Security holes in any applications are bad enough. Covering them up is even worse. But what's really, really bad about Apple's iPhone security screwup is this: It deals a body blow to true mobility for business users just as the future was looking brighter than ever. The only possible winner in this mess is RIM, whose BlackBerry remains the favorite messaging device for business users but that still offers relatively primitive Web access and add-on applications.
Ironically, Apple's faux pas came as third-party vendors were ramping efforts to make enterprise security and management support for the iPhone much simpler. But now that Apple has given IT reasons to mistrust the company, it's hard to picture widespread business adoption of the iPhone, the poster child of mobile 2.0. Yes, Google's Android is in the wings, but it's too soon to know if that new platform will be competitive, and given that Motorola is carrying the ball, I'm not overly optimistic. Likewise, the Palm Pre's lackluster sales and weak enterprise security don't give me much hope it can pick up the mobile 2.0 banner from Apple.
[ Verizon's grand plan is to make mobile OSes unimportant, InfoWorld's Neil McAllister explains. Should you be worried? | Check out the InfoWorld slideshow "BlackBerry vs. iPhone, side by side." ]
In short, mobile 2.0 for business is in big trouble.
Apple versus Exchange
In case you missed it, here's a summary of the iPhone security incident: Shortly after iPhone 3.1 was released in early September, many users were surprised to find that their iPhones and iPod Touches (with the exception of the 3G S) were unable to sync with Exchange, a very big deal indeed. It turned out the problem was within the bug fix, which is what a dot-one release is generally about.
But here's the weird part: The bug fix stopped the iPhone from reporting to Exchange that it supported on-device security, which it doesn't. Instead, the device had been, well, lying to Exchange when it reported that it supported that security measure. Because the change happened as the result of a bug fix, it's logical to assume that Apple knew that the iPhone and iPod Touch did not support on-device security, but never shared that knowledge with IT.
My colleague Galen Gruman has repeatedly sought an explanation of this from Apple but has not received one. I can't say I'm speechless, since I'm writing about it, but Apple's duplicity or gross naïveté truly boggles my mind.
Think about the implications of this mess. There are all sorts of serious regulations mandating that e-mail and other corporate data remain secure, particularly HIPAA and, to a lesser extent, Sarbanes-Oxley. Simply put, companies that allowed certain types of data to be handled via the iPhone were violating the law. Will anyone be prosecuted? Not likely, but if I were a compliance officer in an enterprise, I would certainly take immediate notice and shut down iPhone access to Exchange.
Network security is an extremely complex beast, and IT relies on a significant level of trust for its vendors. But when a vendor knowingly misrepresents its capabilities, that trust vanishes. What a blow to Apple, a company that was never strong in the mainstream business market, but had a chance to make a run for it via the iPhone.
iPhone alternatives are weak
The BlackBerry is really good at one thing: messaging. It's not nearly as good for mobile 2.0 applications. I'm not saying it doesn't offer Web access and so on, but it doesn't perform those functions very well.
iTunes is bursting with 85,000 apps for the iPhone; the BlackBerry store has just a fraction of that total. To be fair, let's acknowledge that iTunes sports plenty of junk applications, but even when those are discounted, the difference between the platforms is staggering
The Palm Pre certainly has potential, but it isn't gaining traction. Verizon has reportedly ditched plans to offer the Palm Pre early next year, due to poor sales at Sprint -- the Pre's exclusive U.S. carrier. Windows Mobile? Give me a break. That platform is in disarray; even Microsoft CEO Steve Ballmer says his company "screwed up with Windows Mobile." Google's Android has potential, but it's too soon to say if it will bear enterprise fruit. The first several device models, as well as the first couple versions of the OS, have been lackuster.
I can't explain Apple's actions, and because the company has pretty much clammed up about the lapse, we may never understand it. I know that Apple can be arrogant and difficult, but in the larger sense this is out of character. The Mac platform, largely because it is so tightly controlled by Apple, has always been superior to Windows. Mac users have been spared the lunatic complications and incompatibilities presented by Windows (and DOS before it) that were an outgrowth of a platform (not an OS) controlled by no one.
Had Apple chosen a lower-margin model, it might well have become the dominant business PC platform. But instead it offered a trade-off: a better experience for a lot more money. Business didn't go for it. And now in the mobile world, Apple is tarnishing its reputation for excellence by acting like some two-bit seller of Windows white boxes. Stupid, stupid, stupid.
Corporate management pressures IT
There is a bit more blame to apportion. Corporate management (in general, not just Apple's) played a role here. Forrester analyst John Kinderbag says there's a lot of pressure on IT to deploy the iPhone within the enterprise. "CEOs fall in love with the iPhone and say to IT, 'Make it work.''' There's a willingness to push security concerns aside, he says.
The ultimate victim of all this will be the user who needs and desires support for mobile 2.0 within the enterprise. As one InfoWorld editor put it: "The BlackBerry has become the Lotus Notes of the mobile world." What a shame that we may be stuck with it.
I welcome your comments, tips, and suggestions. Reach me at firstname.lastname@example.org.