Mobile // Mobile Devices
Commentary
2/6/2012
08:44 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple's Walled Garden: Sledgehammer Needed

Friday's revelation of an iOS app with a "hidden" tethering capability shows that walled garden restrictions don't necessarily keep us safer. They do create a monopoly and planned obsolescence. It's time to break down those walls.

Apple's highly restricted app store is a blade that cuts two ways. Fans of the high tech gear buy into a secure "walled garden," where they have the perception that malware will never infest their iPhones, unlike those "riskier" Android devices. Friday's news of an App store tethering app hidden inside a random number generator app proved for the umpteenth time it is possible to sneak one past Apple. Other apps with trojans, I mean, hidden features have made it past Apple in the past. (But, what is "trojan" other than "hidden?") How long will it be until the hidden feature really is malicious? Is Apple's vaunted walled garden nothing more than an illusion?

Security is never an "on/off" concept. We all know that it's about due diligence, and that there are tradeoffs between convenience and security. In Apple's case, we must surmise that if the App Store really did significant code review prior to posting, it might introduce unacceptable delay to App Store postings. Fair enough, and Apple does deserve a tip of the hat when it comes to its track record of iOS malware versus its biggest competitor, the Google Android platform. But, with Google introducing its new "Bouncer" service, which automates the search for suspicious behavior in apps, I think that Apple's central premise, that is, that Apple requires massive control over what features are in apps, will come under fire.

If app developers can sneak one past Apple, it would appear that one of Apple's central arguments--that their Draconian app practices are required to provide security--is flawed. Sure, Apple has now taken down the iRandomizer app (following the publicity), but the fact that the app made it in there shows that the walled garden has lots of holes in it.

By the way, we contacted the iRandomizer app's creator and asked whether Apple took action other than pulling the app. "No comment on that," wrote Nick Kramer in an email. "I designed the feature for family and friends, I should have pulled the app when it was discovered. Apple did what they had to do. Hopefully, in the near future Apple will begin allowing tethering apps into the U.S. App Store. If they did, the number of developers putting hidden features into their apps and users who jailbreak their iPhones would drop tremendously," said Kramer.

I will admit, I've never been a huge fan of Apple's walled garden. I love the fact that Apple, not the carriers, is the provider of the apps on the phone. This reduces "app crap". But the walled garden itself? Apple's strong arm on virtual machines, which rule out Flash and emulators? Totally unnecessary.

Fans of the Apple platform, including myself, have said that, in the field, iOS-based mobile devices tend to have fewer support calls associated with them than the equivalent Android platforms. But I'm not so sure that the walled garden can take credit for this. I think it's more of the classic Apple control-over-the-hardware and control-over-the-OS that can take credit for that. Safer? Mostly, but not "totally safe."

And, in terms of functionality, a jailbroken phone can be MORE functional than a non-jailbroken phone. Case in point: As an iPhone user, I'd love to save off some of my voicemails as files. If I had a jailbroken phone, I could save HOURS of voicemails off in about 30 seconds. Because I have not jailbroken my phone, I would need to hook an audio plug up to my phone, then manually record those voicemails. If I wanted to permanently capture all of the meaningful messages that I've received over the years, it would be a significant expenditure of time.

Innovation sometimes requires going outside the vision of what the platform designer intended. Witness the Air Force supercomputer built out of PS3 game consoles, a vision far beyond that which Sony had in mind.

So, while I think that CIOs have a stake in the game when it comes to security, I am not at all sure that the massive one-sided restrictions on platform use that come along with the walled garden are a plus for enterprise IT. And again, it is becoming clear that the walled garden doesn't necessarily offer apps that are completely vetted, so that so-called value proposition flies out the window.

But the question of whether the walled garden is a good thing may be out of the hands of CIOs soon; the question is now, should our system of government support mandatory walled gardens by making it illegal to jailbreak from that walled garden? Because of the Digital Millenium Copyright Act, it didn't used to be legal to jailbreak an iPhone. Then, copyright officials made an exemption to the DMCA to allow jailbreaking of phones. This exemption comes up for renewal soon, and the comment period expires next week.

Bunnie Huang, a jailbreaking champion, and Xbox hacker, says, in a letter to the Feds, "users of these products benefit from the flexibility to choose their own operating systems and run independently developed software. We need the law to catch up with how people are using technology. Jailbreaking is helping to make technology better, more secure, and more flexible." Most jailbreakers and jailbreaking researchers like the Dev-Team act responsibly. In fact, they take pains to let users know how to patch existing vulnerabilities in iOS that Apple may not have patched yet.

I am well aware of the risks that come along with jailbreaking. I don't have a jailbroken iPhone. But, as a matter of pragmatics, I have seen many IT problems over the years solved via custom code and/or the use of a device in a way that the original manufacturer did not intend. I am also significantly concerned about HOW the walled garden is being used. Specifically, it appears that the walled garden is going to be used for planned obsolescence. That translates into cost for my organization. The walled garden means single supplier, which means monopoly. Legal jailbreaking means the breaking of the monopoly. It means an opening for third party suppliers.

