Series: iPhone Software Development
When the iPhone was released, Apple provided no supported way to install third-party software. Clever programmers figured out a way around this which worked with iPhone software 1.0 through 1.0.2. Apple struck back, disabling third-party software in the 1.1.1 release, which developers again broke through, this time through a flaw in image processing. Who will reign supreme? Apple, when they release their iPhone software developers kit (SDK) in February 2008.
Article 1 of 8 in series
A Wi-Fi connection program lets you hook your iPhone into hotspots without entering a user name and password at each location. It removes the friction from connecting to public free and fee networks.Show full article
[Author's note: The iPhone 1.1.1 software, which broke unlocked iPhones and temporarily disabled third-party applications (see iPhone 1.1.1 Adds Features and Updates Security") has itself been broken. Devicescape's software can once again be installed; instead of AppTapp, noted below, you need to use AppSnapp. - gf]
Devicescape has released a simple application for the iPhone that lets you connect to Wi-Fi hotspots without all the fuss of tapping in user names and passwords, clicking Accept buttons, or remembering WEP and WPA encryption keys. Devicescape's Connect application requires the Nullriver AppTapp installer, a third-party hack that enables easy installation of software on the iPhone. (I've been testing a version of Connect released before the Nullriver integration.)
Usage -- The way Devicescape accomplishes this minor miracle - and obviates the single most annoying factor in using the iPhone outside of one's home and office - is via its flagship software, which comprises client software on a device, handheld, or laptop, and an account at the company's Web site in which you store passwords and account information. The software and service are free. (I wrote a full account of Devicescape's approach in "Devicescape Aims to Ease Wi-Fi Hot Spot Connection Pain," 2007-05-07.)
At the My Devicescape Web site, you set up an account and enter any Wi-Fi hotspot and network information that you want to include. For instance, I store my home and work WPA keys on their site. Devicescape automates the login process for dozens of for-fee hotspot networks and aggregators of hotspots, including T-Mobile HotSpot, AT&T WiFi, Fon, Boingo, iPass, and others, as well as dozens of free networks that require some confirmation step or login account to use. Devicescape plans to offer easy ways to purchase service from some networks in the future as part of their revenue plan. (You're providing Devicescape with various passwords, and while they appear to me to be a trustworthy organization with an extremely strong understanding of security, you should factor in that a third party would have the burden of protecting your password and use passwords that differ from those you use for other secure services, like banking.)
With the Devicescape iPhone application, when you're at a hotspot for which you've entered your connection information, simply tap the Connect application and click Login. Devicescape connects to the local network, tunnels your login request through the hotspot's DNS service (clever, that), receives back an encrypted set of login details, and then passes those credentials on to the hotspot. For free networks, the system knows to "click" the right button, sending a Web request with the correct response in it. (The Devicescape software for laptops, handhelds, and a few phones works much the same way; you also get the benefit of every device you use having the same network access without re-entering details.)
I've been using Connect for over a week and have tested it at a few T-Mobile locations. It's rather marvelous to tap Login, and be on the network. It's the way the iPhone should work - and now does.
While Steve Jobs extols the ubiquitous availability of Wi-Fi, he and the company have done nothing to make connections easy except when accessing home and work networks with little or no security or access limitations. Devicescape bridges that gap. (And "easy" is relative even with normal password-protected networks given the silly manner in which you have to type in passwords.)
There's just one missing feature from Connect that you find in the full Devicescape software: buddy lists. With buddy lists, you can choose which other Devicescape users - your friends and colleagues - can access networks you manage, making it easy to provide trusted users access to your own protected networks. These buddies' copies of Devicescape download an encrypted set of network passwords. You can revoke a buddy's access or update your network password and the system handles that seamlessly, too, transmitting it to any buddy who needs it. This buddy list feature, when Devicescape adds it to the iPhone, will be a big plus for iPhone users who roam among household and work networks.
And while Devicescape isn't emphasizing this, the company told me in a briefing a few days ago that they had unearthed the business-grade Wi-Fi authentication client software in the iPhone OS that's also found in Mac OS X. This client - an 802.1X supplicant, if you must know the technical name - would let iPhone users connect to Wi-Fi networks that don't use a gateway page or simple static shared encryption keys. 802.1X allows a device to connect to a Wi-Fi network with a user name and password (among other kinds of credentials), and then the network system assigns a unique encryption key to that user. It's the only safe approach for larger networks, and is used widely. Connect could provide a tool for corporate users to connect their iPhones securely to their work networks, too - not just to hotspots - if Devicescape opts to enable that feature.
Installation and Set Up -- The Nullriver installer makes it a breeze to install Connect. You download the AppTapp installer software and launch it on a computer to which your iPhone is connected and iTunes is not launched. (Turn off automatic syncing in iTunes, too, as if it launches while AppTapp is working its magic, you could have a botched install.) AppTapp downloads the 90 MB or so restore firmware file from Apple, patches it, and updates the iPhone. (The usual provisos apply: Not supported by Apple. Could turn your iPhone into a brick. The next firmware update could break AppTapp or Connect. And so on.)
After the iPhone reboots, you have a new Installer application on the home screen. Tap it, and you can select Connect from a list of applications to install. Install Connect, and it appears on the home screen. Connect has been included in a small list of preferred applications by Nullriver.
When you first launch Connect, it provides you with a code that you must enter at the My Devicescape Web site in the account you set up. This code uniquely identifies your iPhone. The copy of Connect running on your iPhone can communicate with the Devicescape servers after you enter the code over either a Wi-Fi network you're already connected to or AT&T's EDGE servers.
Best Networks -- While you could cobble together free and paid logins at networks you frequent or expect to use, your best Connect-compatible deal is Boingo Wireless, a hotspot aggregator that resells access to tens of thousands of locations in the United States, including dozens of airports. Boingo charges $21.95 per month for unlimited U.S. access. Their worldwide footprint is 100,000 locations, for which they charge $39 per month for unlimited access. Both are month-by-month rates with no commitment or cancelation penalty.
In the United States, Boingo resells access to most major networks; T-Mobile HotSpot is the big exception. T-Mobile charges $20 to $40 per month for unlimited use at about 8,500 locations, with the price varying by whether you're a T-Mobile voice subscriber and the duration of your contract. Devicescape supports T-Mobile, too.
While you can log into Boingo through a partner login in the Web gateway interface at nearly all the locations they support, that involves tedious data entry each time, instead of a single click with Connect. And some Boingo locations don't have the partner login, but you won't know which until you're traveling.
Devicescape's gap-filling software makes me hope that hotspots pile on and promote Connect as a simpler option to get online. It's a benefit to Apple and AT&T to make the iPhone work with fewer interruptions and less friction - and the less we all use AT&T's cellular EDGE network, the better that network performs. I hope Apple considers bundling Connect in a future release - or making Devicescape its first certified application developer.
Article 2 of 8 in series
Navizon uses Wi-Fi to figure out where your iPhone is. Accuracy relies on a network of lightly rewarded volunteers, but the results give a picture of the future of location-based information on the iPhone.Show full article
Navizon Virtual GPS for iPhone gives iPhone users a glimpse of a future in which we'll be able to retrieve our global coordinates as if we carried around a GPS receiver. The Navizon iPhone application uses the iPhone's constantly updated scan of Wi-Fi networks to retrieve a latitude and longitude based on user-submitted location information. The results are plotted as a point in the Google Maps application. Installation of the program requires that you have not upgraded to the recent iPhone 1.1.1 software (which disabled software add-ons such as this), Nullriver's AppTapp, and a healthy deep cleansing breath before accepting responsibility for hacking your iPhone.
(For more information about the 1.1.1 update, see "iPhone 1.1.1 Adds Features and Updates Security," 2007-09-07, and "Staff Roundtable: Apple Should Do No Harm to iPhones," 2007-09-07.)
Perhaps uniquely for these early iPhone applications, Navizon charges $24.99 for its software after a 15-day free trial. They say this money is plowed into its rewards program, which pays anyone with a real GPS who participates in the system based on how they capture new data. You get $19.99 if you rack up 10,000 points (10 points for each cell tower and 2 points for each Wi-Fi access point). Navizon's full-featured software is available for a variety of mobile devices, including handhelds based on the Windows Mobile, Symbian, and BlackBerry platforms; and for Mac OS X and Windows XP/Vista.
In testing recently, despite having a dozen Wi-Fi networks within reception range in my office, Navizon placed me a few miles away. The following day it put me within about 100 feet. Navizon's software offers buddy tracking, location-based directory searches, and geotagging, letting you create a note that's paired with a set of coordinates.
Navizon's only real competition for this space comes from Skyhook Wireless, which relies on hundreds of wardriving trucks that meander carefully around hundreds of cities worldwide to pair Wi-Fi signals with GPS-retrieved coordinates (see "Loki Here," 2007-06-18). Skyhook licenses its constantly updating database, and offers Loki, a program for retrieving coordinates via a Web browser on the Mac. They have a more extensive toolbar with location-based directories and form-filling for Windows, which will eventually arrive under Mac OS X, as well.
Of course, what would really be nice is a true GPS chip or simulator built into the iPhone to provide location data to any application that could use it, like Google Maps. It could even plop coordinates into the embedded metadata of photographs taken by the iPhone. All cell phones sold must include location awareness, based on GPS or cell-tower placement, to provide that information to E911 operators. So the iPhone has it - almost certainly in the form of cell-tower sniffing. Apple and AT&T are just pretending it's not there. Perhaps an enterprising hacker will be able to find that data and expose it to other applications at some point.
Article 3 of 8 in series
A new firmware release for the iPhone fixes numerous security problems, while adding subtle features, such as the iTunes Wi-Fi Music Store, and a switch that lets you avoid expensive overseas data charges.Show full article
For our money (and we were two of those early purchasers who bought iPhones before Apple lowered the price $200), one of the best features of the iPhone is its upgradability. Since the iPhone runs OS X, there's room to add features as well as fix bugs; the latest version does both.
iPhone 1.1.1 is now available via iTunes (it's a 152.3 MB update): the next time you connect your iPhone, click the Check for Updates button if you're not automatically prompted about the update. Note that if you've unlocked your iPhone to use a provider other than AT&T, installing the update may make your phone inoperable (more on this issue below).
This version adds a few niceties introduced with the iPod touch, such as the capability to double-tap the Home button to bring up either the list of favorite contacts or iPod playback controls (avoiding the need to navigate to either from the Home screen), and the new iTunes Wi-Fi Music Store for purchasing music directly from the phone over a Wi-Fi network (see "Apple Introduces iPod Touch, Wi-Fi iTunes Store, and New iPods," 2007-09-07). (Apple has also posted a video demonstrating the new features.)
Other feature changes include the capability to double-tap the spacebar to insert a period and space, turn off EDGE/GPRS when roaming internationally (no doubt in response to several instances where people received huge bills; see "iPhone Billing and International Issues," 2007-09-07), view Mail attachments in portrait or landscape mode, view iPhone video on a television in TV Out mode, and adjust alert volumes. The speakerphone and receiver volumes are also reportedly louder, stocks and cities can be re-ordered in the Stocks and Weather applications, and the Apple Bluetooth Headset's battery status appears in the Status Bar.
A few undocumented features have been uncovered, such as the capability to change your voicemail password from the iPhone and change the alert sound for new text messages, a debug console for Safari, and new video playback options including closed-captioning for movies that support it.
We also uncovered a couple of improvements in VPN support for those who like to make sure their Wi-Fi data isn't being snooped when using an iPhone on public networks.
Apple fixed a bug that wouldn't allow proper entry of strong passwords for a VPN after initial setup. In iPhone firmware 1.0.0 to 1.0.2, you could properly set up the details of a VPN connection in Settings > General > Network > VPN > Settings with the password left blank - the display reads "Ask Every Time" in gray. But when you went to enter the password to connect using the VPN switch that's added to the main Settings screen, instead of a full keyboard, the iPhone would show just a telephone-style keypad. Thus, alphanumeric passwords couldn't be used. That's fixed.
Apple also added support for RSA SecureID cards, a way of generating a constantly changing unique additional factor for connecting securely using a small keychain-sized fob you carry around. This is usually a two-factor method - password plus this separate token generated by the fob - but this implementation seems to be set up where you're prompted for the token after the VPN server is contacted.
A number of security updates were rolled into this release, as well, repairing vulnerabilities in Mail, Safari, and Bluetooth.
Incompatibilities -- Glenn had modified his iPhone using Nullriver's AppTapp installer to install third-party programs. As a result, his iPhone wasn't initially happy about the update. (AppTapp isn't compatible with iPhone 1.1.1.) He had to force restart his iPhone - holding down both the power and Home buttons for about 10 seconds - and then choose a full restore. Fortunately, he had settings backed up to his work computer, even though he syncs to his home machine. This enabled the iPhone to relearn its phone number and be generally useful (if out of date) until he returned home for a fresh sync. Clearly, it's a good idea to sync and perform a backup before trying the update!
Some people who unlocked their iPhones to work with providers other than AT&T, however, discovered that the iPhone 1.1.1 update rendered the phones inoperable (in line with Apple's warnings earlier in the week that the update could "brick" the devices). Over the weekend, a method of reverting back to the 1.0.2 version of the iPhone's firmware was discovered, so the dead iPhones might be only "mostly dead" (to quote Miracle Max).
For more discussion of Apple's bricklaying, see "Staff Roundtable: Apple Should Do No Harm to iPhones," 2007-09-28.
Article 4 of 8 in series
Apple has come under fire for "bricking" unlocked iPhones - rendering them unusable - with the latest iPhone update. Is that reasonable behavior? Our editors universally think not, and they aren't wild about the way Apple has made it difficult to develop native applications for the iPhone either.Show full article
The recent iPhone update (see "iPhone 1.1.1 Adds Features and Updates Security," 2007-09-07) brought new features and bug fixes, but also caused widespread consternation among those who had unlocked their iPhones: the update "bricks" unlocked iPhones - a newly popular term meaning that the update has turned the iPhone into a worthless hunk o' glass and plastic. Steve Jobs even warned that this would likely be the case, saying that Apple would continue to fight those who have figured out how to unlock the iPhone. The update also broke at least some of the applications that developers have written and installed on the iPhone via unsupported hacks, but at least in those cases, the only harm is to the new applications.
So we have two levels of hacking: creating and installing native iPhone applications, and unlocking the iPhone so it can work with other SIM cards and thus other cellular carriers. Apple appears to be ignoring the application hacking while actively fighting the unlocking. Do these strategies make sense for Apple? Is it even legal to prevent unlocking in the United States? Our editors ponder the situation.
Glenn Fleishman -- For 20 years, I've said to anyone worried about installing software on a computer, "It's just software. It can't actually hurt your computer. The hardware will be fine. If you have a problem, make sure you have a backup. You won't break your computer by installing that."
Apple has changed that equation with the iPhone's latest firmware and operating system upgrade. The iPhone is a powerful little computer controlled by powerful interests. Like almost all electronics sold today, it includes a variety of kinds of firmware, the software that controls the hardware. The firmware may be stored in different places, too, with radio cards and separate modules having their own internal firmware. Part of the firmware handles the boot procedure that allows the device to load the operating system; other parts handle upgrading and installing new firmware. Because the iPhone uses non-volatile, electrically erasable memory, there should be no problem with restoring a phone that has had every manner of change applied to it, as long as the boot routines aren't affected.
The hacks that unlock an iPhone to work with other carriers write special instructions to the firmware that controls the cellular network association to allow the use of any SIM - the authentication module used on worldwide GSM cellular networks - and not just AT&T's. This shouldn't affect the bootstrapping or firmware and operating system restore process one bit.
Gizmodo posted an interview with the iPhone Dev Team, a community effort that resulted in unlocking software. In the interview, the Dev Team makes it clear that Apple could very simply have included in the update a way to check whether the code related to the lock has been modified, and rewrite it. The team says that Apple could also fairly easily restore a default state and then more securely lock the phone down. (The team is also positive they can restore bricked iPhones to a factory default state.)
I've always felt that when I buy a piece of hardware, it's mine to use and modify as I see fit. I won't go crying to the manufacturer if I engage in some specifically prohibited activity. If I disassemble my computer, install new components, and one of them fries the motherboard, I don't blame the PC maker. But I also expect most devices to be reasonably robust and to be restorable, sometimes with a lot of effort, even if it's my job to undertake that effort.
With the iPhone, I'm not hacking hardware, just software. I have few compunctions about making changes that affect only the innards. The fact that average users can install non-supported software should be unrelated to the robustness of the hardware, and its resiliency in coping with a total operating system failure or other modifications. Unlocking an iPhone is just a step beyond installing non-supported apps, but it's part of the bigger issue: who owns your phone once you've purchased it? The carrier? The maker? Or you?
Unlocking a phone is not illegal in the United States (nor in most countries). The Librarian of Congress extended an existing right by carving an exemption out of the Digital Millennium Copyright Act (the awful DMCA, which I hope the Supreme Court strikes down one of these days) that allows individuals to reverse-engineer the encryption in a phone specifically to unlock it. Even though unlocking is allowed, cell carriers aren't required to make it easy for you. They can use every tool at their disposal to lock the phone.
The FCC has expressed concerns about how hard it is to unlock phones on a number of occasions, and despite its control by an administration that ostensibly supports less regulation, the FCC doesn't favor locking. In a complaint about the rules for an upcoming auction in the 700 MHz band for future cellular networks, Verizon Wireless proposed that if the FCC prohibited it from locking devices in this new band, that would be tantamount to violating the company's First Amendment rights.
Now, I hold no truck with the notion that companies have constitutional rights. That's part of the erosion of personal liberty in favor of so-called corporate rights that began in earnest in the 20th century. (You can read Peachpit Press founder Ted Nace's book "Gangs of America" on this topic; it's a free download.) But you have to admire the chutzpah that lets a cell carrier assert a constitutionally guaranteed right to prevent choice among its consumers as a matter of "speech."
The FCC replied in its rule-making on the matter, "To the extent that a choice of device or application implicates First Amendment values at all, we think that our requirements promote rather than restrict expressive freedom because they provide consumers with greater choice in the devices and applications they may use to communicate." Well put - and rather radical in its true conservatism.
All that said, I was an AT&T customer before the iPhone came out, and I have no particular desire to change carriers. I knew that it might be impossible. I also knew that there's enough dissatisfaction with the state of locked phones that there might be a combination of regulation, legislation, and hacking that would enable my choice in the future. (No matter how much a congressperson hates regulation, just read interviews with them after they've personally had problems with a phone company, a cell phone, or an airline. Precepts be damned; laws aplenty!)
I did install third-party applications on my iPhone, and it was neat to activate its underlying functions - stuff built into the iPhone's version of OS X but not enabled or reachable through the included software. Using SSH (a secure session within a terminal program) was hilariously difficult with all the typing needed; using a program for sending full-resolution photos via email was much more satisfying.
The iPhone 1.1.1 update killed my apps and temporarily bricked my iPhone. I had to perform a restore and lose my apps, and now I need to wait for the next wave of updates for allowing third-party programs to be installed.
But I still believe firmly that I have the right - and now almost the responsibility - to use my iPhone however I choose.
Matt Neuburg -- I don't have an iPhone, but I was at WWDC (Apple's annual developer conference) in June 2007, and when we were shown a film about how to "develop applications for iPhone," emotion in the huge, jam-packed room ranged from disappointed to infuriated. It turned out that "applications for iPhone" was a misleading sleight-of-hand: what you were allowed to develop were Web pages, with any functionality being implemented at the server side: the iPhone itself was to be nothing but a Web browser. But these people weren't Web developers; they were developers. They write programs. With interfaces. For computers. Every single one of them saw the iPhone as a computer, with a cool interface, and they wanted to program for it. And so did I. So, while I suppose I sympathize with Apple's position here (which might run something like: "If we let people program the iPhone, they might hack or damage the phone network, and we'll be left with egg on our faces."), I sympathize even more strongly with the people who want to write genuine iPhone apps. And I'm sad that when they find ways to do it, they're "hackers."
When apps are outlawed, only hackers will write apps.
Jeff Carlson -- I own an iPhone, but I haven't done any hacking to it, mostly because I haven't had time, but also because only recently was the process made sufficiently easy (alas, I barely speak Unix, so futzing at the command line on my new $600 phone wasn't appealing). I also was a Cingular customer before AT&T bought them, so I have no reason to unlock my iPhone (and I don't travel internationally often enough to care).
But I think Apple is being bone-headed about the whole thing. Not necessarily because they're out to annoy their customers (honestly, there have been times when it seems as if Apple barely notices its customers), but because Apple must know that it's in for a costly, extended, and ultimately losing fight. The people unlocking the iPhone are doing so because they can, and a software update that bricks (love that term) an iPhone isn't going to stop the programmers. Sure, it might be a clever game for a while to see if Apple's engineers can stay ahead of the hackers - I'm using the "hacker" term favorably here, as it's intended - but that's time spent away from improving the iPhone. And improving Mac OS X, since Apple has been reportedly swapping its coders between projects to get them done. The fact that the number of people hacking the iPhone is probably extremely small compared to the number of happy, contract-abiding customers makes it more painful to see Apple throw resources at the situation.
Unfortunately, I suspect that Apple doesn't have much choice. It entered into its agreement with AT&T, and I would bet there are sections of the legalese that warrant Apple will do its best to make sure people can't crack the iPhone and make it possible for AT&T to lose its exclusivity. Just as Apple's hands are continually tied by the record and movie industries over how they can sell music and video, the company is beholden to the outside interest of the cellular companies. We're getting great features and technologies from a company that wants to give them to us, but each compromise takes a little chunk out of Apple's corporate soul.
Joe Kissell -- I'm still waiting for iPhones to become officially available in France. I want one badly, but I have to wait and see whether the pricing and contract commitments make sense for me. I'd use the Internet features frequently, I'm sure, but I can count on one hand the number of actual phone calls I make on my cell phone in a typical month, and I hate to pay a lot of money for something that provides no value for me. For years I paid cell phone carriers far more than I should have just for the privilege of being able to use a certain number of calling minutes. Since I've been living in France, I've been getting along nicely with a prepaid SIM card that I recharge for 25 euros every two months - and even at that, I use only a fraction of the minutes I've paid for.
My point is: if it is legal and technologically possible for me to hack an iPhone in such a way that I can use another SIM card (and thus don't have to pay many tens of euros every month for service that I won't use), I may very well do exactly that. But even then, I'll do it only if I'm certain I can unbrick it should the need arise. It's not that I'm cheap, but I don't believe in wasting money - on either excessive service charges or a device that no longer functions.
On the other hand, hacking to enable third-party applications is a no-brainer for me. That will happen within the first half hour of getting an iPhone. The reason is that the availability of some of these apps (I'm thinking especially of the SSH client) adds tremendous value to the product for me. In fact, I might go so far as to say I'd have a hard time justifying the cost of an iPhone unless I can run third-party software on it. Surely I can't be alone in thinking this way. Would you still buy a Mac if it could only run the software Apple included with it?
Adam Engst -- As Guy Kawasaki noted pithily on Twitter, "Apple's gonna lose this battle." At least in the short term, unlocking the iPhone will remain the exciting challenge for hackers, and as soon as Apple blocks one hole, I expect the hackers will find another. I'm uncertain if there are additional legalities involved in the iPhone contract, but given the DMCA exemption for unlocking cell phones, any legal recourse would focus on the technicality that the exemption doesn't apply to software or distributors.
