Mike Jennings, Android Developer Advocate for Google, faced a range of questions about security from attendees at the OSiM (Open Source in Mobile) conference here in Berlin this morning.
He confirmed, several times that, for Android phones:
- “Users don’t need anyone’s permission to install apps”
- “Developers don’t need anyone’s permission to deploy apps”.
This vision is all the more attractive, given the further point that
- “All apps can integrate deeply with the system”.
The model, as Mike Jennings explained, is that each app needs to tell users what capabilities they will use – for example, to make a phone call, or to access the address book – and the user will decide whether to permit the application.
Questions from the audience tried to drill into that point: won’t network operators seek additional control, to protect their network, to prevent malware, or to avoid revenue bypass?
The answer is, apparently, that all operators who sign up to the OHA (Open Handset Alliance) need to agree to allow the degree of openness described above.
According to this report from TechRadar, similar questions arose in a session in London yesterday morning:
When quizzed about operators by a keen developer who branded them ‘bastards’ for hating VoIP apps and the like, Jennings replied “there’s been a lot of technological advances with Android, but there’s a lot of political advances that have taken place for [some] carriers to go with our vision of being more open,” adding that carriers were now seeing that more development was needed.
I suspect we haven’t heard the last of this. It seems implausible to me that operators will be comfortable in trusting users to this extent – including those who may be inebriated while in the pub, or who fall into an over-trusting “yes, yes, yes” rut while installing apps.
dw2 
It seems that this OHA/Android security model can be emulated within the Symbian security model by making all capabilities user-grantable. That would never work – the average end user just won’t understand what they are granting in some cases.
So, either this isn’t a practical scheme or the system integration available on Android doesn’t go as deep as they are claiming…
Maybe the experience of 150+ million open Symbian phones active in the market is convicing operators that they were being a bit too paranoid though?
Mark
Comment by m_p_wilcox — 17 September 2008 @ 9:25 am
It seems that this OHA/Android security model can be emulated within the Symbian security model by making all capabilities user-grantable. That would never work – the average end user just won’t understand what they are granting in some cases.
So, either this isn’t a practical scheme or the system integration available on Android doesn’t go as deep as they are claiming…
Maybe the experience of 150+ million open Symbian phones active in the market is convicing operators that they were being a bit too paranoid though?
Mark
Comment by m_p_wilcox — 17 September 2008 @ 9:25 am
I just don’t understand how operators will be willing to sign such an agreement, whilst they were demanding a very strict control from Symbian (which resulted in the introduction of Platform Security). Or are we talking about different operators with different security requirements and people who have never used Windows?
Gabor
Comment by Gábor Török — 17 September 2008 @ 11:36 am
I just don’t understand how operators will be willing to sign such an agreement, whilst they were demanding a very strict control from Symbian (which resulted in the introduction of Platform Security). Or are we talking about different operators with different security requirements and people who have never used Windows?
Gabor
Comment by Gábor Török — 17 September 2008 @ 11:36 am
Follow-up
Someone else who was in the audience with me, listening to this presentation, has pointed out that Mike Jennings seemed to lose some of his certainty when responding to the last of the barrage of questions on this topic.
“Maybe I haven’t been fully briefed on this topic”, he said. “I’ll have to check this.”
However, as soon as there’s any leeway and contingency over the rule of “strict operator acceptance of apps selected by the user” for Android phones, it clouds the clarity of the principles that were stated earlier,
“Users don’t need anyone’s permission to install apps”; “Developers don’t need anyone’s permission to deploy apps”.
I’m going to be watching this closely. If Android really has succeeded in finding a better “win-win-win” agreement regarding app security with operators and developers, which holds up to scrutiny, then well done to them! (And you can be sure that other operating systems will be seeking to put similar agreements in place asap…)
Comment by David Wood — 18 September 2008 @ 5:10 am
Follow-up
Someone else who was in the audience with me, listening to this presentation, has pointed out that Mike Jennings seemed to lose some of his certainty when responding to the last of the barrage of questions on this topic.
“Maybe I haven’t been fully briefed on this topic”, he said. “I’ll have to check this.”
However, as soon as there’s any leeway and contingency over the rule of “strict operator acceptance of apps selected by the user” for Android phones, it clouds the clarity of the principles that were stated earlier,
“Users don’t need anyone’s permission to install apps”; “Developers don’t need anyone’s permission to deploy apps”.
