How to Replace an Original iPhone With an iPhone 3G

Useful KBase article for next week: This article explains how to replace an original iPhone with an iPhone 3G using the same carrier. If you follow these steps to backup your original iPhone first, and then restore the backup to your iPhone 3G, your saved SMS messages, email accounts, photos, notes, and other personal settings will be present on your iPhone 3G. �★�

Related News
Comments

Apple on how to replace an original iPhone with a new 3G iPhone

Filed under: iPhoneApple has posted a Support Document that explains exactly how to replace your original iPhone with a new 3G iPhone. Basically there are two tracks: 1) In the US you don't need your original SIM as your original "account information will be transferred to iPhone 3G's included SIM when you purchase iPhone 3G." 2) Outside the US, "you can use your original iPhone's SIM with iPhone 3G." Once that's done it's just a matter of backing up your original iPhone to iTunes 7.7 and then restoring that backup to the new iPhone 3G. This should transfer all your saved SMS messages as well as email accounts, notes, etc. Once that's done you just need to erase the old iPhone with the new secure erase option.[via Daring Fireball]Read�|�Permalink�|�Email this�|�Comments
Jean-Louis Gassée Returns from Obscurity… to Talk About MobileMe

Daniel Eran Dilger MobileMe has attracted more vulture critics than Apple TV, the last product Apple launched without immediately earning billions of dollars from it. Joining the frothing dogpile of critics who can't get in enough edgewise on the bumpy rollout of MobileMe is none other than Jean-Louis Gassée. Who? Oh yes, him. The Infamous JLG. In the early 80s, Gassée was the manager of Apple France. John Sculley brought him to Cupertino to replace Steve Jobs in 1985 after wrestling away control of the company that Jobs had founded with Steve Wozniak a decade earlier in 1976. Sculley and Gassée then took the phenomenally successful Apple empire of the mid 80s, crafted from the idealistic, early 20-something visions of Jobs the marketer and Wozniak the technical genius, and pointed it toward the ground, sending the company into a frightful trajectory that nearly resulted in its complete destruction within the next ten years. While much of Apple's early 90s failure can be pinned on “I Was A Terrible Manager” Sculley, Gassée contributed his own fingerprints of disaster. It was Gassée who ridiculed Jobs' strategy for marketing “the Macintosh Office” to businesses, referring to it as “the Mac orifice.” Gassée also refused to license Apple's technology or to partner with vendors to expand the Mac experience outside of Apple's niche markets. The Gassée Way: High Prices, Low Innovation. Following Sculley's leadership of tacking a $500 marketing tax on top of the $1995 price of the original Macintosh, which had been set as low as possible by Jobs and his engineers, Gassée replaced Jobs' vision for bringing “insanely great” technologies to the mainstream with an effort to idly profiteer from the intellectual property Apple already held. Between 1986 and 1990, while Jobs' independent NeXT developed and delivered a high performance, UNIX-based workstation with advanced development frameworks and innovative hardware features that pushed the state of the art, Apple's Macintosh group under the direction of Gassée only made incremental updates to the same old technology, and then sold its machines at prices higher than NeXT was charging! By the time Gassée bailed from Apple in 1990 to start his own company as Jobs had done, Apple's only affordable Mac was the Mac Classic, a pathetically recycled version of the five year old Mac Plus. The Mac IIfx was being sold as its $12,000 high end workstation, but it was still running the same crippled classic Mac OS from the early 80s and used an 030 processor. By that time, NeXT was already selling an 040 in the NeXTcube for less, which also offered the option of an Intel i860-powered NeXTdimension board for handling futuristic 32-bit PostScript color and video sampling. NeXT didn't have a low cost model because Sculley's Apple had sued the company to prevent it from entering the consumer market in competition with Apple. Platform Crisis: The Lazy Dinosaur 4 1990-1995: NeXT, Be, and the Mac PC Newton Rising: Is the Next iPhone Device a G3 MessagePad? Byte's original NeXT review Gassée's Plan Be. After slashing Apple's tendons and leaving it to slowly bleed to death, Gassée left to start Be, Inc. The company developed a nice looking interface for a hobbyist system running oddball hardware. It then copied Apple's PowerPC architecture before moving to a platform based on Intel-standard PCs. However, between 1991 and 1996, Be was unable to reach beyond offering an early developer preview of its new operating system. It demonstrated some new ideas, but lacked even a basic printing architecture and had no provision for a multiuser security model. NeXT had developed a far superior operating system and set of development frameworks in a much shorter period of time, and had matched the transition to PowerPC (and several other architectures) and then Intel. By that time however, the Sculley-Gassée mutilation of Apple in the late 80s had resulted in the rise of an opportunistic, malignant boil on the computing landscape. Just like Australia's rabbit plague or Jim Henson's fatal 'flesh eating bacteria' strep infection, the wild landscape and creative potential of personal computing was overrun and destroyed by the scourge of Microsoft's soulless Windows PC. There was apparently no longer any room for innovation in the PC world, thanks to Sculley's opening of Pandora's Box (by handing Microsoft a free license to most of Apple's Mac-related intellectual property) and Gassée's efforts to make sure that Apple didn't open its own. It was Gassée who pulled the plug on Apple's partnership with Apollo to create Unix workstations with the Mac OS interface, and it was his decision to rebuff AT&T's advances toward licensing the Mac human interface for its systems. Microsoft didn't earn the Windows monopoly; it was simply handed it by the incompetence of Sculley and Gassée after the duo ignored Bill Gates' suggestions on how to promote the platform. Steve Jobs and 20 Years of Apple Servers Undoing the Sculley-Gassée Crisis. In its last gasps of breath in 1996, the old Apple briefly considered buying Gassée's BeOS before realizing that Jobs' NeXT operating system was vastly superior, already proven in the enterprise market, and could easily run on existing PowerPC Mac OS systems because of its inherent portability. After acquiring NeXT, it took Apple another six years to commercially rerelease it as a mainstream operating system in Mac OS X, and it has taken nearly another six years for the media to recognize the new significance of a Mac platform based on NeXT's technology. Apple's Macs are now profitably selling with a regular 40% growth year over year, despite the overall PC industry barely finding 4% growth and while many PC makers are losing money. Apple has since parleyed it technology into Apple TV as a set top box and the iPhone and iPod touch as a new mobile platform. Gassée's own Be, Inc. was bought out by Palm and went nowhere. He now serves as a partner at venture capital firm Allegis Capital. Having poked the computing industry in the eye, Gassée might be expected to live out his term quietly. Instead, he has resurfaced to squawk about MobileMe, and actually makes some interesting points amid his long winded, “white man in a suit” corporate-speak (and apparently ghost written) blog entry. Can Apple Take Microsoft in the Battle for the Desktop? SCO, Linux, and Microsoft in the History of OS: 1990s Cocoa and the Death of Yellow Box and Rhapsody Patting the Back Once Stabbed. Gassée's blog entry on MobileMe makes mine look short and to the point. He starts off by musing, “doubts linger: Is Apple able to run a worldwide wireless data synchronization service for tens of millions of users?” After weary paragraphs that drag on for seemingly hours about nothing, Gassée observes: “Apple 'pushes' somewhere between 100 and 200 megabytes of [Mac OS X Software] updates per month to each Mac user. Last week, the iPhone 2.0.1 update was announced, I connected two iPhones within minutes, the 200Mb files were downloaded and installed without a hitch and I haven’t heard any blogosphere complaints on the matter. iTunes has sold billions of songs, serves tens of millions of customers everyday and everything works with very few exceptions. In other words, some very large scale Apple systems do work.” Gassée then noted, “last week, parts of the Gmail service were down for 15 hours or so. Last month, Amazon’s respected Web Services went down. And, last year, RIM’s servers went down for about half a day in the Western Hemisphere, freaking out Wall Street investment bankers and management consultants. Even the best players must endure their share of false notes.” “Back to MobileMe today: if you ask subscribers who’ve never experienced a Blackberry’s smooth delivery of sync, they love MobileMe. It works, it’s easy to set up and in the simple (most frequent) case of a PC/Mac with an iPhone, it does the wireless (OTA, Off The Air) sync job as now advertised. We’ll see how this scales once iPhones are sold in 21 more countries, 43 total starting August 22nd.” Gassée's final three paragraphs are remarkably relevant and astute. It's too bad he didn't just publish them alone, as most readers probably couldn't make it down the page that far to ever see them. Launchpad Chicken: MobileMe and Sync Trouble | Monday Note Faith in Jobs Means Forgiving JLG. Now that Apple is back in its leadership position thanks to Jobs' miraculous powers of corporate resurrection, we can forget about the whole “who-killed-what and left us with Windows.” It's too bad that the last fifteen years were tainted by a dominant third rate platform that introduced malware, viruses, spyware, and adware and undid much of the work that early Apple engineers did to usher in a classy, consistent and attractive user interface, but that's all in the past now. JLG, you may have forced me into a pitiful career arc that involved supporting Windows through most of my youth, but the sweetness of the current Apple world is even easier to appreciate after having experienced the pestilent famine of a lack innovation and class in the Windows heyday that you kicked off while illegitimately standing in Jobs' shoes. I can't exactly thank you for that, but consider your sins forgiven. I might occasionally write them up again here and there however, but only for the purposes of historical interest. It's nothing personal. Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas. Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast (oh wait, I have to fix that first). It's also cool to submit my articles to Digg, Reddit, or Slashdot where more people will see them. Consider making a small donation supporting this site. Thanks!
★ The Fear

The NDA is dead, yes, and good riddance, but there remain serious problems with the way Apple is managing the App Store. It boggles my mind that there remain so many people who don’t see this. This piece by Dan Kimerling at TechCrunch is one example; various of the reader comments on Jason Snell’s piece for Macworld last week are another.1 One factor, perhaps, is the tendency to see everything in terms of extremes. Black or white, good or bad. But this debate is not about wanting Apple to make radical changes, such as, say, changing the iPhone from a closed platform to a more open platform a la Android. There are reasonable arguments to be made that a more open iPhone platform would be good not just for iPhone developers, but for Apple and its shareholders. But those arguments aren’t what this debate is about. This debate is about wanting Apple to make minor changes — a slight but very significant course correction. Put another way, this is not about the big picture scope of what kind of hypothetical App Store (or Stores, plural) Apple should have created. That train left the station long ago. This is about the specific details of the App Store that actually exists, and the rules that govern it. I believe that a closed, controlled App Store can work, but by definition that requires developers to place trust in Apple. The problem is that Apple is managing the App Store in certain untrustworthy ways. And I mean trust more in the sense of stability than honesty — like in the way you need to trust a ladder before you’ll climb it. Here is a complete list of what Apple must do to increase developers’ trust in the App Store system: State the rules. Follow the rules. That’s it. This is so clear that even those who are arguing the other side — that Apple’s App Store stewardship is just fine as it stands today — have jumped through hoops in an attempt to argue that Apple’s exclusion of Podcaster was in fact in accordance with the iPhone SDK Guidelines. Kimerling, in his “Stop Complaining About Apple and the App Store” piece, writes: When you create the platform, you set the rules. If Apple wants to restrict iPhone applications to those that do not compete with features built into the iPhone, well, they can go right ahead and do so. It is right in the SDK’s user agreement. That’s just not true. The iPhone SDK Agreement, at least by the standards of legal contracts, is written in clear, straightforward English. (Apple’s lawyers, in the opinion of yours truly at least, are good writers.) The rules it lays down are clear. And Podcaster doesn’t break any of them. Given any set of rules, there will always be edge cases. Judgment must be rendered, and, inevitably, some will feel edge cases were judged the wrong way. But the reason iPhone developers (and prospective iPhone developers) are appalled by Apple’s rejection of Podcaster and MailWrangler is that neither app was near any edge defined in the SDK guidelines. Podcaster was rejected for duplicating the podcast features in iTunes and the iPhone “iPod” app. MailWrangler was rejected on the following grounds: Your application duplicates the functionality of the built-in iPhone application Mail without providing sufficient differentiation or added functionality, which will lead to user confusion. The word “duplicate”, in any conjugation, does not appear in the iPhone SDK Agreement. Not a word about it. And there is clearly no general rule about third-party apps duplicating the functionality of the iPhone’s built-in apps. PCalc, along with a handful of other calculator apps, duplicates every single feature of the built-in Calculator app. There are dozens of note-taking apps that compete with Notes; MagicPad goes so far as to use the same icon as Apple’s Notes app, just with different colors. There is an entirely category in the App Store — an entire category — for weather apps, several of which “duplicate” the entire functionality of the built-in Weather app. So, not only judging by the rules set forth in the iPhone SDK Agreement, but also by the existence proof of hundreds of apps currently published in the App Store that duplicate (which is really to say compete with) built-in iPhone apps, no reasonable person would have expected Podcaster or MailWrangler to be rejected. So their rejection is problematic on three fronts. First, the submission process is such that an app rejected at the conceptual level — one that cannot be tweaked or fixed to gain entry upon resubmission, but whose fundamental premise is rejected by Apple — such an app is only rejected after it has been written. The developer does all of the work to produce the app and only then finds out it was all for naught. Second, there are clearly rules which are not listed in the SDK guidelines. Third, in its explanations for the rejections, Apple is not stating what these actual unpublished rules are, and is instead offering as the reason this “it duplicates a built-in app” rule which, given all the aforementioned counterexamples that have been accepted into the App Store, isn’t actually a rule at all. The explanation is clearly false. Taken together, these three factors lead to The Fear, which is that developers cannot trust the App Store process. You can spend all of the time and effort it takes to build an app, follow every known rule, and still get rejected. From Apple’s perspective, especially, say, in upper management, it may be all too easy to look at what’s going on with the store — thousands of published apps, a ton of money changing hands — and not see the problem. In the big picture, from both a technical and marketing perspective, the App Store is a grand success. The problem is that the apps that are the most interesting, the most important, are the ones that take the most work to create. And the apps that take the most work to create are the ones that are most likely not even to be made in this environment, because the risk is greater. The more work it takes to create an app, the more you lose if Apple rejects it. Going back to the ladder analogy, the higher you’re trying to climb, the more you need to trust the ladder before you start. It’s not about a handful of developers who’ve had their apps rejected. It’s about all the other developers who are now spooked, and that the ones who are the most spooked are the ones who harbor the grandest, boldest, most innovative ideas. Interpolation Regarding a Theory on Which Apps Apple Won’t Allow Developers to Compete With In the absence of revised iPhone SDK Agreement from Apple, we can attempt to guess what the unpublished rules are. With Podcaster, for example, the “follow the money” rule of thumb leads to the conclusion that Apple will not allow any competition with iTunes, because iTunes is a profit source. This is why MailWrangler’s rejection is the one that puts The Fear in my heart. As unjust as the Podcaster rejection appears, if Apple really wants to prohibit competition with iTunes, even anti-competitively, you can at least see the thinking behind the decision. It’s foolish and unnecessary — the fact that iTunes is wide open to total competition on both Mac OS X and Windows hasn’t hurt it at all — and it also quite possibly invites some sort of legal challenge, but at least there is a logical idea behind it. But Mail? Why on earth should Apple care if some third-party email client for the iPhone becomes wildly popular? It makes no sense. iPhone users who use the built-in Mail app don’t pay extra to do so. Mail doesn’t tie users to Apple’s own MobileMe service. In fact, Mail offers specific setup help to work with Gmail, the service MailWrangler is optimized for. If you can make a replacement for Notes and Weather and Calendar, why not Mail? I have a theory. It is more, well, emotional than logical. But it’s the only theory I can think of that makes any sense at all and fits the available evidence. The theory is that there is an unpublished rule that Apple — and in this case, where by “Apple” I really mean “Steven P. Jobs” — will not publish third-party apps that compete with or replace any of the four apps in the iPhone’s default “dock”: Phone, Mail, Safari, and iPod. Go back to Jobs’s original iPhone introduction at Macworld Expo 2007. It was a masterful presentation. Carmine Gallo, writing for BusinessWeek, calls it Jobs’s greatest presentation; I agree. Gallo describes the moment it was unveiled: After laying the groundwork, Jobs builds up to the new device by teasing the audience: “Today, we are introducing three revolutionary products. The first is a wide-screen iPod with touch controls. The second is a revolutionary new mobile phone. And the third is a breakthrough Internet communications device.” Jobs continues to build tension. He repeats the three devices several times then says, “Are you getting it? These are not three separate devices. This is one device … today Apple is going to reinvent the phone!” The crowd goes wild. This “three revolutionary products” pitch was inordinately effective. For one thing, live, in the hall, Jobs completely fooled the crowd, yours truly included. But then as he repeated the three product ideas over and over, while icons representing the three products rotated behind him on screen, faster and faster, it started dawning on us how we’d been tricked. By the time Jobs came out and said that it was just one device that encompassed all three products, everyone in Moscone West had come to that conclusion on their own — a nifty little way of making the crowd feel clever, as though we’d figured out a riddle. But this pitch also worked because it was true. All three of those products sound good on their own. All three in one device sounds insanely great. Jobs was introducing the iPhone simply by describing precisely what it was. A phone, a widescreen video iPod, and a breakthrough Internet communicator. The icons in the iPhone’s default dock represent the core functionality of the device. Phone, Email, Web, iPod. With nothing other than those four apps, the iPhone still would have been a hit. Not as great, but, still, great. Everything else the iPhone’s built-in apps do could be done, to some extent, through Safari: notes, calendars, weather, maps, stocks. There are a few minor exceptions. SMS is one example, but that’s really just an adjunct to the Phone app. Anything that relates to the phone network — voice or SMS — is unavailable through the third-party iPhone SDK anyway. You couldn’t write your own SMS app even if you wanted to. (Apple clearly has no problem with competing chat apps — there are several IM clients available in the App Store. That’s the same basic concept as SMS, but using IP networking.) And so my guess is that while there may not be any logic, there’s at least a notion, if only in Jobs’s mind, that these four apps are sacrosanct because they define the iPhone. Everything else, both from Apple and from App Store developers, is piffle, secondary to those four apps. Harry McCracken’s recent iPhone user survey indicates that iPhone users agree that those four apps comprise the most-used features of the iPhone. But the least essential of the four is Mail. You cannot place phone calls or play music and video from your personal iTunes library using a web browser, but can read and send email through it.2 Millions of people do just that every day, including, I’m sure, many of you reading this essay. And Google’s iPhone-optimized version of Gmail shows just how well it can be done. It’s not just good for web-based mail, it’s just good, period. And so this idea that Apple seems to have that Mail is particularly special is misguided. The Phone and iPod apps are special, because at a fundamental level they perform tasks that cannot be duplicated in a web app. But there’s nothing any more special about Mail than there is about, say, Calendar. Calendar, if anything, is more closely tied to Apple’s proprietary and commercial MobileMe service — Mail works great with any IMAP server, including Gmail, but Calendar only works for online syncing with MobileMe or Exchange. But Apple doesn’t seem to have any problem allowing Calendar competitors into the App Store. Notes Calendar is a $3 Lotus Notes calendaring client. Exchange Remote Calendar is a $10 is a $10 calendaring client for Exchange. If these are OK, why not a dedicated Gmail email client? The only explanation is that Mail is deemed untouchable and Calendar is not. The real test would be for someone to write a dedicated Google Calendar iPhone app — but given what happened to MailWrangler, it might be hard to find someone willing to try it. In short, my theory is that Mail is on the do-not-compete list not because there’s any strategic reason for Apple to do so, but simply because of a vague notion that Mail is one of the iPhone’s defining apps. This notion is wrong. Mail is important, but there’s nothing about it that needs to be protected from competition. End of Interpolation, Back to the Three Problems, Which, Due to the Grotesque Length of the Above Interpolation, I Will Remind You Are: (1) App Ideas Are Rejected Only After the Apps Are Actually Built; (2) There Exist Secret Unpublished Rules Regarding What Is Allowed; and (3) When Apps Are Rejected for Violating the Unpublished Rules, Apple Refuses to State Just What These Rules Are One thing that would make a difference would be a submission process whereby developers could submit their application ideas to Apple in advance, to find out if they’re OK. That’s how it works on game platforms from Nintendo, Sony, and Microsoft — developers submit a detailed proposal and wait until they get the green light before actually building the game. That sounds good, but there are problems with the idea. For developers, it would require an additional level of trust in Apple. Ideas are less valuable than actual implementations, but the more original an idea is, the less comfortable you are to share it. And for Apple, it would require significantly more work. They’d still need to examine and approve the actual shipping applications, but now they’d also have to examine and consider application proposals. The world’s hard drives are littered with abandoned unfinished software projects — there would surely be far more proposals submitted for consideration than there are actual iPhone applications. As it stands today, Apple is already struggling mightily to keep up with the work of approving new and updated application submissions — the typical turnaround time is between one to two weeks. Perhaps Apple could offer this as a service limited to ADC Select ($499) or even Premier ($3,499) members. The service is needed most by the developers who are considering the biggest apps, most of whom either are already paid ADC members or wouldn’t bat an eyelash at the cost of joining. It wouldn’t be democratic, but it might make it feasible. Platforms like Wii and Xbox ship maybe a few dozen titles a month, tops. The App Store has published 3,500 titles in just three months. (And it costs far more to join the developer programs for gaming consoles than the $100 iPhone SDK fee.) More important, though, is for Apple to address problems 2 and 3, by publishing in the iPhone SDK Agreement all of the rules they’re using to evaluate applications. If we’re not allowed to write email or podcast clients, say so. If something unforeseen comes up, Apple should make a decision, and then publish the new rule. Rules you disagree with are frustrating. Rules you don’t know about are scary. I will also note that, to my knowledge, not a single published iPhone developer has spoken out in favor of the App Store’s current rejection policies. Those developers who have spoken are against it. Those who see no problem are not themselves iPhone developers.�↩ Even if Apple were to come to its senses and allow third-party developers to write competing email clients, the built-in Mail app would hold one significant technical advantage, which is that it runs in the background. In fact, background processing is the one factor that unites the four dock apps. Phone, Mail, Safari, and iPod all continue running the background; no other apps, including those from Apple, do.�↩
★ BlackBerry vs. iPhone

1: Wherein Neither ‘RIM’ Nor ‘BlackBerry’ Are Even Mentioned, but Rather the Stage Is Set for Showing Why They Might Be Seriously Screwed Along the lines of can’t-really-be-answered-but-gosh-they’re-fun-to-ponder questions like, say, “Who’d win in a fight, Batman or Spider-Man?” or “Star Destroyer vs. U.S.S. Enterprise?”,1 here’s one regarding the iPhone: What historical Mac is a current iPhone most analogous to, spec-wise? I.e, complete this sentence: “An iPhone is like having a tiny ____ in your pocket?” Now of course the comparison can’t be precise. Different software, different use cases, different purposes. But there’s no denying that an iPhone is a computer. And unless you’re really young, it’s faster — a lot faster — than the computers you owned not so long ago. So, seriously, stop here for a moment and think about it. My first answer, pulled simply from recollection of how fast machines felt to use, was the original iMac. But that machine — announced 10 years ago this week — had a 233 MHz G3 and, by default, a paltry 32 MB of RAM. Apple has never officially released the CPU specs of the iPhone, but Craig Hockenberry poked around with undocumented system APIs which indicated the iPhone’s CPU runs at 400 MHz with a bus speed of 100 MHz, and that there’s 128 MB of RAM. As we all recall from the PowerPC era, MHz is not a precise metric for comparing the performance of CPUs across different architectures; I wouldn’t be surprised in the least to find out that a 400 MHz PowerPC G3 is a faster chip than the 400 MHz ARMwhatever that’s in the iPhone, if only because of the power constraints. But, still, it’s something. So, my answer to the question: the original “Pismo” G3 PowerBook. The numbers match up pretty closely: 400 MHz CPU, 100 MHz bus speed, 64 MB of RAM. (The higher-end Pismo had a 500 MHz CPU and 128 MB of RAM.) Even storage sizes are similar: hard drive options for the Pismo were 6, 12, or 18 GB. Another possible answer: the original blue-and-white Power Mac G3 — again, 400 MHz CPU, 100 MHz bus speed, 64-128 MB of RAM, and 6-12 GB hard drives. Think about that — in just nine years, the specs that then described Apple’s top-of-the-line desktop computer now describe their phone. One thing that makes this comparison hard is that there’s not much software in common. You can’t use most of the real-world tasks commonly used for ballpark benchmarking, like, say, Photoshop image processing or ripping MP3s from AIFFs, because the iPhone doesn’t do them. But there is one processor intensive task we can compare: web page rendering. In the early days of the web, it took a while for even moderately large web pages to render in a browser, even when you were loading them from HTML files right on your hard drive. If you were to plop yourself down in front of one of these vintage 1999-2000 Macs for an afternoon of web browsing, even with a decent Ethernet connection to the Internet you’d find the experience pretty damn slow by current standards. For all the incessant chatter about the demand for and purported certainty of 3G wireless networking in the next generation of iPhone hardware, the truth is that current iPhones are held back, web-surfing-wise, by more than just the speed of EDGE (which admittedly, is indeed pretty slow). Recall this video pitting a 3G Nokia E61i against an iPhone on EDGE — total rendering time was more or less the same, and in a few cases, the iPhone came out ahead. You can see that browsing speed — which is what matters — depends on more than just networking speed simply by comparing how long it takes to render a web page on the iPhone using Wi-Fi: a lot longer than it takes to load the same page in using Safari on a Mac. For example, it takes about two or three seconds for Safari to load the Daring Fireball home page on my new MacBook Pro. Using the same Wi-Fi network, it takes my iPhone about 15 seconds. (Using EDGE, it takes about 60 seconds to completely load, although you can start reading much sooner than that.) Point being that even if 3G wireless networking were as fast as Wi-Fi — which it’s not — browsing on an iPhone would still be pretty slow compared to browsing on a modern desktop or laptop. If you frequently use Wi-Fi on your iPhone, a faster processor in the next-generation hardware would make a bigger difference to the overall experience than faster phone-carrier networking. And so here’s the point I’m driving at. If a 2007 iPhone is loosely equivalent in terms of computing power to a 2000 PowerBook or 1999 Power Mac, that puts the spread at around seven or eight years. Extrapolate forward, and it’s therefore not at all unreasonable to think that a 2014 iPhone will pack the computing power of today’s MacBook Pro. Or, nearer term, that an iPhone introduced two years from now might pack the punch of a 2003 Aluminum PowerBook G4 — quite a difference from the Pismo. Even if your estimate of the iPhone’s equivalent-horsepower Mac is further back in time than mine, there’s no denying that Moore’s Law applies to handhelds, too. Eventually there will be a computer that fits in your pocket that is more powerful than today’s Mac Pros. But the path from here to there is riddled with difficult engineering problems — heat dissipation, battery life, and OS integration chief among them. There is marketing. There most certainly is design. But at the core of this market — by which I mean the market for handheld multitasking web-surfing networked-everywhere “phones” which are really computers — is engineering. Apple is the best handheld computer engineering company in the world today, hands down. They’re also the best handheld computer user experience design company. And they’re not sharing. 2: Why RIM Is Screwed When the iPhone was announced, I saw Apple as staking out ground far afield from the territory RIM occupies with the BlackBerry. Last year, I didn’t see Apple implementing Exchange support in the iPhone OS, and clearly that was, well, completely wrong. The “enterprise” features Apple has announced for the imminent 2.0 release of the iPhone OS — remote wipe, push email, automatic calendar and contact synching — pretty much encompass every single feature that’s been held up as a reason the iPhone wouldn’t sell to enterprise users. It remains to be seen how well these new iPhone features will actually work, but if the answer is “as well as promised”, and if the iPhone’s Mail app is improved in ways targeting people who receive a high number of messages, it’s hard to see a single software advantage in the BlackBerry’s favor. Which leaves hardware, which leaves the keyboard. Two Sundays ago, the New York Times ran a lengthy business-section piece by Brad Stone, titled “BlackBerry’s Quest: Fend Off the iPhone”. Regarding the upcoming BlackBerry 9000, the focus turned to the keyboard: Photographs of the device, leaked to gadget news sites, also indicate that the new BlackBerry will have elegant curves suggestive of the iPhone. It will also have a physical keyboard like previous R.I.M. devices, as opposed to the glass touch screen found on the iPhone. There’s a reason that R.I.M. is averse to the iPhone’s glass pad. “I couldn’t type on it and I still can’t type on it, and a lot of my friends can’t type on it,�? says Mike Lazaridis, R.I.M.’s co-chief executive and technological visionary. “It’s hard to type on a piece of glass.�? Mr. Lazaridis thinks that e-mail-dependent BlackBerry owners demand the reliability and tactile feedback of a keyboard. But, despite his critique of the iPhone, he does not dismiss the possibility that R.I.M. may itself one day sell a touch-screen phone, aimed specifically at consumers without the e-mail demands of BlackBerry’s core users. Translation: “We’ll emphasize the physical keyboard as a differentiating factor as long as it seems to work, at which point we’ll try a touch-screen keyboard too.” The only other angle RIM seems to be hanging its hat on is “security”: RIM is also betting on security, which hinges on the fact that its handsets and e-mail systems are relatively impervious to hackers. Mr. Lazaridis predicts that corporations will not give iPhones to their workers because they have already proved vulnerable to hackers eager to pry iPhones off AT&T’s system and make them work on other wireless networks. “It’s not that simple for an I.T. manager to give up security,�? he said. The idea that iPhone carrier unlocking is a “security problem” is a conflation between what an attacker can do to your phone, against your will and/or unbeknownst to you, versus what a phone’s owner can do to their own phone. It’s not like these “hackers” are attacking happy AT&T-subscribed iPhone owners and switching them over to Sprint against their will. To understand why Apple is making a concerted effort to appeal to BlackBerry users, consider an analogy to the board game Risk. RIM has a large army (read: users), but they’re all massed together in one spot on the map. They care about email, they care about exactly the sort of enterprise features Apple has announced for the iPhone, and they are known to be willing to pay several hundred dollars for a handset. A lucrative target that can be attacked all at once. And the BlackBerry is weakest where the iPhone is strongest: web browsing, music, and video. Compare and contrast with, say, a software platform like Windows Mobile, or a hardware maker like Nokia — their users are spread across a wide variety of phones and platforms. It was far easier to turn the iPhone into something almost every BlackBerry customer might at least consider than it would have been to make a lineup of iPhones that appeal to every Nokia customer. RIM doesn’t really have any lock-in other than user habits. The BlackBerry gimmick is that it works with the email system your company bought from Microsoft. Replace a BlackBerry with an iPhone (2.0) and the messages, contacts, and calendar events that sync over the network will be the same ones on the BlackBerry you just tossed into a desk drawer. In broad terms, BlackBerrys are optimized first for email; the iPhone for the web. What’s more important, an email client or a web browser? For most people, and perhaps even most current BlackBerry users, the answer is clearly the web. Many people in fact read their email entirely through the web. Unless you’re Richard Stallman, you probably don’t read the web through your email client. The iPhone would be a credible, useful device with just two apps: Phone and Safari. But it doesn’t just have those two apps. It has a slew, and they’re all better on the iPhone than the BlackBerry and the difference with regard to anything other than email is only going to get more stark once the iTunes App Store opens its doors. If nothing else, consider games, games, and games. As I wrote when the iPhone’s upcoming enterprise features were announced, the iPhone can do more BlackBerry-ish things than the BlackBerry can do iPhone-ish things. Apple doesn’t wait for someone else to knock one of their hit products off its throne or slowly run it into the ground (cf. the Motorola Razr) — they do it themselves. For six years pundits have been declaring that competitors would “soon” catch up to the iPod, but the iPod has never been a static target — over the same six years Apple has released significant new iPods every year. There are no signs that RIM has the engineering chops on either side of the ball — hardware or software — to compete with where the iPhone is now, let alone where it’s going to be. We know that Apple has an OS that can scale to take advantage of faster (and multi-core) processors, because OS X is doing that already. If a two-years-away 2010 iPhone might be like having a 2003 PowerBook G4 in your pocket, for RIM’s sake a 2010 BlackBerry had better be something more than a BlackBerry with a brighter screen. Correct answers: Batman, Star Destroyer.�↩
★ Let the Tea Leaf Reading Begin