In the long term, I anticipate one of two things happening. Either Apple will negotiate contracts with other cell carriers, thus eliminating much of the desire to unlock the iPhone, or the hackers will simply tire of the cat-and-mouse game. I recently spent some time updating the security audit section of "Take Control of Your Wi-Fi Security," and I was struck by the number of cracking tools that hadn't been updated in a year or two. Apparently, many of the developers simply lost interest in keeping such tools up to date.
Regardless, I find myself agreeing with my colleagues that Apple is making a mistake here, particularly with respect to breaking the native iPhone applications. I can understand why they're doing it - Steve Jobs is notorious for wanting complete control over a platform, and there have been only minimal cracks in the iPod platform's armor so far. But the iPod, at least until the iPod touch, simply wasn't a powerful general-purpose computer under the hood, whereas the iPhone and iPod touch (and Apple TV) really can do nearly anything. Mac OS X makes it easier for Apple to add features to these devices; the company had to expect that existing Mac developers were going to want to write real applications for them too.
I can't see Apple negotiating contracts with competing cell carriers in a given market soon, if only because the current AT&T contract prohibits it (AT&T has boasted about five years of exclusivity with Apple). But Apple does have a duty to customers to do no harm to their iPhones - an iPhone update should never prevent a factory reset from being possible. Whatever the iPhone's lengthy contract may say in dense legalese, I believe it's unreasonable to assume that users who aren't familiar with the cell phone industry would understand the ramifications of unlocking an iPhone, particularly given that the act itself is legal.
Similarly, although Apple apparently attaches no importance to enabling independent applications, users (like Glenn and Joe, and many others) disagree. Apple needs to understand that the iPhone will be a platform whether or not Apple likes it, and managing that process will prove more effective and lucrative than ignoring it (or fighting it, which will just generate bad press). Perhaps Apple should learn from Microsoft, which listened to its customers and will be selling Windows XP for six months longer than previously announced, due to anemic uptake of Windows Vista.
Article 5 of 8 in series
Apple nears opening iPhone for third-party development, sources say. And although Apple has now opened a Web applications directory, that's not what the sources were talking about.Show full article
Several sources tell me that Apple is nearing an announcement of some sort regarding third-party development on the iPhone. The bits and pieces I've heard are maddeningly non-specific: I don't know, for instance, whether a full software developer's kit (SDK) will be released; what tier of Apple Developer Connection (ADC) program member you need to be (if any); and how much of the innards will be unleashed. I don't even know whether Apple is announcing that a program is coming, or the program itself.
Those are a lot of unknowns. But what I am hearing from several sources is that the announcement, one that Steve Jobs confirmed without any timetable some weeks ago, will happen soon. Perhaps this week.
Update, 2007-10-16: BusinessWeek reports that their sources say that the SDK won't be revealed until Macworld Expo in January, although some firms may already have been given access, such as game-maker Electronic Arts. It's possible that the SDK has been demonstrated to or discussed with a number of other firms, and that may be what led some of my sources - ostensibly different ones from BusinessWeek - to tip me to a near-term SDK release. Given Leopard's on-time-after-delayed launch, I wouldn't be surprised if the SDK isn't delivered until January.
Update, 2007-10-17: Steve Jobs announces SDK availability in February 2008. See "Third-Party iPhone Developers Idle Your Engines," 2007-10-17.
How It Could Work -- What developers want from Apple is the same kind of environment provided for creating software under Mac OS X: Integration with Xcode, the programming environment that the company maintains made it simple to move programs from the PowerPC to Intel architecture because of its flexibility and independence from processor-specific constraints.
If Apple simply inserted an iPhone framework into Xcode, so that developers could work with tools they already had, with the limitations imposed on what the iPhone could do, you'd see applications released in minutes. It's likely that Apple won't release a full-fledged environment in the early days, but something more modest that will still take advantage of developers' (and Apple's) investment in the Xcode system.
Related to this, however, is whether Apple and AT&T will require certification of programs before they run - all programs, or perhaps just ones that use certain iPhone features. Research in Motion requires certification for programs running on the Blackberry that access features like dialing, but I'm told that process isn't onerous, and it's part of the approach that RIM has used to great success in penetrating government and high-security businesses.
The other smartphone platforms - Palm OS, Symbian, and Windows Mobile - generally allow any arbitrary program to be installed, but access to phone features is typically limited, and network access is sometimes restricted to Wi-Fi, when that's available. This limits a cellular carrier's (and a user's) exposure to a phone sucking huge amounts of cell network bandwidth due to a third-party application.
Apple could pull a neat trick by allowing programs that want to access only Wi-Fi network features to operate in an unlimited fashion; if EDGE service is desired, then a program needs to be registered and certified, and be a good network customer. There could even be a revenue requirement or split to make those kinds of applications work in AT&T's model.
This speculation stems from the fact that the iTunes Wi-Fi Music Store works only over Wi-Fi, as a fer-instance. The same structure that allows that program to limit its data access to a specific network medium might be available as part of a larger controlling structure.
