Apple VP: third-party iPhones apps to use digital signature
When Apple finally opens its iPhone and iPod touch to third-party developers early next year, it will employ some extra measures to maintain the security and stability of the mobile platforms, such as requiring a digital signature on each authorized application.
The move, which chief executive Steve Jobs first alluded to in an open letter posted to the company's website in October, was further implied by iPod and iPhone marketing chief Greg Joswiak in a new interview with Fortune. In it, he explains that checking IDs at the door is the best way to keep developers honest, as it will allow Apple to trace the origins of any malicious code.
"That way if there?s something wrong with an application, you have a way to track it back to where it came from," Joswiak said. "So one of the things we want to do, again, is create a development environment that is going to maintain the security and reliability of the iPhone yet at the same time offer developers some really cool things that we can do."
Accomplishing both those tasks simultaneously is a challenge in that they run in opposition to each other, the Apple vice president admits, and that's why it will take until February before his company finally unveils all the details of the software development kit (SDK) for iPhone (and iPod touch).
"Of course what we want to make sure we?ve done is keep the phone safe and reliable, and that?s why it?s taken us a little while to get this SDK out," he said. "Especially now that we?ll have a real SDK which means legitimate developers are going to come into the space."
In addition to those "legitimate developers," Joswiak also expects the SDK to mark the arrival of smaller, grassroots coders, which he finds exciting.
"Sometimes these one- or two-person teams have created the most dramatic things," he said.
In his interview with Fortune, Joswiak also admits that it was his idea to push for Apple to produce a 14-inch iBook several years ago, despite reservations on the matter by Jobs. The notebook, which featured a larger screen than the remainder of iBook line, went on to be a runaway hit.
That revelation alone may offer some reasoning behind the company's reported decision to adopted a 13-inch display as the foundation for its upcoming sub-notebook rather than something smaller.
The move, which chief executive Steve Jobs first alluded to in an open letter posted to the company's website in October, was further implied by iPod and iPhone marketing chief Greg Joswiak in a new interview with Fortune. In it, he explains that checking IDs at the door is the best way to keep developers honest, as it will allow Apple to trace the origins of any malicious code.
"That way if there?s something wrong with an application, you have a way to track it back to where it came from," Joswiak said. "So one of the things we want to do, again, is create a development environment that is going to maintain the security and reliability of the iPhone yet at the same time offer developers some really cool things that we can do."
Accomplishing both those tasks simultaneously is a challenge in that they run in opposition to each other, the Apple vice president admits, and that's why it will take until February before his company finally unveils all the details of the software development kit (SDK) for iPhone (and iPod touch).
"Of course what we want to make sure we?ve done is keep the phone safe and reliable, and that?s why it?s taken us a little while to get this SDK out," he said. "Especially now that we?ll have a real SDK which means legitimate developers are going to come into the space."
In addition to those "legitimate developers," Joswiak also expects the SDK to mark the arrival of smaller, grassroots coders, which he finds exciting.
"Sometimes these one- or two-person teams have created the most dramatic things," he said.
In his interview with Fortune, Joswiak also admits that it was his idea to push for Apple to produce a 14-inch iBook several years ago, despite reservations on the matter by Jobs. The notebook, which featured a larger screen than the remainder of iBook line, went on to be a runaway hit.
That revelation alone may offer some reasoning behind the company's reported decision to adopted a 13-inch display as the foundation for its upcoming sub-notebook rather than something smaller.
Comments
Oh yeah.. and let's pray these digital ID's don't cost a lot of money for the developers. That'd just cause more hacking spirit wouldn't it?
What kind of steps (and cost) are typically involved in creating a digitally-signed product? Do you use the same security certificate you would use on your web site?
It doesn't look to be much in the way of cost. We don't know yet if apple will charge for a service here, or whether it will be automatic.
Nokia charges each developer a tiny $20 fee, as Jobs stated that Nokia was on the right track, it could mean that Apple will likely charge a small fee, or, possibly, nothing at all.