The best thing about being an Apple observer is that even when the company does make a long-awaited announcement, it inevitably leads to new questions regarding what exactly they mean. Apple punditry is the Kremlinology of the tech world. So it is with this week’s announcement from Steve Jobs1 that, yes, “We want native third party applications on the iPhone, and we plan to have an SDK in developers’ hands in February.” We now know two new things: (1) that there will be “native third party applications on the iPhone”; and (2) that the SDK is scheduled for February. That leaves a long list of questions. Whither Widgets? For one: What exactly is a “native third party application”? The obvious answer is the sort of UIKit-based Cocoa-ish applications that underground iPhone hackers have been creating over the last two months — the exact sort of native apps that Apple has itself already written for the iPhone and iPod Touch. For all we know at this point, though, it could be something more like Dashboard widgets — but I think that’s unlikely. Jobs wrote: > With our revolutionary multi-touch interface, powerful > hardware and advanced software architecture, we believe we > have created the best mobile platform ever for developers. JavaScript, HTML, and CSS are cool in that they’re widely-used, widely-known coding standards — but they’re not a good way to create user experiences that take full advantage of the iPhone, and would be pretty hard for Apple to pass off as an SDK for “native apps”. Third party developers want access to the same dog food Apple’s own iPhone engineers are eating. Plus, there’s the issue of performance. Iconfactory developer Craig Hockenberry, who has been tinkering with the unofficial iPhone developer tools to create an iPhone-native version of Twitterrific, wrote a splendid weblog entry titled “Benchmarking in Your Pants” regarding the lackluster performance of JavaScript code running in MobileSafari compared to compiled Objective-C code running in a native iPhone app. Function calls, for example, were 226 times slower in JavaScript. (Hockenberry also benchmarked JavaScript running on the iPhone compared to the same code running in Safari on an Intel-based iMac; the code ran about 80 times faster on the iMac.) Back in January at the iPhone’s introduction in the Macworld Expo keynote, Jobs described some of the apps on the iPhone, including Weather and Stocks, as “widgets”. My somewhat-informed understanding is that Apple’s original plan was for the iPhone to ship with its major apps written in Cocoa and with a handful of smaller apps written as Dashboard-style HTML/CSS/JavaScript widgets — but that this plan was scuttled for performance reasons, and the Weather and Stocks widgets2 were rewritten as UIKit Objective-C apps sometime this spring.3 My guess is that they ran into what Hockenberry documented: JavaScript on the current iPhone just isn’t fast enough to provide an iPhone-caliber user experience. So my money is that the iPhone SDK that Apple plans to release this winter is the real thing — Cocoa-style UIKit apps written in Objective-C. Security? Jobs wrote: It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true. There have been serious viruses on other mobile phones already, including some that silently spread from phone to phone over the cell network. As our phones become more powerful, these malicious programs will become more dangerous. And since the iPhone is the most advanced phone ever, it will be a highly visible target. External security — the threat of vulnerabilities that would allow malfeasants to compromise a victim’s iPhone — is a serious matter. There have already been several published exploits against the iPhone, including an as-of-this-writing open vulnerability in TIFF-processing code in the current iPhone OS. So clearly there is some merit to Jobs’s stated security concerns. As it stands in the current iPhone OS, all processes run as the root user; in broad layman’s terms, any process has access to everything else on the phone. So when a buffer overflow can be exploited to allow remote code execution, that code can do anything. To allow third-party iPhone apps to run today would be to trust those third-party developers not to write code with any security flaws. What the iPhone needs before Apple will allow third-party apps to run is some sort of sandbox, a way to prevent application processes from being able to access things they shouldn’t be allowed to access. But iPhone Cocoa apps are no more inherently susceptible to buffer overflow vulnerabilities than Mac Cocoa apps. And the hysteria over the iPhone’s current “everything runs as root” situation is overblown.4 Applications on your Mac don’t run as the root; they run under your user account. But all of your data — your email, your address book, your documents, everything your apps can read or write without administrator authentication — is vulnerable to any sort of hypothetical buffer overflow exploit on the Mac, and would be on the iPhone, too, even if iPhone apps didn’t all run as root. Sure, root privileges allow an exploit to do anything, but the most important thing on your system is your personal data, and an exploit doesn’t need root privileges to access that. I’m thinking Apple is more concerned about internal security — about having third-party apps limited to a sandbox so that user-installed code has no access to things like, say, the phone network modem’s firmware (the component that you need to diddle with to create SIM unlocks). That’s the key difference between the iPhone and the Mac, security-wise. Which Third-Party Developers? Mac OS X is pretty much completely open to development; even the developer tools are free, and anyone is free to write whatever software they want for the Mac. It seems unlikely that iPhone OS X development is going to be like that. One possibility is that the iPhone SDK will only be available to developers with ADC Select ($499) or Premiere ($3,499) accounts. (Premier and Select ADC members are the only ones with access to pre-release Mac OS X seeds, for example.) If that’s the case, it’s not going to be popular with hobbyist developers, but most professional Mac developers already have paid ADC memberships, and, let’s face it, we all know most iPhone apps are going to be written by Mac developers. Interviewed via email, Craig Hockenberry told me, “If there’s a simple way to get third party apps on the iPhone, you keep 90 percent of the developers happy and jailbreak/unlock has much less momentum. Sure, there will still be people that want to ‘buck the system’ but they’ll be in the minority rather than the majority.” The most intriguing part of Jobs’s announcement was this section, regarding security: Some companies are already taking action. Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than “totally open,�? we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhone’s amazing software platform while at the same time protecting users from malicious programs. It’s hard not to interpret the scare quotes around “totally open” as a reference to Nokia’s recent “Open to Anything” ad campaign — sort of a you guys aren’t completely open either call-out. This seems like a pretty clear indication that Apple is working on a similar signing system for iPhone apps. Restricting development to paid ADC members would instantly allow Apple to associate app signatures “back to a known developer”. Here’s more information from Nokia on the signing program Jobs mentioned; here’s similar information on the Symbian site. Which Apps? Another question is whether Apple is going to allow participating (trusted-by-Apple) developers to write whatever apps they want, signing the apps themselves, or if apps will need to be approved case-by-case by Apple before being signed. Mac OS X Leopard includes a new “application signing” feature, described by Apple thusly: A digital signature on an application verifies its identity and ensures its integrity. All applications shipped with Leopard are signed by Apple, and third-party software developers can also sign their applications. That same page describes a “sandboxing” feature that seems applicable to the iPhone, too: Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they’re intended to do. It restricts an application’s file access, network access, and ability to launch other applications.” The prototypical example of a potentially popular app that Apple might refuse to approve would be a VOIP app like, say, Skype, in that it would undermine the need for the phone network, which in turn undermines Apple’s revenue sharing with the iPhone’s exclusive network partners. Or, say, instant messaging, the omission of which from the current iPhone is seen by many as a concession to the fact that heavy SMS users pay handsomely for extra monthly messages. (Personally, I suspect iChat for iPhone simply didn’t make the cut for 1.0 but is planned for a future update.) “Nokia’s model is to run as trusted/untrusted,” said Hockenberry. “Trusted apps get to access more than untrusted ones. This model could be extended to allow different levels of access based upon whatever Apple wants (as owner of the root certificate.) Basic access for Wi-Fi, extended access for EDGE, hardware access for deep pockets, etc.” That makes sense, and strikes me as a likely course for Apple. Development There’s a question, then, of how developers will write the apps in the first place. If iPhones only run third-party apps that have been approved by Apple, how do you develop an application in the first place before it’s been approved? Steven Frank — who, as co-founder of Panic and an unrepentant gadget hound, may well be the single most interested person in the world in a supported iPhone SDK — described to me via email the development process for the Danger Hiptop/Sidekick: “The Hiptop/Sidekick platform has a Java SDK that abstracts away all the low-level hardware stuff so you can’t touch it, while still providing everything you need to write an application. You test and debug in an emulator/virtual machine that can simulate edge conditions like loss of cellular network availability and so on. When you’re almost done, and ready to try on real hardware, you apply for a ‘developer key’, which is a small certificate that you install on the phone that enables you to run third-party apps that didn’t come from the on-device for-purchase catalog. To get the developer key, you have to prove to them you actually have an almost complete app, and aren’t just some kid who wants hot Yung Joc ringtones by submitting a build of your application. You also have to sign a waiver that says you are no longer eligible for support from your cellular carrier.” The iTunes App Store? Which leaves us with the question of distribution and installation. The obvious route is the same one Apple has taken with iPod games: the iTunes Store. Apple, in this case, would likely get a cut of every sale. From a user’s perspective, it’d be easy and obvious: shop and pay for apps in iTunes, and iTunes takes care of installing the software, and, perhaps, synching data. This is similar to the Danger model — where apps must be approved, and can be sold only through the official channel. Limiting, to be sure, but as Frank put it, “The process [of developing for Danger] is somewhat tedious, but still an order of magnitude better than not allowing third-party applications, period.” Frank also pointed out the most glaring downside of Danger’s pay-to-play development model: “One drawback to this approach from the user’s perspective is that there is basically no free third-party software. Everything costs at least a couple bucks.” The announcement appeared on Apple’s Hot News web page, but with no permalink, so it’s likely to disappear from Apple’s web site in a week or two as newer items appear. I’ve saved a plain text copy here for posterity.�↩ I wonder if the Calculator app was originally a widget, too. UI-wise, it’d certainly be a cinch, because just like with the iPhone’s Weather and Stocks apps, it more or less looks and acts exactly like the corresponding widget in Mac OS X. So my theory is that when Apple made the decision to rewrite the iPhone widgets as native iPhone Cocoa apps, they used the widgets as the specs for the apps. “Make a native app that looks and acts exactly like this widget,” more or less. One thing that makes me think this is that the iPhone Calculator app doesn’t make any sounds when you press the buttons. Pure JavaScript/HTML widgets can’t make sounds when you click or tap buttons. I find typing on the iPhone keyboard to be much more satisfying with the sound on; with the sound off, because the keys are virtual, there’s no sensory feedback at all. The Calculator app would feel more real if it simply made the same button-clicking noises as the iPhone keyboard.�↩ That this change was — I believe — made rather late in the game might explain why vestigial references to “widgets” remained in the shipping iPhone 1.0 software. (It could also mean, of course, that Apple plans to re-expose this feature at some point in the future.)�↩ It certainly is a curious question why all iPhone apps run as root. I don’t know the answer. But I’ll bet there’s an interesting engineering trade-off involved somewhere. If you think the reason is laziness or ignorance on the part of the iPhone OS X engineers, you’re an idiot.�↩
Why Apple Plays God with the iPhone SDK

Daniel Eran Dilger AppleInsider's article “Why Apple keeps its iPhone 2.0 SDK under NDA” presented several reasons why developers are frustrated with Apple's tight control over the iPhone platform. Another facet behind Apple wanting to maintain a centralized position of control over iPhone development, where developers are bound by NDA to interface only with Apple but not each other, is to head off tangent hacks that might complicate Apple's ability to lead its platform in the direction it wants. One obvious recent example of this is OpenClip, a student developer's plan to add copy and paste features to the iPhone by allowing third party apps to copy pasteboard data from other applications' private directories. This works under the current iPhone 2.0 software, but only because Apple hadn't yet finalized all of the details of its application sandbox security enforcement. With the iPhone 2.1 SDK betas, which started shipping before OpenClip was released, the iPhone 2.1 software no longer allows apps to peek at each other's files, the implementation of a policy Apple originally announced to developers in the “iPhone OS Programming Guide” with the original iPhone 2.0 SDK. There are many other examples of how hobbyist efforts to graft unofficial APIs into mainstream iPhone development could cause problems for Apple and for users. Daring Fireball: Raining on the OpenClip Parade iPhone OS Programming Guide: Security Software Chaos This isn't a new problem; third party developers also worked to enhance and extend the Classic Mac OS of the 1980s using INIT patches that changed how the System Software worked at a low level. Apple gave developers an expanded, officially sanctioned mechanism for doing this in System 7 with System Extensions. However, this turned out to be chaotically difficult to manage. INITs or Extensions frequently ran into conflict with each other and destabilized the system. They also served as a vector for viruses. Once an Extension grew popular among users, it became difficult for Apple to work around any problems it might cause or to deliver new features that might run into conflict with existing Extensions. In Mac OS X, Apple intentionally provided no mechanism for broadly patching the OS in the manner of System 7's Extensions. Third party developers have still managed to find ways to hack into the OS however. Mac OS X's Input Managers, a mechanism NeXT originally designed to serve a controller for adding language support for complex character sets across applications, were hacked into a general purpose way to patch into nearly every app on the system and inject code that could modify their behavior and user interface. It's easy to see why Input Managers also serve as a security hole and a destabilizing factor that cause applications to crash and system updates to fail. MacJournals News : Input Managers are not 'plug-ins' Security Enforced by Authority. As Apple progressively tightens down the system to enhance users' security, it has only asked developers not to use Input Managers inappropriately; it hasn't yet banned them. it also asks developers not to install code into the Mac OS X kernel unless absolutely necessary, and provides security guidelines to follow when installing applications and in other cases where sloppy behaviors could expose users to potential threats. In other areas, Apple has gone beyond just making suggestions and is enforcing rules that following known best practices in security. From the start, Mac OS X was compartmentalized into Unix domains, including a System domain for Apple's software, a machine domain for system wide Applications, and a User domain that segregated the settings and files of each user. User accounts and file permissions enforced the domain boundaries, to help prevent software from assuming more control that it should. In the iPhone OS, third party applications are further compartmentalized into sandboxes. There is no communal file system that all apps can share as there is on desktop computers. Instead, each app can only access its own files within its sandbox for security reasons. Apple also limits third party apps from lingering in the background after a user has dismissed them with the home button. This is both a power saving mechanism and part of the iPhone's security policy. The system also requires that all apps be signed by a recognized authority, so that malware vendors can't distribute untraceable software. Efforts to inject malicious software into distribution through the iTunes Apps Store on the sly can be remotely shut down by Apple using its “kill switch” of certificate-based security. Apple's heightened security enforcement measures on the iPhone are also making their way onto the Mac OS X desktop, in order to allow corporations to centrally manage the software installed on their computers and to allow parents to control the access their children are allowed. Apple's security efforts are being rolled out in incremental advancements. If the company allowed third party developers to fork its strategies and introduce frameworks that impeded or conflicted with its plans, it would dial the company back into the days of System 7, where Mac Extension conflicts caused crashes that Apple could do little about because it wasn't exercising its authority to enforce security on its platform. iPhone 2.0 SDK: How Signing Certificates Work iPhone 2.0 SDK: The No Multitasking Myth The Tree of Knowledge of Good and Evil. With its Android smartphone platform, Google appears to be offering users and developers the tantalizing fruit of determining for themselves what they want, including a security model where developers vouch for their own apps on a handshake and users are free to initiate their own trust relationships with developers without any certificate-based security administered by a central authority. However, that kind of freedom has served as fertile ground for the viruses, spyware, and adware crisis of the desktop Windows PC. The web itself is another example of a platform where anything goes and security is an afterthought, with the result being egregious adware and the mass distribution of malware that exploits the freedom of Windows PCs to seed new replicants and spam. Microsoft contributed to the seedy nature of the web early on with its ActiveX technology, which gave developers wide open freedom to do things within the browser, with disastrous results. The only way to secure the web is to limit what can be done within the browser and rely upon external authorities to certify encrypted transactions where necessary. Android developers, hardware makers and service providers will also have the freedom to pick and chose which APIs, hardware, and applications they want to support, ostensibly giving users the freedom of an infinite number of choices to select from, a policy that has introduced chaos among Windows Mobile phones, where choice is often an impediment rather than a feature. Symbian phones similarly have three different UI layers to chose from. Linux on the desktop has two main desktop environments, KDE and GNOME, with incompatible behaviors and implementations. Will Google’s Android Play DOS to Apple’s iPhone? Will Windows Mobile Play DOS to Apple’s iPhone? Don't Trust Any Company Under 30. While some critics of Apple's security policies worry the company exercises too much control what software providers can offer on the iPhone, it's also true that the company's mobile platform has delivered a level of success and security for mobile software distribution that other platforms can't match, with tangible benefits for both developers and users. The iPhone's App Store prevents widespread piracy of developers' work, allowing them to sell their software in volume for just a few dollars a title rather than the $15 to $50 that mobile software commonly sells for on other platforms. Users can also be confident that applications they download through iTunes aren't infected with viruses, or spying on them via key loggers or other background tasks, and can't even access their location without asking permission first. Android, Windows Mobile, and other mobile platforms can only hope that malicious developers don't assault their users. Those vendors also lack a kill switch to do anything about it afterward. And despite all the freedom Android promises to provide in hardware variety (something Windows Mobile currently delivers), iPhone users have the actual freedom of knowing that titles they buy from the Apps Store will work on their phone. iPhone developers have the freedom to add accelerometer support into their apps because all iPhones have the hardware to use it. That's not the case with Windows Mobile, and it won't be true with Android either. While it's true other platforms offer features the iPhone doesn't, Apple's platform starts off from a secure foundation that will be easy to build new features upon; it's far harder to retrofit security into a platform that was designed to be full featured and impose few limits nor set any clear standards. Security requires a trustworthy authority. If Apple stopped playing God, it wouldn't be doing its job. Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas. Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast (oh wait, I have to fix that first). It's also cool to submit my articles to Digg, Reddit, or Slashdot where more people will see them. Consider making a small donation supporting this site. Thanks!
Will Google's Android Play DOS to Apple's iPhone?

Daniel Eran Dilger Today's broad array of smartphone operating system contenders are offering lots of potential answers to a problem that only requires one. It appears the market has two options ahead: either pool generic hardware makers behind a single operating system and deliver a smartphone marketplace that resembles the Windows PC market, or watch them fall to a dominant leader and have a smartphone market that resembles Apple's iPod ecosystem. This decision isn't going to be made by a class of intellectual elite, or by government mandate. it's going to be made by the market itself. Here are the factors that will influence the outcome, either marginalizing Apple's iPhone into a niche as the company has twice experienced previously at the hands of DOS in 1981 and Windows in 1991, or positioning it as the dominant leader as Apple has achieved for itself with the iPod since 2001. The third segment in this series looks at Google's Android and the Open Handset Alliance as a possible “DOS-attack” against Apple's iPhone. Subsequent segments will look at Nokia's newly opened Symbian and other mobile contenders challenging the iPhone. Will the iPhone Meet its Match from a Modern Day DOS? Will Windows Mobile Play DOS to Apple’s iPhone? Will Google's Android Play DOS to Apple's iPhone? Will Symbian Play DOS to Apple's iPhone? Google Acquires Android. In 2005, Google purchased a startup named Android, which had been in business for nearly two years. The secretive startup was known only to be working on software for mobile phones. It was being run by a who's who of mobile industry veterans, including Andy Rubin, the founder of Danger. Rubin had earlier worked at WebTV along with Chris White and Andy McFadden, both of whom had also joined Android. Richard Miner of Orange and Nick Sears of Tmobile also brought their mobile provider experience to Android. At the time of the acquisition, Google didn't announce any plans for Android and instead only told BusinessWeek, “We acquired Android because of the talented engineers and great technology. We're thrilled to have them here.” It appeared that Google was only going to be expanding its search services for mobile phone users, along the lines of the Google SMS answer system it had recently released. Google Buys Android for Its Mobile Arsenal - BusinessWeek Windows XP Media Center Edition vs Apple TV: The Fall of WebTV The GPhone Myth. As reports began to leak out about talks between Google and hardware makers throughout 2007, rumors began to fly about “the GPhone,” a competitive offering that was supposed to take on the iPhone. Some phone enthusiasts hoped Google would jump in to rescue the struggling OpenMoko project and turn it into a viable project that could attack Apple's new smartphone. In October 2007, I printed the Great Google GPhone Myth, taking apart the idea that Google would be directly competing against the iPhone, and describing that Google was really working on a free alternative to Windows Mobile as a conduit for getting its search and related services on a broader variety of mobiles. Google's services were already on the iPhone. In November, Google played its hand: it had organized a consortium of companies called the Open Handset Alliance to develop open standards for mobiles. The first product from the group would be Android, a mobile operating system built on the Linux kernel. Google wasn't getting into the phone handset business at all; it was only making sure that its mobile search products would not risk being marginalized by the threat of Windows Mobile on phones in the same way Microsoft had been working to leverage its PC monopoly to push Google search off the Windows desktop. The Great Google gPhone Myth Introducing Android: Leader of Linux. Two weeks later, Google released an early version of the Android software. On top of a Linux kernel, Android uses a specialized version of a Java Virtual Machine that takes Java language code and turns it into what Google calls “Dalvik bytecode” rather than Java bytecode as a standard JVM would. This allows Google to leverage existing and familiar Java language tools without paying Sun for a Java license. Like Mac OS X and its fraternal iPhone OS, Android includes a variety of open source libraries, including SQLite and WebKit. On top of that, Google developed a series of frameworks that handle the tasks Cocoa Touch does on the iPhone. Android also bundles a set of applications. While Apple adapted its existing Mac OS X to work in a mobile environment to create the iPhone OS, Android is more like a customized Java environment running on a specialized mobile Linux variant: elements of maturity in an otherwise experimental new platform. What is Android? -Google Android was by no means the first mobile OS using Linux. Both Palm and its amputated ACCESS software arm have Linux-based mobile platforms. Nokia has Maemo, which it uses in its Internet Tablets, and also recently acquired Trolltech and its Qtopia mobile Linux platform. Motorola has teamed up with MontaVista Software to use its Mobilinux. Intel created the Moblin project for mobile Linux, aimed at Internet devices. Google's OHA also isn't the first consortium to attempt to standardize a mobile Linux platform. The OSDL started the Mobile Linux Initiative to define requirements for hardware; the Consumer Electronics Linux Forum (CELF) then worked to define various phone profiles aimed at the Japanese market; the Linux Phone Standard (LiPS) Forum tried to do the same thing in Europe. In 2007, LiPS was folded into the new LiMo Foundation, along with the OSDL. All of these committees have had some overlap and some complementary features. Several of Google's OHA partners are also LiMo members, including NTT DoCoMo, Wind River, and Motorola. So why didn't Google just join LiMo? “LiMo, very candidly, wasn't moving fast enough,” OHA board member John Bruggeman told CNET. Google hopes to herd the Linux cats into a progressive, structured platform that can battle against Symbian and Windows Mobile to succeed as the new DOS of smartphones. Will Google fracture or unify mobile Linux? The Presumption of the Necessity of DOS. The previous segment examining Windows Mobile pointed out how the PC industry as a whole assumed that Microsoft's desktop Windows monopoly would easily take over dominance in the MP3 player market, pushing Apple into a niche position. This was expected because DOS had pushed Apple's early computers into a reduced role starting in 1981, and Microsoft had repeated this again in 1991 when the DOS world migrated to Windows, effectively pruning Apple's Macintosh into a Bonsai platform. The inability of one company to dominate any product category has been frequently repeated by PC industry pundits as a given, despite the fact that history is full of examples of this happening. Sony dominated personal music players for two decades under the Walkman brand even while equally large competitors tried to push it from this position; Nintendo has similarly owned handheld gaming despite ill-fated efforts to grab a piece of its pie by products running a generic platform such as Microsoft's WinCE (Gizmondo), Linux (GP32), and Symbian (N-Gage). In fact, outside of the Windows/DOS PC, there are actually few examples of a generic platform taking over an industry. Nearly every other consumer-facing product uses proprietary platforms: car makers, stereo equipment, appliances and so on typically all use designs custom to their maker. The paradox of the Windows PC market has been that Microsoft's broadly licensed software supposedly saves hardware makers from investing in software development while ensuring compatibility, when in reality it adds significant costs to PC makers while limiting their ability to differentiate themselves. That explains why PC makers have been perpetually merging together and going out of business while Microosft has rolled in money over the last two decades. Parallel efforts to copy Microsoft in broadly licensing an operating system have regularly failed: IBM's OS/2, Apple's Mac OS, Palm's PDA OS, even Microsoft's own efforts to duplicate Windows dominance in other markets, from copy machines to PDAs to smartphones to SPOT watches to music players. The closest copy may be Symbian, but its customers are partners, not simply consumers of a generic third party's operating system as Windows licensees are. That indicates it is not necessary to duplicate the dominance exercised by Microsoft over the PC industry