GDC: iPhone Developers Face Hidden Risks - InformationWeek
Infrastructure // PC & Servers
05:08 PM
Connect Directly

GDC: iPhone Developers Face Hidden Risks

Most iPhone developers don't fully understand the regulatory compliance challenges that accompany app distribution.

Apple's iPhone Developer Program License Agreement, the contract that the company requires iPhone developers to accept, came under fire this week when the Electronic Frontier Foundation, a cyber rights advocacy group, posted a critique of the document.

The EFF characterizes the Agreement as "a very one-sided contract" and Apple as "a jealous and arbitrary feudal lord" intent on protecting itself from competition. With the upcoming release of the iPad and an imminent U.S. Copyright Office ruling on the legality of "jail-breaking," the organization is urging developers to demand better terms and Apple customers to support those demands.

While Apple's contract does contain some unusual and arguably unnecessary restrictions -- like prohibiting developers from discussing the terms of the Agreement -- one-sided contracts aren't unusual. Even the EFF concedes as much.

Apple's power to set the terms under which developers and consumer are able to use its software and hardware is a function of demand -- if the majority of developers or customers were unhappy, they could abandon the iPhone ecosystem for something better. The fact that they don't suggests the alternatives are wanting.

Yet the contractual terms under which iPhone developers have to operate may be noteworthy more for the risk they represent to developers than for their abrogation of free speech rights.

At the Game Developers Conference in San Francisco, Vernon Law Group attorney Mark Methenitis discussed the iPhone Developer License Agreement, the Registered iPhone Developer Agreement, and several related legal documents that iPhone developers have all accepted but few have read.

Based on a show of hands in the audience of developers, Methenitis estimated that perhaps 5% of those present claimed to have read the Apple contracts to which they've agreed.

Echoing the EFF, Methenitis acknowledged that the contracts are one-sided, but he also said they're probably legal because "they aren't outside the realm of being reasonable."

As an example of the asymmetrical nature of the agreements, he noted that while Apple asserts that information it provides to developers is confidential, it also declares that information developers provide to Apple is not confidential.

"It's good to be king," he said.

While living as Apple's subject in the magic iPhone kingdom may be appealing to developers because of the access to potential customers, it also places a burden on developers they may not fully appreciate. Amid the confusing legal jargon are clauses that state developers bear the burden of compliance with applicable U.S. laws and, if their apps are distributed outside the U.S., international laws.

This means, Methenitis said, that an iPhone app with a health component might be subject to FDA regulation as a medical device or that an app that collects customer information might be subject to European Union privacy laws. Such laws do get enforced, as can be seen from the recent conviction of three Google executives for privacy law violations in Italy.

Even more troublesome is the fact that most apps that use encryption are subject to U.S. export controls. So if your app creates an SSL connection, for example, it would be subject to export control laws, according to Methenitis.

While it might appear to be easy enough to avoid distributing one's app in countries like Cuba, Iran, and North Korea, there are also various lists of people, such as the Specially Designated Nationals List, to whom export controlled apps must not be distributed.

Methenitis stressed that these are not laws to be ignored. Export control law violations, if prosecuted, can result in fines of around $10,000 and/or as much as five years in prison per violation, he said. That's per download.

Another potential problem: The terms of the agreements require developers to indemnify Apple, Methenitis said. That means that if Apple gets sued over a developer's app, the developer must pay for Apple's legal defense. You have to sell a lot of apps to afford the hourly rates of Apple's lawyers.

Admittedly, most developers won't find themselves in such situations, but it's nonetheless worth being aware of the potential risks.

"On a certain level, if you want to publish with Apple, you're at their mercy," said Methenitis.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll