Steve Jobs Announces iPhone SDK

An anonymous reader writes "It finally happened. Steve Jobs announced an iPhone SDK today. The plan is to release it in February, and the suggestion is that apps will need to be digitally signed (not unlike digital signing in Leopard). Here's hoping that developing for the iPhone/Touch will be cheap (or free) enough to allow the folks who have been writing apps to continue doing so. Says Jobs: 'It will take until February to release an SDK because we're trying to do two diametrically opposed things at once--provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task.'"

Security

[99BottlesOfBeerInMyF]

Jobs made several comments about securing iPhones and the network from malware, and the route Apple takes to do this is a big question mark. He mentioned application signing as a step in the right direction, with regard to other companies. Leopard brings support to OS X for both application signing and native sandboxing of applications for security. I wonder if Apple will employ either or both of these technologies to lock down the iPhone and, if so, how locked down they will be.

Rebels always find a way to rebel

[saddino]

Interestingly, by enforcing digital signing Apple is guaranteeing the survivial of an iPhone developer's "underground" -- instead of writing hacks to jailbreak and unlock iPhones, they'll be writing hacks to get unsigned apps running on the iPhone.

Ipod touch

[$1uck]

Will this apply to the ipod touch as well? I really would like to be able to read maps/books offline on one. If there was an app to let me take websites or google maps and pdfs and store them locally to an ipod touch it might be my next mp3 player.

Re:February is kind of a long time, isn't it?

[ceoyoyo]

Apple often announces things that matter to developers long in advance. Most of the developer-relevant features of Leopard were announced two years ago, for example.

I do wonder how much of the resistance was AT&T, how much was Apple and how much was legitimate worrying about how to do things right.

I hope the signing requirement will be a verifiable registration of your key with Apple and not a large fee of some sort. I've got a lot of third party apps on my iTouch that are excellent quality and free. Apple would be depriving themselves of most of that developer community by limiting things to large companies.

Security weakness of their own making

[Saunalainen]

From TFA - quoting Steve Jobs:

Some claim that viruses and malware are not a problem on mobile phones--this is simply not true.

The risk of damage would be a lot less damage if every app on the iPhone didnt run as root [eweek.com].

bug report

[abes]

Apple also sent the same information to anyone who bothered to file out a bug report about a lack of an SDK. I mention this only to point out that it's nice that Apple actually took the time to listen to its developers (and not just people who pay an annual fee) and respond. So next time if you're wondering whether your bug report gets read, it appears at least in cases like this it does.

I've recently become a complete Apple-convert. I used to hate Apple, and came from a Linux background. I have to say, though, that from a development standpoint their XCode environment is great, their libraries are well thought out, and it comes with a good number of advanced features that keeps coding fun. If you're wondering why people are so excited about developing for the iPhone, these are a few of the reasons.

At one point I played around with the toolchain that was previously being developed by the community hackers. It was relatively easy to put together a simple iPhone app, as the iPhone is running a simplified version of Cocoa. However, the more complex stuff (and interesting parts, like gestures) were not up to par because of lack of documentation.

With the introduction of the SDK, I think we're going to see a batch of really nice 3rd party apps. The current ones are extremely good for what resources are available, but I think everyone would agree there is room for much improvement.

Hopefully Apple will do the right thing in opening up their platform as much as possible. I wouldn't mind getting a free key to sign my code (Google did a similar thing when they opened up their search API). I wonder if they will limit all things internety to WIFI only, as AT&T might complain about random packets flying over their EDGE (even though other phone companies already allow this). I'm still not sure I fully get the malicious code issue, as the iPhone is essentially a dumbed down Macbook with a harder-to-use keyboard. How is the iPhone any more dangerous?

Re:Rebels always find a way to rebel

[bockelboy]

Why? There's no need to have unsigned apps - if Apple is smart and enables the end-user to sync their computer's keychain with the iPhone. This way, users who trust the DOEgrids Certificate Authority can run apps signed by the DOEgrids CA. I'm surprised there isn't a freely-available SourceForge CA that devs can use to sign their binaries. As long as the end user can control which authorities they trust (I suspect enterprise admins will want to control this, at the least), there is no need for a unsigned app!

If a developer is totally independent and has no resources, they can easily set up their own CA and ask users to add that. It's a pain-in-the-ass, but would probably greatly reduce malware (as long as the process of adding/deleting a CA isn't just "Please click OK"). Those indie developers who can't afford the $50 (or whatever cost) certificate probably are targeting hackers/modders, not normal users anyway.

If Apple plays their cards right, they will be able to get more devs to be "legit" without totally abandoning the mod crowd who isn't scared to alter their keychain. If talented devs can work on producing great apps instead of getting unsigned ones to work, it's a good thing for Apple.

This assumes, of course, that Apple is a rational being and not a controlling corporation. Big assumption.

Re:February is kind of a long time, isn't it?

