Friday, September 7, 2012

Creepy featurism

In yesterday's launch of the new Kindle, Amazon CEO Jeff Bezos said some interesting things about today's smart phones and tablets. In particular, his point about customers not wanting "gadgets" but wanting services that improve over time really hit home for me.

I've been an "early adopter" for many years. I had an Apple Newton (MP-120, MP-130, and MP-2000) and loved them. More recently, I've been searching for 10+ years for the right smart phone for my needs. I had an old Linux-based Motorola A-780 and really wanted to believe that someone had finally built the right device for me. Its list of features was right on target (for 2003 or so). But it failed me miserably. I also tried a Blackberry 8800, but it too was just a box of silicon features with crappy software, IMHO. Total #FAIL.

Finally, I felt I found what I was looking for when I got my first iPhone. And, by and large, I did. I'm now a few iPhones down that path (on a 4S now, but that'll change in a week or so), and I'm a pretty happy customer.

Of course, there are many lessons to be learned in all of this. How about security, and how does this all relate to mobile app developers? Excellent question.

It's 2012, and few people would disagree that smart phones have become hugely important to a vast number of consumers. We're doing things on our devices today that we would have laughed at the day before the iPhone (or Android!) was released. The mobile phone world has been flipped onto its head, thanks to these pioneers.

But it's not about a competition of feature lists. To succeed in today's market, the device has to just work, and has to just work for non tech-savvy consumers. It has to pass the Uncle Bill and Aunt Betty test.

Apple long ago learned to de-emphasize the technical specifications race, and focus on the "user experience". When they release a new product, the focus of their announcements is showing us how things work, not the CPU speed of the new multi-core processor. Although those things are important, they're not what matters to our consumers.

Because, guess what -- today's consumers don't understand the technology (by and large), and they surely don't understand security. Security, like the functionality in our devices, has to just work. And those two words, "just work", have to be something that we all live and breathe.

Force a user to install a root CA certificate into the /var/blah/blah/blah folder and you've already lost. But make it "just work" and do it securely, and you've won.

Security too cannot be an after thought. We have to consider security at every possible stage of our work. It has to simply be a quality of our efforts.

Mr. Bezos is right in that regard. It can't be about building a product with all the latest buzzwords included in the ingredient list. It has to be about making our users happy. One of the things that will keep our users happy is to enable them to securely do all the cool things that today's (and next week's) devices can do. Security must simply be an intrinsic quality of our software.

Are you prepared? In our Mobile App Sec Triathlon, Gunnar (@OneRaindrop) and I (@KRvW) will give you plenty of food for thought, and discussion. Come join us in San Jose this 5-7 November and let's talk about what needs to be done.


Ken van Wyk

No comments:

Post a Comment