Oct 18, 2007

[Apple] Apple announces SDK for iPhone/touch; sorry, homebrewers

In an apparent attempt to appease geek Apple fanboys and to stem the tide that is iPhone hacking, Steve Jobs announced that a software development kit (SDK) for the Apple iPhone and iPod touch will be released in February 2008. An SDK is a set of programming tools and application programming interfaces (APIs) that allows a developer to create applications for a certain platform.

By releasing an SDK, developers who want to create applications for the two products do not have to hack the innards of the device. The device becomes semi-open. Semi, because the device is still not fully open. Consider the SDK or API as a window - you are allowed to take a look but not get in.

Jobs also noted that Apple is going to implement an idea similar to what Nokia did with regards to applications - allow signed apps to be installed. His worry is that by allowing the iPhone to be open, the platform is going to be barraged by malware; by using digital signatures, any wayward app can be traced back to the creator. Engadget Mobile prick Jobs' balloon, since you can disable digital certificate verification in s60 Nokia phones.

(In a not-so-related note, in UIQ 3, you can still install apps even if the phone tells you that the signature is untrusted.)

Also, most mobile malware are spread via Bluetooth. Another vector of attack would be sending a WAP/Web link via SMS (and going on that link, a malware is downloaded). What does this mean?

Unless Apple implements a strict, signed-only apps policy, digital signature is useless. If implemented, how sure is a user that a signed app is trustworthy?

With these two caveats, the only way you can get an app for your iPhone and iPod touch is via iTunes. Plain and simple. You can almost hear the cash registers ringing now at Apple HQ. Yes, sorry homebrew developers.

Hackers, you may now continue with your work.

No comments:

Post a Comment