in the smartphone market. Google's Android and Symbian exist more as technology sharing pacts among manufacturers, but both aspire to take Microsoft's DOS role among smartphones. However, the idea that Apple's iPhone must be dethroned by a modern-day DOS, whether Windows Mobile, Android, or Symbian, is not just debatable, but does not sync with the reality of more recent events. Apple's recent history of the iPod further refutes the idea that a software analog to Microsoft is needed. The iPod Emergence: Apple & Pixo vs IBM & Microsoft. Apple's iPod in 2001 made no effort to clone the DOS business model; it actually did the opposite. When Apple entered the market, there were a number of existing MP3 devices using custom software, hardware designs, and DRM codecs. The iPod used off the shelf components to deliver a custom MP3 player using third party software, but Apple also added its own technologies: easy to use sync with iTunes, a fast Firewire interface that made uploading music far faster than the prevailing USB 1.0, and an attractive industrial design. With the iPod, Apple played the role of IBM in 1981, using Pixo's embedded operating system to enter the market quickly, just as IBM had used DOS. The difference was that Apple didn't direct any market attention toward Pixo and added a lot of value on top of that core embedded OS. A modern day Compaq couldn't simply clone the hardware and license Pixo to run on it in order to compete against the iPod, because the iPod was much more than just generic hardware running Pixo software. As the iPod developed, Pixo's role diminished and was eventually displaced. Just like IBM, Apple jumped into a new market just as demand was beginning to explode. Apple made MP3 players far more attractive to a general audience by delivering greater playback capacity than most entry level devices offered, along with an ease of use that encouraged buyers to jump in at the higher end of the market. That left Apple with not only the lion's share of the market, but also by far the most profitable segments of the market. Two decades prior, IBM badly fumbled its play with the early PC and ended up irrelevant in the PC world by the late 80s, sideswiped by Microsoft's DOS and the cloners who were licensing it in parallel, notably Compaq and later HP and Dell. Steve Jobs had witnessed that happen, and was determined to not let it happen again to Apple. Rather than being manipulated by a software middleware vendor as IBM had, Apple worked to incrementally develop the iPod market itself. After consuming the hard drive-based player market, Apple took on the Flash RAM-based market with a tiny hard drive system used in the iPod Mini, and followed up with Flash-based devices of its own in the Nano and Shuffle. This allowed Apple to progressively serve an increasingly wider market, incrementally growing upon an established foundation. With the iPod, Apple became, in effect, an IBM with its own internal Microsoft. Microsoft's Failure Despite Features. In contrast, Microsoft entered the music player market by promoting music player hardware reference designs around WinCE. However, it was unable to ship a finished design until the iPod had become firmly established around 2005. Later branded as PlaysForSure, the devices were sold by various hardware makers and all purported to support the same DRM and the same music subscription services while also offering a broader array of hardware that presented video before the iPod did, supported wireless before the iPod, and so on. Despite these unique features, all of those PFS designs still failed. Microsoft blamed the failure of PFS upon its music store and hardware partners and decided to take Apple on itself in 2006. It relaunched a Toshiba PFS player as its own device under the Zune brand, adding WiFi music sharing features and a larger display than the current Pods had. It failed dramatically as well. Did Microsoft's attempts to float a new DOS among music players fail because of Apple's success, or due to Microsoft's own problems? The failure of the Zune, which followed the iPod model rather than the DOS model, seems to suggest that Microsoft itself was to blame. Consider too that Microsoft's Windows Mobile phones, which use the same underlying operating system as its failed PlaysForSure music players and the Zune, had similarly flopped even before Apple could release a charismatic phone equivalent to the iPod. Of course, when the iPhone was released, it hit Windows Mobile hardest. The iPhone made Windows Mobile Smartphones look ridiculous and underpowered, and made Windows Mobile Pocket PC phones look clumsy and awkward, despite the fact that they both supported a variety of features the iPhone didn't, including the ability to edit documents, capture video, send MMS, and so on. Simply adding on features did not enable Microsoft to compete against Apple. The only conclusion that can be drawn from all this is that competing against Apple requires more than just having a feature arsenal. Microsoft's failures in themselves do not necessarily mean that Google's Android will fail in its attempts to float its own smartphone platform. Why Microsoft’s Zune is Still Failing Microsoft’s Zune, Vista, and Windows Mobile 7 Strategy vs the iPhone Will Google Succeed where Microsoft Failed? Microsoft's demonstrated inability to successfully enter consumer markets for MP3 players and smartphones has given observers little faith that the company will somehow turn things around in late 2009 when its next generation of devices are expected to be released. However, prior to that the first fruits of Google's efforts to build its own smartphone operating environment will arrive. Will Google's Android take over Microsoft's crown as the “DOS vendor” among smartphones? Supporters of Google's Android project point to some parallels between Android for smartphones and Windows on the PC: Android will allow hardware makers to differentiate in ways that can offer features Apple can't (or doesn't want to); it should allow software developers to offer features Apple does not allow on the iPhone; it embraces open, hobbyist experimentation in ways that Apple currently isn't; and it opens the potential for content providers that Apple is not interested in allowing. Openness is Android's key competitive feature. Will all this openness allow Google to unseat the iPhone to become the primary platform developers want to participate in, and subsequently soak up the market for third party hardware makers that Windows Mobile serves? While Google currently has no market share due to the fact that no Android phones have yet shipped, it does have broad vocal support from a variety of the same kinds of hardware manufacturers that supported DOS and Windows and helped to make those platforms successful in the desktop PC market. HTC and Android. The first Android phone is expected to be the HTC Dream; Taiwan's HTC (High Tech Computer) also manufactures Palm's Treo Pro phone as well as many of the most visible Windows Mobile devices. In addition to models produced under its own name, HTC also sells Windows Mobile devices under the Dopod brand, as well as no-name phones branded by providers, such as AT&T, Orange, Sprint, T-Mobile, Verizon Wireless, Vodafone, and others. HTC will also be building the XPERIA X1 Windows Mobile phone for Sony Ericsson. HTC was quick to throw its support behind Android despite its long term alliance with Windows Mobile. Why would it so enthusiastically support an unproven platform from a company that has no experience in consumer hardware platforms? One can only assume that HTC is not happy with the current state of Windows Mobile, and desperately wants another “DOS” to succeed where Microsoft's has so spectacularly failed. As an Original Design Manufacturer for Palm, HTC watched as Palm adopted Windows Mobile in place of the Palm OS and subsequently fell even deeper into crisis. Palm's only successful phone since has been its Palm OS-based Centro. HTC undoubtedly sees Android as its ticket to becoming the next Dell, but without a similar dependance upon Microsoft. Android for mobile phones is essentially playing the role of Linux for PCs, except that it has the backing of a major company behind it. Can Android Take on the iPhone with Openness as its Feature? As great as this sounds, it's important to consider that Linux on the desktop has made no significant progress in eating into Windows dominance after a decade of trying. Being open, free, flexible, and decentralized hasn't been enough of an advantage to get consumers to migrate from Windows to Linux in any fraction of significance. Similarly, in the music business, Linux-based MP3 players have had no impact on the iPod, despite offering more features, flexibility, support for additional codecs, and so on. In the mobile phone area, Linux enjoys a sizable portion of the smartphone market, but this is almost entirely due to phones sold by Motorola in China, where the advantages of Linux' openness are void. Motorola's Linux phones offer nothing to users in terms of openness or flexibility, and are really no different in terms of features than other appliance 'feature phones' based upon closed operating systems. And again, a key problem with assaulting Apple in a feature war is that neither the iPod nor the iPhone became popular by being “highly featured.” They both delivered perhaps 80% of the functionality found in all other devices in the market. Rather than trying to match every feature and cater to every niche as Microsoft had with Windows Mobile, Apple's devices did a few things very well at launch, and incrementally developed into full featured devices that still lack some of the more unique features of their competitors. Further, in terms of openness, the demographic that embraces Linux' characteristic freedoms is not the same as the demographic that buys smartphones in quantity and then pays for data service. This is a critical fact to consider because a big part of the iPhone's success stems from the fact that it is being pushed by mobile providers who want to capture the cream of the market willing to pay a premium for data services. The Frankenphone. Combining the fractured aesthetic of HTC's Windows Mobile phone hardware with Android's software, based upon Linux' perpetually unfinished DIY openness and Google's Java-like development platform, will not result in a product similar to the iPhone. Instead, it will look a lot like phones that have already failed in the market. Apple's advantage comes from slick hardware designs with a close attention to detail, combined with software that purposely does less so that it can do what it does better. Even Apple's own conservative attempts to broaden its software capabilities with iPhone 2.0 have resulted in instability problems that can be blamed upon both Apple's early releases of its phone operating system and software from inexperienced third party developers new to the platform. Would the current frustrations with iPhone 2.0 be somehow mitigated by additional openness that also embraced all kinds of variables from different hardware makers with less quality control than Apple, a loose committee of additional cooks working to serve up operating system features targeted at every possible conceived need, and a wider third party software group with fewer constraints on illegal behaviors? The Failure of Open. While it is politically unpopular to criticize the well meaning efforts of open source contributors, the failure of Linux on the desktop, the failure of the vaporware Indrema game console, and the failure of the OpenMoko project to deliver a workable phone within a year of its deadline all underline the serious problems open development faces in the world of consumer oriented devices. Open has simply failed to deliver on its promises in the world of consumer hardware. OpenMoko was supposed to release its first mobile phone to consumers for $250 several months in advance of the iPhone. When the iPhone shipped, the group then announced new plans to get its phone out by the end of 2007. Instead, this spring the group announced new plans to move to an entirely different development platform, and ship its phone mid year for $400 with limited functionality and incomplete software outside of basic GSM phone features. Linux's notable successes, from Motorola's Linux phones to the Tivo DVR to Linksys Routers, have often come without any associated openness or freedom, and were instead delivered simply to provide their manufacturer with a free kernel to build upon. This indicates that while Linux may find its way into an increasing number of smartphones, it will likely not be accompanied by the glorious freedom of an open development environment Google has said it would offer with Android. Apple iPhone vs the FIC Neo1973 OpenMoko Linux Smartphone Can Google Succeed Where Open Has Previously Failed? Despite “openness” being Android's strongest competitive feature compared to Apple's iPhone, Google recently revealed that its wide-open development model is intentionally gravitating towards a closed association of top tier partners due to practical considerations. In July, Google accidentally sent out a notice that revealed that it had been seeding private SDK updates to only a subset of its contributors, angering those who believed that Android would be as open as Linux on the desktop or the OpenMoko project. Further, Google has restricted initial development to higher level APIs just as Apple did, further indicating that Google itself realizes that being wildly open to impress a minority of hobbyists will not result in the commercial success of its new platform. That serves to neuter Android's primary advantage over the iPhone. Without delivering on the premise of being wide open, Android is really just a less mature set of Java libraries used to create a specialized binary that runs on a Linux foundation. Unlike Apple's iPhone, Android phones won't have a slick user interface developed by professional artists, nor the iPhone's legacy of mature software development frameworks crafted over the last thirty years, nor the iPhone's tightly integrated hardware with award winning industrial design, nor its marketing power tied into the iPod and Apple's retail stores. Android won't be an open iPhone, it will only be a Windows Mobile phone with a better kernel that runs specialized Java software instead of Win32 or .NET code. Don't expect consumers to be impressed by that. The Biggest Missing Feature. There is one remaining factor that strangles to death any last remaining hope that Android might assassinate the iPhone and assume the crown of the “DOS of smartphones.” That is: Android delivers zero price advantage to consumers. In 1981 and 1991, consumers who wanted Apple computers faced the sticker shock of a somewhat arrogant price tag. Apple sold its computers, as it still does, at the higher end of the market, but there was simply far more range in prices available. In 1981, that meant the Apple II was $2600 and the new Apple III was $3500, even before you added a monitor. On the low end, Commodore sold its far less powerful, but “still a computer” Vic-20 for $300, while IBM entered the market with the IBM PC at $3000. Over the next few years, Apple focused on delivering additional sophistication at the same price, releasing the $10,000 Lisa and then the $2,500 Macintosh. IBM continued selling PCs in the same $3,000 to $10,000 range, but other DOS PC vendors began selling machines at prices that ranged as low as $1500. That left Apple with a roughly $1000 price premium over low end PCs. The products weren't really comparable, but consumers only saw the huge price difference. In 1991, Apple was still selling moderate to high-end Macintoshes for $3,800 to $10,000; the crippled Mac LC was $2500, and obsolete-at-birth Mac Classic ranged from $999 to $1500. Windows allowed PC makers to ship a functional $1500 PC and claim a rough approximation to Apple's $2500 entry level system, maintaining that apparent $1000 price premium. Today, pundits are lucky to find a Dell or HP system that is even a couple hundred dollars less than a comparable Mac. However, in the smartphone business, the iPhone 3G is now the same price, if not less, than generic competing phones on the market. Even more significant is the fact that the price of the phone hardware is nearly nothing compared to the cost of the service plan. This fact simply eases any price premium that could cause buyers to flock to a smartphone running a generic operating system over buying the iPhone 3G, regardless of whether it runs Windows Mobile or Android. 