Daniel Eran Dilger in San Francisco
Random header image... Refresh for more!

iPhone 2.0 SDK: How Signing Certificates Work

200803172226
Daniel Eran Dilger and Jason Smith
Last May, I asked Steve Jobs for a public comment to clarify Apple’s plans for third party software for the iPhone. He assured me that Apple did indeed recognize a market for software outside of the web platform outlined for the iPhone, but was “wrestling” with how to balance openness with security. Jobs repeated similar comments that summer at All Things D.


Answers from Steve Jobs at Apple’s Shareholder Meeting

Then, in a public message issued in October, Jobs went even further to outline Apple’s strategy for a native SDK and hinted that the company would be adopting measures similar to Nokia’s “Symbian Signed” digital signature program as a key part of its efforts to allow legitimate developers to contribute to the iPhone while keeping viruses, malware, and privacy attacks under control. The message now seems impossible to find on Apple’s servers, but stated the following:

Let me just say it: We want native third party applications on the iPhone, and we plan to have an SDK in developers’ hands in February. We are excited about creating a vibrant third party developer community around the iPhone and enabling hundreds of new applications for our users. With our revolutionary multi-touch interface, powerful hardware and advanced software architecture, we believe we have created the best mobile platform ever for developers.

It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true. There have been serious viruses on other mobile phones already, including some that silently spread from phone to phone over the cell network. As our phones become more powerful, these malicious programs will become more dangerous. And since the iPhone is the most advanced phone ever, it will be a highly visible target.

Some companies are already taking action. Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than “totally open,” we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhone’s amazing software platform while at the same time protecting users from malicious programs.

We think a few months of patience now will be rewarded by many years of great third party applications running on safe and reliable iPhones.

Steve

P.S.: The SDK will also allow developers to create applications for iPod touch.

Steve Jobs ends iPhone SDK panic

Steve Jobs Ends iPhone SDK Panic

What Do Signing Certificates Do?
How does signing an application have any impact upon security? In the computing world, code signing goes a bit beyond the equivalent of signing a document on the dotted line. Signed code is more like a parchment rolled up into a scroll and sealed with hot wax imprinted with a unique signet ring. Once so signed, the document can’t be altered, extended, revised, or corrected without breaking the seal. If the seal is broken, the recipient knows that something has happened to it along the way.

In addition to acting as evidence of tampering, digital code signing also unequivocally proves who signed the code. That means the two main attractions to signing code is to provide:

  • Authentication – to prove the item does indeed come from the source that it says it comes from;
  • Integrity – to prove the item has not changed since it was signed.

In practice, this means spammers and identity thieves can’t take existing utilities, attach an ugly hack, and then redistribute it as apparently legitimate software. It also means that companies with a history of making spyware and adware can simply be disqualified from offering any software for the iPhone. However, there’s also a third aspect of certificate security that will enable Apple to shutdown and clean up malware outbreaks immediately as they are discovered.

He Giveth and Taketh Away.
In the digital realm, the unique signing keys are issued by an authority–in this case Apple–to potentially hundreds of thousands of developers. Even more importantly, the recipient iPhones that will be examining the digital signatures of applications can verify not only the authenticity and integrity of the signing, but can also consult Apple to see if any of those signing keys have been revoked. Half the power of signing keys is in the ability to remotely revoke them, just as a drivers license can be revoked by the court without requiring a deputy to actually go out and demand the return of the physical license card.

Apple’s ability to both give out signing certificates to developers and to revoke those certificates afterward gives it the same kind of control over developers that the DMV holds over drivers. If drivers faced no threat of losing their license, there would be no way of holding them accountable to drive according to the law. That’s how the desktop PC world currently works: anyone can jump in a car and drive any way they like, and neither Microsoft nor Apple nor any other desktop operating system platform vendor can really do much to reign in bad or malicious software drivers apart from erecting protective barricades around sensitive buildings.

Desktop developers don’t obtain a license to code, but the bad driving of the very few causes big problems for the majority of good drivers out there. End users also suffer. While malware is not a significant problem on the Mac yet, Windows PC users have to run their boxes behind a firewall and typically need to run anti-virus and other cleanup tools that rob a significant amount of their system performance in overhead.

To prevent a similar sort of anarchy from developing in the mobile space, Apple decided that developers will need a license to code for the iPhone. While the SDK is free to download for anyone who signs up in Apple’s developer program, it is also limited to running code only in a test environment. In order to upload any code to an actual iPhone–for testing, distribution, or sale–developers will need to obtain a certificate from Apple to sign their apps with. If they don’t follow the rules, or if they allow others to use their assigned certificate to sign malicious code, Apple can revoke their certificate and their signed apps will all stop working.

The simple threat of revocation would likely be enough to prevent legitimate developers from allowing fly-by-night spammers and identity thieves to use their assigned certificates to sign and distribute malicious software. Apple can also vet software as it is submitted, and rapidly respond to user complaints by terminating the distribution and revoking the run rights of signed software. With such a system in place, there’s no need for iPhone anti-virus software. Our children will never know why Symantec and Norton ever existed.

