Code Signing on the iPhone and on Mac OS X

Mike Ash of Rogue Amoeba has written a fantastic article about code signing, and about how Apple is using it in Mac OS X and on the iPhone.

if Apple doesn’t sign your iPhone app, it does not run. Even for local development, you need to get the code signed. The iPhone SDK is free, but by itself it won’t let you load apps onto an iPhone. When you pay Apple the $99 to enroll in the program, they send you a certificate which can be used to sign your applications. However, they will only work on iPhones which have been provisioned with this certificate.

Actually, if you haven’t already, stop right here and go read the article. Don’t worry, I’ll wait.

Done? Good.

Personally, I don’t mind Apple signing applications they sell on the iPhone app store. What I do mind is that Apple does not give me a way to write code, run it unsigned or self-signed (with a non-Apple certificate) on my own iPhone, and give it (again, unsigned or self-signed) to my friends who have iPhones. In other words, I want to be able to sign code with a non-Apple certificate, and I want a way to tell the iPhone to accept all code signed with a given certificate, even if that certificate has nothing to do with Apple. There are several reasons for this.

First of all, I recognize that Apple is under no obligation to make it easy for me to run applications on the iPhone. Still, I think it’s wrong for a company to serve as a gatekeeper, imposing its own morals (if a company can even be said to have morals) on the users of its devices. A technology company should enable people, not disable them. Telling its users what applications they are allowed to run is ultimately hurting them, and hurting progress. While I can understand that media companies have an incentive to hurt progress, tech companies should avoid going down the same road; in the end, it will only hurt themselves.¹

Second, it hurts the iPhone. Apple’s guidelines effectively disallow many perfectly legal applications. In his article, Mike mentions porn. Porn is an important market force. It’s no coincidence that pornographic web sites make up a huge part of all web sites, and pornography makes up a large amount of all internet traffic. I understand that Apple doesn’t want to sell pornographic material on its store, but by not allowing Apple-unsigned code to run on iPhones, they’re not only keeping porn out of their store, they’re keeping porn out of the iPhone entirely². And this is not the only genre of applications affected; Apple’s guidelines forbid applications which run in the background, which affects things like social networking software, VOIP clients or chat applications. By keeping these apps out of the store, Apple keeps them out of the iPhone; many groundbreaking applications which could have made the iPhone a rule changer are effectively forbidden because the iPhone only runs code signed by Apple.

Third, it’s bad for application quality. Typically, developers run beta tests to find bugs in their applications. How can a developer run a beta test if running code on a beta tester’s iPhone requires that the code is signed by Apple?

Finally, how do I send review copies to magazines, or free copies of my app to friends?

Requiring code to be signed by Apple is a dangerous path to follow. Unfortunately, Apple already seems to have plans to require signed code on Mac OS X. That, by itself, is quite inconvenient, but not necessarily a bad thing; it gives users the security of knowing where code comes from. However, requiring code to be signed by Apple even on Mac OS X would be a tremendously bad move, and would probably ultimately hurt Apple, its developers, and its users.

Update: Rogue Amoeba has now started filing bugs against these restrictions. Good idea.

March 8th, 2008 / Tags: iphone, sdk, code signing, mac os x, apple, rogue amoeba software, mike ash / Trackback

The iPhone SDK: First Thoughts

Yesterday, Apple unveiled the software developer kit for the iPhone. A lot has been written about this already. As always, John Gruber has a comprehensive overview.

Here are my thoughts on this:

• First of all, interest in this seems to be tremendous. Yesterday, after the announcement, something happened which I’ve never seen before: Apple’s dev servers went down under the onslaught of interested developers.
• All iPhone applications will be sold through Apple’s store. There’s no other way to get on the iPhone.¹ Apple has some general rules about what applications they accept; the rules, however, are somewhat unclear. Apple has said that they won’t allow porn and malicious applications. Ryan Block asked whether they would allow SIM unlocking software. The answer, of course, was no. While it was fair to ask the question since it forced Apple to clearly come out against SIm unlocking software, I would have preferred if he had asked something a bit more interesting. For example, Apple has stated that their store is the only way to get software on the iPhone. Does that mean that a third-party application would not be allowed to install software? This question might seem a bit dumb at first, but package management systems like Fink or DarwinPorts are valid third-party applications which - on the Mac side at least - are even supported by Apple. Will they not be allowed on the iPhone?
• Will the iPhone Human Interface Guidelines be enforced, or are they optional? The guidelines say that ”Only one iPhone application can run at a time, and third-party applications never run in the background.” This means something like an AFP server is out of the question. A specific iPhone application idea I’ve been contemplating is a kind of ad-hoc mobile social network. The application would periodically send your position to a server, and would then be able to tell you about people using the application near your location. Such an application would need to be running in the background; it seems Apple would not accept this.
• The application I mentioned above highlights another issue: Presumably, Apple will not allow demos which can be turned into full versions by directly buying a serial number from the developer since that goes around Apple’s store. Further, Apple will probably not allow software which is free by itself, but requires some kind of subscription that is paid to the developer.
• Seems Apple mainly spent the last year making formerly public APIs private. Compared to the “unofficial” SDK, Apple’s official SDK can do a lot less. This could mean two things: Either Apple doesn’t want developers to do the things they removed from the public API, or they aren’t yet happy with the interfaces and want to stabilize them before they make the applications public. Also, official third-party applications are forbidden from using private SDKs.
• I’m a registered SonyEricsson developer. Interestingly, just after the Apple event, SE started running a survey “on the quality and relevance” of their worldwide developer programs
• Finally, it seems I was right in my prediction that Apple will enforce compliance to API rules not through a sandbox, but through its approvement process.

