I know most of you are probably aware of the recent spate of recording artists that have allowed their music to be distributed independent of the recording industry shackles. I applaud the artists for recognizing the importance of their fan base, but there is a long way to go as the movement towards more forms of DRM march on. Problem is that regardless of the millions, or billions, spent people will find a way to bypass DRM controls unless the controls force the user to interact with the media in such a way that it significantly inhibits the experience. I wrote about this in the not too distant past (here). A similar situation resulted from Apple and the iPhone. Locked into an AT&T contract coupled with youthful inquisition drove an enterprising 17 year old to hack the iPhone. Apple responded with an update that essentially turned any modified iPhones into an iBrick – sad!
All of this brought into question the openness of the platform and support for 3rd party applications, etc…if the iPhone was or will be considered a platform as opposed to a shiny new trinket it will absolutely need to become more open. So Apple recently announced the introduction of the iPhone SDK to become available in February (here)…why February you may be thinking (I was), well apparently, and this is the interesting part of this post, according to Steve Jobs:
“It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true. There have been serious viruses on other mobile phones already, including some that silently spread from phone to phone over the cell network. As our phones become more powerful, these malicious programs will become more dangerous. And since the iPhone is the most advanced phone ever, it will be a highly visible target.”
Let’s dig into this a little – first much of the iPhone is built on OSX technology, right down to the crappy Safari browser and it is open, open as you want it to be, you can port and run FreeBSD apps to your own home-grown ADK apps and lots in between. I recognize that there is inherently issues of security when porting and think it is great that they are taking the time to improve security, but you know what I just don’t believe it – I think this is time needed to properly enforce the proper DRM controls that Apple thought they had built into the iPhone originally. I fully believe that the iPhone represents a tipping point for proliferation of mobile malware, it combines all the needed elements; a stable platform base, application support and use beyond calendaring and syncing, always on internet capabilities, a rich browser experience (compared to most mobile devices), and wide spread market penetration, but no more than OSX does (except for the market penetration thing) which of course begs the question? If OSX is so secure (which it isn’t) why would the iPhone be so insecure (which it is – just ask the 17 year old with a soldering gun, programming skills, and some homeboys with time on their hands). Again I do believe the iPhone will accelerate the introduction of new and interesting forms of mobile malware, but it is not as dire today as Jobs would lead you to believe – mobile malware is far less prevalent than he and the AV vendors would like, but here nor there – I think they are more interested in ensuring they can lock the iPhone down for their own purposes then looking to lock it down to keep out malware nastiness bu they why would I be jaded?