Steve Jobs Announces iPhone SDK

An anonymous reader writes "It finally happened. Steve Jobs announced an iPhone SDK today. The plan is to release it in February, and the suggestion is that apps will need to be digitally signed (not unlike digital signing in Leopard). Here's hoping that developing for the iPhone/Touch will be cheap (or free) enough to allow the folks who have been writing apps to continue doing so. Says Jobs: 'It will take until February to release an SDK because we're trying to do two diametrically opposed things at once--provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task.'"

February is kind of a long time, isn't it?

It makes me suspect that Steve was caught a bit flat-footed, if it'll take until then. If this was the usual Apple release, it would be a total surprise and be available Friday or something.

Of course, it could also be that it's taken them this long for events to prove to AT&T that resistance was ultimately futile and counterproductive. Hard to say, with that crowd.

Re:February is kind of a long time, isn't it?

Apple often announces things that matter to developers long in advance. Most of the developer-relevant features of Leopard were announced two years ago, for example.

I do wonder how much of the resistance was AT&T, how much was Apple and how much was legitimate worrying about how to do things right.

I hope the signing requirement will be a verifiable registration of your key with Apple and not a large fee of some sort. I've got a lot of third party apps on my iTouch that are excellent quality and free. Apple would be depriving themselves of most of that developer community by limiting things to large companies.

Re:February is kind of a long time, isn't it?

App signing cannot require in all cases the involvement of AT&T.

Why?

AT&T is not involved with the iPod Touch or with European iPhones at all. Apple made a point out of saying this SDK is for both the iPhone and the iPod Touch. That's meaningful.

My prediction is that it'll be a lot like some Java handhelds. There will be a key repository. It will come with the public key of Apple and, for iPhones, for the carrier from which you currently get service. Developers will be issued a key pair, one to go onto the device they use for development, and one to sign the apps they're developing, but installing the pubic keys onto arbitrary devices will be non-trivial.

My prediction based on that is, anyone who cares about running a wide variety of apps will register as a developer and get a key pair, and freeware apps will have to be open source, because in order to get them signed correctly, people will have to compile them from source so that they're properly signed for their own devices.

If registering as a developer is cheap/free, I am not sure that's a bad thing...

Digital signing

TFS got it wrong: Apple did not in fact say that digital signing was going to be a part of the SDK or making sure that apps are kosher.

Here's the quote that may have misled:

Some companies are already taking action. Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than totally open, we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhones amazing software platform while at the same time protecting users from malicious programs.

So, what they're really saying is that they're hoping to do something along the same lines as signing, but not signing per se. This actually may be the most interesting part of their announcement, in that it could signal the next step forwards in indicating trust and providing clarity of who worked on what. Here's hoping it's not just repackaging.

Re:Digital signing

Possibly. One of the new features in Leopard is digitally signed apps though, and Apple is setting up some kind of infrastructure so you can verify the signatures. It would seem likely they'll use the same system on the iPhone.

Re:Digital signing

Possibly. One of the new features in Leopard is digitally signed apps though, and Apple is setting up some kind of infrastructure so you can verify the signatures. It would seem likely they'll use the same system on the iPhone.

I'm just going to point out that Windows has had digitally-signed apps since (at least) Windows 98, and that nearly every system library and executable in Windows XP and Windows Vista is signed. Vista even checks the signature before you see the UAC dialog, and the dialog for signed apps looks completely different (and has different keyboard shortcuts).

Windows Mobile also has signed apps.

Of course, I'm sure that some Mac fan is going to point out how this is another Apple innovation.

Security weakness of their own making

From TFA - quoting Steve Jobs:

Some claim that viruses and malware are not a problem on mobile phones--this is simply not true.

The risk of damage would be a lot less damage if every app on the iPhone didnt run as root [eweek.com].

Re:Security weakness of their own making

Wow! Perhaps that will be one of the things that is addressed by the time third party apps are allowed, considering that they're not now? Could this perhaps be part of the reason (among many others) that third party apps aren't currently allowed?

I mean, I know it would be unheard of for an issue to be addressed or fixed on an OS that is clearly undergoing active major change and development (as is evidenced by internals and framework changes between 1.0.2 and 1.1.1) in four months...

Could the things that Jobs says Apple is working on to make the iPhone platform secure possibly include things like this, or does Jobs need to explicitly say they're addressing this exact problem in order for you to believe Apple might actually be working on the security of one of the most important and visible products in their history?

Re:Security weakness of their own making

The risk of damage would be a lot less damage if every app on the iPhone didnt run as root

They made the apps run as root due to lack of time to figure out the security properly. This is the same reason they didn't release a SDK.

