Why Android Matters

Android logoThe first public showing of Android prototypes at last week’s MWC generated a lot of interest although the comments weren’t all positive. Android was faulted for looking like just every other mobile operating system and for lacking the elegant ground breaking user interface of an iPhone. One commenter was disappointed by the lack of any sign of an integrated advertising platform or any other ground breaking APIs.

These criticisms are somewhat valid but I think they miss Android’s real significance. Android will be as much of a game changer as the iPhone but for different reasons. Google is creating the first developer and user friendly mobile application platform.

Before the iPhone and Android, the real customers for devices and mobile OSes where the mobile carriers. Nokia, Microsoft, Sun, Symbian, RIM and Palm depend on the carriers to sell their products. The carriers want to maximize revenue by being the exclusive source of applications and services to their captive audience of customers.

Symbian, Windows Mobile, Palm, Blackberry were all built with a security model based on code signing certificates. Certificates authenticate the creator of a program and that it hasn’t been modified. With mobile applications they are also used to provide a standard way to create branded handsets where the most desirable API’s like network, location, messaging and phonebook access are restricted to applications signed with a carrier provided certificate.

Want to use Shozu to send photos to Flickr or IM with Jabber using your unlimited data plan? With most T-Mobile USA or Sprint branded phones you can’t do that. ATT’s handsets at least let the applications run but subject users to a barrage of “Allow program to send and receive data?” messages that can’t be turned off. The situation is somewhat better outside the US but even unlocked, unbranded phones are affected by the application signing model. My Nokia N95 requires native applications to be signed although for most types of access, including file system and networking,  developers can self-sign their applications for free.  Location and the phonebook are off limits to self-signed applications, however. Running unsigned network-aware Java ME programs on the N95 produces prompts to allow access every time the app is run. It’s not possible to grant permanent permission.

Imagine if developers of PC applications were required to obtain a costly Microsoft or Apple certification before their applications could save files or connect to the network. Had that sort of restriction had been in effect 30 years ago most of us would still be using typewriters. The current signed security model in mobile along with the high price and unpredictability of metered data plans have had a huge negative effect on innovation in mobile services and applications.

Android will destroy the signed security model in mobile. Based on everything I’ve read and heard, Android will not use certificates. Instead, applications will have to declare their intention to use sensitive API’s like location and messaging at install. The user will be prompted to allow or disallow each type of access while installing. That means that anyone can develop for Android without asking for permission from a carrier or device manufacturer. Users will control their security and will be able to install any application with fine grained control over what it’s allowed to do with data and resources.

But isn’t allowing anyone and everyone to create and distribute Android programa dangerous? Not really, Android programs are Java applications and operate in a “sandbox” with no access to other applications, hardware or the OS except though tightly controlled interfaces. In order to reach out of the sandbox through an interface to a sensitive resource, a program must be granted permission by the user. The signing model took control of security away from the user and gave it to the carrier, Android puts the user back in control of his own security, something that has worked pretty well on the PC. Sure there are risks in an open application environment like Android or the PC but with risk comes reward. The reward with Android will be the availability of an enormous library of ground breaking software.

The iPhone is widely heralded for its user interface, but it’s biggest impact is in showing ordinary users that the web works on phones. A Google manager was quoted as saying that the iPhone generates 50 times the search traffic of other phones. I’m guessing he means per unit rather than overall but still that’s a huge difference. The big screen, capable Webkit browser and lack of native applications help but the biggest reason iPhone users surf the web so much is that Apple forced the carriers to bundle unlimited data with every iPhone voice plan.

In addition to making mobile browsing respectable, Apple turned the manufacturer/carrier relationship upside down by producing and marketing a phone that was so irresistible to consumers that Apple was able to extract concessions from carriers in return for being the exclusive national iPhone vendor. Google is taking a different approach. By bundling the Google applications and services that are so popular on the desktop with a free OS and hardware reference design, Google is hoping that the combination of a desirable product and cost savings for manufacturers and carriers will encourage them to build and sell Android phones. This probably wouldn’t have worked a year ago, but today every vendor that doesn’t have the iPhone is looking for something equally compelling to make or sell. Google’s strategy seems to be working, the US carriers, except ATT which has the iPhone, are falling all over themselves to support Android.

Getting back to those prototypes, Android devices aren’t likely to ship for another six months so there is plenty of time to polish the UI – although it will never be elegant as the iPhone, that’s not Google’s style. As for the lack of an advertising API, I firmly believe that it will be there at launch or shortly after. Google has built it’s whole business around serving relevant advertising alongside content. They have invested too much in Android for it not to return value to the bottom line. The whole point of Android is to dominate mobile advertising the way AdSense and AdWords dominate web advertising.

