As an iPod Touch owner, I was quite happy to learn that I would be able to use my “DS” (as my kids call it) to place a few calls using this application.
The most interesting sentence of the article actually comes from a BBC interview of Truphone’s CEO:
“We’ve decided to focus on devices that are wi-fi enabled and have an apps-store. For the consumer, there has to be an easy way of downloading an application.”
“Our focus on the consumer side – at least in the short term – is finding devices that fit that category,” said Ms Wilson.
This looks only remotely related to security, but it is definitely related to trust. App Stores are achieving what signature models have never been able to achieve: build trust. Signature models are so complex and inconsistent that the consumers don’t give them any value. On the opposite, having an application offered by Apple, Google, or Orange, makes this application more trustworthy for the customer.
In the case of Apple, the opacity of their certification program, in particular regarding security, makes me uneasy. On the other hand, the fact that they have an infrastructure for the distribution of updates, and most likely, for blocking a rogue application, is definitely a good thing.
For open application frameworks, app stores are often run by operators, and most of them have clearly defined certification procedures. Some require a certification by a third-party (for instance, Java Verified for Java applications), some use static analysis tools to verify basic properties of the applications, and most use detailed questionnaires.
So in the end, app stores don’t look bad for security. And if they can help with the nightmare of mobile application certification and distribution, this is a welcome evolution of things.
No Comments