{"id":1184,"date":"2008-09-17T13:19:25","date_gmt":"2008-09-17T20:19:25","guid":{"rendered":"http:\/\/wapreview.com\/?p=1184"},"modified":"2008-09-18T12:31:55","modified_gmt":"2008-09-18T19:31:55","slug":"mobile-browser-based-applications","status":"publish","type":"post","link":"https:\/\/wapreview.com\/1184\/","title":{"rendered":"Mobile Browser Based Applications"},"content":{"rendered":"
Last week at both Mobile Web Megatrends<\/a> and the CTIA Mobile Jam Session<\/a> a major theme using the browser and mobile web technologies as a replacement for Java, BREW and native mobile applications.<\/p>\n Many of the developers attending both events who have been\u00a0doing Java and native applications expressed frustration with the economic and technical inefficiencies of the mobile application model.\u00a0 They mentioned platform fragmentation that requires hundreds of versions of an app to support even a fraction of the market, deployment and support issues, and the difficulties of marketing applications – both through the carriers and off-portal.\u00a0 A number of different groups in the mobile industry, not just developers but also device manufacturers and carriers are looking to the browser to solve this problem.<\/p>\n There are really two separate models of web based mobile applications that are being discussed.\u00a0 One is widgets, which on mobile currently means downloadable applications which look and act like traditional apps but are implemented using web technologies including JavaScript, HTML and CSS.\u00a0 Widgets use and depend on web APIs exposed either by the browser or by a widget engine such as\u00a0 Widsets<\/a>, WebWag<\/a> or Plusmo<\/a>. The other model is Ajax based Rich Internet Apps (RIAs) such as Google Docs. For all the buzz about widgets I think Ajax RIAs have the greater potential because they have less friction, nothing to download making users who are adverse to downloading feel safer plus they can live in a browser tab temporarily for intuitive context switching between related tasks.<\/p>\n As a mobile web guy all of this is music to my ears. But but as Michael Mace<\/a> pointed out at the Jam Session, two requirements need to be met before browser based technologies are capable being a general replacement for applications:<\/p>\n There are at least two cross platform initiatives dedicated to solving these problem, Google’s Gears<\/a> and the OMTP’s BONDI <\/a>project.\u00a0 There are undoubtedly others but Gears and BONDI are the most visible.<\/p>\n Gears is an open source project originated by and supported by Google.\u00a0 It is licensed under a BSD license. Gears is currently available for Windows Mobile 5 and 6 devices as a plug-in for Internet Explorer Mobile.\u00a0 Opera has announced that future releases of Opera Mobile 9.5 will include Gears. Android will also include Gears but probably not in the initial release.<\/p>\n At this point Gears does not include everything an application developer might want. There is no access to PIM data or the phone camera for example.\u00a0 What Gears does provide on mobile is online storage and data synchronization, a geolocation API\u00a0 and asynchronous background proceesing. Google has espressed commitment to aligning the Gears APIs with the evolving W3C HTML 5 and WebAPI standards<\/a> for offline data, synchronization and location.<\/p>\n Gears security uses a same-origin and permission based security model. Same-origin means that a script can only access an online resource via its own domain, protocol and port, in other words cross-site scripting is blocked.\u00a0 At the device level the plug-in prompts the user when an application using the Gears API attempts to\u00a0 access local resources.\u00a0 The user can grant or deny access. Gears can persistently store the permissions granted to a particular domain and API function so that the user is not prompted each time.\u00a0 For access to native functions Gears is ultimately limited by the device’s own security features.<\/p>\n Bondi is named after the famous Australian surfing beach and aims to provide great, but safe surfing. It defines interfaces and API’s that allow web based application access to device features and user data in a standard, controlled and secure manner. BONDI is a draft proposal of the Open Mobile Terminal Platform (OMTP), a non-profit mobile industry group founded by eight mobile operators. OMTP membership currently consists of over 35 companies\u00a0 including carriers, device and chip manufacturers, developers and content publishers.\u00a0 The OMTP’s goal is drive standardization and inter-interoperability accross mobile platforms.\u00a0 OMTP hopes that BONDI\u00a0 will find it’s way into handsets sometime next year.<\/p>\n The project’s scope is extensive and covers just about anything anyone could want in terms of access to phone features. BONDI has or intends to define JavaScript API<\/a>‘s for access to location; call log; camera and photo gallery; personal information including phone book, tasks and calendar; application invocation, persistent storage, making phone calls; messaging and message management; phone status such as signal strength and battery level as well as providing a set of standardized rich user interface controls including as alerts and resizable windows.\u00a0 The OMTP recently joined the W3C to champion the inclusion of BONDI in future mobile web standards.<\/p>\n As you would expect from an initiative with operator input, there is a strong emphasis on security. BONDI defines an elaborate structure\u00a0 of policies and access controls for granting web pages and widgets access to specific functionality based on certificates and certifications.\u00a0 This is a big change for web based applications.\u00a0 It goes way beyond the basic level of security provided by HTTPS secure web sites.\u00a0 As I read the BONDI draft documents, it looks like each web page containing JavaScript that accesses handset features through BONDI will need to be signed with a special BONDI certificate. This certificate which will only be granted after the web service or widget has been\u00a0 tested and verified for security and functionality by an independent testing lab.\u00a0 This sounds a lot like the process that applications need to go through to receive certifications like Java Verified and Symbian Signed.<\/p>\n In summary<\/strong>, Gears and BONDI have similar goals but are quite different in both scope and security.<\/p>\n Gears is shipping today with limited functionality, BONDI is very comprehensive in scope but availability appears to be many months away.\u00a0 I suspect that Gears will continue to gain more functionality and that BONDI will initially launch with a subset of its proposed APIs.<\/p>\n A more fundamental difference is in the way the two projects approach security.\u00a0 Gears extends to mobile the traditional web and PC model: inform the user of risks and trust him or her to act in their self interest.\u00a0 BONDI takes the paternalistic approach that users can’t be trusted to make wise choices. The platform itself must enforce security through verification and certification.<\/p>\n Security is always a trade off betwen user empowerment and safety.\u00a0 The BONDI approach undeniably does a better job of protecting both user data and network security.\u00a0 But it also creates more barriers to entry for developers and vendors, tending to reduce innovation.\u00a0 An open approach such as Gears’ enables greater innovation with some increase in\u00a0 risks for users and networks.\u00a0 There is a place for both approaches.\u00a0 Carriers and Enterprise IT will demand a secure verified application environment for the devices they sell and support. Open source developers, power users and new hardware makers without access to carrier distribution channels will appreciate the opportunities and low barriers to entry of the more open model.\u00a0 I support both. Together they will help to define a new era of web based mobile applications.<\/p>\n Related Posts<\/em>: Last week at both Mobile Web Megatrends and the CTIA Mobile Jam Session a major theme using the browser and mobile web technologies as a replacement for Java, BREW and native mobile applications. Many of the developers attending both events who have been\u00a0doing Java and native applications expressed frustration with the economic and technical inefficiencies of the mobile application model.\u00a0 They mentioned platform fragmentation that requires hundreds of versions of an app to support even a fraction of the market, … Continue reading \n
\nCTIA: Mobile Jam Session<\/a>
\nContent is King on Mobile Too<\/a>
\nGoogle Gears Opens Up Mobile LBS<\/a>
\nGoogle I\/O Wrapup<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"