I'm interested in what other developers think about getting being forced to have your apps "signed" in order to run on Windows Mobile Smartphones. It seems like more telecom carriers, and some distributors (most notably Handango), are starting to require that apps be signed. For example, Handango has recently started to boot off "unsigned" developers from their InHand program, even if the app still installs and runs fine on most devices.

Signing can be tedious and expensive, and it may be necessary. But has anyone thought of banding together to form a free certification authority for mobile apps, as an alternative to (expensive) Verisign?

Is it worth forming our own, completely FREE, root certification authority for the mobile industry? Have the apps signed by the people, for the people? Here is an example of a free Internet Cert that has developed over some years:
http://www.cacert.org

Would it work for us? Or am I just smokin' crack (as usual)?

(P.S. I'm crossposting this on XDA Developers to see if anyone there has an opinion on this issue).

Is it worth forming our own, completely FREE, root certification authority for the mobile industry? Have the apps signed by the people, for the people?

I love this idea. :D For the developers by the developers! Awesome. Will the operational costs be covered if it is free?

Anyway on the topic of signing. Here are my thoughts:

- Signing should not be mandatory.

- If signing is needed, the mobile users should demand for it. Not the carriers or cell manufacturers.

- Users should get the option of free or cheaper software. Signing forces the developers to bump up the cost. Not to forget the cost of hosting apps on Handango etc.

- There are apps that do not need to access the system level routines, or access the address book or access the internet. Such apps need not be signed. e.g. Calculator apps like conversion and tip calculator, games.

- The other category of apps that do access the system routines, like SMS scheduler, email reader or apps that access the internet, should "ideally" be signed. Let the user decide if she wants to take the risk of installling the unsigned app.

Overall I feel that the industry should try to lower the application signing costs, or should have a different pricing model. I am concerned about the budding developers and developers who write applications for fun and for sharing.

Right you are! The prices should come down. And it seems there are almost no apps out that touch the "protected" CE kernel...why force smaller game developers to be signed?

The costs of our own public FreeCert should be minimal, and would probably be covered by donors if it ever flies.

I mean, do we really need to buy Verisign USB tokens for signing? Correct me if I am wrong, but aren't hardware dongles also vulnerable to attack? Wouldn't software certificates be as effective, if implemented correctly?

And even Microsoft Server certificates from Verisign have been indirectly compromised before. No system is 100%, no matter how much you pay.

Setting up a free mobile cert is difficult from a technical standpoint, but it seems like it can be done. Even the physical security can be done...perhaps store the Root Certificate in a bank vault?

The real problem would probably be forging unity among the developers. The only way the Big Telecom Carriers might listen is if hundreds of developers banded together. Even then, I don't think the carriers would listen to us. But they might listen to Distributors like Handango, who under pressure from united developers, could possibly insist that the carriers accept a free cert instead of just Verisign.

It's a long shot :)

Brad

Few alternatives are:

- One time fee for the application. Lets say I release version 1.0. I get it signed. Then if I need to release 1.1 for the bug fixes etc. I (developer) should not be charged for it. Of course once I decide to launch version 2.0, I should be charged some nominal fees.

- I agree instead of buying dongles etc. Use software certificate on the developers computer. Let the developer upload all the binary files that are to be installed by the application. The certificate site should generate a certificate file based on the hash of file datetime stamp and size. Basically my point is that it can be an automated system, so the costs can be down. So why charge the developer high price.

I know ya'll didn't ask my opinion, but I'm gonna give it to ya anyways. :D

To me, when I see that the program is signed or whatever, it makes me feel extremely safe to use it. To me, this protects me from using God knows what someone may have made that could hurt my phone. BUT, when I download it through a reputable site *cough*here*cough* I feel like they wouldn't put something up that would harm me. Probably not the best assumption on my end, but I like to believe that anyways.

So, to me, the average user, is having it signed a plus. I guess, but if you sell it through somewhere, not just a random this is the only thing I have site, then I feel like it is legit either way.

Users I am sure would like the assurance that the software is safe. But are the users willing to pay a premium for it? The application signing costs the developers, and the sad part is that every carrier may require its own signature, which means additional cost for the developer and the end user.

Bottomline the cost of the software goes up and also if signing is made mandatory, we won't have freebie and shareware style apps. :-(

I have always called application signing a necessary evil. But I just don't like the pricing model.

The thing to keep in mind is that signing does NOT MEAN THE APP IS SAFE. All signing does is absolutely link a particular developer to some particular code. At that point the disincentive to do something malicious in code is quite high but there's nothing that prevents poorly written or designed code to delete data on the device or send 12 million SMS messages to American Idol. I don't see how this helps consumers.

Another effect of signing is reducing the number of minor bug fix upgrades that are released. Everytime signed code is released I have to go through many steps and the marginal cost of each release is on the order of $40. Every .exe, .dll and .cab file has to be separately signed. Nothing terribly difficult but it adds another level of hassle.

When all is said in done any program such as signing or "Designed for Windows Mobile" needs to be centered around benefits for the consumer, not the carrier or the OS provider.

Designed for Windows Mobile ensures that an app follows standard UI procedures to a "T". It doesn't matter if the app is useless, confusing, a rip-off, 3rd best in class, etc. So long as there's no exit option and the menu is on the right soft button all's well in Designed-for-land. I don't see how this helps consumers.

To stay on topic, I'll suggest this for a minor fix to signing: signing credentials should cost around $100 with basically unlimited signings after that. It's not like GeoTrust is making any money to begin with. Microsoft and the carriers should be footing the bill if they think signing is important. Desktop apps aren't signed and we've dealt with the security problems other ways.

If I can run any app designed for the PPC OS then I should and want to be able to run the apps I want on my SmartPhone. I don't need my carrier much less Handango telling me what to buy and what to use, after all they didn't pay for my phone or service did they.

If this is going to be required then there needs to be a non profit group supported by developers for developers so users and developers both benefit.

This couldn't be a better idea! I went through about 7-8 emails to Handango over this matter. After they tried to have some underling tell me that the problem was not downloading the right version of the program, they finally understood that it was a certificate issue. They eventually refunded my money, but it was very disapointing finding out that I couldn't use the InHand program at all. If safety isn't an issue here, it seems the only point of signing is the bottom line. Leave it to Microsoft to make something simple as complicated as possible. :roll:

The thing to keep in mind is that signing does NOT MEAN THE APP IS SAFE. All signing does is absolutely link a particular developer to some particular code. At that point the disincentive to do something malicious in code is quite high but there's nothing that prevents poorly written or designed code to delete data on the device or send 12 million SMS messages to American Idol. I don't see how this helps consumers.

Good clarification.

To stay on topic, I'll suggest this for a minor fix to signing: signing credentials should cost around $100 with basically unlimited signings after that.

I like the idea of a single fee and unlimited signing. :-)

If safety isn't an issue here, it seems the only point of signing is the bottom line.

Somehow I too get the same feeling.

As someone who wants to become a mobile software developer, my concern is that mobile software sells for an average price between $10 and $15. Mobile developers are not charging a hefty price tag. Which means that it takes a lot of sales to recover the development costs. Not to forget, soon for Windows Mobile 5.0, Microsoft wants the developers to use Visual Studio .NET 2005 which the developers will be forced to buy at an even higher cost. How will the developers recover all these costs. Sounds like I am derailing the topic. :oops:

How will the developers recover all these costs. Sounds like I am derailing the topic.

With grave difficulty and no I don't think this is a derail only a very sensible point. There is a real conflict between what people are prepared to pay for apps, the amount of purchasers and the cost of development. Certification costs can serve to push the price up to a point where users are not prepared to purchase. To be honest the price levels we have been used to cannot be sustained. Already we are starting to see apps move towards a $30 level rather than the $20 previously seen as a maximum.

This pricing of certification is a disservice to users, it discourages innovation and prices smaller developers out of the market. This is only going to get worse as I can see certification becoming a requirement over time on the desktop as well.

Garry
Whittaker Moore Associates

I'm no developer, but an angry smartphone user.

- Why in the world I can NOT install the software I choose on MY own device?
- Why are some phones protected and NOT others?
- Why some programs CAN be installed and NOT others? Even from the same developer!

That's especially crazy when there are NO trial version for some programs? Like Sprite Backup. And since I can't install SunnySoft Backup on my phone, how do I know Sprite Backup WILL install?

I recently tried to install Resco Mobile SmartPack. Explorer 2003 installs fine (tho I can't access the RegEdit feature, yet I enabled it in the appropriate Add-Ins Options dialog), PicViewer installs fine, yet System Toys DOESN'T. I wouldn't need System Toys IF the integrated Tasks manager DID enable switching to open apps!! And sometimes it even DOESN'T list ANY running app tho I know I launched some.

Likewise PHM RegEdit does NOT install either.