Wireless Carriers
AT&T to Lock Down Windows Mobile?
It seems that AT&T will no longer be allowing third-party software to be installed over-the-air on Windows Mobile devices they sell without their approval. The latest batch of AT&T’s Windows Mobile phones may require any CAB files downloaded by the user to be signed by the carrier in order to be installed if the security policies of the recently-released Pantech Matrix are any indication. This is bad news for mobile developers with limited resources since it will require them to enter into a relationship with both AT&T and GeoTrust if they want to make their applications available for download on the latest AT&T WinMo devices.
Entering into this relationship will cost developers a lot of time, but they will also be taking a financial hit. The signing process is handled by GeoTrust (aka Verisign) and they require the use of a hardware key that plugs into a USB port on the developer’s system in order to authenticate the developer. This hardware is not free of course, and neither is actually getting an application signed. GeoTrust requires developers to buy ’signing tokens’ which are consumed every time an application is signed for a release. Luckily developers can sign an application for testing without burning a token, but these signatures are only good for three days.
In addition to the cost factor, developers must also be approved by AT&T before any signing is possible. That means that if your application might compete with any AT&T products or they simply don’t like it for any reason your application will remain unavailable to AT&T customers. This is a departure from AT&T’s (and most other carriers’) previous stance on third-party applications, which only required their signature if the application required special permissions such as accessing the user’s phone book or sending SMS messages. It is still possible for applications to be loaded on J2ME-based handsets without the signature, they will simply deny the offending transactions or ask the user for their permission before doing things like accessing the network. The Windows Mobile lockdown, on the other hand, keeps any unsigned application from ever being installed in the first place.
It’s easy to see why AT&T would like things this way. This requirement would give them a lot of control over how their devices are used and a huge influence over the third-party application marketplace. While it’s still possible for end users to ’side-load’ applications through ActiveSync and a USB cable, most people will certainly prefer the convenience of installing over-the-air without a connection to a PC. If your product can’t be installed over-the-air but a competing product can, you can be sure that the competing product will enjoy many more sales. This distribution model leads to a world where certain companies are almost guaranteed a majority of market share simply because of their relationship with people inside of AT&T.
I don’t mean to pick on AT&T exclusively, though. The ‘on-deck’ model of mobile software distribution is standard practice for carriers operating in the United States. Verizon Wireless operates under the same principles with their BREW platform and every carrier does this to a lesser extent with J2ME applications. Up until now, though, the world of Windows Mobile development has been relatively wide open, and WinMo developers enjoyed a level of access to the hardware that other platforms did not. It’s a safe bet that other carriers will take notice of this precedent and go the same route as AT&T, giving themselves much tighter control over how their devices are used. It certainly makes business sense for them to do so, but it comes with a great cost to consumers.
AT&T and other carriers will tell you that this distribution model protects consumers from malicious hackers who would like to control your phone. This is true, but any such distribution model will never be able to replace common sense. Mobile platforms are already fairly well protected from malicious code in that the user has to ‘invite them in’ by choosing to download the software in the first place. I have yet to hear of any incidents where hackers take control of mobile devices from the outside as they often do with PCs. In the meantime consumers will miss out on offerings from developers who would like to release free or open-source products and don’t have the time and money to spend engaging companies like AT&T and GeoTrust.
There is hope for change, though. I know of at least one major media company that is pushing forward with off-deck software because they use an advertising-based revenue model. Since AT&T doesn’t directly make money on software that’s given away, this media company is forced to charge users a monthly subscription fee in order to get their application delivered on AT&T handsets. Since consumers have to pay a monthly fee just to have the application on their device this keeps the vast majority of potential users from ever signing up. This goes against the media company’s desire to reach as many consumers as possible and has led to them offering their application off-deck. It’s still unclear how this will play out in the long term, but I’m willing to bet that there are other companies in the same boat who would rather not be under the carriers’ thumbs.
EDIT: I have worked with a few more AT&T Windows Mobile handsets since I originally posted this article that DID NOT require carrier signing for over-the-air CAB installation, so it is not clear whether AT&T intends to make this their policy moving forward. This article is based on my experiences with the Pantech Matrix handset, which we released with the security policy mentioned in this article. I do not have any sources within AT&T that can confirm or deny their intent to tighten security policies on Windows Mobile devices.