This argument sets up a false dichotomy. Comparing the internet to the app store and claiming that just because the internet is a free for all, every service that is built on top of it 'should' also be a free for all is simply illogical.
Because the internet is as free as it is, we have the fortune of being able to choose between a heavily curated store - the apple app store, and some competitors who claim they will be more open - e.g. the Android Market.
This is analogous to what happens in the high street. I could rent a retail space, and then allow anyone who wants to come in and set up a table selling any legal goods, or I could rent the same space and carefully choose products that I think my customers will value.
Some people will prefer the trading hall, and others will prefer the department store.
The point is that it's a good thing that Apple can provide this more curated option for those of us who want it, and that others can provide alternatives for those who don't like Apple's approach.
The real tyranny would be if Apple were forced to stop being the gatekeeper for the iPhone - that's when a choice would be lost to us.
For right now, I think Apple has the best model by a long way, even though it's not perfect.
I'm quite prepared to believe that I'll be buying an Android phone in a couple of years if the more open ecosystem turns out to be better at producing useful applications, but I'd like to see that determined empirically - by allowing both approaches to be tested, rather than having the App store torn down or undermined because of ideology.
What the author misses is phones present dangers and costs that PCs don't. So his philosophy of "we've gotten by in the past and our PCs never had a review process" doesn't hold up.
In fact, it ignores the fact that a large percentage of the computers out there are part of one botnet or another. On the desktop it isn't that big a hindrance since high speed connections are cheap and unlimited. But if we open cell phones up to the same risk you're going to see serious consequences.
Forget bots pushing spam, forget monstrous phone bills, imagine a cell phone trojan that actually launches calls. It's a lot easier to create an effective DoS attack against phone lines.
There's a reason why even open leaning Google has a review process for their app store.
> There's a reason why even open leaning Google has a review process for their app store.
You're either misinformed or being somewhat disingenuous comparing the Android review process to the App Store one. The Android review process consists of pretty much instantaneously running a piece of sanity check software against the putative application, and then immediately approving or rejecting it.
Yes, Google still has the ability to reverse decisions later, but this is more or less the only part where their "review process" is on par with Apple's. Anyway, you would expect that anyone running an application store would maintain this ability, at the very least to remove abusive or somehow illegal pieces of software.
(I'm not saying that I would never disagree with Google's particular decisions regarding their ability to remove applications. I'm saying that the Android model is pretty much exactly what the article is proposing for the App Store.)
Where did I say that Apple's app store process was identical to Google's? Or even close?
The original article quoted a post endorsing the idea of no approval process while saying the person writing that article was right. To me that's an endorsement of no approval process and I was responding to that by saying even Google has some kind of approval process in place.
The great thing about phones though, is that they work both ways. You get one line going in, and one going out, and that's all you can work with. If that was regularly being tied up, you'd notice fairly quickly and expect someone to fix it.
Your computer, on the other hand, can take at least several dozen concurrent connections. If a few of those are tied up sending spam, or being part of a DDoS, you are barely going to notice, especially if you're the type of user who is only on the computer to browse "websites".
I'm not sure this would make a difference. Even the largest companies generally only have a couple hundred external lines.
(internal office phone systems don't give each number it's own dedicated external line for those who don't know)
So if you can manage to infect just a very small amount of people you can wreak some pretty serious havok. And since the iPhone will return to the program once the line is disconnected you could launch a pretty effective attack against a companies phone lines.
Right, but the iPhone user would find it a lot more noticible. The reason botnets can exist are because they users of the infected computer don't try to fix it. With a phone, the incentive to fix the problem is much biger: it eats up 100% of your available resources every time it attacks someone.
Yes, if the people making the malware were complete idiots and ran down people's batteries it would be noticeable. But, as on the PC, I'm sure they could find a way to make it just subtle enough to not be noticed. Estimates place the number of personal PCs infected with some kind of malware as high as 89% (http://www.webroot.com/resources/stateofspyware/excerpt.html) so I have to believe they could find a way to con a good percentage of cell phone users if given the chance.
That is because malware is a very general term, since it applies to everything from a full blown virus that destroys your computer to a tracking cookie that reports back to a server what you do online.
The reason malware is able to run rampant on computers is simply because of their versatility. A piece of phone malware is fairly limited. The botnet analogue is an auto-dialer, which completely ties up the phone's primary resource (its phone line). On a botnet, it may tie up a good portion of the computers connect, but enough gets through that the user just deals with it.
Actually, if all the malware was doing was draining the battery I doubt the phone users would notice at all. They would assume their phone was getting old and losing its charge, the same way users now assume the reason computers gets slow is because its getting old.
I just don't see any reason for phone-based malware. There are two types of malware: High intrusion and Low intrusion. High intrusion are things like Botnets and Auto-spammers. They tie up a lot of the computer's resources in order to make a profit off of them. The Low intrusion malware are things like tracking cookies and keyloggers. They exist because they gather data, and then send it en-masse to a server, where it is analysed and sold.
High intrusion on a phone does not have any place. The user will take their phone back to their provider because it doesn't work. You can't tie up just part of a phone line, its all or nothing. You could tie up part of the internet connection, but the user is paying for that out the nose and will notice any sizable use of the connection.
Low intrusion is possible, but users (at least from my experience) don't do anything particularly useful for that kind off malware on their phones. You can steal their browsing history (maybe), or their call logs/messenging, but the second isn't valuable (a little, but not much, definitely not worth the risk), and the first, from my experience isn't valuable. Users just don't go to those high value sites (bank sites and the like) on their phones.
Really, we're not talking about being the gatekeepers to the iPhone, Apple is the gatekeeper to the App Store, nothing more. It doesn't seem that big of a deal for Apple to continue to review applications for the App Store, but allow another method (short of jailbreaking) to add non-reviewed apps to your phone too.
It's a PR and brand management thing. Apple knows that anything heinous or broken on the iPhone reflects poorly on Apple. However Apple tries to wash its hands or disclaim responsibility, the animus attached to bad apps will rub off on Apple. That's reality; it can't be changed by fiat.
The bad press about App Store polices play big here, and elsewhere in the tech press, but in the general press? People don't care about a developer's woes unless they themselves are developers. Only a few people care about apps they aren't getting access to due to Apple's policies.
On the other hand, if there were rogue apps out there, that would be nightly news material. Even just the words "rogue apps" should tell you that.
Yes, that's how the internet should work and that's how personal computers should work, for everyone but people like us.
Closed platforms rock. The mythical End User just loves himself a closed platform. It means there's some company out there betting their reputation and their bottom line that no malicious, harmful, or otherwise undesirable software will find its way on their device. And that's a guarantee that sells devices. Look at what the "Official Nintendo Seal of Quality" did for video games, for instance.
The future of development is closed source on a closed platform. That's where customers' attention, and money, will be focused.
This article will get upvoted because people hate the app review process, but the logic in the article is flawed, as was Hewitt's. Whatever they may say about the "sandboxing", the iPhone is running native code on a little box that can listen to your phone calls, access your voice mail, and probably log in to your email account. When the little box goes crazy, it can disrupt the GSM network.
Apple builds security against those types of attacks into the OS and the SDK. The review process basically adds no additional protection. Holes in the SDK which accidentally expose such features can still be exploited, and those exploits are highly unlikely to be detected by Apple.
It's true that the review process won't catch these problems, but the process increases accountability.
I'm not arguing in favor of or against reviewing though. I'm just pointing out the flaw in Hewitt's logic. There's no magic sandbox that will reliably keep an iPhone app away from the dialer. That's in stark contrast with sandbox systems like Java, where the dollar value of a sandbox break is extremely high.
Because the internet is as free as it is, we have the fortune of being able to choose between a heavily curated store - the apple app store, and some competitors who claim they will be more open - e.g. the Android Market.
This is analogous to what happens in the high street. I could rent a retail space, and then allow anyone who wants to come in and set up a table selling any legal goods, or I could rent the same space and carefully choose products that I think my customers will value.
Some people will prefer the trading hall, and others will prefer the department store.
The point is that it's a good thing that Apple can provide this more curated option for those of us who want it, and that others can provide alternatives for those who don't like Apple's approach.
The real tyranny would be if Apple were forced to stop being the gatekeeper for the iPhone - that's when a choice would be lost to us.
For right now, I think Apple has the best model by a long way, even though it's not perfect.
I'm quite prepared to believe that I'll be buying an Android phone in a couple of years if the more open ecosystem turns out to be better at producing useful applications, but I'd like to see that determined empirically - by allowing both approaches to be tested, rather than having the App store torn down or undermined because of ideology.