Since Joswiak was so excited about those one and two developer teams, Apple can't be charging an arm and a leg.
This does sound very good. But, we still have at least two months to go.
Hopefully, something will be explained, and unveiled, at Macworld 6 weeks from now. I guarantee, that time will come up very quickly.
What kind of steps (and cost) are typically involved in creating a digitally-signed product? Do you use the same security certificate you would use on your web site?
The steps are pretty simple, you usually just run some program that uses a certificate to sign the code (OK, I'm oversimplifying it, but usually once you do it the first time, it's pretty easy to write a script that'll do it for you).
Cost and same certificate as a website? No, code signing certificates are typically different and more expensive.
The whole thing is somewhat stupid. All that code signing does for you is verify who signed the program you are installing (assuming they've kept their private credentials secure); it does not guarantee a program is safe. If you use discretion in where you download your programs from in the first place and look at reviews from other users to see how stable/safe the software is, you're likely to be better off.
I have high hopes for this SDK. Hoping Apple let developers dig deep into the iPhod and not just crawl around on the surface. It'd be great with a safe baby-SDK for easy development, but in order to do these "really cool things" or these "dramatic things" I think the developers must be offered as much access as possible to the hardware. It seems this Greg wants this too if I catch the spirit right. Cool.
Oh yeah.. and let's pray these digital ID's don't cost a lot of money for the developers. That'd just cause more hacking spirit wouldn't it?
Digital ID's are not a big deal to implement.
No comments from Apple on Android, huh?
Do you expect one?
From what I've read about it, it seems to be considered to be complementary to the iPhone, rather than competitive.
Anyway, it's too new. A product won't arrive for some time, if at all.
The whole thing is somewhat stupid. All that code signing does for you is verify who signed the program you are installing (assuming they've kept their private credentials secure); it does not guarantee a program is safe. If you use discretion in where you download your programs from in the first place and look at reviews from other users to see how stable/safe the software is, you're likely to be better off.
You're missing the point here. No one has ever said that digital signatures ensure that a program will be safe.
If you re-read the article, you will see why they are wanted.
...he explains that checking IDs at the door is the best way to keep developers honest, as it will allow Apple to trace the origins of any malicious code.
I wonder if apps will be universal? I've a feeling that the iPhone will move to x86 when silverthorne hits the street. No sense in making the developers rewrite code again.
That would be up to the developers, wouldn't it? Even for the computer platform itself, developers decide this.
While I agree that Apple will likely move to the x86 platform (I'm hoping they do), it's just not likely that Apple will tip their hand this early by providing for universality in this first SDK. Developers would have to figure it out themselves, which would possibly not be aided by Apple's software, because it's written for the PPC-x86 transition.
But, code for the iPhone/iTouch universe will be much smaller, and simpler, than that for the Mac platform, due to memory and processor limitations, so re-writing this will be much easier in the future. If Apple then does offer a path, that will be easier as well.
At least Apple is smart to release the SDK now so then they could have a new contest at WWDC next year!
That would be up to the developers, wouldn't it? Even for the computer platform itself, developers decide this.
While I agree that Apple will likely move to the x86 platform (I'm hoping they do), it's just not likely that Apple will tip their hand this early by providing for universality in this first SDK. Developers would have to figure it out themselves, which would possibly not be aided by Apple's software, because it's written for the PPC-x86 transition.
But, code for the iPhone/iTouch universe will be much smaller, and simpler, than that for the Mac platform, due to memory and processor limitations, so re-writing this will be much easier in the future. If Apple then does offer a path, that will be easier as well.
Good points mel. Just been wondering about it.
BTW a bit off topic but I wonder if Apple will try to gobble up all the silverthorne cpus like they did with flash memory? Wouldn't that be a sneaky little move on their part?
You're missing the point here. No one has ever said that digital signatures ensure that a program will be safe.
If you re-read the article, you will see why they are wanted.
If you re-read posts in other threads on this topic, you'll see why such a disclaimer is needed. For that matter, "Of course what we want to make sure we?ve done is keep the phone safe and reliable [...]," Joswiak said.
