Apple iPhone SDK – Should You Be Afraid?

Last modified on March 9th, 2008

Going through Google reader tonight, I’ve encountered a lot of shared articles about the Apple iPhone SDK. And for the most part, every one of the articles praises the SDK and Apple’s approach with it.

Photo by John Biehler

But in pure Office Space style, I’m going to have to go ahead and, you know, sort of disagree with you all. In particular, I’m going to outline a few points from one specific article and give my take as a cross platform application developer who actually *has* developed software from scratch on the Mac using both Carbon and Cocoa.

First point:

Overall, it is deeply impressive how many things Apple got right. We still need to see more details on terms and conditions, and a lot will depend on Apple’s execution, but here are the problems they appear to have solved:

–Mobile applications are hard for users to find and install, so Apple is building the applications store into every device. Apps are installed automatically when you buy them, and you can also be notified of upgrades when they’re available.

Well, my iPod Touch is currently unlocked, and there’s a whole open-source mechanism in place to view, download, install and upgrade applications, all for free. So why do I need a store that charges money to take care of that for me?

–Third party applications stores take far too much of a developer’s revenue — 60% or more. So the Apple store takes 30%. That’s a bit high (20% would be better), but everyone else has been so greedy that Apple looks like a charity.

Honestly, if you can write a software application from scratch, you can sure as hell write a PHP script to send someone a download link when they purchase your application via PayPal for 10%. I realize Apple iTunes may make finding the applications a little easier (and I’ll only buy this argument for *commercial* applications, since as I pointed out above, there’s a whole system in place already for distributing free apps on the iPhone and iPod touch), but seriously, not every developer has been forced to be gouged by online stores.

-Getting applications certified for use on mobiles is expensive and time-consuming, so Apple has streamlined the process dramatically. Developers pay $99 a year, and apparently get automatic certification of all their apps. We need to learn more about how the app approval process will work, but if it’s not burdensome this service alone justifies Apple’s 30% cut of revenue. Apple takes responsibility for ensuring that iPhones remain secure and do not abuse the network, something that no one else has been willing to do.

Automatic certification is not equivalent to the type of certification you typically pay for when you do something like a Microsoft certification. Having experienced some of those, they take lots of time, and are extremely exhaustive when it comes to security, memory leaks, program function, etc. I’m not going to make a definitive statement here, but I seriously doubt Apple is going to exhaustively test every application for $99 a year. My understanding is that cost basically only gives you the ability to digitally sign your application and have it hosted on the iTunes store.

In terms of the last point, due to the nature of the iPhone and the restrictions on the API (and the glaring terms of service which say that as a developer you can’t use any undocumented feature), I actually think it would be fairly difficult to do anything that abuses the device or the network (especially since parts os using Edge are already off limits).

Another thread on various blogs is how the Apple iPhone SDK will potentially limit enterprise apps. Since you basically have to digitally sign your applications and have to use iTunes to distribute it, there’s a huge hole for the applications that are enterprise related but contain features not meant to be public, such as access to proprietary or private APIs and/or services. Do you have to use iTunes for those applications, or can you distribute them privately? If it’s the later, do you really need to digitally sign those applications? Some big questions here.

There’s a point I want to bring up that most people seem to be over looking. In a world where open source has become (or is in the process of becoming) one of the most dominant software distribution models (MySQL, Drupal, WordPress, Android, etc), the reliance of the iTunes store and the requirement to digitally sign your applications (using a certificate provided by iTunes for a price) effectively translates into the software equivalent of DRM, and ultimately may lead to the same type of restrictions on software that Apple now enjoys thanks to Fairplay on music. And while most people only have one iPhone or one iPod touch today, it doesn’t take much imagination to envision changes to Apple TV or other Apple products which may ultimately require you to purchase a separate version of each application for every device you want to use it on.

In software, it is generally considered a privacy violation to have your application “call home” periodically and report its status (in fact, many software projects have gone under for being flagged as Spyware for doing that very action without properly informing the user). Some applications bury information about this behavior in the fine print of the privacy policy (that thing everyone says yes to when they install stuff) or the terms of service, while others disguise it as a “check for updates” option, both of which give the developer of the application the means to see which users are using their software and also information (even in terms of their location based on IP address) about their users. In term of the latter, most applications allow you to disable checking for updates for privacy reasons. Now that the software distribution and upgrade process will be integral to iTunes, and iTunes is already required to synchronize these devices, there’s the potential to have the system automatically expose information on an application level that most users would typically have the ability to disable with normal standalone applications.

That’s not to say I don’t realize there are pluses to having an application with mass appeal on iTunes so that everyone can download it and purchase it virally, but I’m starting to get a little worried about the closed world Apple is carving for itself. At what point do they become a huge monopoly like Microsoft was in the 90s, where the only consumer friendly option is to attempt to break them apart?

More evidence that Apple is trying to lock development down and keep others from playing in its sandbox can be found in this information week article:

Turns out, though, that developers are limited in what iPhone functions that can tap for the apps they’re building, according to Adam Houghton’s post on his eponymous blog. Houghton characterizes as a “glaring” omission his discovery that developers can’t access calendar appointments, music and videos from the phone’s iPod app, nor phone and SMS functionality.

While the phone-function and SMS lockdowns are, as Houghton notes, likely due to security, one can’t help but think that the other restrictions are because Apple wants to keep all the really good stuff to itself.

I couldn’t agree more. In terms of the actual SDK itself, I’ve taken a look at it, and except for the Locations API, doesn’t really provide a whole lot extra from the normal Apple desktop frameworks provide (and in fact, has some stuff removed).

So while I think every serious Apple developer needs to take a look at the iPhone SDK, I think Apple is bringing people further inside their closed little world with the iPhone SDK. As a developer and a consumer of Apple products, I am starting to get a bit worried.

8 responses to “Apple iPhone SDK – Should You Be Afraid?”

  1. Clak says:

    The internal apps for enterprise question was already addressed at the townhall meeting, although officially, the answer wasn’t part of the presentation. Phil Schiller addressed the question from a reporter and clarified by saying that Apple was working on a version of the app store to be used exclusively by corporations for internal deployment of proprietary software.

  2. Honestly, I’m surprised Apple provided as much SDK functionality as they have in this initial release, especially considering their previous “write a damn web app” approach. And charging nothing to developers to host and promote free applications is a great approach — I was afraid that wouldn’t happen at all. (Still no word on how shareware would work.)

    Nothing precludes releasing iPhone software as open source either, though you’d have to publish the source somewhere other than the App Store, I presume. The problem is being able to get open source code you’ve modified back onto your own phone — presumably the only mechanism would be to have the digitally-signing project committers check your code into an updated version of the app. (Question: in addition to wondering how thorough Apple will check new programs, how thoroughly will they check upgrades?)

    Apple is trying to thread a needle here, and I think John Siracusa’s analysis is cogent:

    “Today, it’s a win-win-win for Apple, developers, and consumers. But if you plan to be part of this world, ask yourself what kind of environment you’d like to live and work in five years down the road.”

    From a security perspective the SDK and, particularly, installation were as wide open as they are on the Mac (or on Windows or Linux), given Apple’s storming of the smartphone market with this device, it wouldn’t be very long before someone wrote a nasty piece of malware of some kind. Then Apple would be in the poor PR position of the news being, “First major iPhone virus sweeps across the world!”

    The digital signing/App Store approach helps mitigate that risk quite significantly. It may be philosophically and technically annoying for developers, but chances are it will provide a significantly better user experience. Hell, while the one-stop-shop App Store feels fundamentally control-freakish to me, I wish ALL software could be digitally signed.

    But I also think the jailbreaking community has a chance to keep Apple honest. The demand for third-party apps was obvious from how many jailbroken and unlocked phones there have been so far; Apple’s goal will have to be to make the legit SDK/App Store appealing enough that few iPhone/iPod Touch users want to bother with jailbreaks. If the company is too draconian, jailbreaking will just take over again.

    So the likelihood is that, over time, the SDK will become more flexible and maybe installing applications will become less restrictive, while Apple tries to maintain a good and secure user experience. That’s not a bad compromise — although a compromise it is, for all concerned.

  3. Duane Storey says:

    Thanks for the comments Derek. A few things inline:

    And charging nothing to developers to host and promote free applications is a great approach.

    My understanding is that the application still needs to be digitally signed, which means they have to pay the $99. Obviously not a huge deal, but if that’s the case then it’s not free.

