Monday, 3 February 2014

Closed App Store or open Android Market? Both, please.



Apple and Android logos


Apple and Google are at war over whose system of accepting apps is better. Here's why they should offer both.

There is little doubt that one of the biggest changes in technology over the last ten years is the adoption of the smartphone. And well as changing the habits of mobile phone users, it's meant a lot of changes to computers in general. Not all have been good - it has propagated some ridiculous patent lawsuits, and it's encourages the rise of some highly dubious "freemium" games - but one of the best things it's brought, in my opinion, in my opinion, is the concept of the app store.

In the Linux world, the idea of the app store is old hat. For decades, most Linux distros have been orgnaised into packages. Some are integral to the system, such as the kernel and desktop, some are standard packages such as Libreoffice, and some are extra packages that users add to their system. To add an extra packages, you simply go to the Add/Remove programme, click on what you want, and Linux downloads and installs it for you. There are a lot of advantages to this method: it automatically installs any other software you need to run this program, everything is automatically updated, and if you ever want to install the program, Linux does it for you rather than relying on a dubious uninstallation package that came with the program. Although most software installed this way is free, it has been used for paid apps too.

So, in theory, it is welcome that this practice has been adopted on smartphones. In practice, however, things are more complicated. There are two big changes between Linux and smartphones. Firstly, it's opened this approach up from a mainly tech-savy small group to the masses of smartphone owners. Secondly, this method of installing software has suddenly become a lucrative way of earning money. As a result, there are now thousands of app writers all jostling for status in a highly competitive market. And this is where Apple and Google have heavily differed in their answer to this challenge.
Apple's solution has been to vet apps through its app store - a major derivation from most Linux distros that broadly welcomed anything. Needless to say, this has been controversial, and it would be easy to write a whole article bashing Apple for this. Firstly there's the obvious argument of whether Apple should be dictating to iPhone users what apps you can and can't buy. There have been some dubious decisions to ban apps that come across as censorship of opinions, such as Phone Story. Apple has been ridiculed for the apparently arbitrary way that apps get accepted or rejected. So far, so bad.

In Apple's defence, however, I'm not sure it's the sinister evil Apple conspiracy people have suggested. Microsoft took a similar to approach to Apple for Windows 8 apps. I read through those guidelines for a previous piece of work, and I can tell you that there's nothing particularly unreasonable. Nonetheless, the outcome was a mess, with stories of perfectly legitimate apps getting rejected for strange reasons. I suspect the root problem is that vetting policies, no matter how well-intentioned they must be, are in practice a nightmare to implement.

Apple, however, argue that their vetting procedure ensures that users can be assured of quality and security in their apps. The claim of quality is again dubious, because Apple gets criticised for apps making it through the criteria not being stable. But on the issue of security, they've got a point, and this is where Google's Android market comes into play.

Smartphone, being essentially another kind of computer, share the same security principles as normal computers, but there are a number of differences. Potentially, the spoils of a hacked smartphone outweigh those of a hacked computer. You can plunder address books, sell on details of the holder's personal movements, and make money by getting the phone to dial premium rate numbers. Luckily, Android and Apple have both proved themselves to be quite resilient to ne'er-do-wells - there's certainly no sign of a return to the bad old days where your Windows XP computer could catch all sorts of nasty viruses just because you visited the wrong site with IE6 and ActiveX.

But the chink in the armour is apps. No matter how secure an operating system is, a rouge app you willingly install is free to inflict all sorts of bad things - and there is little Android/OSX/Windows can do to protect you. Is that programme you just installed accessing your address book for legitimate reasons or is it sending it on to identity thieves? Is the programme making calls meant to do that or is it trying to sting you with premium rate numbers? There's no easy way for the phone to know. And whilst this could be a threat to any operating system, it's Android that gets targeted time and time again.

It's a serious problem. In the old days, it was easy to blame users for downloading a dubious virus-ridden program they found on the internet, but in the days of app stores where legitimate programs and virusware both come from the same place, how do you tell which is which? Most people cannot reasonably be expected to have background knowledge of the latest app scams out there. In theory, whenever you download an app you are presented with a list of actions your new app is and isn't allowed to do, but it's so confusing to layman the default response is to say yes to everything.

So, yes, iPhone has one over Android here. They can claim that the only way you can be sure of being protected from rogue apps is a properly vetted App Store. And the only way you can have a properly vetted App store is with an iPhone. But that means buying into Apple's idea of what you can and can't do with a smartphone. It's a high price to pay, and it's a choice people shouldn't have to make.

So, here is my proposed solution to all at Microsoft, Apple and Android: stop arguing about whether it's better to have an open or close app store, and instead offer both. Vetted store or open store, let the users take their pick.

So, how would this work, and why would it differ from what Android does now? Well, the way I think this should be done is for smartphones, by default, to take apps from a vetted store. Exactly how fussy they want to be over software quality or adherence to standards is up to them, but the important one is security. Someone answerable to Apple/Android/Windows has to have a look at the App to see if it's doing something it's not supposed to. But the power to opt out remains with the users. If they want to switch to an open store, by all means display a message explaining the risks of unvetted applications, but if the user selects "Yes" to "Are you sure", that's the user's choice.

This, I think, is a good balance. People who aren't interested in a choice of a gazillion apps out aren't going to be bothered with a limited range on offer from a vetted app store. That saves them the problem of picking the reputable weather app from the dodgy one, and saves the hassle of understanding the confusing security permissions messages. People who want a wider choice, who understand the risks of unvetted third-party apps, are free to do their own thing, as is anyone who finds the rules of the vetted store too restrictive for their liking.

I also believe it would do Apple (and Microsoft) some good to offer this choice. If few people choose to opt out of your vetted app store: great, you've got the confidence of your customers. If customers opt out in droves, that is a warning sign that you're doing something wrong, but also an opportunity to identify the problem and put things right. Surely that has the be better than people hating your vetting policy but being forced to stick with it. The advantage to Android from this policy, of course, is offering customers worried about spiked apps a safe option and peace of mind.

Wow, a blog article that picks out good points of both Android and iPhones. Is that allowed?

No comments:

Post a comment