If you want to go by the, "best way to keep developers honest, as it will allow Apple to trace the origins of any malicious code," quote ... this comes across as Draconian. At what point is Apple going to treat a bug or feature for that matter as "malicious", and what steps are they going to take to keep a developer "honest"? There are plenty of legitimate programs out there that some people consider to be unsafe, spyware, etc. because of the way they function and not because of malicious intent.
There are plenty of legitimate programs out there that some people consider to be unsafe, spyware, etc. because of the way they function and not because of malicious intent.
You elect to download the app. So why would people download an app they found malicious? Or delete it if they don't like what it does.
The point of this is to be able to trace an app back to its origins. If the developer has no malicious intent this should be no problem.
Digital signature is fine, but I want to know if they'll require that apps be distributed through the iTunes store. That's the real difference - does Apple have to approve every app and offer it through them, or will we be able to just install whatever we want. And if we can install whatever we want, how will the installation be implemented? It will use iTunes in some fashion, presumably.
If it is like the Podcast search function that would be great. Search for applications by category, get updates automatically, etc. It seems like the logical place to centralise applications, rather than 1001 different websites with different install mechanisms.
I'll be getting an iPod Touch come SDK release time (esp. if there is a 32GB one by then) so I can get to grips with programming this particular beast, and trying out other people's software (nethack, c'mon! err, that'll require some ingenious thought as to input methods!).
Digital Signatures also mean that if another application or a hack or something alters an application's code, etc, then the signature will be wrong and the application hopefully will not run. Pretty much like on desktop Leopard. This is a good thing.
If it is like the Podcast search function that would be great. Search for applications by category, get updates automatically, etc. It seems like the logical place to centralise applications, rather than 1001 different websites with different install mechanisms.
I'll be getting an iPod Touch come SDK release time (esp. if there is a 32GB one by then) so I can get to grips with programming this particular beast, and trying out other people's software (nethack, c'mon! err, that'll require some ingenious thought as to input methods!).
Digital Signatures also mean that if another application or a hack or something alters an application's code, etc, then the signature will be wrong and the application hopefully will not run. Pretty much like on desktop Leopard. This is a good thing.
How are you going code your app, universal or ppc only?
If you re-read posts in other threads on this topic, you'll see why such a disclaimer is needed. For that matter, "Of course what we want to make sure we’ve done is keep the phone safe and reliable [...]," Joswiak said.
If you want to go by the, "best way to keep developers honest, as it will allow Apple to trace the origins of any malicious code," quote ... this comes across as Draconian. At what point is Apple going to treat a bug or feature for that matter as "malicious", and what steps are they going to take to keep a developer "honest"? There are plenty of legitimate programs out there that some people consider to be unsafe, spyware, etc. because of the way they function and not because of malicious intent.
What you have to do is to listen to the LATEST comments by an Apple executive, who, presumably, knows what he's talking about.
Nowhere has it EVER been said that digitally signing software assures safe code. Nowhere!
The concept has always been that developers who DO sign their software will not want to write malicious code, as it can be traced back to them.
But, it does not ASSURE that code won't have bugs that would result in being malicious. The signiture will make it easier to fnd that code on your device, so that it can be eliminated, or fixed.
That's all.
This should be obvious.
Personally, I don't want software that does something not recommended by the maker of the device, in this case, Apple.
If they say, as they always have in the past, that certain memory allocations, etc. are not to be used, then as far as I'm concerned, code that does use it is a problem. It doesn't have to be malicious, but if it causes problems, then it should be pointed out.
Application enhancer programs such as the one we all know cause problems, shouldn't be used at all, even if it gives one benefits. That's an example of bad programming practice.
Sometimes, even if there are features we want, they shouldn't be used if they don't follow the rules.
Most of the time we hear of people having problems, it's because of poorly written programs.
If digital signatures will let us find out which programs they are, I'm all for it.
If Apple can then ban those programs, I'm all for that as well.
What I find interesting is that most of these bad programs duplicate features that other programs do without the bad code.
~ CB