[suv4x4]

It makes me suspect that Steve was caught a bit flat-footed, if it'll take until then. If this was the usual Apple release, it would be a total surprise and be available Friday or something.

Apple announced today the deal they made with Orange, in France, and this deal requires they sell unlocked phones. While it means unlocked phones provider-wise, not app-wise, it may start a trend which combined with the current trend of hacking each firmware release within 2-3 days, may prove bad for iPhone's image as a platform.

I bet one of the changes that will happen from now to February, is make the apps not run as root. The reason they run as root in the first two firmware releases is purely one of time: they had no time to get it right, hence didn't release a SDK.

Their challenge now is to contain the community, and completely rework the iPhone software, so by February it's ready for their SDK.

Pricing model?

[GodfatherofSoul]

I'm worried about a Windows CE-like business model. Unlike traditional certificates, with CE you don't purchase certificates but use a signing "service." While that might seem cheaper, you have to sign EACH of your binaries EVERY time a modification is made. That's incentive for developers to NOT release patches. Fortunately, it's not being enforced by many OEMs, but heaven help our wallets should that happen. There are a lot of small mobile shops our there that can't absorb these kinds of costs.

Re:Digital signing

[ceoyoyo]

Sounds complicated. How about just registering a developer account with Apple, including your credit card, and if Apple starts getting reports that your app is evil they yank certification for your signature plus turn you over to the cops.

Apple already has a system for developer registration that they use for distributing pre-releases.

Re:Finally!

[BMonger]

I recall Apple saying that they had pulled developers off Leopard to put onto the iPhone before it was launched which pushed Leopard back. Of course that would be an excuse but if it was indeed true those developers were probably put back onto Leopard shortly around the time of the iPhone launch. Now that Leopard is being released next week it may have freed up those developers to work on the SDK.

Re:Finally!

[Yetihehe]

Yes yes, Hallowed are thy Mac fanboys. I know my post is flamebait, but why did Jobs say there will be only [arstechnica.com] web based [gizmodo.com.au] sdk? And now after hackers hacked iphone, he says there will be one?

Re:SSH and a keyboard.

[johnkzin]

Frankly, Apple missed the boat on this one. If they had had a supported ssh, and supported external keyboard, back in early September, bluetooth on the 'Touch (keyboard, headsets, and tethering to any bluetooth DUN/PAN phone), Mail on the 'Touch, and Notes on the 'Touch, I'd have bought a Touch.

If the iPhone had those missing pieces (including publicly stated support for tethering a laptop via bluetooth DUN/PAN), but the Touch did not, then I'd have seriously considered buying an iPhone. But I knew that the lack of official developer support for those things running natively meant that Apple could pull the plug at any time. And when they did that with 1.1.1, I knew I had made the right choice to not go down the Apple path (and, I'm a Mac guy, so integration between PDA/Phone and Desktop would have been a HUGE plus). When it came time to make my purchase decision, Apple eliminated themselves from the picture.

Instead, I got the Nokia N800. And I'm quite happy. It would take a HUGE effort from Apple to lure me back.

And, what's worse for Apple is: This made me go one step further away from being tied to core Apple apps. Bookmarks moved to Netvouz. Browser switched to Firefox. I had already moved mail clients to Thunderbird due to other on going problems with Mail.app. I may even move to be entirely gmail based (move my home mail server to Google Apps). At that point, there's very little reason for me to continue being a Mac customer ... one bad decision from Apple (not supporting 3rd party apps on the iPhone and 'Touch from day 1) has a kind of high likelihood of costing them a customer. Not out of being disgruntled (far from it), but simply because the functionality for what I want, when I wanted it, was being provided by someone other than them ... and that functionality is good enough to keep me moving in that direction.

Re:Finally!

[p0tat03]

Well I can agree that Apple was probably short-staffed during the development of iPhone, they could have at least announced their intention to release an SDK at a later point post-launch (oh, like, I dunno, the rest of the SDK-providing mobile companies... few devices come out with an SDK ready to go, it's usually provided in a more complete form later).

No, I don't think Apple ever intended to release the SDK - but I think they're starting to realize that to compete with other smartphones (and to quiet the deluge of bad press) they really need 3rd party developers on the bandwagon, and they're starting to create docs and polish up the API.

Sadly, I'm not sure if this will be available to us "laymen" developers. I suspect Apple will restrict this to ADC members only, with even less creative BS than they've fed us so far.

Digitally signed?

[vertinox]

FTFA: The plan is to release it in February, and the suggestion is that apps will need to be digitally signed (not unlike digital signing in Leopard).

Is this akin to trusted computing? This is the first I heard Leopard having such a thing. So if you are a 3rd party developer you will have to contact apple or Verisign every time you want to release your app? Or is this just poormans DRM?

Signature Backups

[Doc Ruby]

Digital signatures offer security only when all IPC (including kernel/system calls) is signed, and when signature logs survive an attack by that signed app. Otherwise, after the attack, the signed app can cover its tracks. ActiveX signatures, for example, are worthless.

Since the iPhone depends on its network for all app installation, and nearly all its operation, it can enforce those policies. Since practically all the data on the iPhone, including voice call data, is private, that enforcement is an absolute necessity. Apple should include a server account that backs up the signature logs, and encrypted key storage to other accounts the iPhone is used to access.

Once people are used to that minimum assurance of accountability of installed apps and data on their mobile phones, maybe they'll start to expect it on their notebooks and desktops. Apple could leverage the service to those products, too. And maybe that competition will finally force Microsoft to secure the vast majority of the world's private data that their platforms are responsible for.

Re:How useful

[ceoyoyo]

Sure, the iPod Touch isn't completely new and revolutionary. I've had lots of devices that do much the same thing. But, in typical Apple style the touch does things better.

The touch screen really makes a lot of difference. It's high res and looks beautiful, but there's a tremendous difference between typing on the touch screen keyboard and on a physical keyboard.

I was comparing my touch to a guy's Blackberry the other day. He hates the BB. Says the interface looks like it's from the 90's, the screen is small, cramped, crowded and fuzzy. The keyboard is thumbnails only for anyone with non-toddler fingers. The keyboard on the touch is bigger, but not by that much. However, when you smash your giant fingertip on it the touch can figure out where the centre of your finger is and which letter is under that. It makes the whole process much less frustrating. Scrolling with a fingertip actually on the screen is much easier than the little track pads or buttons.

Apple innovates some, but their real specialty is refinement.

Re:February is kind of a long time, isn't it?

[Angostura]

I suspect (but really hope it doesn't) come to pass that Apple arranges things so that the only legitimate way to get apps on to the iPhone/Touch is through the iTunes store. It would gel with the way that they have done things in the past with iPod games and would give Apple the power over what was considered a safe, legitimate app. e.g No Skype for you.

Re:Finally!

[Swift2001]

I think, according to many rumors, that Apple had an SDK planned for a long time. But what's true about this announcement, I think, is that they got a lot of bad publicity from 1.1.1, and it was time to staunch the bleeding. I think, too, that with the release of 3rd-party apps, they're also going to HAVE to bow to the law, and either sell unlocked iPhones in the US or at least allow unlocking while continuing to update its other features. I don't think they actually buried the first batch of apps on purpose, but that they had to patch holes that the hackers had exposed, because unauthorized access is unauthorized access. I've read that at least one of the 1.1.1 hacks depends on creating a buffer overflow with a "malformed TIFF." Well, excuse me, that means a flaw was discovered that Apple HAS to fix. Anyway, very good news that they're allowing what should have been allowed -- or at least announced -- a month or so ago.

I love him.

[Anonymous Coward]

Here is why:

- he brought the Apple II to me when I was in highschool
- he brought the Macintosh to me when I was in College
- he brought the NeXT to me when I was just starting my career
- he resurrected Apple from the Dead
- he created OS X from NeXT Step and OS 9
- he brought the iPhone to me last summer

And last:
- he has the ability to change his mind when he's wrong.

Many people can't do that. Jobs wanted a closed iPhone. Remember his announcement at WSJ? At the dev conference? His recent "cat & mouse" comment? For whatever reason (alienating his developers, lost AT&T revenue is lass than increased sales, iPhone developers can't be stopped, some other reason...) he's changed his mind.

For this I love him.

Misdirection

[Bones3D_mac]

There's much to be suspicious about whenever someone like Steve Jobs suddenly has a "change of heart" regarding product policy. Does anyone really believe Jobs wasn't at all planning this back when he asserted that developers would take down the west coast cell networks if allowed to develop native apps on the iPhone? There's obviously more to it than this thinly-veiled blessing announcement that just happened to conveniently coincide with the release of Leopard next week.

Just wait... there will be some sort of costly compromise to be met for developers to use this SDK. Perhaps certain applications of the SDK, such as creating a VoIP app, may be considered a breach of contract. Maybe something more draconian, such as zero freedom to distribute an app without Apple as a middle-man, including a mandatory Apple tax for the privilege. (After the whole pay-to-play 802.11n firmware upgrade fiasco, I put nothing past what Apple might do if it means an extra buck.)

Needless to say, the former "crazy ones" are now committable.

Re:Finally!

[nofx911]

I don't have an iPhone, but my guess is that meebo probably works in Safari:
http://wwwm.meebo.com/ [meebo.com]

The Security that Apple can make money :-)

[LKM]

Possibly the security issues of SIM unlocks, chat and VOIP apps, where by security, Apple means "our security that we make a lot of money from contracts and people send a lot of SMS messages" :-)

Seriously though, with the announcement of an unlocked iPhone in France, I wonder whether Apple will still go after the SIM unlock hacks so vigorously.