Third party suppliers are healthy for competition. If, for example, Rimini Street (a third party support provider for ERP) was breaking the law by maintaining ERP systems, you can bet your bottom dollar that ERP maintenance would go up, up, up.

So, on this one, I'm actually with the jailbreakers. Apple had its chance to show us that they could have a 100% capture rate on undesirable or forbidden apps. Apple failed. And, to be fair, anybody would fail, because it's just not possible to have 100% security. But this also means that it's just unacceptable to trade flexibility and/or to sustain a monopoly to continue the illusion of 100% security--in that innovation-free box canyon that they call a walled garden.

Jonathan Feldman is a contributing editor for InformationWeek and director of IT services for a rapidly growing city in North Carolina. Write to him at jf@feldman.org or at @_jfeldman.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
ANON1244594108572
50%
50%
ANON1244594108572,
User Rank: Apprentice
2/6/2012 | 7:57:07 PM
re: Apple's Walled Garden: Sledgehammer Needed
so since Google introduced some software that has zero track record, suddenly you feel the Android market place is "as safe" as Apple's? Seriously, what bridge did you fall off of... Also you have ZERO idea of how many "bad" apps Apple has kept out of the "garden" in the first place... the only ones that have gotten in have been extra feature apps... in every single case...

on the otherhand, a hacker doesn't even have to hide when introducing an app to Google's Android market, google bouncer or not, as if the software could detect a new threat in the first place...

to show you how "challenged" your thought process is, did you really think MSFT couldn't have done a "bouncer" type of program? it does, yet still it was littered with threats that the "software" did not anticipate....
rttheartist
50%
50%
rttheartist,
User Rank: Apprentice
2/6/2012 | 7:27:10 PM
re: Apple's Walled Garden: Sledgehammer Needed
Yeah, I live in a gated community where we have our own security to augment the police. Then I heard about my nieghbor getting robbed. Wow, I guess it's time to fire the security team and break down the gate! No wait, do I really want the crime rate to double here? Nope, I like wall. I like the gate. They are not perfect, but the alternative? No thanks.
BTOPPING000
50%
50%
BTOPPING000,
User Rank: Apprentice
2/6/2012 | 6:56:08 PM
re: Apple's Walled Garden: Sledgehammer Needed
Hurry along, fandroid, no time to lose! Your battery is about to die and you need to find an outlet!
Robert Amy
50%
50%
Robert Amy,
User Rank: Apprentice
2/6/2012 | 6:50:06 PM
re: Apple's Walled Garden: Sledgehammer Needed
Long term Apple will not keep their monopoly on phones. Android 4.0, its coming on strong. The OS has been hardened for the Military, and is extensible for other uses. Apple can't patent against innovation. Amazon has show you can have multiple App Stores, and both can be successful. More of the smart phone functionality will be pushed into a cloud, as well as the Tablet. Java implementations are cleaner than a Objective 'C' for most developers. The phone will be become a Web top utilizing a Webkit, and HTML5. Majority of organizations are getting way from the Client/Server deployments so I question why I need Apple in my development efforts. Do I need them long term to sell software?, yes maybe to draw initial traffic. But I should give them a residual forever?

http://www.linkedin.com/in/rob...
Tronman
50%
50%
Tronman,
User Rank: Apprentice
2/6/2012 | 6:48:36 PM
re: Apple's Walled Garden: Sledgehammer Needed
Simple solution: don't by crApple products. I know I'm not missing anything that I can't get better and cheaper elsewhere.
retired, not
50%
50%
retired, not,
User Rank: Apprentice
2/6/2012 | 6:48:19 PM
re: Apple's Walled Garden: Sledgehammer Needed
Geesh, get a clue. On the IW home page right now is an article on the latest malware in the Android store....."New Android Malware Has Costly Twist". Ya, right, Apple should just throw open their doors and let everything in. There have been a FEW things slip past apple, but since there are, what, half a million apps, the odds of actually getting malware on an iPhone are say, about a zillion times less than an Android device. Besides, this wasn't malware, it was as they say, "a feature".
kappadon
50%
50%
kappadon,
User Rank: Apprentice
2/6/2012 | 3:29:10 PM
re: Apple's Walled Garden: Sledgehammer Needed
Wouldn't it be great if Apple was like Android, ooooooooooooopen, Absolutely Jealous of Android users daily management of programs to extend the battery life to 2.5 hrs, wondering if my device qualifies for a update and if it does will I receive it before the doomsday clock runs out December the 21st, all the malware scareware adware stuff is just the price Android fans have to pay to continue to get low cost devices a lot like owning a PC.
<<   <   Page 2 / 2
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.