Filed under: Analysis / Opinion, iPod Family, iPhone
FAQ on the anticipated iPhone software development kit
A couple of days ago, Steve Jobs wrote that Apple plans to introduce an iPhone (and P.S., also iPod touch) SDK by February. Concerns about viruses, malware, and privacy attacks will take time to address. Steve also confirms what iPhone programmers already found out through the back door: the iPhone really is the "best mobile platform ever for developers." The phrase "sweet solution" is notably and happily omitted from his letter.
Since this announcement, I've been bombarded with questions, so I thought I'd put up a post to address some of the more common ones.
Is the iPhone more susceptible to viruses than a Mac? Only in that everything on the iPhone runs as root, giving iPhone programs full access to your entire unit. A virus on your Mac is far more dangerous in terms of sustaining data loss than your iPhone; malware running with your user rights on your Mac can do everything you could do, including destroying everything in your Home folder.
Are privacy attacks a big concern? Yes, absolutely. Your iPhone contains a lot of personal information including your call history, your SMS messages, and your address book. Keeping these private is something you should worry about -- not just in terms of third party programming, but with the applications already on your phone. You may want to use some of the already-existing features including passcodes (Settings > General > Passcode Lock) to keep your private information private.
Will the proposed Apple SDK build the kinds of programs you can download now from Installer? Yes. The applications being built today by third-party developers use Apple's on-board frameworks and ARM-based code. There is no difference between these third-party apps and Apple's native apps as far as the iPhone is concerned. The SDK will add documentation and better Xcode support into the arena so we'll no longer have to reverse-engineer the classes.
Can I get a head start? The iPhone-dev project hosts an open source toolchain at Google Code, a good place to start for anyone interested in exploring the current iPhone and iPod touch capabilities.
So this is good news, right? You betcha. This is great news. The iPhone and touch platforms really are amazing. An open and supported SDK means iPhone user will have access to more functionality and more flexibility on their iPhones, and that Apple will sell more units in a market where sophisticated users expect extensibility for their smart phones. One of my favorite bloggers whimsically adds, "this is good news for people who want their iPhone to trim their toenails and stun attackers".
Could a rogue iPhone actually take down the cell network? I really doubt it, dudes. However, IANATE (I am not a telecom engineer). Others, more qualified, call this warning simple FUD.
Reader Comments (Page 1 of 2)
STrRedWolf said 12:15PM on 10-19-2007
Why couldn't they just follow the path paved by the Angstrom Linux PDA distribution and not have all the system run as root. We had this with the Sharp Zaurus 5000/5500/5600/6000 SL's, the C-(6|7|8)xx series, and the C-(1|3)x00's, even with OpenZaurus. Angstrom puts in the user seperation.
Reply
Marcos said 12:18PM on 10-19-2007
I think it's a safe assumption that 3rd party apps will no longer run as root. Having more than root logged in to the phone will create overhead though. Also, it will make interaction between apps more complicated.
For one, I absolutely understand why Apple didn't release an SDK right away. It's a lot of work to get the API stable and documented, and there are serious and valid security concerns that needed to be worked out; as well as a distribution/installation interface through iTunes. This is better than delaying the phone so they can ship all at once.
I don't understand, however, why they didn't say they'd do an SDK from day one. I just don't believe they changed their minds on this one. They aren't idiots at Apple, no matter what you'd like to think.
Reply
Sam said 12:27PM on 10-19-2007
Leopard guided tour up.
Apple.com
Reply
Sam said 12:28PM on 10-19-2007
is "John"'s last name Appleseed? haha
Reply
Andrew said 12:34PM on 10-19-2007
Before everyone gets too excited I think we should all wait and see how big the handcuffs that come with the SDK are going to be - and you can betcha there will be some.
Reply
Michael said 12:40PM on 10-19-2007
Macs dont get virus's or Malware LOLOLOLOLOLOL
I thought I read someplace that the Iphone was 5 years in development, well if its true or not I cant believe the left so many features out of the design and the OS.
I like it allot but have my doubts on further development. Lets just crack it and hack it and get some serious beneficial 3rd party apps running this thing.
Seriously thinking of ebaying this thing till the next generation and have some productivity apps or something more than games and you tube.
Reply
SubGenius said 12:41PM on 10-19-2007
Actually I think it could be possible to take down the network with a virus or at least do some serious damage. For example, a virus that places synchronized calls like a DDoS attack. Imagine 1 million iPhones simultaneously calling the White House or calling local 911.
Reply
Alan Quatermain said 12:42PM on 10-19-2007
No reverse-engineering the classes? But... but... but that's half the fun!
