Closed App Store or open Android Market? Both, please.

Apple and Google are at war over whose system of accepting apps is better. Here's why they should offer both.

There is little doubt that one of the biggest changes in technology over the last ten years is the adoption of the smartphone. And well as changing the habits of mobile phone users, it's meant a lot of changes to computers in general. Not all have been good - it has propagated some ridiculous patent lawsuits, and it's encourages the rise of some highly dubious "freemium" games - but one of the best things it's brought, in my opinion, in my opinion, is the concept of the app store.

In the Linux world, the idea of the app store is old hat. For decades, most Linux distros have been orgnaised into packages. Some are integral to the system, such as the kernel and desktop, some are standard packages such as Libreoffice, and some are extra packages that users add to their system. To add an extra packages, you simply go to the Add/Remove programme, click on what you want, and Linux downloads and installs it for you. There are a lot of advantages to this method: it automatically installs any other software you need to run this program, everything is automatically updated, and if you ever want to install the program, Linux does it for you rather than relying on a dubious uninstallation package that came with the program. Although most software installed this way is free, it has been used for paid apps too.

So, in theory, it is welcome that this practice has been adopted on smartphones. In practice, however, things are more complicated. There are two big changes between Linux and smartphones. Firstly, it's opened this approach up from a mainly tech-savy small group to the masses of smartphone owners. Secondly, this method of installing software has suddenly become a lucrative way of earning money. As a result, there are now thousands of app writers all jostling for status in a highly competitive market. And this is where Apple and Google have heavily differed in their answer to this challenge.

So what went wrong at Natwest?

A lot of questions need to be asked over RBS’s computer problems – but if we want to stop this happening again, we need to listen to the answers.

An easy answer. But not a useful one.

So there we have it. For anyone who questions the value of software testing, here is a prime example of what happens when you let a bug slip through. I know we’ve already moved on to another banking scandal, but in case you’ve forgotten: many Natwest customers failed to get paid owing to a botched system upgrade. This has led to all sorts of consequences, and the obvious question of how this could be allowed to happen.

Except that when people ask this question, I fear most of them have already decided on the answer, which is that RBS is a bank and therefore Big and Evil and responsible for everything bad in the world from Rabies to Satan to Geordie Shore. That answer might make people feel better but does little to stop this happening again. In practice, what went wrong is likely to have little to do with the credit crunch or banking practices and a lot to do with boring old fact that any bank – no matter how responsibly they borrow and lend – runs on a highly business-critical IT system where any fault can be disastrous.

Security should be everyone’s responsibility

There are two main enemies to security: convenience, and inconvenience. Better public education of the risks would make things safer.

"But I only wanted to check my Facebook."
(Photo: 48states, Wikipedia)

Security testing is a very specialised branch of software testing. Unlike most branches of software testing, where you’re simply trying to iron out things that go wrong by mistake, in security testing you’re fighting people trying to make things go wrong on purpose. It requires a lot of responsibility on the part of the testers and a lot of trust on the part of the clients – indeed, there are suspicions this gets abused – and consequently, many software testers won’t put themselves forward for security testing. Nevertheless, most testers will highlight security concerns as and when they notice them, and therefore take an interest in whichever high-profile security breach is in the news this week. Which brings me nicely on to of Hackgate.

Now, in case you lost track of the plot somewhere around episode 4,605 of the Leveson Inquiry, one of the latest developments is a claim that hacking extended to e-mails. At the moment, unlike phone hacking, this has not yet been proven or admitted to. But, quite frankly, it would come as no surprise if this turns out to be true. Like voicemails, the security surrounding personal e-mails has been notoriously lax, and practically an open invitation for hackers to pry into private matters.