Friday, February 20, 2009

The Store Story

(This was originally posted earlier this week on the LiMo Foundation's MWC Blog...)

A lot of the news coming out of MWC this year seems to be about what isn’t there. In particular, there’s been a fair amount of commentary on the relative dearth of new Android handsets, the notable exception being the HTC Magic, coming out from Vodaphone before long. Other than the lack of a hard keyboard—the Magic is touchscreen only—it’s pretty similar to the G1.

What’s more interesting are the announcements around applications stores coming from various parties. Google has finally enabled paid applications on its Android store, a few months late, and Nokia has announced the Ovi Store for Symbian phones. In addition, Microsoft is going to have a Windows Mobile store (and reportedly brick and mortar stores as well) to push their mobile solutions. Stores, stores, stores.

Obviously, all of this has been driven by the success of Apple’s iPhone and its associated App Store. Apple, in a big comeback from their original position on development for the iPhone, has managed to do what prior mobile platform vendors, like Palm, always had a lot of trouble accomplishing: they’ve made adding software to your phone mainstream. Prior to this, while a lot of people carried “smart phones” of various kinds, relatively few ever took advantage of the capability of those devices to do things beyond the set of capabilities they shipped with. That’s a situation which is clearly changing.

Some interesting situations have already arisen, which display the difference between the various store “governance models”, if you will, as well as the security capabilities of the various platforms. Apple exerts tremendous control over its developers, to an extent pretty much never-before-seen, with the iPhone store. Essentially, developers for the iPhone have to do their work “on spec”, in the hopes that Apple will approve it for sale in the store. There have been several interesting cases where Apple’s either disallowed applications, or even removed them after initially allowing them for sale, on various grounds, as well as a number of situations around content—the author of an electronically distributed novel was obliged to remove several instances of “the F-word” in order to satisfy Apple that his content was okay for distribution.

That’s a situation that, in the long run, is calculated to provide a strong disincentive for major development projects on the iPhone: what organization is going to be willing to invest man-years of effort in developing an application that they may, ultimately, find themselves unable to effectively sell? In addition, Apple controls the effective marketing of those applications to a large degree, with its “Staff Picks”, and so on. The iPhone store is a market, but not a free one.

In contrast, the Android store is a pretty wild and wooly place, especially in the commentaries on some of the applications. Google exerts almost no control (although there are, indeed, terms and conditions associated with selling applications through the Android store, but they’re a cakewalk compared to Apple) over what gets listed there, which is fine as far as it goes. Where things get problematic is the intersection of the freedom around the store and the weaknesses of Android’s security model.

In the past few weeks, stories came out about an Android application which purported to “optimize” the memory usage of your Android phone. Sounds good, right? Of course, the app, when installed, dutifully reported the things it wanted to do, and of course, users all agreed to allow the application to do those things. The application then apparently went ahead and deleted pretty much every single bit of data on the phone, which I suppose represents an “optimization” of sorts—”There’s more now!”—but isn’t what the users of the application had in mind, certainly.

Both situations are caused by the same symptoms: lack of a policy-based security model. All Android applications are self-signed by their developers; all iPhone applications are effectively signed by Apple. However, neither of these models offer much granularity: either you install an application on your iPhone or G1 or you don’t; when you go to run it, either you agree to allow it to do whatever it does (implicitly on the iPhone, more explicitly on an Android phone), but once you’ve done that, if the application misrepresented what it does, you’re out of luck.

In contrast, policy-based models allow “levels” of signature, such that—for example—for an application to delete contacts, it would need to be signed by an authoritative source. Alternately, that specific capability would be brought out to the use for explicit approval, rather than a generic “This application wants to access your contacts”. This is one of the strengths of platforms—like the recently-announced LiMo reference platforms—which incorporate a policy-based model from day one.

Over the next few years, better security models, and broader availability of platforms which implements them, such as those being used by LiMo Foundation members, are going to be creating a real marketplace for developers, one which allows them to sell (or give away) their goods as they see fit, but also one which has some real consumer protection built in.

2 comments:

Rob J. Caskey said...

I bought a blackberry a few weeks ago for my Executive Director. One thing that really struck me was how good its security policy seemed to be. You get a nice GUI letting you allow/disallow various features that the app requests through checkboxes, and it made me think "I want this on my desktop too."

Lefty said...

Yes, RIM has a good (policy-based) security model: not surprising, given that they were designed to appeal to enterprise customers (and hence, IT professionals) pretty much from the get-go...