We'll see if my sources are right. This could assuage the feelings of many of us who knew that our unsupported applications were, you know, unsupported - read John Gruber's amusing essay on "The 'Un' in 'Unsupported'" - but still liked to have access to stuff beyond that which Apple provides.
Web Applications List -- After first posting this article, I discovered that 9to5Mac had published a piece earlier in the day about Apple accidentally revealing a page devoted to third-party Web applications that could be installed on an iPhone, if I understand the article correctly. In contrast, my sources have been talking about real native iPhone applications, not Web applications.
In fact, Apple took the Web applications page live on 11-Oct-07, and it is merely a directory of Web-based applications designed for the iPhone, not applications (browser-based or native) that can be installed. The directory itself displays fine on an iPhone, but isn't really optimized for it, which is a sort of twisted idea on Apple's part.
Article 6 of 8 in series
For the record, here's Steve Jobs's letter announcing the iPhone SDK.Show full article
Some things need to be in the permanent record, and since Apple didn't see fit to give a permanent URL to Steve Jobs's letter announcing that Apple would be creating an SDK for third party iPhone native applications, I'm reproducing it below for future reference:
Third Party Applications on the iPhone
Let me just say it: We want native third party applications on the iPhone, and we plan to have an SDK in developers' hands in February. We are excited about creating a vibrant third party developer community around the iPhone and enabling hundreds of new applications for our users. With our revolutionary multi-touch interface, powerful hardware and advanced software architecture, we believe we have created the best mobile platform ever for developers.
It will take until February to release an SDK because we're trying to do two diametrically opposed things at once - provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task. Some claim that viruses and malware are not a problem on mobile phones - this is simply not true. There have been serious viruses on other mobile phones already, including some that silently spread from phone to phone over the cell network. As our phones become more powerful, these malicious programs will become more dangerous. And since the iPhone is the most advanced phone ever, it will be a highly visible target.
Some companies are already taking action. Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than "totally open," we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhone's amazing software platform while at the same time protecting users from malicious programs.
We think a few months of patience now will be rewarded by many years of great third party applications running on safe and reliable iPhones.
P.S.: The SDK will also allow developers to create applications for iPod touch. [Oct 17, 2007]
Article 7 of 8 in series
Steve Jobs writes a short note assuring his interest in allowing third-party development of programs for the iPhone (and, by the way, iPod touch), reminding us sternly of how dangerous mobile phone viruses and malware are, and setting a date for release of the software toolkit: February 2008.Show full article
Steve Jobs has become rather chatty these days, the latest example of which is last week's brief "letter" posted without a permanent link (but reproduced in "Steve Jobs's iPhone SDK Letter," 2007-10-17) in Apple's Hot News section, in which the Apple CEO announced that a third-party software development kit (SDK) for the iPhone and the iPod touch will be released in February 2008. (See "Apple Nearing iPhone Third-Party Developer Announcement," 2007-10-10, for our scoop on that front.)
A Short, Ambiguous History -- While there was no consensus in the existing Mac developer community as to whether Apple would ever fully open up the iPhone platform for third-party applications - a view reinforced by Apple's early reluctance to make any commitment - Jobs did state at the D: All Things Digital conference in May 2007 that Apple was looking into how to allow other software "later this year." Daring Fireball covered the early statements' progression from a not-quite-yes but not-quite-no to "later this year." (Note: This paragraph progressed in its drafts from me writing that Jobs first said "no" and then later "absolutely" after I heard from some developers who pointed out it was more nuanced than that: Jobs and Apple were ambiguous and sometimes negative in January about third-party apps, and by May had changed their tune into a more positive, but not 100-percent affirmative message.)
At Apple's Worldwide Developers Conference, we all freaked out briefly when it seemed like Jobs meant that the SDK would simply involve Web applications using AJAX, which would require a persistent Internet connection, and allow no two-way interaction with the underlying system beyond letting a Web page specify a phone number to call or map to display. (Wil Shipley of Delicious Monster wrote a great and slightly profane post on the matter in which he said no thanks to AJAX, but that he was willing to wait for Apple to build a real SDK, which he understood took some time.)
Jobs's latest letter had a bit of the tone of, "Hey, you kids, get off my lawn! We still have to get rid of the gophers, re-sod the grass, and finish the main house before we let you on it in a few months, you little...." The statement emphasized the high level of risk for viruses and malware to spread among phones, and the widespread hallucination engaged in (or promoted by) the cell phone industry that such problems don't already exist. Fair enough, although what he's really saying is, "We've been too busy to work on the iPhone and Leopard at the same time; now we can focus on the iPhone again."