By February, we'll have a firmware with reengineered OS and apps that don't run as root. The SDK will only support this firmware and newer.

bug report

Apple also sent the same information to anyone who bothered to file out a bug report about a lack of an SDK. I mention this only to point out that it's nice that Apple actually took the time to listen to its developers (and not just people who pay an annual fee) and respond. So next time if you're wondering whether your bug report gets read, it appears at least in cases like this it does.

I've recently become a complete Apple-convert. I used to hate Apple, and came from a Linux background. I have to say, though, that from a development standpoint their XCode environment is great, their libraries are well thought out, and it comes with a good number of advanced features that keeps coding fun. If you're wondering why people are so excited about developing for the iPhone, these are a few of the reasons.

At one point I played around with the toolchain that was previously being developed by the community hackers. It was relatively easy to put together a simple iPhone app, as the iPhone is running a simplified version of Cocoa. However, the more complex stuff (and interesting parts, like gestures) were not up to par because of lack of documentation.

With the introduction of the SDK, I think we're going to see a batch of really nice 3rd party apps. The current ones are extremely good for what resources are available, but I think everyone would agree there is room for much improvement.

Hopefully Apple will do the right thing in opening up their platform as much as possible. I wouldn't mind getting a free key to sign my code (Google did a similar thing when they opened up their search API). I wonder if they will limit all things internety to WIFI only, as AT&T might complain about random packets flying over their EDGE (even though other phone companies already allow this). I'm still not sure I fully get the malicious code issue, as the iPhone is essentially a dumbed down Macbook with a harder-to-use keyboard. How is the iPhone any more dangerous?

Malware

To further clarify, "malware" will consist of:
  media players that support additional audio and video codecs,
  anything that lets you install ringtones for free using your own licensed music,
anything that lets you make calls on alternative networks.

How useful

Nice!

Now the iPhone will have 30 different ways to check stock prices, get weather updates and read RSS feeds!

Hopefully someone makes a Diet Calculator / Calorine counter as well!

Pricing model?

I'm worried about a Windows CE-like business model. Unlike traditional certificates, with CE you don't purchase certificates but use a signing "service." While that might seem cheaper, you have to sign EACH of your binaries EVERY time a modification is made. That's incentive for developers to NOT release patches. Fortunately, it's not being enforced by many OEMs, but heaven help our wallets should that happen. There are a lot of small mobile shops our there that can't absorb these kinds of costs.

Re:Ipod touch

Will this apply to the ipod touch as well?

Yep - FTA:

P.S.: The SDK will also allow developers to create applications for iPod touch.

Re:Ipod touch

Yes, it would sure have been nice if the article could at least had a small P.S. to note if the iPod Touch was covered or not.

Re:Waiting for...

Not likely. More likely your certificate will have to be signed by Apple which may in revoke it at any time. I would not be surprised if part of the delay is an integrating OSCP or some other form of pervasive certificate management into whatever goes for an app installer as well as preparing an OS update with this functionality. CRL checking at install is not something present in current OSX so they will have to add it to be ready to ship.

Re:Finally!

I really cannot understand the whining of people who have been so vocal about this SDK, and now that all this gnashing of teeth has forced Apple to pre-announce, people like you come along claiming this is 'long overdue'.

The fact that Apple is a ~15k person company with a massive variety of products means that there must be focus. In part this slim headcount and focus is what allows Apple to produce really great products. (For comparison - Apple is now roughly worth the same, by market cap., as IBM, which employs around 300,000 people worldwide).

Think for a moment what a considerable development the iPhone is. Particularly the software, there is an ungodly amount of work and rework that has gone into producing the final product that you can pick up at the mall. The last thing that Apple was thinking about during the development phase was a clean documented publically available and stable API. No, you can bet that the iPhone API twisted and turned through the development cycle, massive rewritings, refactorings, and changes over a number of years. For Apple to release an SDK and API they have to be clean, stable, unlikely to change and break existing code - all of the things that during the development phase the internal API was not.

When releasing an SDK and an API, massive resources must be put into considering flexibility and change 2, 5, 10 years down the line. These things take time. Apple decided, rightly, to release a finished device this Summer. All the whining in the world (and I believe we got close to that) could not push Apple's internal API into a publicly usable stable state at that time. I think, considering that this is a brand new phone platform (not something like Symbian etc. which has been around a long time), waiting 9 months for an SDK is nothing, in fact, I'm amazed they've done it in less than a year. Mark though - Apple would have been mad never to have provided one, and personally I expected this announcement for WWDC'08, but I have found it astoundingly ridiculous how people have cried and whined about the lack of an SDK without thinking for a single minute. For crying out loud, it's been only three months. The only thing 'long overdue' will, hopefully, be the shutting of the mouths of all the incessant whining.

Re:Finally!

I recall Apple saying that they had pulled developers off Leopard to put onto the iPhone before it was launched which pushed Leopard back. Of course that would be an excuse but if it was indeed true those developers were probably put back onto Leopard shortly around the time of the iPhone launch. Now that Leopard is being released next week it may have freed up those developers to work on the SDK.

Re:Finally!

Mark though - Apple would have been mad never to have provided one, and personally I expected this announcement for WWDC'08, but I have found it astoundingly ridiculous how people have cried and whined about the lack of an SDK without thinking for a single minute. For crying out loud, it's been only three months. The only thing 'long overdue' will, hopefully, be the shutting of the mouths of all the incessant whining.

Steve could have announced the SDK for February 2008 from the very beginning and you'd not see the bitter remarks you rant about.

The strategy Jobs uses for announcing products only when 100% done has its benefits with consumers, but developers hate when you cut them off and don't give them a clear roadmap for what to expect ahead.

Learn from this, don't just add another rant to the thousands.

Re:Finally!

Wrong.

I love all the people who are now going to say that Apple is only doing an SDK because the brave, innovative hackers who just want us all to be able to free our hardware have forced their hand.

Kind of like the only reason they have a battery replacement program for iPods was because of the Neistat Brothers' video, right?

Except that it would be wrong, on both counts.

For a device like the iPhone, Apple probably had SOME kind of SDK/third party development planned all along. But the iPhone's OS is still a wildly moving target, and it's not appropriate to have an SDK before things have calmed down with the OS APIs, frameworks, etc.

But if you want to believe that a statistically insignificant (yes, really - most people don't care, much less even know, about this) group of hobbyists and hackers have "forced" Apple to scramble to release an SDK, go right ahead.

Re:Finally!

Yes yes, Hallowed are thy Mac fanboys. I know my post is flamebait, but why did Jobs say there will be only [arstechnica.com] web based [gizmodo.com.au] sdk? And now after hackers hacked iphone, he says there will be one?

Re:Finally!

Because if he announced there would be an SDK, but not until next year, some people would wait to buy it until then. The same reason Apple says noting about new computer models until they're released. Actually, I'm surprised they announced the SDK early at all.

Re:Finally!

As some of the hacker community will readily point out, splitting open Springboard (the Finder/shell equivalent) in the iPhone, you discover Springboard always had some support for additional applications... and going forward, more was added. In 1.1.1, Springboard even added code added that supported multiple pages of applications... a pretty clear indication that either Apple was planning to add a LOT more apps, or were thinking of third-party dev.

There were lots of other little clues people found that the iPhone had either had plans for a third-party SDK which was scuttled, or had a third-party SDK in the works but not yet announced. So I admit, I am with the folks who are saying that Jobs probably had this planned from day one, but held off on the announcements until closer to the SDK/security methods being sorted out for marketing/publicity/spin reasons.

3 months after the phone was released is not a huge waiting period, but if he'd announced ahead of time that the iPhone would have a native SDK in February, lots of folks would have waited both on buying phones and on doing iPhone development. Instead, now we have hackers who have already worked on third-party native apps, there's all kinds of web-apps to keep those who won't jailbreak busy in the meantime.

Love him or hate him, one thing Jobs knows how to do is build anticipation, and manage publicity. He'll take bad press for a while simply so that he can sit on some announcement to greatest spin effect.

Re:Finally!

No, your post is just wrong and should be moderated as such. Here is Jobs at the D5 conference on May 30th, about a month before the iPhone was even released:

Q: All indications appear that the iPhone is closed, we'd love to develop apps...

This is an important tradeoff between security and openness. We want both. We're working through a way... we'll find a way to let 3rd parties write apps and still preserve security on the iPhone. But until we find that way we can't compromise the security of the phone. I've used 3rd party apps... the more you add, the more your phone crashes. No one's perfect, and we'd sure like our phone not to crash once a day. If you can just be a little more patient with us I think everyone can get what they want.

Just about the right timing

Let me get this straight. Apple released a product that contains an operating system that's still in alpha?

No. Their OS works well and will have passed QA before they shipped. Like any humans, Apple make mistakes, but they generally at least try to adhere to "it just works".

They ported their (stable) OS to a new architecture. The internal developers put up with the codebase (with any extant foibles), and they wrote a completely new UI framework (based on, but different to, Cocoa). They did sufficient QA to get the built-in applications working correctly, and then shipped the device, hitting their target.

Now that it's out, and there's less pressure, they've been tidying it up, and polishing the UI framework, the compilers, any OS routines, and they've announced they're opening it up to 3rd parties. Presumably this means they've been patching the areas they worked around internally.

There's nothing too surprising in any of the above, in fact I'm surprised the "official" SDK will be available so soon. Porting an OS and writing a good accelerated UI framework is a non-trivial task.

Simon.