More Reading on Mobile Security:

Android Platform Documentation: Security and Permissions in Android
Security consultant Kenneth van Wyk compares Android’s security with the iPhone’s.
Developer Ofir Leitner on why signing Java ME development a nightmare
Symbian application developer Chris Woods on the Death of the Bedroom Coder
User complaints about security restrictions on ATT’s support forum

Android Logo courtesy Google

8 thoughts on “Why Android Matters

  1. Great staff dude, If i could program, I will do an open source Android that users can download to their mobile phone and customise it, so everyone would have a different interface

  2. In general your article about the security model is right, but I think you made one crucial mistake and left out the carriers in the whole game. Even the Android phone (better say a Android based phone) will be offered on a carrier and I’m pretty sure, that they will put their security policy on top of Androids permission framework. Something they do already with J2ME.

    The J2ME security model as such does not known anything about restricted APIs. Take a look at the European market, beside Vodafone, no application needs to be signed to access certain APIs or JSRs – the only which happens, you’re asked every time – which gets extremley annoying if you talk about applications which access the file system often, or make use of any of those APIs more often.

    Furthermore this is also a kind of security feature and one reason we haven’t seen so a lot viruses for mobile phones. Just imaging what happens if someone allows Wake-Up-On-SMS and Internet access…….

  3. Great blog Dennis.

    The evolution of mobility has seen vendors trying to graft a software environment onto what is essentially a phone operating in a phone-call/texting network and business ecosystem. Within this ecosystem, there are very real reasons why code-signing, as much as it hurts ‘garage developers’, is deemed necessary, mostly to protect the consumer.

    Mostly, mobile phones are perceived by their users to be predictable, stable and safe products offering similarly safe services.

    As I have often pointed out (see my recent post), the tension in the mobile world between the wider developer community and the operators is not properly framed. Operators, by and large, have solved – with enormous efforts and resources – a mobile telephony problem, not a mobile computing problem. Their business model and customer perception/expectation model is, perhaps reasonably, centred upon stable telephony and messaging services, not software services.

    When we get down to the nuts and bolts of a mobile computing ecosystem, there are various costs associated with delivery that would have to be met by operators and there are no discernible returns for them.

    With Android, it doesn’t offer anything from an innovation of technical point of view that would change an operators mind, as attractive as the new platform might be to developers. I suspect that, like Apple and the iPhone, Google will have to offer a compelling proposition to operators to get their acceptance of Android on their networks. This will boil down to a proposition that the Google Apps are want consumers want. I am not convinced that they do. Apple clearly has huge consumer appeal because of its iPod success. Consumers wanted an Apple phone, but will they want a ‘Google Phone’? Google-heads and developers might, but I don’t think consumers will be all that fussed.

    We might wonder what kind of deal will be struck in terms of advertising revenue to compel operators to adopt the ‘Google Phone’ (which is really what it will be, not an ‘Android Phone’ – this only appeals to developers, not consumers).

    It seems to me that this deal will all boil down to the Google apps. The whole Android-developer-open thing is just a sideshow.

  4. Dennis,

    Symbian’s requirements for certificates depend on phone and carrier.

    By default, Symbian devices don’t require signing for anything except access to what is effectively outside their “sandbox” (such as system areas of the filesystem, and the like). The contacts and calendar databases are available with an install-time grant given by the user.

    In other words, Symbian devices are very similar to Android devices, except that you can run real native code, with all the performance and flexibility advantages that that brings.

    Real devices that behave this way include all of Sony Ericsson’s UIQ 3 devices.

    On UIQ 3 devices, signing has several benefits: it allows you to get onto certain sales channels (such as SE’s own application shop), and it makes it a bit harder for crackers to steal and/or “malwarize” your app.

    Symbian’s signing regime is actually quite sensible, and it would be good if commentators (such as yourself) took some effort to understand it before comparing it to competitors, such as Android.

    Bearing these things in mind, the benefits you see in Android are already available in UIQ 3 devices. I guess then that it’s no surprise that:

    a) They’re usually ranked as the best source for ISV application sales per device
    b) They’re unloved by US carriers

    -Malcolm.

  5. Pingback: Taptology - Taptu Mobile Search Engine » Blog Archive » Carnival of the Mobilists #112: With our sights set firmly on the future

  6. Thanks for your comment, Simon. I didn’t realize that self-signed applications were re-distributable. That’s great and a big plus for the Symbian platform. I’ve updated the post to reflect that.

    It looks like Symbian Signed is still required for location and phonebook access though, right?

  7. This is incorrect…

    “My Nokia N95 requires native applications to be signed for network or file system access. Not a carrier certificate, at least, but still one that costs several hundred dollars discouraging open source and hobbyist developers.”

    Yes, applications have to be signed but they can be self-signed (as opposed to Symbian signed) which means they can be signed by anyone at zero cost. Self signed applications prompt to allow network access during the initial install – and never again after that. Self signed applications can access (with no prompting) most the file store except system areas and areas private to other applications.

    Simon

Comments are closed.