Unmentioned in the letter was the issue of unlocking, although it's a safe bet that Apple's SDK won't allow such behavior, and the cat-and-mouse game is undoubtedly still in play. In fact, it's possible that Apple hopes to distract attention and resources from iPhone unlocking efforts by legitimizing third party application development. When no changes to the iPhone were allowed, developing a game for the iPhone was equally as "wrong" as unlocking the iPhone. Lumping the two types of hacking together may have encouraged people who wouldn't think twice about installing a game to consider unlocking as well.
My prediction that Apple was nearing some kind of announcement must have stemmed from the company showing off or discussing with other parties the delay in the SDK and previewing what was to come. They must have spoken to a number of developers for me to have heard such a buzz last week, as Apple itself is so tight-lipped; none of what I was told came from inside Apple.
In talking about the virus risk and other issues, Jobs noted that Nokia had recently added digital signing to applications - the Symbian Signed program, after the dominant worldwide smartphone platform that Nokia is heavily invested in - that provides more certification and accountability for third-party software that runs on their mobile phones. He called that a "first step." In my article on the SDK's near-term announcement, I noted that there could be two levels of iPhone application certification requirements: a high level for access the cell data network, and a lower level for applications that run entirely locally or use only Wi-Fi for communication.
Why February? Apple slipped the Leopard ship date to October 2007 because the company needed to shift resources from Leopard to the iPhone in order to ship the device on time (see "Leopard Pushed to October 2007," 2007-04-16). Apple has repeatedly noted that the iPhone runs Mac OS X, a fact confirmed by all the hackers and crackers who installed software, unlocked the phone, and developed exploits. (An automated way to crack a current iPhone through a flaw in TIFF image display code has been written up by one of the developers of Metasploit, a framework for running and analyzing massive sets of attacks and inserting payloads. The TIFF flaw has been used to "jailbreak" the iPhone 1.1.1 software, and revert it to 1.0.2 software to restore functionality. Thanks to Rich Mogull for the Metasploit link.)
It appears, from what the hackers have discovered, that the iPhone currently runs a hybrid of Tiger and Leopard elements. As such, it makes no sense to release an SDK that uses at least parts of an operating system you're about to deprecate in favor of a new one, especially one that has a better internal security model. In the original timing, perhaps Apple planned to ship Leopard, and have an iPhone version of Leopard ready to go for the iPhone launch in June 2007. I've heard nothing about that, but it might have been the case.
Here's my view of the timeline: Leopard ships 26-Oct-07. Apple announces a new iPhone model (perhaps with 3G cell data support; see "3G Cell Data iPhone Now Feasible," 2007-10-14) at Macworld Expo on 15-Jan-08. The new model ships along with an updated operating system that's based entirely on Leopard; it's made available to existing iPhone and iPod touch users as a software update by early February 2008. The iPhone SDK appears shortly thereafter.
In the meantime, it will be interesting to see what the iPhone hacking community does. I suspect they'll continue to explore the innards of iPhone 1.1.1, both to bring back existing third party applications for the four months and to figure out how to unlock the iPhone again. The final reason hackers won't just wait patiently until February? Because hacking the iPhone is a challenge.
Article 8 of 8 in series
AppSnapp allows third-party software installation on an iPhone with 1.1.1 software installed. But it makes use of a software flaw that Apple will surely fix.Show full article
The story around installing third-party applications on the iPhone changes every few days, so we at TidBITS have avoided trying to stick a pin in the process, as it were. But a few days ago, one set of the clever folks working in loosely organized teams produced AppSnapp, a successor to AppTapp (from a different group), which can "jailbreak" the iPhone 1.1.1 software, enabling third-party programs to be installed.
AppSnapp has an even simpler installation process: Just visit the Web site with an iPhone, select the installation options from the Web page, and the software is installed. You can then use the Installer application to choose other packages to install, including the Connect program for automated Wi-Fi hotspot connections that we talked about a few months ago (see "Connect More Easily to Wi-Fi Hotspots with the iPhone," 2007-09-17). I tried the process and it was fast and seamless.
Now a word to the wary: AppSnapp makes use of an exploit in the TIFF image format rendering library. A buffer overflow allows a properly crafted TIFF image to install software, essentially. (AppSnapp also patches the exploit, which is rather nice of its developers.)
This exploit and installer provides unrestricted access to the operating system, which means you should take care in choosing the sources from which you install additional iPhone software.
Apple is certainly going to fix this flaw in their TIFF interpretation - it's a significant one which could be exploited by any malicious Web site - which will then prevent releases of iPhone software after 1.1.1 from using this vector to install. Early reports from the UK, where Apple starts selling the iPhone via O2 on November 9th at 6 p.m. (actually 6:02 or "six O2"), indicate that a patched 1.1.2 release is installed on those phones.
Given the near-term arrival of an iPhone SDK, the motivation to jailbreak an iPhone will wane, unless the SDK turns out to be so lame as to push developers once again into unsupported pathways (see "iPhone Software Development Kit Set for February 2008," 2007-10-17).