application. The list of all capabilities is included in the WMAppManifest.xml application manifest file, which can be accessed through Visual Studio or other methods that are defined at https://docs.microsoft.com/en-us/previous-versions/windows/apps/ff769509(v=vs.105).