Reply
billp said 12:50PM on 10-19-2007
I don't understand why you haven't posted half this information earlier, but I guess better late than never. Wouldn't hurt to delve into some of this more... the big-picture issues here might interest a larger number of people.
Reply
Alan Quatermain said 12:53PM on 10-19-2007
@SubGenius:
Having read recently about hackers getting into the 911 system and sending fake reports — what they call 'SWATting' I believe — I would imagine something like the iPhone might make it easier to perform similar pranks...
Also there's the wireless side of things — unlike laptops, iPhones aren't generally asleep when you're carrying them down the high street. With a third-party app on there, it'd be free to do any snooping it wanted, etc. It'd also be more vulnerable to network-based attacks, in theory.
However, I should note that I am confident that these sorts of things won't happen once the SDK is released. There will be enough security in place to stop that from happening.
Reply
Sparks said 12:58PM on 10-19-2007
One misconfigured, rogue iPhone could not take down the cellular network. That is just FUD.
However, a whole BUNCH (like, thousands and thousands) going rogue at once and just pulling every bit of data they can constantly and nonstep? That would probably not kill the network entirely but... well, given AT&T's data network, I wouldn't deny that seems as though it could cause some issues.
I would think you would see the GSM/GPRS equivalent of a Slashdotting. :)
Reply
Sam said 1:03PM on 10-19-2007
best part of this video: "johnny" appleseed using ichat effects
and when he installs leopard: it usually takes about an hour or two, so why don't you get a cup of coffee or go for a walk. AHAHAHHAAH, how about "why don't you get off your ass and do something real."
Reply
Fabio P said 1:28PM on 10-19-2007
apps run as root for now, propably because apple didnt intend to relase an SDK, so they said "its easier for us to make everything root, and since nobody else can make apps for it its safe enough".
Reply
SpinThis! said 1:35PM on 10-19-2007
As usual, Gruber [http://daringfireball.net/2007/10/tea_leaf_reading] has a great take on this
Reply
Tacoman667 said 2:09PM on 10-19-2007
I don't see why these companies don't make it open for 3rd party in the first place. Being a software developer myself I see it taking far more resources to try to find and squash the exploits ASAP then it would to make an SDK and limit the attempts at hacking the system.
Reply
Mark said 2:32PM on 10-19-2007
Hopefully this will allow MS or someone to develop Exchange/Active Sync support for the iPhone. I got my new iPhone right before going into jury duty, and doing email through Outlook Web Access and Mobile Safari is pretty poor.
For me, it's (almost) the only thing standing between me and phone nirvana.
Reply
SjG said 2:59PM on 10-19-2007
As for all the doomsday hack scenarios ...
hackers could do all those DDoS or network attacks today with Windows Mobile phones, Treos, Symbians, etc.
And for doing forged numbers (e.g., SWATing), that doesn't take place in the phone, but upstream, in the exchange, or similar.
Reply
Harbinger said 3:55PM on 10-19-2007
FAQ for something that doesn't exist yet? You're jumping the gun again.
Reply
meian said 4:36PM on 10-19-2007
Erica, name me *one phone* from Nokia, SE, Samsung, LG, HTC (and clones), that allowed such easy access to baseband firmware.
This, my dear, is what Steve Jobs meant when he said "malware could bring down the network". Without the sugar coating, he'd say "we had to rush the bejeesus out of the firmware of this thing, else our stock market would plummet. It's already nicknamed The Jesus Phone, so what would you expect? We had to pull a Vista on this one and ship it right away, even though it was still a good 8 months behind being RTM material. So everything runs as root, even though we *did* create a restricted user; we're just not using it because we developed everything as root and not quite tested the memory protection implications and whatnot. So it's plain root and it's locked down to the thinnest hair. Except that, uh, it's rushed, so it evidently has its share of security flaws, which are probably going to be exploited by the hacking crowds. Well, you got the idea, right? So bear with us while we bring ourselves to the security standards set by our competitors, and bring you the real, native, sweet Cocoa-ness to the iPhone in the meantime. As an aside, how about thanking us for making the Web suck a little less as *everyone* made their sites a little more standards-compliant so they'd render properly on the iPhone? Nokia S60v3 phones with Webkit-based browsers got a free ride in the process, have you thought of it?"
Whew. Jobs can really cram a lot of fine lines on such small sentence, doesn't he? :)
Reply
wavelet said 6:05PM on 10-19-2007
Phone SW can certainly bring down a network, but that's not an iPhone-specific issue, and depends ot a large extent on the safeguards the mobile operators & equipment vendors have in place.
A firmware bug in a Motorola handset caused significant portions of the cellular networks in Israel to be shutdown, see
http://catless.ncl.ac.uk/Risks/17.26.html#subj1
Reply