All things considered, the official SDK is a mixed bag. It’s better than some people feared, but worse than some people hoped. Hopefully, Apple will open iPhone development further at some later date.

Further Reading ———- TidBITS has an extensive article on the subject, while Ars Technica provides a short summary. Macworld has some developer reactions, which typically range between “goodness” and wanting to kiss Steve Jobs “full on the mouth.”

March 7th, 2008 / Tags: Apple, iPhone, SDK, OS X / Trackback

iPhone SDK Prediction

John Gruber has an article in which he talks about what Apple will announce on Thursday; specifically, what features the iPhone SDK will - or won’t - provide. He writes:

If it’s true that the dock connector is off-limits, that’s unfortunate, but also not surprising — clearly a big part of what Apple’s been working on in advance of this SDK are ways to sandbox applications for security and control of resources.

His suspicion that there will be a sandbox is based on this article by Jeremy Horowitz. But Horowitz writes:

Under current plans, SDK developers will be prevented from interfacing directly with Dock Connector-based accessories connected to the iPhone or iPod touch

He doesn’t explain how developers will be prevented from interfacing with the Dock connector. A bit further up in his article, Horowitz writes:

The most controversial aspect of Apple’s SDK plan is its intention to formally approve or deny all SDK-based software releases for its devices. Our sources confirm that Apple will act as a gatekeeper for applications, deciding which are and are not worthy of release, and publishing only approved applications to the iTunes Store

Personally, I find it unlikely that Apple created a sandbox for third-party apps. Adding sandboxes to existing environments is hard. Java’s sandbox was part of the design from the get-go; Objective-C, on the other hand, is basically C plus a bunch of features adding support for object-oriented programming. Attempting to sandbox C seems - at first glance - a bit futile.

In my opinion, a more likely solution to preventing stuff Apple doesn’t want is not through a sandbox, but through the approvement process. I would not be surprised if developers get full access to the iPhone’s APIs, but Apple will simply not publish software which doesn’t adhere to their guidelines.

On the other hand, sandboxing Objective-C is not actually impossible. One possible solution to sandboxing C in the iPhone would be to run third-party apps in a VM. Apple owns LLVM, which could possibly be used to sandbox Objective-C code in the iPhone. According to John Siracusa, Apple “recently did some extensive work on the LLVM ARM backend.” He suspects it’s because LLVM was used to improve performance on the iPhone; maybe it’s for the SDK?

We’ll see next Thursday, I guess.

March 3rd, 2008 / Tags: Apple, iPhone, SDK, OS X / Trackback

O'Reilly's iPhone Open Application Development: Rough Cuts Version

O’Reilly has released their first version of their first iPhone programming book. The book does not cover the official SDK from Apple, but the “open” SDK used by jailbroken phones. The book is not finished; for 20 US$, you can buy the unfinished “rough cuts” version as a PDF, and you’ll get updates as the book progresses.

I just bought the book, and something I found interesting is that O’Reilly generates an individual PDF for each buyer (after paying for the book, it takes a few seconds for the download to become active). Your name and Safari ID appears on every page of the PDF, saying something like “Prepared for [your name], Safari ID: [your Safari ID].” Also, there appears to be some DRM which disables some commands in Preview; for example, you can’t use “Save As…”.

Personally, although I have no intention of giving the PDF to anyone else (not that I actually knew anyone who would be interested in it), I prefer it when the seller trusts me. Also, I seem to remember a lot of outrage about the watermarking on the iTunes store; did I miss the Slashdot outrage about the O’Reilly PDF downloads, or was there never one?

As for the book itself, it’s very approachable, starting at jailbreaking your phone (although the book thinks 1.1.1 is the latest firmware) and installing the iPhone toolchain. There’s even a short introduction to Objective-C. With that out of the way, the book moves to UIKit, event handling, advanced graphics and audio. At first glance, the writing seems reasonably engaging (for a book on programming, anyways). So the book seems well-written, and it covers all the important bases. Most likely worth the 20 bucks it cost.

February 20th, 2008 / Tags: O'Reilly, Rought Cuts, iPhone, SDK, jailbreak / Trackback