1990-1995: Planting Software Seeds Android Partners Have Already Failed. That same pricing principle similarly prevented buyers from considering many of the alternatives to the iPod. While Apple's original iPod models were more expensive than many of the first MP3 players on the market, they were price competitive with models offering similar features. By 2004, it was Apple who was undercutting MP3 competitors on price. Microsoft offered zero price advantage when it began selling the Zune, a major factor in its failure, but Microsoft simply couldn't out-price the iPod; it was already losing money offering the Zune at the same price as the iPod. Apple now has tremendous market power in buying RAM and other components that will prevent any competitors from being able to offer a huge discount over the iPhone's $199 price tag. Even if competitors were to give their phones away, they would only offer a $200 discount to users who would then still need to pay the same mobile fees to use the phone. Android's other partners, including Samsung and LG, have already failed to capture any significant market share in the music player market. Are they going to maintain their position as smartphone makers now that they face similar competition from Apple, its iPod ecosystem, its iTunes Music and Apps Store, Apple's retail store experience, and other factors that are pushing the iPhone? If they can, it is not obvious how partnering with Android will help. Other Problems for Android. Android was announced in early November 2007 and was followed with an early preview SDK within a couple weeks, a month ahead of Apple's initial announcement of the iPhone 2.0 SDK. However, between March and July 2008, Apple delivered nine progressive releases of its SDK, opened its App Store, and sold 60 million apps, raising $30 million to support iPhone software development in just the first month. It has since released three more SDK updates to developers related to iPhone 2.1, which is expected next month. Android just published its first open SDK beta update earlier this week, warning developers that “applications developed with it may not quite be compatible with devices running the final Android 1.0.” Additionally, Android still has no phones available. By the time the HTC Dream is expected to launch, Apple will have an installed base of around ten million iPhone (and iPod touch) users supporting software development through iTunes. The business model for selling Android apps is no better than that for selling jailbreak iPhone apps: there is no iTunes Apps Store to promote them, so users will have to track them down on their own. Android developers also have no real freedom that jailbreak iPhone developers lack. The only difference is that there are ten million iPhones to sell jailbreak apps to, and currently zero Android phones. If selling a jailbreak iPhone app sounds like more trouble than its worth, imagine trying to sell Android apps to a non-existant audience. Now add the official iPhone App Store into the mix, where publicity, promotion and profits are booming. What platform is going to have the most applications? How many users will flock to a smartphone platform with no apps? The wisdom of releasing a desirable phone and achieving a significant installed base before releasing an SDK makes a lot more sense in retrospect. Additionally, while Apple has a decade of experience in shipping regular updates to Mac OS X and its Xcode developer tools, Google has only shipped a random assortment of web-oriented SDKs (a number of which have been abandoned) as a tangent to its core business of selling advertisements. When the Android SDK 1.0 is finished later this year, developers will not only lack an installed base to sell their apps to, but will also have no high profile market for selling their apps in, and subsequently no financial incentive to develop applications that add value to the Android platform, just like Linux on the PC desktop. Around the same time, possibly within the next month, Apple will be shipping its second major OS release: iPhone 2.1. Apple will also be upgrading its entire user base to the new software so that developers will have a cohesive platform to target. This mirrors the efforts Apple has taken to upgrade its Mac OS X users to the same reference release. Mobile developers will be seeing money pouring in via iTunes while crickets chirp in the Android section of various mobile online stores. Apple’s iPhone Vs. Other Mobile Hardware Makers: 5 Revenue Engines Same Same, But Different: DOS Model Problems. Android developers will also have a series of other problems to manage. Like Windows Mobile, Android is intended to support everything, from BlackBerry-style keypad phones with a small touchscreen to the simple Windows Mobile Smartphone form factor lacking a touch screen to iPhone-like full size touch screens. Also like Windows Mobile, Android phone makers will have the option to leave off Bluetooth, WiFi, GPS location services, graphics hardware acceleration, and so on. Each Android phone will also have unique camera hardware, support for different video and audio codecs, and varied support for other differentiating proprietary services demanded by mobile operators. This will force developers to to make complex decisions regarding the lowest common denominator they choose to support. So while the iPhone will have a cohesive feature set, a managed software environment, and a functional market, Android will be a loose federation of hardware makers selling the same random features found on Windows Mobile today, with a chaotic development environment that lacks any central market for users or developers. And it will be run as an experiment by a company with no experience in consumer hardware or platform development. The Missing Tap. One specific example of the “DOS model problem” is that Android currently does not support multitouch. It's not touched on in the API, and Google quietly tap dances around its omission. Why no multitouch? Because multitouch screens are expensive, and most OHA hardware members are more interested in making a profit in a competitive phone market rather than impressing consumers as Apple did with the iPhone. Most existing smartphones, even those trying to directly rival the iPhone, use a stylus driven, pressure sensitive tap screen or a simpler, cheaper touch technology that lacks support for sensing multitouch. The iPhone's screen can actually sense up to five fingers at once, but the primary feature multitouch offers on the iPhone is the two fingered tapping and the pinching effects everyone associates with it. Android could certainly support multitouch if there were a demand for it, but that's the point: Google knows that its hardware partners are cheap and unlikely to put out hardware that actually competes with the iPhone. Instead of using expensive technologies that deliver clever yet largely invisible functionality, OHA members, just like PC makers, are far more likely to add flashy, impractical gadgety fluff that's cheap to tack on, such as slide out keyboards, neon tubes, and scratch and sniff stickers. That's how you impress gullible nerds on the cheap. Google itself is blowing smoke and erecting mirrors to distract from the reality that it being a “DOS vendor” means supporting bargain basement hardware from penny pinching duplicators. Android has been demonstrating some “wow” features such as a Street Maps app that pans around based on an internal compass in the demonstration phone. The problem is that that kind of thing only makes for a fun demo. Nobody needs to twirl around their phone in the air to see a view of the other side of the street, but everyone who has used an iPhone will wonder why they can't pinch to zoom out. Even worse, most Android phones aren't going to have a compass built into them, so Google is demonstrating features most Android users won't be able to use. That Sounds Like Microsoft… Google's design decisions are beginning to look a lot like Windows Vista; rather than actually working to make laptops boot faster, Microsoft came up with the idea of adding a small screen to the back of Vista laptops so users could check their email without having to wake the system up. But this was a stupid idea for a number of reasons, the most obvious being that most users just want a laptop that boots up quickly. Few laptops got the mini screen, but every user who tries Vista on their laptop will wonder why it doesn't boot up as fast as Mac OS X Leopard. In the same way, Google is advertising features for Android that most users won't ever see in their actual phones while ignoring things people will expect based on their exposure to the iPhone. Android is simply selecting the wrong features. Android will offer the advantages of supporting MMS, recording video, and the list of other features Windows Mobile already supplies. Those features didn't stop Apple from firing past Microsoft in the smartphone arena however, just as the Zune's highly touted WiFi and screen didn't phase iPod buyers. Incidentally, just months after the Zune, Apple had not only demonstrated a larger display but a higher definition multitouch screen, and not only WiFi, but functional WiFi that could be used to browse the web or check email. This suggests that Apple, with its faster release schedule, won't stay behind any of the leading features potentially offered by Android for very long. Android partners, however, will find it as difficult to catch up with Apple's unique features, just as Microsoft has been stymied to keep up with Mac OS X, the iPod, and the iPhone. The underlying reason: both Google and Microosft are tasked with maintaing support for a huge variety of hardware options demanded by all their partners. Apple has the unique circumstances to do only what it needs to do itself. Android in Windows Mobile's Shoes. Like Windows Mobile, Android faces a difficult market. In the US, it competes against the popular BlackBerry in corporate markets and the iPhone among consumers. Worldwide, it competes against entrenched market leader Nokia. The difference is that Google, unlike Microsoft, has no in. Windows Mobile was adopted by Windows-bound IT shops despite its weaknesses. Nobody has any preexisting reason to try an Android phone apart from hobbyists and open software enthusiasts, a demographic that has done little to move Linux on the PC desktop. Google also lacks Microsoft's installed base; it's starting from zero. The smartphone industry initially doubted Apple's chances of making much progress with the iPhone, despite the company having the Mac platform, the iPod, retail stores, platform development experience, marketing savvy, industrial design prowess, and so on. Google doesn't have any of those things. Mobile Providers vs Android. Apple also started with an exclusive partnership with AT&T, a three legged race that demanded effort from both. Google is hoping that hardware makers handle the hardware details and that mobile providers will be excited to sell its Android phones. While hardware makers such as HTC clearly appreciate having found a free alternative to Windows Mobile, it's not obvious why providers would be excited about Android, as it promises an openness that most mobile providers strongly oppose. AT&T took a big risk in getting behind the iPhone, as the phone encouraged users to use email rather than fee-based SMS and MMS, it supported WiFi for data access, and it bypassed AT&T's MEdia Net services to plug into iTunes instead. Verizon refused to parter with Apple and grant it those kinds of concessions. Is AT&T going to take a similar risk to partner with a phone that is not exclusive to it, and is Verizon now going to open its arms to support phones that do not exclusively support BREW, VCast and its other proprietary services? While Android may well eat into Microsoft's Windows Mobile business by stealing away its hardware makers, it seems unlikely that Android will ever serve as more than free alternative to Windows Mobile in a market where Windows Mobile is increasingly irrelevant. Android may have the dubious distinction of swallowing Microsoft's mobile business the same way Microsoft ate up the Palm OS, but even if it accomplishes that goal, Google will likely find itself unsustainably hungry immediately afterward. It will also find itself swimming in a shark tank of hungry rivals, including Nokia's Symbian, RIM's BlackBerry, and Apple's iPhone. Symbian is the final generic platform vying for the opportunity to play DOS in the smartphone market. The next article will examine Nokia's chances in its bid to match Microsoft's PC dominance in the mobile market while setting out in a new venture to copy Android's open software model. Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas. Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast (oh wait, I have to fix that first). It's also cool to submit my articles to Digg, Reddit, or Slashdot where more people will see them. Consider making a small donation supporting this site. Thanks!
Is Apple's MobileMe Secure?