I’m going to be watching this closely. If Android really has succeeded in finding a better “win-win-win” agreement regarding app security with operators and developers, which holds up to scrutiny, then well done to them! (And you can be sure that other operating systems will be seeking to put similar agreements in place asap…)
Comment by David Wood — 18 September 2008 @ 5:10 am
David,
And what will happen to Platform Security & Symbian Signed then? I would blow my top if I had spent hundreds of thousands of man-hours on the development of a feature (well, a whole ecosystem!) due to the strong demand of my most important customers and then the very same customers would not require the same feature to be present in the products of my competitors.
Comment by Gábor Török — 18 September 2008 @ 8:12 am
David,
And what will happen to Platform Security & Symbian Signed then? I would blow my top if I had spent hundreds of thousands of man-hours on the development of a feature (well, a whole ecosystem!) due to the strong demand of my most important customers and then the very same customers would not require the same feature to be present in the products of my competitors.
Comment by Gábor Török — 18 September 2008 @ 8:12 am
Follow-up #2
During day two of OSiM, Alfonso Fernandez of Telefonica gave a presentation with the title "Explaining Operator Involvement in Android". It was a thoughtful and wide-ranging talk, and contained assessments of open source platforms in general (not just Android).
Telefonica are clearly keeping their eyes wide open in their engagement with Android. For example, Alfonso made the comment that "It is not clear yet that open source delivers on the promise of faster time to market".
During the Q&A at the end of the talk, David ‘Lefty’ Schlesinger of Access took the opportunity to dig into the topic of operator control over security on Android phones, with a perceptive line of questioning, including the following: “Given that Android has a comparatively weak security model, isn’t Telefonica worried?”
Here’s Alfonso’s final answer: “I am almost sure we will need a stronger security model”.
// dw2-0
Comment by David Wood — 18 September 2008 @ 11:35 pm
Follow-up #2
During day two of OSiM, Alfonso Fernandez of Telefonica gave a presentation with the title "Explaining Operator Involvement in Android". It was a thoughtful and wide-ranging talk, and contained assessments of open source platforms in general (not just Android).
Telefonica are clearly keeping their eyes wide open in their engagement with Android. For example, Alfonso made the comment that "It is not clear yet that open source delivers on the promise of faster time to market".
During the Q&A at the end of the talk, David ‘Lefty’ Schlesinger of Access took the opportunity to dig into the topic of operator control over security on Android phones, with a perceptive line of questioning, including the following: “Given that Android has a comparatively weak security model, isn’t Telefonica worried?”
Here’s Alfonso’s final answer: “I am almost sure we will need a stronger security model”.
// dw2-0
Comment by David Wood — 18 September 2008 @ 11:35 pm
Well,
I was listening to Rich Miner of Google at Mobilize yesterday and same promise is repeated. I wonder how long symbian signed will continue?
Comment by Rick — 19 September 2008 @ 12:50 pm
Well,
I was listening to Rich Miner of Google at Mobilize yesterday and same promise is repeated. I wonder how long symbian signed will continue?
Comment by Rick — 19 September 2008 @ 12:50 pm
Rick,
If you really followed what David had written as follow-up in the comments section you must have read that Android’s (early) model will most probably not be sustainable, they “will need a stronger security model“. In that sense, it’s too early to bury Symbian Signed. Let’s give some time to Android and its ecosystem to prove/disprove that what they worked out will really work.
Comment by Gábor Török — 19 September 2008 @ 1:08 pm
Rick,
If you really followed what David had written as follow-up in the comments section you must have read that Android’s (early) model will most probably not be sustainable, they “will need a stronger security model“. In that sense, it’s too early to bury Symbian Signed. Let’s give some time to Android and its ecosystem to prove/disprove that what they worked out will really work.
Comment by Gábor Török — 19 September 2008 @ 1:08 pm
Hi Gabor,
I believe Android will be far lenient than Symbian Signed. That succeed or not, has to be seen. There were concerned that Windows won’t succeed due to malware problems. But history speat itself. They are ruling Desktop market for ages.
As a developer I wish them to succeed and good luck to Symbian. I am almost sure that symbian will follow up the same route, as always.
Industry needs good people, you don’t need to blow your top, all you need to do is make all capabilities user-grantable:)
Hard to throw away your own code? Agreed, too painful:(
Comment by Rick — 19 September 2008 @ 2:25 pm
Hi Gabor,
I believe Android will be far lenient than Symbian Signed. That succeed or not, has to be seen. There were concerned that Windows won’t succeed due to malware problems. But history speat itself. They are ruling Desktop market for ages.
As a developer I wish them to succeed and good luck to Symbian. I am almost sure that symbian will follow up the same route, as always.
Industry needs good people, you don’t need to blow your top, all you need to do is make all capabilities user-grantable:)
Hard to throw away your own code? Agreed, too painful:(
Comment by Rick — 19 September 2008 @ 2:25 pm