Obviously, all of this has been driven by the success of Apple’s iPhone and its associated App Store. Apple, in a big comeback from their original position on development for the iPhone, has managed to do what prior mobile platform vendors, like Palm, always had a lot of trouble accomplishing: they’ve made adding software to your phone mainstream. Prior to this, while a lot of people carried “smart phones” of various kinds, relatively few ever took advantage of the capability of those devices to do things beyond the set of capabilities they shipped with. That’s a situation which is clearly changing.
That’s a situation that, in the long run, is calculated to provide a strong disincentive for major development projects on the iPhone: what organization is going to be willing to invest man-years of effort in developing an application that they may, ultimately, find themselves unable to effectively sell? In addition, Apple controls the effective marketing of those applications to a large degree, with its “Staff Picks”, and so on. The iPhone store is a market, but not a free one.
In contrast, the Android store is a pretty wild and wooly place, especially in the commentaries on some of the applications. Google exerts almost no control (although there are, indeed, terms and conditions associated with selling applications through the Android store, but they’re a cakewalk compared to Apple) over what gets listed there, which is fine as far as it goes. Where things get problematic is the intersection of the freedom around the store and the weaknesses of Android’s security model.
In the past few weeks, stories came out about an Android application which purported to “optimize” the memory usage of your Android phone. Sounds good, right? Of course, the app, when installed, dutifully reported the things it wanted to do, and of course, users all agreed to allow the application to do those things. The application then apparently went ahead and deleted pretty much every single bit of data on the phone, which I suppose represents an “optimization” of sorts—”There’s more now!”—but isn’t what the users of the application had in mind, certainly.
Both situations are caused by the same symptoms: lack of a policy-based security model. All Android applications are self-signed by their developers; all iPhone applications are effectively signed by Apple. However, neither of these models offer much granularity: either you install an application on your iPhone or G1 or you don’t; when you go to run it, either you agree to allow it to do whatever it does (implicitly on the iPhone, more explicitly on an Android phone), but once you’ve done that, if the application misrepresented what it does, you’re out of luck.
In contrast, policy-based models allow “levels” of signature, such that—for example—for an application to delete contacts, it would need to be signed by an authoritative source. Alternately, that specific capability would be brought out to the use for explicit approval, rather than a generic “This application wants to access your contacts”. This is one of the strengths of platforms—like the recently-announced LiMo reference platforms—which incorporate a policy-based model from day one.