Wednesday 29 April 2009

o2Litmus Live Roadmapping

So I was at the o2litmus live roadmapping session yesterday. Kind of interesting - some good ideas, but a lot of people there not really interacting.

Anyway, there were a couple of points I've developed in esprit de l'escalier.

Firstly, there was a lot of questions from o2 about the kinds of device APIs that developers want o2 to develop. I completely understand the wholly underwhelming response the question got. Being a mobile developer is hard - you've got a lot of different platforms, operating systems and devices your trying to support. Coding for operator APIs is not a priority (even if they are trying to standardise).

With the current challenges, all the problems are in division. I've got my target set of handsets. I divide these up by software platform/os/manufacturer/whatever. This is a really big challenge, but one we're just about able to meet. I take my 500 or so target handsets, and divide them up by these criteria.

Operator APIs are problems of mulitplication. I'm no longer breaking down these 500, but mulitplying it by each operator I'm going to support. My problem is not 'how do I get my code to run under J2ME on a Sony Ericsson W890i?' but 'how do I get my code to run under J2ME on a Sony Ericsson W890i on 02, er and on Orange, and Vodafone while were at it. Oh, and I need in German supporting T-Mobile APIs'. Its too big a problem, so I'll engineer an operator agnostic solution.

The second interesting point (I thought at least) was around questions of security. Again, not a warm response until we started to discuss application signing. I made a point that I'm building 500 different versions of my code, I'm not going to pay for signing as it will completely destroy any economic model I can come up with. Neil seemed to be taken aback by the responses he got.

Application signing is the biggest single business problem in mobile development, and we need to formulate an appropriate response. I understand that o2litmus doesn't require applications to be signed, but to get onto o2active, then they need to protect themselves. This impasse is holding back a lot of innovation and bedroom developers getting their apps to the public. Apple fixed this by having a manual screening process. A real person at Apple looks at each application and checks it for suitable content and malware. If it is OK, then it goes on the app store - no waiting weeks for signing or spending thousands of pounds. We suggested that this would be a great way for o2 to go. I even (rather cruelly) suggested that if they don't do this, then it is just because they can't bothered, which in retrospect was too strong.

What I propose is that I get signed. Approve me, trust me and give me a certificate. I'll sign my apps myself with my certificate, and this will be o2's guarantee of quality. I'm going through the o2litmus program - this means that if my application makes it onto o2active, then hundreds of users have downloaded my application, tested it, and will have reported problems with unsuitable content or function. I don't need to get it signed externally to prove this anymore, the o2litmus community has done this testing already.

The alternative to this is that I produce applications for Symbian S60 only. Nokia have a very large chunk of the handset market, and S60 makes a large proportion of that. I can produce a couple of versions for different screen sizes (maybe just 176x220 and 240x320), get them Symbian signed and onto the Ovi store for 400 million users by the end of next year. This is going to be a much more attractive proposition to me than messing around on a per operator basis.

1 comment:

Neil Warren (Telefonica O2) said...

Hi,
Neil here, the one from Telefonica O2 who was discussing the device elements.

Thanks for post & for attending the roadmapping session. It was certainly useful to meet with the developers to gain your view.

First to clear up a little misunderstanding: when I was discussing APIs I was referring to device APIs that will be implemented by the device vendors. Telefonica will not be releasing / specifying our own set of device APIs on our devices. We support a standardised approach, where the device APIs are as common as possible on all device platforms, accepting the fact that there will be functionality above the standard APIs. So Telefonica’s position is certainly to push the vendors to support a common set of device APIs based on OMTP BONDI requirements & W3C Standards. The area where Telefonica O2 (& other operators) will define APIs will be around the network.

Another interesting point I took from the discussion was that developers, in the short-term, did not appear to see much potential in widgets / web applications, in terms of functionality & revenue generation. We’re certainly hopeful that web applications will provide a high-level of functionality & as a consequence, the ability to earn some money from them. We are expecting web runtimes to become an integral part of the device & as a consequence, that developers will be encouraged to write for these platforms.

On the topic of security: we share your view that this is a complex area. To this end, we’re as eager as any other party to find a workable solution. I took on board the concept of screening applications & using a pool of ‘trusted developers’ who can sign the applications themselves. This is certainly something we will give serious consideration. Any other suggestions for improving the developer & customer experience, while retaining an eye on security, more than welcome.

I’ll post another blog, when I can provide some updates to the points raised above. I would also welcome the opportunity to meet with you (& other developers) to discuss further. Thanks for your input.