Mobile // Mobile Devices
Commentary
2/6/2012
08:44 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple's Walled Garden: Sledgehammer Needed

Friday's revelation of an iOS app with a "hidden" tethering capability shows that walled garden restrictions don't necessarily keep us safer. They do create a monopoly and planned obsolescence. It's time to break down those walls.

Apple's highly restricted app store is a blade that cuts two ways. Fans of the high tech gear buy into a secure "walled garden," where they have the perception that malware will never infest their iPhones, unlike those "riskier" Android devices. Friday's news of an App store tethering app hidden inside a random number generator app proved for the umpteenth time it is possible to sneak one past Apple. Other apps with trojans, I mean, hidden features have made it past Apple in the past. (But, what is "trojan" other than "hidden?") How long will it be until the hidden feature really is malicious? Is Apple's vaunted walled garden nothing more than an illusion?

Security is never an "on/off" concept. We all know that it's about due diligence, and that there are tradeoffs between convenience and security. In Apple's case, we must surmise that if the App Store really did significant code review prior to posting, it might introduce unacceptable delay to App Store postings. Fair enough, and Apple does deserve a tip of the hat when it comes to its track record of iOS malware versus its biggest competitor, the Google Android platform. But, with Google introducing its new "Bouncer" service, which automates the search for suspicious behavior in apps, I think that Apple's central premise, that is, that Apple requires massive control over what features are in apps, will come under fire.

If app developers can sneak one past Apple, it would appear that one of Apple's central arguments--that their Draconian app practices are required to provide security--is flawed. Sure, Apple has now taken down the iRandomizer app (following the publicity), but the fact that the app made it in there shows that the walled garden has lots of holes in it.

By the way, we contacted the iRandomizer app's creator and asked whether Apple took action other than pulling the app. "No comment on that," wrote Nick Kramer in an email. "I designed the feature for family and friends, I should have pulled the app when it was discovered. Apple did what they had to do. Hopefully, in the near future Apple will begin allowing tethering apps into the U.S. App Store. If they did, the number of developers putting hidden features into their apps and users who jailbreak their iPhones would drop tremendously," said Kramer.

I will admit, I've never been a huge fan of Apple's walled garden. I love the fact that Apple, not the carriers, is the provider of the apps on the phone. This reduces "app crap". But the walled garden itself? Apple's strong arm on virtual machines, which rule out Flash and emulators? Totally unnecessary.

Fans of the Apple platform, including myself, have said that, in the field, iOS-based mobile devices tend to have fewer support calls associated with them than the equivalent Android platforms. But I'm not so sure that the walled garden can take credit for this. I think it's more of the classic Apple control-over-the-hardware and control-over-the-OS that can take credit for that. Safer? Mostly, but not "totally safe."

And, in terms of functionality, a jailbroken phone can be MORE functional than a non-jailbroken phone. Case in point: As an iPhone user, I'd love to save off some of my voicemails as files. If I had a jailbroken phone, I could save HOURS of voicemails off in about 30 seconds. Because I have not jailbroken my phone, I would need to hook an audio plug up to my phone, then manually record those voicemails. If I wanted to permanently capture all of the meaningful messages that I've received over the years, it would be a significant expenditure of time.

Innovation sometimes requires going outside the vision of what the platform designer intended. Witness the Air Force supercomputer built out of PS3 game consoles, a vision far beyond that which Sony had in mind.

So, while I think that CIOs have a stake in the game when it comes to security, I am not at all sure that the massive one-sided restrictions on platform use that come along with the walled garden are a plus for enterprise IT. And again, it is becoming clear that the walled garden doesn't necessarily offer apps that are completely vetted, so that so-called value proposition flies out the window.

But the question of whether the walled garden is a good thing may be out of the hands of CIOs soon; the question is now, should our system of government support mandatory walled gardens by making it illegal to jailbreak from that walled garden? Because of the Digital Millenium Copyright Act, it didn't used to be legal to jailbreak an iPhone. Then, copyright officials made an exemption to the DMCA to allow jailbreaking of phones. This exemption comes up for renewal soon, and the comment period expires next week.

Bunnie Huang, a jailbreaking champion, and Xbox hacker, says, in a letter to the Feds, "users of these products benefit from the flexibility to choose their own operating systems and run independently developed software. We need the law to catch up with how people are using technology. Jailbreaking is helping to make technology better, more secure, and more flexible." Most jailbreakers and jailbreaking researchers like the Dev-Team act responsibly. In fact, they take pains to let users know how to patch existing vulnerabilities in iOS that Apple may not have patched yet.

I am well aware of the risks that come along with jailbreaking. I don't have a jailbroken iPhone. But, as a matter of pragmatics, I have seen many IT problems over the years solved via custom code and/or the use of a device in a way that the original manufacturer did not intend. I am also significantly concerned about HOW the walled garden is being used. Specifically, it appears that the walled garden is going to be used for planned obsolescence. That translates into cost for my organization. The walled garden means single supplier, which means monopoly. Legal jailbreaking means the breaking of the monopoly. It means an opening for third party suppliers.

Third party suppliers are healthy for competition. If, for example, Rimini Street (a third party support provider for ERP) was breaking the law by maintaining ERP systems, you can bet your bottom dollar that ERP maintenance would go up, up, up.

So, on this one, I'm actually with the jailbreakers. Apple had its chance to show us that they could have a 100% capture rate on undesirable or forbidden apps. Apple failed. And, to be fair, anybody would fail, because it's just not possible to have 100% security. But this also means that it's just unacceptable to trade flexibility and/or to sustain a monopoly to continue the illusion of 100% security--in that innovation-free box canyon that they call a walled garden.

Jonathan Feldman is a contributing editor for InformationWeek and director of IT services for a rapidly growing city in North Carolina. Write to him at jf@feldman.org or at @_jfeldman.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
kappadon
50%
50%
kappadon,
User Rank: Apprentice
2/6/2012 | 3:29:10 PM
re: Apple's Walled Garden: Sledgehammer Needed
Wouldn't it be great if Apple was like Android, ooooooooooooopen, Absolutely Jealous of Android users daily management of programs to extend the battery life to 2.5 hrs, wondering if my device qualifies for a update and if it does will I receive it before the doomsday clock runs out December the 21st, all the malware scareware adware stuff is just the price Android fans have to pay to continue to get low cost devices a lot like owning a PC.
retired, not
50%
50%
retired, not,
User Rank: Apprentice
2/6/2012 | 6:48:19 PM
re: Apple's Walled Garden: Sledgehammer Needed
Geesh, get a clue. On the IW home page right now is an article on the latest malware in the Android store....."New Android Malware Has Costly Twist". Ya, right, Apple should just throw open their doors and let everything in. There have been a FEW things slip past apple, but since there are, what, half a million apps, the odds of actually getting malware on an iPhone are say, about a zillion times less than an Android device. Besides, this wasn't malware, it was as they say, "a feature".
Tronman
50%
50%
Tronman,
User Rank: Apprentice
2/6/2012 | 6:48:36 PM
re: Apple's Walled Garden: Sledgehammer Needed
Simple solution: don't by crApple products. I know I'm not missing anything that I can't get better and cheaper elsewhere.
Robert Amy
50%
50%
Robert Amy,
User Rank: Apprentice
2/6/2012 | 6:50:06 PM
re: Apple's Walled Garden: Sledgehammer Needed
Long term Apple will not keep their monopoly on phones. Android 4.0, its coming on strong. The OS has been hardened for the Military, and is extensible for other uses. Apple can't patent against innovation. Amazon has show you can have multiple App Stores, and both can be successful. More of the smart phone functionality will be pushed into a cloud, as well as the Tablet. Java implementations are cleaner than a Objective 'C' for most developers. The phone will be become a Web top utilizing a Webkit, and HTML5. Majority of organizations are getting way from the Client/Server deployments so I question why I need Apple in my development efforts. Do I need them long term to sell software?, yes maybe to draw initial traffic. But I should give them a residual forever?

http://www.linkedin.com/in/rob...
BTOPPING000
50%
50%
BTOPPING000,
User Rank: Apprentice
2/6/2012 | 6:56:08 PM
re: Apple's Walled Garden: Sledgehammer Needed
Hurry along, fandroid, no time to lose! Your battery is about to die and you need to find an outlet!
rttheartist
50%
50%
rttheartist,
User Rank: Apprentice
2/6/2012 | 7:27:10 PM
re: Apple's Walled Garden: Sledgehammer Needed
Yeah, I live in a gated community where we have our own security to augment the police. Then I heard about my nieghbor getting robbed. Wow, I guess it's time to fire the security team and break down the gate! No wait, do I really want the crime rate to double here? Nope, I like wall. I like the gate. They are not perfect, but the alternative? No thanks.
ANON1244594108572
50%
50%
ANON1244594108572,
User Rank: Apprentice
2/6/2012 | 7:57:07 PM
re: Apple's Walled Garden: Sledgehammer Needed
so since Google introduced some software that has zero track record, suddenly you feel the Android market place is "as safe" as Apple's? Seriously, what bridge did you fall off of... Also you have ZERO idea of how many "bad" apps Apple has kept out of the "garden" in the first place... the only ones that have gotten in have been extra feature apps... in every single case...

on the otherhand, a hacker doesn't even have to hide when introducing an app to Google's Android market, google bouncer or not, as if the software could detect a new threat in the first place...

to show you how "challenged" your thought process is, did you really think MSFT couldn't have done a "bouncer" type of program? it does, yet still it was littered with threats that the "software" did not anticipate....
PianoManinSoCal
50%
50%
PianoManinSoCal,
User Rank: Apprentice
2/6/2012 | 9:01:45 PM
re: Apple's Walled Garden: Sledgehammer Needed
There are some fundamental flaws and omissions within the comments on both sides, understanding first that the author is an Apple user.

First, what most people miss is the Android platform apps through most cellular service providers are vetted, and available for integration with the obligatory warnings about what each app accesses or disseminates in the way of resources and information. There's even a warning on most phones about utilizing third party apps outside of the "safe" resources.

Apple has tried to dominate all aspects of their devices for years, well before the Apple "Lisa" debacle, and their planned obsolescence of devices, OS and apps -- much to the chagrin and dismay of many a business owner. Imagine investing many thousands of dollars in a supposedly new and stable Apple computer integration, only to find the new hardware and OS are no longer supported, and even though you're still making payments on those Apple systems you need to throw them out and buy all new Apple systems, OS, apps, etc.

Not very good ROI for a business, especially when Apple decided around 1990 to undercut the K-12 market re-sellers their success was built upon -- offering Apple systems cheaper to end customers than the dedicated Apple re-sellers could buy them for. This effectively killed Apple's bought and paid for dominance in the K-12 market. But I digress.

Security on any platform or OS is simply an illusion, even with Apple. Why no more DVDs in iPads? Apple wants every consumer to buy all of their movies from Apple. After all, Apple even decided to dump their support for the company that pretty much made Apple an acceptable product, Adobe -- specifically their Flash product. You see, Adobe put its "eggs" into the Apple basket decades ago with its proprietary Spirascan algorithm, which made text characters appear with smoother edges, instead of the jagged edges common beforehand. This made Apple appear clearer and easier to read, albeit not possible without Adobe's support of Apple. Kind of interesting that without Adobe doing this, Apple might never have taken off, using only the GUI developed by Xerox's Palo Alto Research facility. Apple didn't develop that.

Has exclusive control over certain hardware or software been successful in the past by companies? Not really. Sony's marketing and licensing blunder with Beta, and selling to JVC the VHS format it also developed is one example. If nothing else, we have learned the pitfalls of monopolies, in too many instances to name.

Open architecture is what's worked best and has proven to be the way of the future, allowing many to "police" what's going on and offer improvements, because no manufacturer can ever plan on their hardware/software being used for purposes they themselves designate. That's exactly why hackers and sometimes innocent users can breakdown even the best firewalls and protections. We cannot plan for everything, and sometimes even the simplest instances create problems. Apple users still can be attacked with virus and malware content. I know. I've seen it, and been working on Apple systems since 1978.

I've consulted with schools and corporations who feel they have the best systems in place to stop unwanted intrusion, and every one of them can and will fail at some point. It's inevitable. No company can anticipate everything every person in the world might think up, in the way of unanticipated uses or intrusions. I've also seen every one of them fail, at some point. Even the websites for the CIA and FBI have been hacked, multiple times over the years, as have what are supposed to be the most secure systems in the world.

Apple has its problems, and there are really no functional features and benefits that can't be broken easily. Android has its problems, too, but is soundly beating Apple in market saturation. The new Samsung Galaxy is one product that beats Apple products, hands down, and there's nothing Apple has slated that even comes close (which is why they're trying to stop Samsung through court wranglings worldwide).

The issue is really very simple. Choose a smartphone platform that offers the features you prefer, with access to the apps you use, and understand that NO PLATFORM is completely safe... especially Apple. For every way they say they can protect users, there'll be 1,000 or more hackers that can and will prove them wrong at some point along the path.

For me, if I purchase something, I expect to be able to use it in the manner I choose, not how some manufacturer tells me -- with its limitations. I guess that's why I own an Android phone, and shall never own an iPhone product. I prefer to have something with more capabilities, greater range of adaptability, for a much lesser price, without the built-in obsolescence and limitations.
klassendg
50%
50%
klassendg,
User Rank: Apprentice
2/6/2012 | 9:35:47 PM
re: Apple's Walled Garden: Sledgehammer Needed
Apple doesn't have and never has had a monopoly on phones or even smart phones

Android 4.0 coming on strong? Latest data from Google is (as of February 1, 2012) . . . wait for it . . . 1% of Android user base. Android 2.3.3? 58% and growing.

Answer to your last two questions. Yep and Yep. It's Apples store and they can do want they want.
jfeldman
50%
50%
jfeldman,
User Rank: Strategist
2/6/2012 | 11:50:12 PM
re: Apple's Walled Garden: Sledgehammer Needed
I like the idea of multiple app stores! Particularly, I like the idea of an app store that allows for apps to be sold once the original equipment manufacturer has decided to seek greener pastures, because XYZ points of profitability are their minimum. BUT, the point is, you can't have multiple app stores without jailbreaking (on iOS). Jailbreaking should NOT be illegal!
Page 1 / 2   >   >>
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.