A Good Deal All Around.
However, developers aren’t just being asked to contribute toward iPhone users’ security out of their own sense of goodwill. In addition to protecting users from malware threats and casting an aura of safety and trustworthiness over their own legitimate iPhone software, certificate-signed applications will also create a market for mobile software that has never really existed before.

Last year, I explored the possibilities and risks Apple faced in opening its platform in a series of articles. One of the greatest problems Apple could solve in delivering software through iTunes, I suggested, would be to give developers a real marketplace where they could sell their apps at low prices and still make money. Currently, mobile developers either have to give away their work, or offer it at a high price. That’s because they are only likely to sell a few hundred copies to the minority who will pay pretty much anything, while the rest of the mobile user population simply steals cracked versions.

Software developers suffer from piracy as much or more as recording artists. While there is a large business behind physical music sales, software is easier to find online than in retail stores, particularly mobile software. In iTunes, Apple began testing mobile electronic distribution with iPod Games. Not only are the games signed by Apple, but they’re also wrapped in a version of FairPlay that associates the game files with the user who bought them. While it’s still possible to steal them, it’s more convenient for most users to throw down the $5 to obtain the game they want.

All iPhone apps will similarly be wrapped by FairPlay, again making it easier for users to buy a legitimate copy than to find a stolen version. This will result in two positive effects: first, developers will be able to price their software lower to entice volume purchases. Second, users buying software will get a better overall experience, with automatic update notifications and records of their purchases. They can also expect better customer service, because they’ll be dealing with happy developers that know they’ve been paid rather than threadbare merchants who realize that most of the users demanding support haven’t contributed anything to use their software.

An iPhone SDK? Predictions for WWDC 2007!

An iPhone SDK? Predictions for WWDC 2007!
More Absurd iPhone Myths: Third Party Software Panic
Mobile Disruption: Apple’s iPhone and Third Party Software

Six Reasons Why Apple May Never Open the iPhone
How Closed Is the iPhone?
How Open will the iPhone Get?

Something Old, Something New.
While Apple certainly isn’t the first company to begin working on code signing–Microsoft has been pushing Authenticode in Windows, Nokia began the Symbian Signed program for some mobiles in 2005, and RIM uses code signing for BlackBerry apps that make use of certain APIs–the iPhone marks the first time a highly visible, significant consumer computing platform has launched with a mandatory code signing program intact across the board.

Outside of general computing, the idea of code signing is far less novel. Every modern video game console unit uses code signing to force developers to pay licensing fees. The practice appears to have been invented by Nintendo, which began using a simple, physical equivalent to code signing–a lockout chip called the 10NES–to force games developers into the terms of its licensing contract. Without paying to license the “Nintendo Seal of Quality” and following Nintendo’s strict rules, third parties couldn’t obtain the 10NES chip to insert in their cartridges, and therefore couldn’t release games for the NES console.

Later generations of games consoles used a boot ROM routine to digitally verify that games on cartridge or optical media had paid their licensing dues. Apple’s iPod Games sold through iTunes also use a digital signing system to make it difficult to pirate the games, modify them, or create homebrew versions. However, Apple’s business model for digitally downloaded iPod games and iPhone apps is nearly opposite that of the console makers.

Nintendo, Microsoft, and Sony all sell hardware at or near a manufacturing loss and use software licensing to bring in their main revenues. Apple sells its iPod and iPhone hardware at a profit, and has announced the intention to operate software sales at just above breaking even. That’s why game console hardware costs as little as possible, yet games themselves cost $30 to $70 each. Apple’s hardware is more expensive, but iPod games cost $5, and most iPhone software titles are expected to be priced under $20.

Video Game Consoles 2007: Wii, PS3 and the Death of Microsoft’s Xbox 360

Video Game Consoles 2007: Wii, PS3 and the Death of Microsoft’s Xbox 360

How Much Does it Cost Developers?
In addition to the retail prices that consumers face, there are big differences in costs to developers. The complex and unique nature of developing for the latest games consoles results in significant expenses for developers. Last fall, Sony slashed its fees for the PlayStation 3 SDK in half… to $10,250. Sony has to charge a lot because its SDK involves custom hardware and the package is only shared among the limited number of developers working on console titles.

Sony Halves Price Of PlayStation 3 Development Kit — PS3 — InformationWeek

Even so, the costs of the SDK are a trivial amount of overall development costs. San Francisco’s Ubisoft spent $12.75 million developing the game Red Steel, for example. THQ president Brian Farrell estimated that Wii development costs are around a quarter to half of that required for PlayStation 3 or Xbox 360 development, suggesting that a game like Red Steel would cost $24 to $48 million for those platforms. Suddenly $10,250 for an SDK doesn’t sound like much.

The Nintendo Wii development tools are among the cheapest of any game console, but still cost $2,000 to $10,000, depending on the size of the developer. Nintendo notes that “becoming an Authorized Developer does not mean any game you develop will be published. If your company is developing a Wii disc-based game, it is your responsibility to secure your own agreement with a Wii Licensee.” Developing for the Nintendo DS costs a similar amount.

