Adobe has the iPhone surrounded with Flash, but security headaches loom

Adobe's announcements that a full version of Flash is coming to every smartphone not named Apple iPhone leave me conflicted. Full-blown Flash can be a boon to the mobile Web, but has the potential to become one huge security headache.

First the happy talk (Techmeme, Adobe statement): A public beta of Flash Player 10.1 will be coming to Windows Mobile and Palm's WebOS later this year. Next year will bring Flash betas to Google Android and Symbian phones. Research in Motion is also working with Adobe. Multi-touch Flash, accelerometer perks and other mobile goodies abound.

And from an tech vendor art of war perspective, Adobe's news that full Flash capabilities are coming to Windows Mobile phones, Palm, RIM and Google Android phones is very interesting. Apple is the last mobile handset holdout when it comes to Flash adoption. Sure, the two parties are kind of sorta talking about Flash on the iPhone---and have been for months---but the effort isn't going anywhere. Can Adobe force iPhone adoption by delivering up a Flash-powered mobile utopia on the small screen?

And then you trip over the big honking negative: Security. From a user perspective, Flash your mobile phone may be nice, but can also be a big drag. The patches, the vulnerabilities, the frequent upgrades and the potential monoculture headaches. Monoculture for our purposes refers to one dominant technology that pervades multiple fronts. Windows is a monoculture. Flash is a monoculture. Anything that's a standard is a monoculture. The problem with monocultures: You can attack them and cause a lot of collateral damage because there's no diversity. Adrian Kingsley-Hughes nails it when he handicaps Adobe's Open Screen Project that will be bringing full Flash to a mobile phone throughout 2010.

Flash Player is an absolute security nightmare on desktop PCs, and requiring endless updates. I’m not sure how thrilled I’d be to be faced with Flash Player updates on my smartphone every time I was to go browsing. If I’m paying per MB, on a dodgy connection (and chances are that one, if not both of these factors will come into play), I’d be even more upset. I know that the modern web relies heavily on Flash, but this announcement worries me because it’s creating a huge tech monoculture that’s ripe for attack. Unless Adobe is planning on beefing up security, this could be one of the worst things to happen to smartphone users.

Don't believe Adrian. Check out the Flash vulnerability fiesta from Ryan Naraine and Dancho Danchev. Flash remains unpatched by most users, is frequently open to attack and outfits like Mozilla Firefox are trying to push folks to patch Flash for the greater good.

How many of you have bothered to patch anything on your mobile phone? Thought so.

And now we're taking Flash to every screen. For Adobe, full-featured Flash on every mobile phone is huge. The rest of us may not be as thrilled about today's happenings once the mundane processes such as frequent Flash patches take over.