    The digital signing/App Store approach helps mitigate that risk quite significantly. It may be philosophically and technically annoying for developers, but chances are it will provide a significantly better user experience. Hell, while the one-stop-shop App Store feels fundamentally control-freakish to me, I wish ALL software could be digitally signed.

    You see, this is the part I have trouble with, unless I’m missing some fundamental piece of what this means. But simply giving a developer a digital cert and asking them to sign the applications doesn’t mitigate any problems up front at all — all it does is give Apple the ability to limit which applications get submitted (by limiting the certs) and also to revoke certs and stop abusive apps from running after the fact. I don’t think it buys you anything on the front end of the process, not unless Apple is spending considerable resources testing every application they host on iTunes, which I doubt.

  4. I’m not a developer, so this is from someone who is both a target market for these applications. I’ve also spent the last decade in the wireless phone industry, so I know a little bit about how other companies have handles these issues. Still I’ve never written code since my high school C+ class and before that Apple BASIC.

    As someone with an unlocked, and jailbroken, iPhone I’ve tried out a number of the applications that are around for it. I find that for the most part they fall into three categories: a) pointless, b) useful but broken, c) useful and working. The ones in category A I’d never pay for. The ones in B I’d pay for if they worked or did not crash my iPhone and the ones in C are the most likely to make the move to this new SDK. MobileScrobbler is the only application I really use (non-Apple) and I don’t see why they would not just port it for the SDK and pay the $99 and continue to distribute it for free.

    The $99 is an idiot bar, like having to have 100 signatures to run for office. It goes a bit of the way to eliminating people who really have no business writing applications from doing it. It’s low enough that it should not be a real hurdle for anyone with a good piece of software from getting it on the store.

    I can see how needing to go through the Apple Store seems frustrating to some people, but in the end I think people who do use it will find that they’re making more money than without it. Yeah Apple takes a cut, and yeah maybe it’s a higher cut than 0%, but you get the sort of retail exposure that you can’t get anywhere else. Once in the store applications will sink or swim based on their own merits. A really good application is going to be a top seller, and I imagine will see sales figures that do more than compensate for the 30% cost of entry.

    I’ve used, and I’ve sold, BlackBerries, Palms and Windows Mobile phones. Most of these use third party stores (Handago for example) to sell software for them. The stores are messy, and hard to navigate. The experience is not particularly pleasing, and anyone who people with smart phones knows someone who loaded an application that started crashing their phone. Apple wants to control the entire user experience, both in purchasing things for the phone and once they’re on the phone. It’ll be slick and elegant and if something is proven to crash the phone, then they’re going to be quick to take that off the store.

    I’m actually surprised that the SDK is as open as it is. Wanting to control everything about their products is written into the company’s DNA, at least as deep as the Lisa if not further back. Sometimes it’s been a detriment to them, but with the iPod and iPhone it’s been a key to success. As a consumer I’m far more likely to buy an application from the iTunes store, I already buy music there like it’s candy.

  5. Duane Storey says:

    Some good points. I’ll also point out that I’ve applied for an iPhone developer license as well, so I’m not totally opposed to everything they are doing. I agree with the idiot-bar analogy, I am just skeptical that the $99 gives you anything significant from Apple besides the ability to sign applications.

  6. Duane Storey says:

    Also, one other part of the store concept bothers me. What if they start denying the admission of certain applications into the store? For example, what if an application competes with one that Apple themselves has an investment into? Does that constitute an overuse of their market position?

    To give an example, WordPress has a large plugin repository where most people put their plugins, and WordPress automatically lets users know when something changes. Since I’ve written 7 plugins, it was suggested I start putting some of them up there. I applied for access to the repository but was initially denied since one of my plugins was deemed too similar to another plugin. This has since been corrected, but I was initially fairly frustrated that the system effectively has a gatekeeper whose job was to limit my ability to compete.

  7. […] really more for fun than anything grander at this point in time at least. Duane’s also got a few thoughts on the SDK you might also want to check […]

  8. Vip says:

    It’s now November. Since then, access to SMS, the phone, and the browser is available on the SDK. Enterprises can create in-house apps. Developers are getting rich selling their apps. Now everyone’s trying to copy the Apple model: Google, RIM, Microsoft, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *