So I was at the o2litmus live roadmapping session yesterday. Kind of interesting - some good ideas, but a lot of people there not really interacting.
Anyway, there were a couple of points I've developed in esprit de l'escalier.
Firstly, there was a lot of questions from o2 about the kinds of device APIs that developers want o2 to develop. I completely understand the wholly underwhelming response the question got. Being a mobile developer is hard - you've got a lot of different platforms, operating systems and devices your trying to support. Coding for operator APIs is not a priority (even if they are trying to standardise).
With the current challenges, all the problems are in division. I've got my target set of handsets. I divide these up by software platform/os/manufacturer/whatever. This is a really big challenge, but one we're just about able to meet. I take my 500 or so target handsets, and divide them up by these criteria.
Operator APIs are problems of mulitplication. I'm no longer breaking down these 500, but mulitplying it by each operator I'm going to support. My problem is not 'how do I get my code to run under J2ME on a Sony Ericsson W890i?' but 'how do I get my code to run under J2ME on a Sony Ericsson W890i on 02, er and on Orange, and Vodafone while were at it. Oh, and I need in German supporting T-Mobile APIs'. Its too big a problem, so I'll engineer an operator agnostic solution.
The second interesting point (I thought at least) was around questions of security. Again, not a warm response until we started to discuss application signing. I made a point that I'm building 500 different versions of my code, I'm not going to pay for signing as it will completely destroy any economic model I can come up with. Neil seemed to be taken aback by the responses he got.
Application signing is the biggest single business problem in mobile development, and we need to formulate an appropriate response. I understand that o2litmus doesn't require applications to be signed, but to get onto o2active, then they need to protect themselves. This impasse is holding back a lot of innovation and bedroom developers getting their apps to the public. Apple fixed this by having a manual screening process. A real person at Apple looks at each application and checks it for suitable content and malware. If it is OK, then it goes on the app store - no waiting weeks for signing or spending thousands of pounds. We suggested that this would be a great way for o2 to go. I even (rather cruelly) suggested that if they don't do this, then it is just because they can't bothered, which in retrospect was too strong.
What I propose is that I get signed. Approve me, trust me and give me a certificate. I'll sign my apps myself with my certificate, and this will be o2's guarantee of quality. I'm going through the o2litmus program - this means that if my application makes it onto o2active, then hundreds of users have downloaded my application, tested it, and will have reported problems with unsuitable content or function. I don't need to get it signed externally to prove this anymore, the o2litmus community has done this testing already.
The alternative to this is that I produce applications for Symbian S60 only. Nokia have a very large chunk of the handset market, and S60 makes a large proportion of that. I can produce a couple of versions for different screen sizes (maybe just 176x220 and 240x320), get them Symbian signed and onto the Ovi store for 400 million users by the end of next year. This is going to be a much more attractive proposition to me than messing around on a per operator basis.