Daniel Eran Dilger A recent article presenting how MobileMe works was been roundly criticized by at least three different bloggers. While the original article did not primarily address MobileMe security, the statements made about MobileMe's security do warrant some additional detail and clarification. In contrast, much of the criticism was wildly overstated to the point of actually misinforming users about the actual state of MobileMe and email security. Here's a look at what's involved. Inside MobileMe: Web 3 and Web Client-Server apps MobileMe's Web App Data Transactions are not SSL Encrypted. I enjoy reading John Gruber's excellent Mac resource, the Daring Fireball. It initially stated, “AppleInsider reports that the MobileMe web apps supposedly do use SSL, even though you don’t see 'https:' URLs or the 'secure' lock icon in your web browser.” However, the referenced article did not ever state or even suggest that MobileMe's web apps use SSL or other forms of encryption when accessing the web apps for email and other services, outside of login and account settings. Gruber corrected the misstatement after being notified of this. For the record: Apple's MobileMe desktop email can be secured via encrypted SMTP and IMAP; Apple presents details on how to ensure this is set up, as users may not have this enabled by default. Address Book and iCal sync on Mac OS X is secured automatically when it transacts with Apple's server cloud. Windows apps use the same security when syncing their data via Outlook through iTunes for Windows. The iPhone and iPod touch also support encrypted email and all push messages are also secured via encryption. However, the MobileMe web apps are only secured by SSL through the initial login authentication session and again only when users access their account information to do things such as change their password, update their billing information, or order additional services. Outside of that, all email, calendar, and contact data that is exchanged between the web client and the cloud is not encrypted, and can be sniffed by anyone with access to the network (below, click to enlarge). What Unencrypted Web Apps Mean for Users. This means that as you send email, read emails, create new calendar items, view calendar events, and view contacts, that data is being sent in the clear across the Internet between the web browser and the cloud. This does not mean that if you access your email, anyone who might be sniffing traffic could intercept your account information, your login, your credit card information, or change your password. They also could not access anything you did not access yourself, so creating an email does not automatically allow them to read through your contacts, for example. MobileMe's limited SSL protection on its web apps presents a real (albeit unlikely to be widely exploited) security hole. However, it is important to note that Microsoft and Yahoo provide the same, limited level of SSL protection for their web services as Apple does; both Yahoo Mail and Microsoft's Live Hotmail send data in the clear after the initial login. Google has just started offering SSL protection by default for Gmail (below, click to enlarge). A followup article recommended that Apple should use the same IPSec-type of security for its MobileMe web services as it does for desktop sync. Other critics have noted that because Apple charges $8.25 per month for MobileMe, it should provide a better level of security than Microsoft or Yahoo and at least match Google. At the same time, it is important to recognize that adding SSL encryption does not automatically or even fully secure email. Apple’s secret “Back to My Mac” push behind IPv6 SSL is Not a Panacea. Blogger Jens Alfke, who works for Google, also took the MobileMe article to task. Alfke wrote that Apple's MobileMe apps not only do not perform data encryption, but also leave open the potential for rogue hackers to perform DNS forgery or phishing attacks that SSL could help prevent, or at least flag as a problem for the user when they occur. For example, a user trying to access webmail at me.com could hypothetically be redirected to a fake me.com by a bad DNS server, Alfke wrote. With SSL in place through the entire transaction, the user should at least be warned that the impostor me.com site did not match its known certificate. Without SSL, MobileMe web apps could therefore theoretically fall prey to a man in the middle attack, where all transactions were passed through a malicious user's third party control for tampering or viewing. Additionally, Alfke theorized that the web apps themselves could be replaced entirely by a fake site that pretended to be MobileMe in an Invasion of the Body Snatchers scenario. There are two problems with these scenarios. Alfke's assumption that MobileMe's “unauthenticated JSON exchange” could be easy to exploit, allowing redirect via bad DNS, is based in conjecture not fact. In response to his posting, Andrew Jaquith of the Yankee Group pointed out “there are lots of ways for two parties keep rotating secrets on both sides of the wire without disclosing them. See, for example, RFC 1938. I don’t know exactly what Apple is doing with JSON, but dismissing it just because it isn’t encrypted doesn’t prove anything.” Jaquith also described why SSL is not good for “verifying that software is 'genuine' or that a website is what you expect,” as Alfke claimed in dismissing Apple's security architecture for its MobileMe web services. Jaquith presented a scenario that would result in “a supposedly sniff-resistant [SSL] session that is still nonetheless 100% hosed.” Re: MobileMe Webmail Security — There Is None — Thought Palace Security through False Assurity. On top of that, even in cases where SSL could identify that something bad was happening, the only protection SSL really provides is to throw up a warning about security certificates that most non-technical users browsing at Starbucks would likely just click through to dismiss before happily giving away their credit card info, thinking they are safe because they are interacting with the “SSL” icon on for a website. When Apple transitioned from .Mac to MobileMe, users were presented with a SSL warning related to mac.com being redirected to me.com, and nobody seemed to even notice. SSL warnings are similarly not going to secure users who do not understand the security issues involved when they are sent to me.info or me.192168.com, or redirected by a malicious DNS to a server pretending to be me.com but failing the SSL check. Therefore, the benefits of adding SSL were greatly overstated by some critics, who also failed to even consider its drawbacks and limitations. If Apple simply added SSL, it certainly would, as stated in the original article, provide a “false sense of security that distracts from real security threats.” At the same time, the original article also understated the value SSL would provide web browser users. Adding SSL security throughout MobileMe's web apps, particularly those that deal with private data, would likely provide benefits that overshadow the added overhead. Despite that, it would not “secure” email for users, as described below. Never Cry Poppycock. While the original article was not purporting to be a tome on security, another response to it claimed special expertise in security. However, the author not only greatly overstated his case, but also resorted to unprofessional language in demeaning and dismissing the whole of an article just because he took issues with a minor portion of it. Rich Mogull's “MobileMe Web Interface Insecure, But Other Apps Get It Right,” published by Tidbits, provided some interesting comments on the subject, but began with an unnecessarily arrogantly overstatement of criticism that misstated the point and the context of the article in order to attack it as “patently false” “technobabble” “poppycock” and so on. Mogull didn't contact the author of the original article prior to writing about what he claimed was so wildly inaccurate. In addition, his own presentation is flawed and overstated in ways that are far more misinforming than any disputed details in the original article. TidBITS Safe Computing: MobileMe Web Interface Insecure, But Other Apps Get It Right Consider the Context. Mogull jumped upon a quote taken out of context, which was actually talking about how MobileMe and other JavaScript apps manage security related to JSON transactions. The context of the quote was the potential threat posed by sending self-executable JSON as opposed to simple XML data: “Being able to inject executable code into a system from malicious sources is a primary security problem. For that reason, web apps that transmit data using JSON have to authenticate with the server and regularly perform security handshakes to ensure that the data being sent back and forth is indeed coming from and going to a trusted source.” Mogull not only ignored that context, but only linked to the second page of the article, where the quote appeared without its immediate context. This enabled him to present that the comments on how JSON is secured were entirely about “why SSL was unnecessary,” which was not the point of the text at all. Quibble vs Patently False. The article presented that there was “unnecessary panic among web users who have equated their browser's SSL lock icon with web security;” that is accurate. While SSL encryption provides an additional layer of security, is not infallible. SSL security requires faith in fallible architectures that have regularly published vulnerabilities. Suggesting that SSL would be a panacea for webmail is false for a number of reasons: SSL can be spoofed; the browser only presents a cryptic warning when that happens, which many users would not know how to handle if it were being spoofed; and the larger fact that even SSL-secured web email is not really secure. The original article also correctly pointed out that SSL could provide a “false sense of security that distracts from real security threats.” Users who think that SSL web-based email is secure and therefore appropriate for sending confidential information are in for a rude awakening. Email is not secure, and carefully securing part of the email transmission is like only locking three doors of your car. It's better to understand that thieves can take anything in your car rather than to lock three doors and assume that you can leave valuables on your seat that cannot be taken. Mogull is arguing that Apple hasn't provided a functional lock on the driver side door of its webmail service, ignoring the fact that Internet email has no locks on the tailgate or the rear doors at all. This is penny wise and pound foolish security, and can be judged as the “patently false technobabble poppycock” that he quickly used to dismiss an article that was only touching on one aspect of security in a larger piece that was really addressing how MobileMe works as a service and the future potential it holds out. Mogull's reply was entirely about security, but it delivers the wrong message. It's not just easy to quibble about some of Mogull's details; his primary argument that the original piece was ridiculously wrong is just false, primarily because he overstates it in such an over the top, arrogant way. SSL is Not Evil. Having said that, the original article did understate the value SSL can add in securing webmail. SSL is useful in protecting users at the point where they will be most vulnerable when checking webmail, as they are more likely to be at a public terminal or perhaps using unsecured public WiFi when using the web rather than desktop clients (which are secure using encrypted transmissions) or an iPhone (similarly secured). SSL web apps would provide MobileMe users a similar level of security; Apple currently does not present this throughout the entire webmail session, only when the user authenticates and if they enter account details to change their password or order new services, as noted previously. With SSL, webmail addressed to other MobileMe users, as well as access to one's own contacts and calendar would be very secure. Email to other domains would continue to be exposed to Sending email is like sending a postcard: anyone intercepting the postcard on its way to the post box, from there through the mail system, or on the way to the recipients mailbox will be able to read what's written on it. Encrypted email is more like a letter written in code inside of a security envelope: it would be far more difficult to view its contents. However, SSL email only provides security for part of the trip; it's like carefully guarding your postcard until you drop it in the mailbox. This will prevent casual eavesdroppers from seeing what you've written, but won't protect you from having your postcard read from that point on, because it is wide open throughout the rest of the trip. In addition, when using a public computer or improperly secured WiFi network, the SSL security provided to a webmail user can't be trusted. A public PC is just as likely to have a spyware keylogger installed (if not more so) than a malicious hacker listening in on the transmission remotely. Your emails could therefore be spied upon before they were sent through the secure SSL pipe to the cloud. Similarly, using an unsecured WiFi connection opens a user to security issues that far outweigh having your email transactions possibly sniffed. Additionally, across the industry there are few webmail providers who deliver greater security that Apple's MobileMe. Google just recently added SSL, while Microsoft and Yahoo provide similar security to Apple's web interface in MobileMe: SSL encrypted authentication and account protection (you can't change your password in the clear on MobileMe, only in an SSL session). Doth Protest Too Much, Methinks. So while SSL isn't worthless, it does not present the bulletproof panacea that Mogull suggests it would in his over the top, excessively arrogant, one-sided attack piece. While the original article's understatement of the benefit that SSL could bring to Apple's MobileMe webmail could rightly be criticized, it did not say that the existing webmail service was secure. Instead, it said email was not secure and shouldn't be trusted, and that SSL could provide webmail users with a false sense of security. Mogull presented this in a mocking, simplified paraphrase as, “we think SSL would bog down performance without providing security.” He then concedes that he has overstated his own arguement by agreeing that SSL would have a limited impact on securing users, saying, “While there's a reasonable, if small, risk someone might sniff your connection when you are out in public, the odds of a redirection attack are extremely low.” Mogull could have presented his last paragraph, essentially warning users that MobileMe's web interface exposes them to unlikely but theoretically possible dangers, and explain that Apple's expanded use of SSL could help secure its webmail service from some of these kinds of attacks. Instead, the solution he demand would only provide limited benefits to users, while providing that suggestion that webmail is more secure that it really is in practice. This would suggest to user a greater level of security than would actually suggest, a far worse problem than acknowledging that email is simply not secure and should not be treated as such. Ridiculing the original article for presenting the fact that SSL is not a panacea, explaining unrelated facts about JSON, and describing that email shouldn't be trusted was all entirely unnecessary, and really just presented in a unprofessional fashion. Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas. Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast (oh wait, I