There's a lot of buzz about openness lately. Google is developing Android, an open mobile operating system. The three biggest US mobile operators have pledged to "open" their networks.
So what does this really mean for users and developers? I can't predict what the networks and device makers will actually do but I've been thinking a lot about openness means to me as a user and as a developer. This post is an attempt to define what I expect from a network or device that calls itself open.
To me, a mobile network is open if:
1) Any comparable device can be configured and used for all the services a mobile network commonly provides; voice, SMS, MMS and data. If the network supplies other services like location data to some devices or services, it should provide that data, with the users permission, to any device at the same price.
We are already pretty close to achieving this, GSM/WCDMA networks are open to any device by swapping SIMs and CDMA network providers are at least giving lip service to openness. The CDMA carriers do need to do some work in this area primarily with implementing online ESN changers that allow users to readily swap devices on their account, supplying users with unlock codes and documenting the rather arcane hidden setup menus of CDMA phones.
2) All the technical information that's needed to connect arbitrary devices to the network is publicly available without charge. This includes things like APN names and proxy, DNS and SMS gateway addresses. I don't expect operators to provide free technical support to users just to make the information available. Again, this should not be too hard to achieve.
3) Charges should be based solely on the types and quality of services used regardless of the type of device. All services should be available at a reasonable price without committing to a contract. This doesn't preclude offering discounts in return for accepting to a contract.
I expect more resistance to equal pricing for services regardless of price. The big stumbling block will be the myth of unlimited data. Mobile spectrum is very expensive and it's spectrum which determines bandwidth. With today's technology no one can afford truly unlimited mobile bandwidth. Users are accustomed to unlimited data plans from the wired Internet and carriers have been catering to them by selling "unlimited" 3G data plans to feature phone users for 15-20 dollars a month. These plans usually have "fair use" caps of around 5 GB per month. Use more than that and you'll be told that you have obviously been tethering and you will get cut off. Fair enough, although it's easy to exceed 5GB by watching streaming videos for hours on end using even a low end phone. The problem is that in the US at least, the caps are not published and the carriers will refuse to even sell you the $20 plan for use with a datacard or smartphone, even if you are willing to limit you usage to 5GB/month. I'm OK with the provider perpetuating the myth of the $20 "unlimited" plan on feature phones for marketing reasons, just let me buy 5GB for $20 regardless of what device I'm consuming it with.
Devices: I consider device a device open if it has an open application platform. The OS doesn't matter in determining a platform's openness and it doesn't matter if applications are written in Java, Flash, C++ or something else, A platform is open if:
1) Developers can create applications using readily available and documented tools. The development tools don't have to be free but they should be affordable to individual developers including hobbyists and students. The applications created with these tools should be able to be deployed and run on any supported device. Except for BREW, this is already the case for the major application platforms.
2) Users should be able to install any application or media content (music, videos, ringtones) over the air from any URL and/or by sideloading from a PC. There really shouldn't be any argument of this, if the interfaces to a device are arbitrarily restricted the device surely isn't open.
3) Applications need to be allowed read and write access to core phone functionality like contacts, calendars, messaging, the bluetooth and network stacks and to hardware including the camera. Users do need to be warned if an application will access personal data or use networking services but they should be able to allow or disallow the application access to that resource either temporarily or permanently.
4) If the platform supports application signing, users should be warned if an application is unsigned or if there is a problem with the signing, however they should still be able to install an unsigned application or an application with an expired or unrecognized certificate. Users should be able to grant or deny any and all privileges to applications regardless whether they are signed, unsigned or improperly signed.
5) Packaging an application for deployment should not require any additional licenses, certifications or third party testing. Code signing can be supported to insure application authenticity and integrity but should not be required for any type of access.
I'm sure there will be a lot of resistance to the open security model that points 3, 4 and 5 define. I expect carriers and software publishers to defend the current Byzantine maze of application signing. Security is very important, especially to users, but the current mobile security model is totally broken and is severely restricting mobile application development and innovation. Users, not carriers and device vendors should own security. It looks like Google agrees. As I understand it, Android security is completely user driven. All 3rd party applications are treated equally. There are no certificates and no privileged security domains in the Android security model. Applications must declare their intention to use each specific sensitive resource (network, messaging, camera, location, etc.). At install time the user given the choice of allowing temporarily, allowing permanently or disallowing that application's access to each protected resource. That is the open way to do security, with all applications treated equally and the user alone deciding which vendors and applications to trust.
The Internet and the PC revolutionized the way we live and work, and created huge business opportunities. I think it's generally agreed that they succeeded largely because of their openness. Innovation and grass roots entrepreneurship flourished because of low barriers to entry. Any kid in a garage could create a product which anyone could use. Some of those kid's products became Microsoft, Apple, Yahoo and Google. I believe that we are on the verge of a similar of an explosion in adoption and opportunity in mobile data that will be at least as big as the PC and Internet revolution. But to achieve that the barriers to innovation have to fall. Mobile networks have to become as open as the Internet and mobile phones need to be as open as a PCs.
How do you feel? Is openness in mobile platforms desirable? Is the Android user-driven security model workable or do users (including you) need to be protected from themselves? I encourage you to start a dialog by expressing your thoughts in a comment.