Software Development Support Group – Nintendo Wii

In contrast, Apple’s iPhone 2.0 SDK uses the same tools and hardware as Mac development, and those tools are already mature and familiar to a wide audience. Apple’s economies of scale, combined with the similarities between Cocoa development on the Mac, iPod touch, and iPhone, makes it easy for Apple to offer the new SDK for free to anyone who wants to download it; in four days, 100,000 users signed up to obtain the beta.

Unlike the game console makers, Apple’s new SDK is really only an extension of its desktop platform. Any modern Intel Mac can run the development software, and the hardware itself only costs $399 to obtain for hardware testing. Anyone that can develop for the Mac can create iPhone software. In order to actually publish their work, developers will need to pay $99 to obtain a certificate, or alternatively, they’ll have to find another developer to sign their work for them. Developing games for the iPhone won’t incur the huge multimillion dollar risk for developers that console gaming does.

Mobile Development In Comparison.
How do Apple’s familiar, desktop-class development tools for the iPhone compare to other smartphone development programs? Only Microsoft offers a mobile development platform that similarly resembles its desktop environment. RIM, Palm, and Symbian are all highly unique development environments that require a lot of specialized development experience.

There are other differences as well. Mobile platforms, including Sun’s Java ME, Google’s Android, Palm, Symbian, RIM BlackBerry, and Microsoft’s Windows Mobile all attempt to deliver tools to accomodate a wide range of hardware with different features and capabilities. That leaves developers to either target a limited number of high end devices or a wide lowest common denominator profile. Apple currently has the advantage of targeting a limited scope of hardware that already has a significant installed base; both the iPhone and iPod Touch are very similar devices from the same maker.

When Apple announced its terms for developers under the iPhone 2.0 SDK, critics immediately shot off about how expensive it was for Apple to charge $99 for a signing certificate and take a 30% revenue share of apps delivered through the iPhone’s App Store. Here’s how those plans compare to what’s already in place:

Apple’s iPhone vs Smartphone Software Makers

RIM BlackBerry Certificates.
RIM charges $100 for each code signing certificate application. There are three sets of restricted APIs on the BlackBerry, and each requires a certificate bundled in a set the developer receives. Those certificates are bound to a single machine, so each developer in a company will need their own certificate or share a system. Signing code can not be automated, as it requires a user to type in a secret key at each build. The machine must also be connected live to the Internet during the signing process, and RIM’s servers must be up and responding in order for the process to work.

BlackBerry Code Signing Tips | Eric Giguere’s BlackBerry Developers At Work!

Symbian Certificates.

Nokia, Sony Ericsson, NTT DoCoMo, and other Symbian partners, which collectively make up the vast majority of phones sold worldwide, are bound together by the Symbian Signed program, which went into effect with phones using Symbian OS 9.1 or later. There are several levels to the program.

Symbian calls its signing certificate a Publisher ID; it costs $200 and now lasts for three years (recently extended from six months). Without obtaining a Publisher ID, developers can generate their own private key to sign apps, but those self-signed apps can only run on a single phone and so can’t be distributed. This is called “Open Signed,” and is intended only for testing or personal use.

In order to distribute their apps, developers have to obtain their own Publisher ID or arrange to share the use of another publisher’s. The Symbian Signed Publisher Partners program provides a signing service for freeware or open source developers who do not have a Publisher ID but want to distribute signed applications.

According to Symbian’s website: “Typically, the partner signs and publishes the application on behalf of the developer in return for privileged distribution rights; for example, exclusive distribution. Similar services are available for shareware developers without a Publisher ID, typically in return for a share of the sale proceeds. Freeware, open-source, or shareware developers who prefer to publish their own software will need a Publisher ID.”

The middle tier “Express Signed” program charges Publisher ID holders an additional $20 every time they sign a new app. In order to access the full features of the system, developers have to join the top tier “Certified Signed” program, which involves additional fees from 200-500 Euro ($310 – $780 US) charged by an independent test house for each app. Symbian developers have to pay these fees with each new release of their applications.

Symbian Signed

Qualcomm BREW Certificates.
Primarily associated with rented, downloadable games from Verizon Wireless, BREW development requires obtaining a certificate package from VeriSign. The minimum package to sign 100 applications is $400; a 500 package is $895, and a 1000 sign package is $1295. VeriSign notes that “you must apply for, pick up, and install your VeriSign Authentic Document ID on the same computer with the same version of Microsoft Internet Explorer.”

Authentic Document IDs for BREW – Application Security from VeriSign, Inc.

Apple iPhone 2.0 SDK: the Kindest 30% Cut.
That leaves Apple’s program the cheapest and the simplest secure mobile software platform. There is currently no expensive, compulsory testing program, no significant upfront investment in digital certificates, and the certificates work outside of a Windows PC. Outside of certificates, Apple also offers a number of other things that are unique among mobile platforms that have mandatory code signing programs.

The first is its iTunes App Store system for distributing third party applications. Once you’ve paid the $99 fee, you can sign and upload apps into iTunes just as labels upload their music into iTunes. Apple takes a 30% cut, which pundits again tried to dramatically gasp at, apparently unaware that most mobile software stores take as much or more while offering developers a lot less.

