Thursday, June 21, 2007

iPhone Lockdown and Intent-Based Pricing

There are several applications I'd want to run or port on an iPhone. This includes a full ssh environment, subversion version control, and some custom scripts using ImageMagic which would allow me to process, manipulate, and upload photographs using my digital camera (assuming you could adapt the iPod port to a camera or compact flash card) : all tasks I perform on my Mac laptop but which would greatly benefit from the greater portability of an iPhone.

Yet Apple and AT&T's lockdown policy, only Apple authorized applications can run on the iPhone, means I will be unable to use the iPhone to its potential. I understand the reasons why Apple and AT&T want this property: they want to limit applications which can run because they wish to bill for service based on intent.

At $10 for 1500 SMS message at 1 kB/message, SMS messages are worth roughly 1.2 Mb/$. With voice (beyond the first 500 minutes) at roughly $.05/minute and approximately 8 kbps, vocie is roughly 10 Mb/$. Finally, at "unlimited" data (with a reasonable limit of say 5 GB) for $20, the data traffic is 2000 Mb/$. Thus the intent of the bits, whether it is an SMS message, voice, or best-effort data, effects how it is billed. Thus AT&T's interest is to ensure that the iPhone can't circumvent intent-based billing.

Overall, there is a design philosophy which is creating a sealed box rather than an open box. The sealed box offers some better security properties (as AT&T theoretically does not have to worry as much about misbehaving iPhones), but the security properties are somewhat illusionary. Attackers will still be able to compromise the Safari implementation and gain control of iPhones. It will be difficult for attackers, but doable and highly attractive.

Additionally, the hole in the sealed box, the ability to run sanboxed Ajax-ish web applications, defeats AT&T's intent based pricing, the stated and implied security goals, and Apple's stated goal of a pristine user experience. An Ajax-ie webpage could easily interface with IM protocols, replacing high-value SMS traffic with lower value bulk-data. It is vulnerabilities in the web browser which attackers will exploit. And the interface will never be as good as a native interface running directly on the iPhone.

In the end, the iPhone is a porsche which can only turn left.

If you only ever want to do what Apple has decided you should do (namely email, web surfing, music, and a phone), it is a beautiful platform, and probably worth every penny.

If I could obtain development tools and install new applications, I would buy one in a hot second, even with the transition costs as a Verizon customer.

But with the current model of a sealed box, I will not buy one and will urge my friends and family not to buy one, at least until it costs no more than a basic phone. It may be beautiful, but it is crippled.

No comments: