iPhone Goes Third-Party: Security Over Functionality?
By: Eric Everson, Founder MyMobiSafe.com
It’s been a few days since the iPhone SDK release, so as the notorious “Mobile Security Guru Guy” I wouldn’t be doing my part if not sharing my initial impressions. As many third-party developers have been speculating “what if” scenarios for months, much of that chatter has been put to rest.
As a mobile application developer, I had to at least sit down with the iPhone SDK to take a tour for myself. Interestingly among the first things I noticed was that the iPhone SDK requires the use of iPhone proprietary API’s. For developers, this means that dreams of hybrid applications in pursuit of iPhone compatibility are basically out. Additionally this takes us to the next road block of the built-in “brick wall data sharing” limitations.
Essentially my concept of the “brick wall” as it relates to the iPhone SDK prevents third-party applications from writing data to any other program of the iPhone. For developers this is where the “brick wall” becomes a hurdle as cross-referencing and application mods are stifled. For iPhone users on the other hand, this is great news for handset level security. This “brick wall” characteristic of the iPhone SDK is designed to prevent the executable features of mobile malware. This means that as iPhone users run third-party content, they don’t have to fear masked-malware.
The greatest limitation that I see in the SDK piggyback Michael Arrington’s issues about background applications. Essentially the iPhone SDK prevents third-party apps from running in the background. As Arrington pointed out, this creates significant issues for traditional background applications such as instant messaging applications. When an iPhone user switches tasks (i.e. when answering a call) the application shows logged out. Naturally this is a major obstacle for potential business applications.
With mobile security at the forefront, the iPhone remains among the most secure handsets. Even with an SDK that encourages third-party development, the security seemingly outweighs functionality.
Eric Everson “The Mobile Security Guru” : )