Take Danger, which offers an app store most similar to the system Apple outlined. It takes a 50% cut. Microsoft recommends Windows Mobile developers list with Handango, which also offers Palm, Symbian, and BlackBerry software. It takes a 40% cut from small developers (and plans to raise things to 50% this month) but doesn’t present any direct purchase or directory across Windows Mobile, Palm, BlackBerry, or Symbian phones. Larger developers are supposed to pay Handango 60 to 70% of their software revenues!

Nokia’s Software Market/Content Discoverer and Motricity’s Smartphone.net both take a 40% revenue cut, with some transactions giving the developer only 50% and/or charging them an additional 5% fee for ‘non-real time fulfillment.’ Nokia pays developers quarterly, rather than every month as Apple outlined.

Nokia Software Market
Motricity Software Agreement

Other shareware listing sites offer to present titles for less, even for free. However, users don’t know to shop around for software titles. Google for popular mobile titles, and you don’t find lots of free listing services, you find torrents for stealing the software. Earning 70% of tens of thousands of $5 sales is a much better deal than earning 50% of a few dozen $20 titles, or 100% of a handful of sales at $50.

While Microsoft, Symbian, RIM, and others scramble to offer their own software stores that can match iTunes, it will all be too little, too late. Apple has the cohesive platform grabbing the most attention, the most familiar and modern developer tools, and the most most trusted consumer software store. By offering developers guaranteed sales and sustainable profits at a low cost of entry, no smartphone vendor is going to be able to match the sophistication of apps that sprout up around the iPhone.

So how does the iPhone hardware compare with other handheld devices on the market? The next article takes a look.

More on the iPhone 2.0 SDK

iPhone 2.0 SDK: The No Multitasking Myth
iPhone 2.0 SDK: Java on the iPhone?
iPhone 2.0 SDK: How Signed Certificates Work
iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony PSP
iPhone 2.0 SDK: Readers Write on Certificate Signing

I really like to hear from readers. Comment in the Forum or email me with your ideas.

Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

Technorati Tags: , , , , , ,

45 comments

1 iPhone 2.0 SDK: The No Multitasking Myth — RoughlyDrafted Magazine { 03.18.08 at 1:44 am }

[...] on the iPhone 2.0 SDK iPhone 2.0 SDK: The No Multitasking Myth iPhone 2.0 SDK: Java on the iPhone? iPhone 2.0 SDK: How Signed Certificates Work I really like to hear from readers. Comment in the Forum or email me with your [...]

2 iPhone 2.0 SDK: Java on the iPhone? — RoughlyDrafted Magazine { 03.18.08 at 1:45 am }

[...] iPhone 2.0 SDK: How Signed Certificates Work → [...]

3 danviento { 03.18.08 at 3:13 am }

“Our children will never know why Symantec and Norton ever existed.”

It’s going to take the eradication of the current state of M$ operating systems to make this happen. I was thinking maybe our grandchildren, or at least mine (children shouldn’t be on the way for about 5 years, in my case).

From one Daniel to another, I liked your comparison of the Apple:$Hardware/¢Sofware vs. Other:¢Hardware/$oftware comparison. It just hit me that although Apple makes good products with appreciable longevity, it has built in a user tendency with its ¢heap content- storage hogging.

With the introduction of iTunes and the iPod, your computer was suddenly needing a bigger HD to fill your iPod. Adding video and larger iPod capacities, and you needed even MORE storage. Add to it the wondiferous Time Machine backup model, and it’s like you never delete ANYTHING.

Apple builds quality product, chargers a slight premium, and delivers excellent content. However, make sure to catch that wiff of nefarious growth built into their iLiving model. I know it’s there because I’m already hooked…

4 PerGrenerfors { 03.18.08 at 3:23 am }

A collaborative effort? A welcome and interesting addition The Force seems to be strong with Jason Smith too.

This article really shows that a lot of other writers really use the write first-think later (or never) approach to their work. Well done.

5 Brau { 03.18.08 at 4:49 am }

Personally, I don’t have anything against the idea of signed applications. I think they are a good idea for security conscious consumers and quality concerned manufacturers. Any fees for SDK admission are negligible and largely serve to weed out the uninspired, under-qualified or worse. I only have an issue with the idea of locking the products down to using these applications only. If the products are guaranteed good, the buyers will choose them first, just like many have chosen paid iTunes downloads over P2P (free). Isn’t that good enough and what we all want?

The only “problem” I foresee is the precedent it sets where human morality based responses inevitably conspire to assert that any software not signed by the manufacturer must be “bad” or “illegal” and therefore simply used for nefarious purpose. In the end this leads to ham-fisted restriction for the consumer and places way too much power in the hands of corporations and the status quo. As more and more products go this way, it won’t be long until they begin to apply the same principles to the home PC, and indeed the will to do so is in the works. Can you imagine not being able to use HandBrake, WireTap, P2Ps or BitTorrent or MP3 ripping software simply because the PC maker won’t risk the legal ramifications of legitimizing those products by signing them? Can you imagine your PC not even allowing you the option? That is the very stark reality that is coming as corporations evangelize the threat of security to advance their agendas and pad profits from a captive market; just the way the music cartels conspire to do.

My point is this: The road to hell is always paved with good intentions that are justified by the rhetoric of morality. While Apple is doing nothing wrong or out of the ordinary, Americans should be sure to protect their freedoms before they find them gone.

Just look up north, here in Canada, where we cannot download movies from iTunes because the powers that be have decided we would simply steal them and broadcast them to the world. Where we have no option to use a Tivo for the same morality based reason and are stuck with whatever set-top box our lone cable provider sees fit to give us; ones that are always devoid of a USB/firewire port or any PC based sharing features. The A/V stores here do sell brand name DVRs but only with PC connectivity features disabled. Thankfully, we can get around some of these restrictions by ordering products by mail from the U.S.A.

So I find myself conflicted. Go Apple! …. and Go Jailbreakers! … but in my heart I hope the Jailbreakers win for the freedom it represents.

6 Joel { 03.18.08 at 6:09 am }

“Desktop developers don’t obtain a license to code, but the bad driving of the very few causes big problems for the majority of good drivers out there. End users also suffer. While malware is not a significant problem on the Mac yet, Windows PC users have to run their boxes behind a firewall and typically need to run anti-virus and other cleanup tools that rob a significant amount of their system performance in overhead.”

Viruses + Malware are more to do with Windows allowing users to run as super-user equivalent and giving executions rights to any program that has the correct extension. This in turn is the result of a single-user o/s being forced into being a multi-user one.

Since Unix based o/s, like Linux and Mac OS viruses and malware are now nearly unheard of. Mobile OS X on the Iphone and Touch will have the same advantages since (by default) apps will run as the “mobile” user and not as the super-user. Additionally, apps won’t be executable by default…

So Code-signing will cut down on possible Trojans, rather than viruses/malware…

(Its the rather depressing thing about Microsoft’s empire that consumers think that viruses/malware are par for the course on any and every computing platfowm)

7 Rich { 03.18.08 at 7:33 am }

I work for an ISV in the UK writing mobile apps, mostly for Symbian/S60. I can probably expand on how Symbian Signing works.

Most commercial applications can be signed on-line for $20. It’s only applications that need access to very sensitive APIs (one that simply aren’t available with the iPhone SDK) that require going through a test house. It’s a sensible move not to allow any old application access to the entire file system.

Symbian Signed was a real pain when it was first introduced but Symbian’s recent changes to the scheme have been warmly welcomed. All Symbian needs to do now is improve the reliability of their signing website and 95% of ISVs will be happy. Symbian’s model is more complex than Apple’s but, if you play by Symbian’s rules, ISVs can write some very powerful applications.

“While Microsoft, Symbian, RIM, and others scramble to offer their own software stores that can match iTunes”

I don’t think we’ll ever see an app shop run by Symbian. They’re simply not an end-user facing company. The same goes for Qualcomm and their BREW platform. I think the job of proving an application store will be left to the Nokias of this world. Nokia already have a phone-side application catalogue called Download.

And yes, 30% is a very good deal. Apple have obviously done their research before deciding on their business model. Hopefully it will force Handago to drop their rates.

8 John Muir { 03.18.08 at 7:43 am }

I’ve been considering learning Cocoa ever since I first came to the Mac five years ago, and trying to make a go of it. What’s always kept me back though is the gulf between writing an app and getting the paycheck. This was something I wanted to do for fun as much as anything else, so it was about doing it on my own time and dreaming the indie developer dream … not just adding sweet promises to my resume.

Anyway, the AppStore is a crazy cool idea for folks like me who’ve been on the verge and already know more about software internals than any non-developer should. I don’t need to try to find a Mac software company out here in Scotland (is Fraser Speirs hiring?!) to convince of my nascent skills. I don’t have to dread setting up a working webstore with my non-existent budget. I don’t even have to be best buds with TUAW writers or virtual stalk David Pogue! I can just code, safe in the knowledge that if I can deliver the apps I have in mind and they have sufficient polish, I can make a quid or two … and if I can capture a few people’s interest in a unique way, I could really be on to something.

Truth be told: I’d just love if there were something similar on the Mac. I still love the desktop too! Of course the iPhone/touch’s specialities really draw me to it, and I’m busy with projects intended to make best use of that platform’s physical portability … but there are other things I’d like to be able to do for the Mac. Things which require a few more pixels for a start!

Now, I’m not saying that the Mac should be locked down à la iPhone. But if there were an optional AppStore equivalent, with Apple’s backing, for the Mac: that would make life so much easier for many a budding dev. No significant piracy to worry about (which Panic reported at a horrific 70% if I remember for CandyBar in an interview with Gruber for his podcast), no store, and no such metaphysical anguish over the whole being ignored thing. Apple’s website is already the place to be with a new app, but I think they could take this AppStore model back to the Mac as well; if only as a great *optional* resource for all of us who want trustworthy, well priced, and much more feasibly profitable apps.

And if you still just want to install Firefox, Neo Office or whatever you like … do it the same way as always.

Now I’ll duck, expecting misdirected fire!

9 Norm Potter { 03.18.08 at 8:44 am }

So now the next step for Apple is a larger form factor game machine cum book reader….. I would say about the same size as a larger paperback book.

This would be a far bigger deal than the iTouch, and take the book battle to Amazon and Sony. Hey Steve, might as well throw in a Wi-Fi phone while you’re at it.

10 solipsism { 03.18.08 at 10:42 am }

What about the cost of SDKs for other mobile platforms? I am under the impression that they can be in the thousands.

11 Rich { 03.18.08 at 12:18 pm }

“What about the cost of SDKs for other mobile platforms? I am under the impression that they can be in the thousands.”

S60 and Windows Mobile SDKs are both free.

The basic version of the S60 IDE is also free but there’s a premium version costing 300 Euros if you want on-target debugging.

Windows Mobile development requires Visual Studio and that costs a couple of hundred dollars. Development is possible without it but it’s not easy.

12 David Dennis { 03.18.08 at 1:04 pm }

I certainly hope revocation is not going to happen except in really extreme circumstances.

I can imagine buying a useful if flawed application and having it revoked, thus losing me the money. I am harmed, if the application is doing stuff I like despite Apple’s dislike of it.

I believe that for phones the signed approach is good. I would prefer freedom of development to continue for the Macintosh, and hope and trust that this is in fact what will happen.

D

13 SonOfA { 03.18.08 at 1:48 pm }

What I am curious about is: If I download iPhone apps through iTunes, and I have to reformat my iPhone for whatever reason, will there be a way to reload all of those apps back in my iPhone without repaying for them?

I think this is the most frustrating thing about purchasing songs through iTunes – if you loose that copy of your song(s) then, oh well, tough luck! That’s one of the reasons I don’t go through iTunes anymore for songs. It apparently isn’t hard to keep track of songs purchased because emusic has done it just fine in the last couple of years I have been a member.

14 danieleran { 03.18.08 at 2:34 pm }

@ SonOfA: I’d imagine it would be just like buying iTunes from the WiFi Store: every time you sync with iTunes, it’d back up your software purchases to your PC. So if you ever needed to reset your iPhone, you’d get all your apps back. Of course, it would also be useful to be able to download a purchased app over again on demand without having to ask – I suppose it will depend somewhat on how large apps end up being.

15 WholesaleMagic { 03.18.08 at 4:42 pm }

Brau, you paint a grim picture. I don’t think there’s that big a chance of signed applications ever having a huge impact on the personal computer market. You see, the beauty of PCs is that you can do pretty much anything you want on them, and people have been fighting viciously for years to retain that freedom.

There will always be plenty of smart people willing to give up time to bring overpriced apps to the average person for free. People will always find a way to get around any barriers thrown up against them.

16 John Muir { 03.18.08 at 6:16 pm }

@ WholesaleMagic

A closed PC is indeed unlikely to happen. But the freedom to install what you want – and for it to inflict on you whatever it wants – is what bedevils Windows so badly and certainly isn’t the place to start off a new platform.

The big deal with every Pandora’s Box is trying to close it.

The chances of the Mac becoming a signed code only system with one mandatory central app source are as close to zero as anything in tech. It wouldn’t fly. But giving people the option of a Mac software delivery system which enjoys the same advantages as the touch platform’s AppStore is something I’d definitely like to see; as budding dev and as a user.

The easier it is for small outfits to make a living from coding for a platform, the more apps that platform will have. Make sure they are responsible for their apps, and you have an excellent recourse against malware and crapware in general.

So long as it is *optional* and just one delivery system among many – disk image files on servers being the traditional and popular alternative – and it’s win-win. I guess it all depends on whether Apple see sufficient benefit from it.

17 WholesaleMagic { 03.18.08 at 9:06 pm }

John, I couldn’t agree more. However, there’s already a place where developers can put their apps: Apple Downloads.

It’s far from perfect – it lacks good search and sorting features, version tracking, and I don’t think Apple monitors the page very closely. They certainly don’t pay that much attention to what actually goes on the site.

For its many faults, though, Apple Downloads has advantages. It provides a place for developers to easily post their downloads. It’s a place for users to search for the apps they need, whether they be freeware, shareware, or demos.

Apple need only expand on this website. They could add a system by which users could by the software direct from Apple, with the profits going to the developer, minus a small fee for Apple’s services. Users could use their current Apple IDs, and their currently saved information. Hell, they could use One-Click. It’d be pretty easy to extend current payment systems to Apple Downloads.

18 John Muir { 03.18.08 at 9:34 pm }

@WholesaleMagic

The Killer AppStore:

1. All in one place, with Apple’s blessing
2. Payment handled by the store
3. Hosting too
4. Piracy made nontrivial

Helps indie developers by:

1. Spotlighting your apps … the better the search facilities the better it gets
2. You don’t need to set up your own site and storefront, a costly task however you try
3. You don’t even need hosting … which is especially helpful if someone popular mentions you
4. Most of your users and support requests will actually be paying for you to keep in business, instead of mooring at the Pirate Bay

Helps users by:

1. Connecting them with the apps they want, instead of circular searches at Versiontracker etc. which are often good in retrospect once you know the name to search for!
2. No need to sign up for or to trust yet another random webstore … no need to even pick up their wallet if its one click on their iTunes ID
3. No deeply irritating outtages the moment Daring Fireball links something interesting …when do you want it? Now!
4. More devs, more diversity, more software. A thriving platform on overdrive.

It’s the AppStore component of iPhone 2.0 which I’m particularly worked up about, if you haven’t already noticed!

19 lmasanti { 03.18.08 at 10:43 pm }

quote:
“with the profits going to the developer, minus a small fee for Apple’s services.”

We all want “all the services” paid by “a small fee”!
They set if a 30% and those who sell on the web say that “this is cheap”!

20 John E { 03.18.08 at 11:24 pm }

Apple’s software downloads site is really lame. out of date stuff, no patches/updates, no reviews or links to reviews, no direct download links … forgeddit. hasn’t been improved since it was brand new so long ago i can’t remember when that was (OS 9? OS 7?). i mean, it’s old! the much newer Widget section is better, but still very limited.

CNet’s Version Tracker Pro service is vastly superior, though the UI is clunky. key trick is it identifies updates to your installed apps, plus the user comments are invaluable. it’s not a free service tho. subscription. and lots of ads …

Apple certainly could and should roll out an App Store for all Mac computer apps that did all that too, combining Software Update technology with iTunes Store retail front-end. not mandatory for software companies or users, just terrific UI and free service – then we’d all use it. would beat the heck out of CNet and Amazon and all other software retailers.

hey – maybe the MacApp Store will be the second Golden Gate Bridge “landmark” unveiled at the WWDC in June. would make sense, building on the new iPhone App Store. my prediction!

21 GQB { 03.18.08 at 11:30 pm }

Digital code signing also provides one other security benefit… ‘non-repudiation’.
This is the subtle flip side of authentication which prevents you from denying that you are responsible for the contents.
That’s possibly the most important part of this model.

22 GQB { 03.18.08 at 11:53 pm }

@ Brau: “If the products are guaranteed good, the buyers will choose them first, just like many have chosen paid iTunes downloads over P2P (free). Isn’t that good enough and what we all want?

The only “problem” I foresee is the precedent it sets where human morality based responses inevitably conspire to assert that any software not signed by the manufacturer must be “bad” or “illegal” and therefore simply used for nefarious purpose”

While I share your nostalgia for days when anonymous trust was shared amongst a small, mutually known community, those days are long gone.
To answer your question, ‘Isn’t that good enough”, the answer is a resounding “NO!”.
The modern stakes are too high to settle for anything less than authenticity, integrity, and non-repudiation. “Ham-Fisted” is hyperbole, comparing Apple’s responsibility to provide a secure environment for its customers to monomaniacal political repression.
Personally, I’ll settle for no less than what Apple is requiring, and I welcome it.

23 Roger Kay’s Wax Wings of Icarus vs the Flight of Apple — RoughlyDrafted Magazine { 03.19.08 at 12:58 am }

[...] ← iPhone 2.0 SDK: How Signing Certificates Work [...]

24 CasdraBlog » Blog Archive » links for 2008-03-19 { 03.19.08 at 7:23 am }

[...] iPhone 2.0 SDK: How Signing Certificates Work — RoughlyDrafted Magazine (tags: iphone) [...]

25 kdarling { 03.19.08 at 10:26 pm }

The RIM info is out of date. Certs are now only $20 for essentially unlimited signing.

Does the iPhone $99 need to be paid each year, forever?

26 iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony PSP — RoughlyDrafted Magazine { 03.22.08 at 1:07 am }

[...] iPhone 2.0 SDK: How Signing Certificates Work [...]

27 » iPhone AppStore digital application signing explained - iPhone World { 03.22.08 at 12:26 pm }

[...] to Daniel Eran Dilger’s “Roughly Drafted” Apple will use a combination of digital application signatures and the FairPlay DRM that [...]

28 iPhone AppStore digital application signing explained | iphone-unlock.ch { 03.24.08 at 3:43 pm }

[...] to Daniel Eran Dilger’s “Roughly Drafted” Apple will use a combination of digital application signatures and the FairPlay DRM that they [...]

29 Five Factors Shifting the Future of Malware and Platform Security — RoughlyDrafted Magazine { 04.02.08 at 6:47 am }

[...] iPhone 2.0 SDK: How Signing Certificates Work iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony PSP Video Game Consoles 2007: Wii, PS3 and the Death of Microsoft’s Xbox 360 [...]

30 Apple market share expanding | DetroITspeed { 05.15.08 at 1:24 am }

[...] touch kicked into overdrive in February as Apple outlined plans to securely host developer’s signed applications in the iTunes Store and offer direct wireless downloads from the devices via a new App Store [...]

31 Mobile EEE PC, UMPC, and Internet Tablets vs the iPhone — RoughlyDrafted Magazine { 05.21.08 at 3:23 am }

[...] Jobs Ends iPhone SDK Panic iPhone 2.0 SDK: The No Multitasking Myth iPhone 2.0 SDK: How Signing Certificates Work iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony [...]

32 WWDC 2008: iPhone G3 Revealed — RoughlyDrafted Magazine { 06.09.08 at 9:26 pm }

[...] iPhone 2.0 SDK: How Signing Certificates Work iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony PSP Digital Legends Entertainment S.L. 3G, GPS AND Leading Battery Life. One big surprise in the new iPhone 3G is GPS-based location services, which gives the new iPhone 3G better positioning accuracy using signals from orbiting satellite rather than just the combination of cellular and WiFi hotspot location tracking used in current models. While commonly cited as a competitive feature in other smartphones that the first generation iPhone lacked, many pundits did not expect that Apple would add GPS hardware support across the board in all new iPhone 3G models. Earlier reports did indicate the possible presence of GPS hardware. [...]

33 WWDC 2008: Predictions & What to Expect: Mac OS X 10.6 — RoughlyDrafted Magazine { 06.12.08 at 4:40 pm }

[...] iPhone 2.0 SDK: How Signing Certificates Work iPhone 2.0 SDK: Readers Write on Certificate Signing [...]

34 The potential piracy of iPhone apps | LaRive { 07.10.08 at 5:32 pm }

[...] to fight piracy to protect the developers who are paying 30% of their revenues to Apple. [Link: How signing certificate work] Article Tags → App Store | iPhone | iPhone [...]

35 rowan.depomerai » Why the App Store Rocks { 08.07.08 at 6:17 am }

[...] gets even worse for the developers. (Info from Roughly Drafted.) Apple charges $99 to get on the iPhone developer program, and then takes 30% of your revenue (if [...]

36 Cult of Mac: News and analysis for the Mac, iPod and iPhone communities » Blog Archive » iPhone Firmware Contains Built-in Kill Switch { 08.07.08 at 4:16 pm }

[...] phones. While the company already retains control over third-party iPhone apps through its certificate signing program, this more targeted system gives Apple the ability to kill specific applications and effectively [...]

37 Mac Blogga » Blog Archive » iPhone Firmware Contains Built-in Kill Switch { 08.21.08 at 8:34 pm }

[...] phones. While the company already retains control over third-party iPhone apps through its certificate signing program, this more targeted system gives Apple the ability to kill specific applications and effectively [...]

38 Why Apple Plays God with the iPhone SDK — RoughlyDrafted Magazine { 08.28.08 at 12:54 am }

[...] iPhone 2.0 SDK: How Signing Certificates Work iPhone 2.0 SDK: The No Multitasking Myth [...]

39 Researcher discovers targeted iPhone app “kill switch” — RoughlyDrafted Magazine { 08.31.08 at 6:45 pm }

[...] finding expands upon Apple’s previously recognized capability to revoke developer’s certificates in order to prevent execution of their apps, a power also held by other platforms that have the [...]

40 Inside iPhone 2.0: the new iPhone App Store — RoughlyDrafted Magazine { 08.31.08 at 6:50 pm }

[...] profiteer upon the backs of participating programmers. Those critics were apparently unaware of the fees charged by every other smartphone development program on Earth, as well as the common understanding that [...]

41 Kecoak Elektronik Indonesia » iPhone dan Code Signing { 11.09.08 at 8:35 pm }

[...] bread and listen to some jazzy music. My browser just took me to old interesting article regarding iPhone code signing. Here’s my favorite quote: With such a system in place, there’s no need for iPhone [...]

42 The Mac Malware Myth — RoughlyDrafted Magazine { 01.29.09 at 2:00 am }

[...] to Mac OS X Snow Leopard: 64-bit security New QuickTime 7.6 addresses quality, security iPhone 2.0 SDK: How Signing Certificates Work 10 FAS: 10 – Apple’s Mac and iPhone Security [...]

43 The comedown « Napkin { 02.24.09 at 2:01 am }

[...] Waiting for Apple to respond to my iPhone Developer registration. Waiting for Unity to respond to my iPhone publishing trial request. So no new developments on the game front. I decided to go sideways and dive into ObjC last night. Eew! After a few too many years using modern object languages the verbosity of this one is a tad unpleasant. Nevertheless I do get through Hello, World quckly enough only to find out that without my $99 Apple iPhone rego, I don’t get to put _anything_ of my own on the device. Bracing myself for some pain when my code signing profile arrives. There seem to be a fair few people complaining about code signing but at least one blogger has taken the time to explain how the signing certificates work. [...]

44 rowan.depomerai | Why the App Store Rocks { 07.17.09 at 7:37 am }

[...] gets even worse for the developers. (Info from Roughly Drafted.) Apple charges $99 to get on the iPhone developer program, and then takes 30% of your revenue (if [...]

45 The Palm Pre/iPhone Multitasking Myth — RoughlyDrafted Magazine { 07.28.09 at 11:54 pm }

[...] iPhone OS X Architecture: the BSD Unix Userland iPhone 2.0 SDK: How Signing Certificates Work [...]

You must log in to post a comment.